pushed migrations down to a storage layer from a keystore layer

Signed-off-by: Avi Vaid <avaid1996@gmail.com>
notaryproject · Aug 23, 2016 · 869a409 · 869a409
1 parent a9221c6
commit 869a409
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 63 deletions.
diff --git a/cmd/notary/keys_test.go b/cmd/notary/keys_test.go
@@ -736,11 +736,11 @@ func TestExportKeysByID(t *testing.T) {
 	require.NoError(t, err)
 
 	fileStore, err := store.NewPrivateKeyFileStorage(tempBaseDir, notary.KeyExtension)
-	err = fileStore.Set("ankh/one", bBytes)
+	err = fileStore.Set("one", bBytes)
 	require.NoError(t, err)
-	err = fileStore.Set("ankh/two", b2Bytes)
+	err = fileStore.Set("two", b2Bytes)
 	require.NoError(t, err)
-	err = fileStore.Set("morpork/three", cBytes)
+	err = fileStore.Set("three", cBytes)
 	require.NoError(t, err)
 
 	err = k.exportKeys(&cobra.Command{}, nil)
@@ -751,11 +751,11 @@ func TestExportKeysByID(t *testing.T) {
 
 	block, rest := pem.Decode(outRes)
 	require.Equal(t, b.Bytes, block.Bytes)
-	require.Equal(t, "ankh/one", block.Headers["path"])
+	require.Equal(t, "one", block.Headers["path"])
 
 	block, rest = pem.Decode(rest)
 	require.Equal(t, c.Bytes, block.Bytes)
-	require.Equal(t, "morpork/three", block.Headers["path"])
+	require.Equal(t, "three", block.Headers["path"])
 	require.Len(t, rest, 0)
 }
 

diff --git a/storage/filestore.go b/storage/filestore.go
@@ -1,14 +1,18 @@
 package storage
 
 import (
+	"bytes"
+	"encoding/pem"
 	"fmt"
-	"github.com/docker/notary"
 	"io"
 	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/notary"
 )
 
 // NewFilesystemStore creates a new store in a directory tree
@@ -45,7 +49,9 @@ func NewSimpleFileStore(baseDir, fileExt string) (*FilesystemStore, error) {
 // the notary.PrivDir to the baseDir.
 func NewPrivateKeyFileStorage(baseDir, fileExt string) (*FilesystemStore, error) {
 	baseDir = filepath.Join(baseDir, notary.PrivDir)
-	return NewFileStore(baseDir, fileExt, notary.PrivKeyPerms)
+	myStore, err := NewFileStore(baseDir, fileExt, notary.PrivKeyPerms)
+	myStore.migrateTo0Dot4()
+	return myStore, err
 }
 
 // NewPrivateSimpleFileStore is a wrapper to create an owner readable/writeable
@@ -61,6 +67,59 @@ type FilesystemStore struct {
 	perms   os.FileMode
 }
 
+func (f *FilesystemStore) migrateTo0Dot4() {
+	for _, file := range f.ListFiles() {
+		keyID := filepath.Base(file)
+		fileDir := filepath.Dir(file)
+		d, _ := f.Get(file)
+		block, _ := pem.Decode(d)
+		if block == nil {
+			logrus.Warn("Key data for ", file, " may have been tampered with/ is invalid. The key has not been migrated and may not be available")
+			continue
+		}
+		if strings.HasPrefix(fileDir, notary.RootKeysSubdir) {
+			fileDir = strings.TrimPrefix(fileDir, notary.RootKeysSubdir)
+			if strings.Contains(keyID, "_") {
+				role := strings.Split(keyID, "_")[1]
+				keyID = strings.TrimSuffix(keyID, "_"+role)
+				block.Headers["role"] = role
+			}
+		} else if strings.HasPrefix(fileDir, notary.NonRootKeysSubdir) {
+			fileDir = strings.TrimPrefix(fileDir, notary.NonRootKeysSubdir)
+			if fileDir != "" {
+				block.Headers["gun"] = fileDir[1:]
+			}
+			if strings.Contains(keyID, "_") {
+				role := strings.Split(keyID, "_")[1]
+				keyID = strings.TrimSuffix(keyID, "_"+role)
+				block.Headers["role"] = role
+			}
+		}
+		var keyPEM bytes.Buffer
+		// since block came from decoding the PEM bytes in the first place, and all we're doing is adding some headers we ignore the possibility of an error while encoding the block
+		pem.Encode(&keyPEM, block)
+		f.Set(keyID, keyPEM.Bytes())
+	}
+	rootKeysSubDir := filepath.Join(f.Location(), notary.RootKeysSubdir)
+	nonRootKeysSubDir := filepath.Join(f.Location(), notary.NonRootKeysSubdir)
+	certsSubDir := filepath.Join(f.Location(), "trusted_certificates")
+	if rootKeysSubDir == "" || rootKeysSubDir == "/" {
+		logrus.Warn("The directory for root keys is an unsafe value, we are not going to delete the directory. Please delete it manually")
+	} else {
+		os.RemoveAll(rootKeysSubDir)
+	}
+	if nonRootKeysSubDir == "" || nonRootKeysSubDir == "/" {
+		logrus.Warn("The directory for non root keys is an unsafe value, we are not going to delete the directory. Please delete it manually")
+	} else {
+		os.RemoveAll(nonRootKeysSubDir)
+	}
+	if certsSubDir == "" || certsSubDir == "/" {
+		logrus.Warn("The directory for trusted certificate is an unsafe value, we are not going to delete the directory. Please delete it manually")
+	} else {
+		os.RemoveAll(certsSubDir)
+	}
+}
+
 func (f *FilesystemStore) getPath(name string) (string, error) {
 	fileName := fmt.Sprintf("%s%s", name, f.ext)
 	fullPath := filepath.Join(f.baseDir, fileName)

diff --git a/trustmanager/keystore.go b/trustmanager/keystore.go
@@ -1,10 +1,8 @@
 package trustmanager
 
 import (
-	"bytes"
 	"encoding/pem"
 	"fmt"
-	"os"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -42,64 +40,10 @@ func NewKeyFileStore(baseDir string, p notary.PassRetriever) (*GenericKeyStore,
 	if err != nil {
 		return nil, err
 	}
-	migrateTo0Dot4(fileStore)
 	store := NewGenericKeyStore(fileStore, p)
 	return store, nil
 }
 
-func migrateTo0Dot4(s Storage) {
-	for _, file := range s.ListFiles() {
-		keyID := filepath.Base(file)
-		fileDir := filepath.Dir(file)
-		d, _ := s.Get(file)
-		block, _ := pem.Decode(d)
-		if block == nil {
-			logrus.Warn("Key data for ", file, " may have been tampered with/ is invalid. The key has not been migrated and may not be available")
-			continue
-		}
-		if strings.HasPrefix(fileDir, notary.RootKeysSubdir) {
-			fileDir = strings.TrimPrefix(fileDir, notary.RootKeysSubdir)
-			if strings.Contains(keyID, "_") {
-				role := strings.Split(keyID, "_")[1]
-				keyID = strings.TrimSuffix(keyID, "_"+role)
-				block.Headers["role"] = role
-			}
-		} else if strings.HasPrefix(fileDir, notary.NonRootKeysSubdir) {
-			fileDir = strings.TrimPrefix(fileDir, notary.NonRootKeysSubdir)
-			if fileDir != "" {
-				block.Headers["gun"] = fileDir[1:]
-			}
-			if strings.Contains(keyID, "_") {
-				role := strings.Split(keyID, "_")[1]
-				keyID = strings.TrimSuffix(keyID, "_"+role)
-				block.Headers["role"] = role
-			}
-		}
-		var keyPEM bytes.Buffer
-		// since block came from decoding the PEM bytes in the first place, and all we're doing is adding some headers we ignore the possibility of an error while encoding the block
-		pem.Encode(&keyPEM, block)
-		s.Set(keyID, keyPEM.Bytes())
-	}
-	rootKeysSubDir := filepath.Join(s.Location(), notary.RootKeysSubdir)
-	nonRootKeysSubDir := filepath.Join(s.Location(), notary.NonRootKeysSubdir)
-	certsSubDir := filepath.Join(s.Location(), "trusted_certificates")
-	if rootKeysSubDir == "" || rootKeysSubDir == "/" {
-		logrus.Warn("The directory for root keys is an unsafe value, we are not going to delete the directory. Please delete it manually")
-	} else {
-		os.RemoveAll(rootKeysSubDir)
-	}
-	if nonRootKeysSubDir == "" || nonRootKeysSubDir == "/" {
-		logrus.Warn("The directory for non root keys is an unsafe value, we are not going to delete the directory. Please delete it manually")
-	} else {
-		os.RemoveAll(nonRootKeysSubDir)
-	}
-	if certsSubDir == "" || certsSubDir == "/" {
-		logrus.Warn("The directory for trusted certificate is an unsafe value, we are not going to delete the directory. Please delete it manually")
-	} else {
-		os.RemoveAll(certsSubDir)
-	}
-}
-
 // NewKeyMemoryStore returns a new KeyMemoryStore which holds keys in memory
 func NewKeyMemoryStore(p notary.PassRetriever) *GenericKeyStore {
 	memStore := store.NewMemoryStore(nil)