зеркало из https://github.com/microsoft/docker.git
golint: trust
contributes to #14756 Signed-off-by: Sevki Hasirci <s@sevki.org>
This commit is contained in:
Sevki Hasirci
Vincent Demeester
Родитель
6eb03c53db
Коммит
5572148477
|
|
@ -70,10 +70,10 @@ func (config *Config) InstallFlags(cmd *flag.FlagSet, usageFn func(string) strin
|
|||
cmd.StringVar(&config.Bridge.Iface, []string{"b", "-bridge"}, "", usageFn("Attach containers to a network bridge"))
|
||||
cmd.StringVar(&config.Bridge.FixedCIDR, []string{"-fixed-cidr"}, "", usageFn("IPv4 subnet for fixed IPs"))
|
||||
cmd.StringVar(&config.Bridge.FixedCIDRv6, []string{"-fixed-cidr-v6"}, "", usageFn("IPv6 subnet for fixed IPs"))
|
||||
cmd.Var(opts.NewIpOpt(&config.Bridge.DefaultGatewayIPv4, ""), []string{"-default-gateway"}, usageFn("Container default gateway IPv4 address"))
|
||||
cmd.Var(opts.NewIpOpt(&config.Bridge.DefaultGatewayIPv6, ""), []string{"-default-gateway-v6"}, usageFn("Container default gateway IPv6 address"))
|
||||
cmd.Var(opts.NewIPOpt(&config.Bridge.DefaultGatewayIPv4, ""), []string{"-default-gateway"}, usageFn("Container default gateway IPv4 address"))
|
||||
cmd.Var(opts.NewIPOpt(&config.Bridge.DefaultGatewayIPv6, ""), []string{"-default-gateway-v6"}, usageFn("Container default gateway IPv6 address"))
|
||||
cmd.BoolVar(&config.Bridge.InterContainerCommunication, []string{"#icc", "-icc"}, true, usageFn("Enable inter-container communication"))
|
||||
cmd.Var(opts.NewIpOpt(&config.Bridge.DefaultIP, "0.0.0.0"), []string{"#ip", "-ip"}, usageFn("Default IP when binding container ports"))
|
||||
cmd.Var(opts.NewIPOpt(&config.Bridge.DefaultIP, "0.0.0.0"), []string{"#ip", "-ip"}, usageFn("Default IP when binding container ports"))
|
||||
cmd.BoolVar(&config.Bridge.EnableUserlandProxy, []string{"-userland-proxy"}, true, usageFn("Use userland proxy for loopback traffic"))
|
||||
cmd.BoolVar(&config.EnableCors, []string{"#api-enable-cors", "#-api-enable-cors"}, false, usageFn("Enable CORS headers in the remote API, this is deprecated by --api-cors-header"))
|
||||
cmd.StringVar(&config.CorsHeaders, []string{"-api-cors-header"}, "", usageFn("Set CORS headers in the remote API"))
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ type TagStore struct {
|
|||
pushingPool map[string]chan struct{}
|
||||
registryService *registry.Service
|
||||
eventsService *events.Events
|
||||
trustService *trust.TrustStore
|
||||
trustService *trust.Store
|
||||
}
|
||||
|
||||
// Repository maps tags to image IDs.
|
||||
|
|
@ -77,7 +77,7 @@ type TagStoreConfig struct {
|
|||
// Events is the events service to use for logging.
|
||||
Events *events.Events
|
||||
// Trust is the trust service to use for push and pull operations.
|
||||
Trust *trust.TrustStore
|
||||
Trust *trust.Store
|
||||
}
|
||||
|
||||
// NewTagStore creates a new TagStore at specified path, using the parameters
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ func TestIpOptString(t *testing.T) {
|
|||
var ip net.IP
|
||||
|
||||
for _, address := range addresses {
|
||||
stringAddress := NewIpOpt(&ip, address).String()
|
||||
stringAddress := NewIPOpt(&ip, address).String()
|
||||
if stringAddress != address {
|
||||
t.Fatalf("IpOpt string should be `%s`, not `%s`", address, stringAddress)
|
||||
}
|
||||
|
|
@ -21,7 +21,7 @@ func TestNewIpOptInvalidDefaultVal(t *testing.T) {
|
|||
ip := net.IPv4(127, 0, 0, 1)
|
||||
defaultVal := "Not an ip"
|
||||
|
||||
ipOpt := NewIpOpt(&ip, defaultVal)
|
||||
ipOpt := NewIPOpt(&ip, defaultVal)
|
||||
|
||||
expected := "127.0.0.1"
|
||||
if ipOpt.String() != expected {
|
||||
|
|
@ -33,7 +33,7 @@ func TestNewIpOptValidDefaultVal(t *testing.T) {
|
|||
ip := net.IPv4(127, 0, 0, 1)
|
||||
defaultVal := "192.168.1.1"
|
||||
|
||||
ipOpt := NewIpOpt(&ip, defaultVal)
|
||||
ipOpt := NewIPOpt(&ip, defaultVal)
|
||||
|
||||
expected := "192.168.1.1"
|
||||
if ipOpt.String() != expected {
|
||||
|
|
@ -43,7 +43,7 @@ func TestNewIpOptValidDefaultVal(t *testing.T) {
|
|||
|
||||
func TestIpOptSetInvalidVal(t *testing.T) {
|
||||
ip := net.IPv4(127, 0, 0, 1)
|
||||
ipOpt := &IpOpt{IP: &ip}
|
||||
ipOpt := &IPOpt{IP: &ip}
|
||||
|
||||
invalidIP := "invalid ip"
|
||||
expectedError := "invalid ip is not an ip address"
|
||||
|
|
|
|||
|
|
@ -8,13 +8,16 @@ import (
|
|||
"github.com/docker/libtrust"
|
||||
)
|
||||
|
||||
// NotVerifiedError implements the error interface
|
||||
type NotVerifiedError string
|
||||
|
||||
func (e NotVerifiedError) Error() string {
|
||||
return string(e)
|
||||
}
|
||||
|
||||
func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error) {
|
||||
// CheckKey verifies that the given public key is allowed to perform
|
||||
// the given action on the given node according to the trust graph.
|
||||
func (t *Store) CheckKey(ns string, key []byte, perm uint16) (bool, error) {
|
||||
if len(key) == 0 {
|
||||
return false, fmt.Errorf("Missing PublicKey")
|
||||
}
|
||||
|
|
@ -48,6 +51,8 @@ func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error)
|
|||
return true, nil
|
||||
}
|
||||
|
||||
func (t *TrustStore) UpdateBase() {
|
||||
// UpdateBase retrieves updated base graphs. This function cannot error, it
|
||||
// should only log errors
|
||||
func (t *Store) UpdateBase() {
|
||||
t.fetch()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,8 @@ import (
|
|||
"github.com/docker/libtrust/trustgraph"
|
||||
)
|
||||
|
||||
type TrustStore struct {
|
||||
// Store defines a TrustStore
|
||||
type Store struct {
|
||||
path string
|
||||
caPool *x509.CertPool
|
||||
graph trustgraph.TrustGraph
|
||||
|
|
@ -38,7 +39,9 @@ const defaultFetchtime = 45 * time.Second
|
|||
|
||||
var baseEndpoints = map[string]string{"official": "https://dvjy3tqbc323p.cloudfront.net/trust/official.json"}
|
||||
|
||||
func NewTrustStore(path string) (*TrustStore, error) {
|
||||
// NewTrustStore creates from a given path, if the path is not
|
||||
// relative, it will be joined with the working directory.
|
||||
func NewTrustStore(path string) (*Store, error) {
|
||||
abspath, err := filepath.Abs(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -55,7 +58,7 @@ func NewTrustStore(path string) (*TrustStore, error) {
|
|||
}
|
||||
|
||||
// Load grant files
|
||||
t := &TrustStore{
|
||||
t := &Store{
|
||||
path: abspath,
|
||||
caPool: nil,
|
||||
httpClient: &http.Client{},
|
||||
|
|
@ -70,7 +73,7 @@ func NewTrustStore(path string) (*TrustStore, error) {
|
|||
return t, nil
|
||||
}
|
||||
|
||||
func (t *TrustStore) reload() error {
|
||||
func (t *Store) reload() error {
|
||||
t.Lock()
|
||||
defer t.Unlock()
|
||||
|
||||
|
|
@ -121,7 +124,7 @@ func (t *TrustStore) reload() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (t *TrustStore) fetchBaseGraph(u *url.URL) (*trustgraph.Statement, error) {
|
||||
func (t *Store) fetchBaseGraph(u *url.URL) (*trustgraph.Statement, error) {
|
||||
req := &http.Request{
|
||||
Method: "GET",
|
||||
URL: u,
|
||||
|
|
@ -148,7 +151,7 @@ func (t *TrustStore) fetchBaseGraph(u *url.URL) (*trustgraph.Statement, error) {
|
|||
|
||||
// fetch retrieves updated base graphs. This function cannot error, it
|
||||
// should only log errors
|
||||
func (t *TrustStore) fetch() {
|
||||
func (t *Store) fetch() {
|
||||
t.Lock()
|
||||
defer t.Unlock()
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче