Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add blob policy import and show commands #1126

Open
wants to merge 24 commits into
base: main
Choose a base branch
from
Open

feat: add blob policy import and show commands #1126

wants to merge 24 commits into from
+559 −8

Conversation

JeyJeyGao
Copy link
Contributor

@JeyJeyGao JeyJeyGao commented Dec 24, 2024
edited
Loading

Feat:

  • added notation blob import and notation blob show commands

Test:

  • added E2E test cases

Corresponding spec:
https://github.com/notaryproject/notation/blob/2ff8754717877adfd45266cfa8ba65705c397ea0/specs/commandline/blob.md

help example:

$ notation -h

Notation - a tool to sign and verify artifacts

Usage:
  notation [command]

Available Commands:
  blob        Sign, verify and inspect singatures associated with blobs
  certificate Manage certificates in trust store
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  inspect     Inspect all signatures associated with the signed artifact
  key         Manage keys used for signing
  list        List signatures of the signed artifact
  login       Login to registry
  logout      Log out from the logged in registries
  plugin      Manage plugins
  policy      Manage trust policy configuration
  sign        Sign artifacts
  verify      Verify OCI artifacts
  version     Show the notation version information

Flags:
  -h, --help   help for notation

Use "notation [command] --help" for more information about a command.

$ notation blob -h

Sign, inspect, and verify signatures and configure trust policies.

Usage:
  notation blob [command]

Available Commands:
  policy      Manage trust policy configuration for signed blobs

Flags:
  -h, --help   help for blob

Use "notation blob [command] --help" for more information about a command.

$ notation blob policy -h

Manage trust policy configuration for arbitrary blob signature verification.

Usage:
  notation blob policy [command]

Available Commands:
  import      Import trust policy configuration from a JSON file
  show        Show trust policy configuration

Flags:
  -h, --help   help for policy

Use "notation blob policy [command] --help" for more information about a command.

$ notation blob policy import -h

Import blob trust policy configuration from a JSON file.

Example - Import trust policy configuration from a file:
  notation blob policy import my_policy.json

Usage:
  notation blob policy import [flags] <file_path>

Flags:
      --force   override the existing trust policy configuration, never prompt
  -h, --help    help for import

$ notation blob policy show -h

Show blob trust policy configuration.

Example - Show current blob trust policy configuration:
  notation blob policy show

Example - Save current blob trust policy configuration to a file:
  notation blob policy show > my_policy.json

Usage:
  notation blob policy show [flags]

Flags:
  -h, --help   help for show

@codecov Codecov
Copy link

codecov bot commented Dec 24, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 95.23810% with 6 lines in your changes missing coverage. Please review.

Project coverage is 71.80%. Comparing base (2ff8754) to head (4360cfb).
Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
cmd/notation/blob/policy/import.go 89.65% 4 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1126      +/-   ##
==========================================
+ Coverage   70.79%   71.80%   +1.00%     
==========================================
  Files          48       52       +4     
  Lines        2945     3071     +126     
==========================================
+ Hits         2085     2205     +120     
- Misses        668      672       +4     
- Partials      192      194       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@JeyJeyGao JeyJeyGao changed the title feat: blob policy import & show commands feat: add blob policy import and show commands Dec 24, 2024
@JeyJeyGao
fix: improve code
1ff8547 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: improve code
88aee76 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: improve code
8fe215e 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: improve code
e67b5fd 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: improve code
1eb1908 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao JeyJeyGao marked this pull request as ready for review December 24, 2024 08:41
shizhMSFT
shizhMSFT requested changes Dec 27, 2024
View reviewed changes
cmd/notation/blob/cmd.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy.go Outdated Show resolved Hide resolved
cmd/notation/internal/policy/show.go Outdated Show resolved Hide resolved
cmd/notation/internal/policy/show.go Outdated Show resolved Hide resolved
cmd/notation/internal/policy/import.go Outdated Show resolved Hide resolved
@JeyJeyGao JeyJeyGao requested a review from shizhMSFT December 27, 2024 08:12
shizhMSFT
shizhMSFT reviewed Dec 30, 2024
View reviewed changes
cmd/notation/policy/show.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy.go Outdated Show resolved Hide resolved
@JeyJeyGao JeyJeyGao requested a review from shizhMSFT December 30, 2024 03:22
@JeyJeyGao
fix: add E2E test cases
8ecf320 
Signed-off-by: Junjie Gao <[email protected]>
shizhMSFT
shizhMSFT previously approved these changes Dec 30, 2024
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Two-Hearts
Two-Hearts reviewed Dec 30, 2024
View reviewed changes
cmd/notation/blob/cmd.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/import.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/import.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/import.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/show.go Show resolved Hide resolved
cmd/notation/policy/show.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/show.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/show.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/show.go Outdated Show resolved Hide resolved
cmd/notation/policy/cmd.go Outdated Show resolved Hide resolved
@JeyJeyGao
fix: remove unused file
fad665c 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: E2E test
71f522a 
Signed-off-by: Junjie Gao <[email protected]>
@yizha1
Copy link
Contributor

yizha1 commented Dec 30, 2024

@JeyJeyGao why the spec you referenced didnot point to main branch?

@JeyJeyGao
Copy link
Contributor Author

@JeyJeyGao why the spec you referenced didnot point to main branch?

@yizha1 The link will be kept in the git history, so we need to pin the link to ensure the target file is not changed and remains accessible.

Two-Hearts
Two-Hearts reviewed Jan 6, 2025
View reviewed changes
cmd/notation/blob/cmd.go Outdated Show resolved Hide resolved
cmd/notation/blob/cmd.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/cmd.go Outdated Show resolved Hide resolved
cmd/notation/blob/cmd.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/import.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/import.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/show.go Outdated Show resolved Hide resolved
@JeyJeyGao JeyJeyGao mentioned this pull request Jan 6, 2025
Open
@JeyJeyGao JeyJeyGao requested a review from Two-Hearts January 6, 2025 06:52
Two-Hearts
Two-Hearts reviewed Jan 7, 2025
View reviewed changes
cmd/notation/blob/cmd.go Outdated Show resolved Hide resolved
cmd/notation/blob/cmd.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/import.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/import.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/show.go Outdated Show resolved Hide resolved
Two-Hearts
Two-Hearts previously approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@Two-Hearts Two-Hearts left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

shizhMSFT
shizhMSFT approved these changes Jan 7, 2025
View reviewed changes
cmd/notation/blob/policy/import.go Outdated Show resolved Hide resolved
cmd/notation/blob/policy/show.go Outdated
fmt.Fprintf(os.Stderr, "Error: %s\n", err.Error())
fmt.Fprintf(os.Stderr, "Existing blob trust policy configuration is invalid, you may update or create a new one via `notation blob policy import <path-to-policy.json>`\n")
// not returning to show the invalid policy configuration
fmt.Fprintf(os.Stderr, "Existing blob trust policy file is invalid, you may update or create a new one via `notation blob policy import <path-to-policy.json>`. See https://github.com/notaryproject/specifications/blob/main/specs/trust-store-trust-policy.md#trust-policy-for-blobs for a blob trust policy example.\n")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

main is referenced. Do we have a tagged version?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1126 (comment)
We don't have a tagged version for now. Can we merge it now and update the link before next release which is suggested by @Two-Hearts ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to use digested link

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added issue #1138 to update it before v1.4

cmd/notation/blob/policy/show.go Outdated
Comment on lines 62 to 64
fmt.Fprintf(os.Stderr, "Existing blob trust policy file is invalid, you may update or create a new one via `notation blob policy import <path-to-policy.json>`. See https://github.com/notaryproject/specifications/blob/main/specs/trust-store-trust-policy.md#trust-policy-for-blobs for a blob trust policy example.\n")
os.Stdout.Write(policyJSON)
return err
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The behavior differs with the OCI policy show. Do you want to make them consistent?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1126 (comment)
As suggested by @Two-Hearts , OCI policy command related changes have been removed. Can we send another PR for update OCI policy command?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added issue #1138 to update it before v1.4

shizhMSFT
shizhMSFT requested changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please address the comments in the last review.

@JeyJeyGao
fix: resolve comment
b76c4eb 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao JeyJeyGao mentioned this pull request Jan 7, 2025
Open
shizhMSFT
shizhMSFT approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shizhMSFT shizhMSFT shizhMSFT approved these changes

@Two-Hearts Two-Hearts Two-Hearts left review comments

@gokarnm gokarnm Awaiting requested review from gokarnm gokarnm is a code owner

@NiazFK NiazFK Awaiting requested review from NiazFK NiazFK is a code owner

@priteshbandi priteshbandi Awaiting requested review from priteshbandi priteshbandi is a code owner

@rgnote rgnote Awaiting requested review from rgnote rgnote is a code owner

@toddysm toddysm Awaiting requested review from toddysm toddysm is a code owner

@vaninrao10 vaninrao10 Awaiting requested review from vaninrao10 vaninrao10 is a code owner

@yizha1 yizha1 Awaiting requested review from yizha1 yizha1 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@JeyJeyGao @yizha1 @shizhMSFT @Two-Hearts