daemon/config: remove and local trustkey utilities

Turned out that the loadOrCreateTrustKey() utility was doing exactly the same as libtrust.LoadOrCreateTrustKey(), so making it a thin wrapped. I kept the tests to verify the behavior, but we could remove them as we only need this for our integration tests. The storage location for the generated key was changed (again as we only need this for some integration tests), so we can remove the TrustKeyPath from the config. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 5cdd6ab7cd) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-19 15:29:16 +02:00 · 2022-10-19 15:29:16 +02:00 · 139080d093
commit 139080d093
parent 46e0317bc1
4 changed files with 10 additions and 70 deletions
--- a/cmd/dockerd/daemon_windows.go
+++ b/cmd/dockerd/daemon_windows.go
@ -24,7 +24,7 @@ func setDefaultUmask() error {
 }

 func getDaemonConfDir(root string) (string, error) {
-	return filepath.Join(root, `\config`), nil
+	return filepath.Join(root, "config"), nil
 }

 // preNotifyReady sends a message to the host when the API is active, but before the daemon is
--- a/cmd/dockerd/docker_windows.go
+++ b/cmd/dockerd/docker_windows.go
@ -24,7 +24,7 @@ func runDaemon(opts *daemonOptions) error {

 	// Windows specific settings as these are not defaulted.
 	if opts.configFile == "" {
-		opts.configFile = filepath.Join(opts.daemonConfig.Root, `config\daemon.json`)
+		opts.configFile = filepath.Join(opts.daemonConfig.Root, "config", "daemon.json")
 	}
 	if runAsService {
 		// If Windows SCM manages the service - no need for PID files
--- a/daemon/trustkey.go
+++ b/daemon/trustkey.go
@ -1,57 +1,9 @@
 package daemon // import "github.com/docker/docker/daemon"

-import (
-	"encoding/json"
-	"encoding/pem"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/libtrust"
-)
+import "github.com/docker/libtrust"

 // LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
-// otherwise generates a new one
-// TODO: this should use more of libtrust.LoadOrCreateTrustKey which may need
-// a refactor or this function to be moved into libtrust
+// otherwise generates a new one.
 func loadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
-	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0755)
-	if err != nil {
-		return nil, err
-	}
-	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
-	if err == libtrust.ErrKeyFileDoesNotExist {
-		trustKey, err = libtrust.GenerateECP256PrivateKey()
-		if err != nil {
-			return nil, fmt.Errorf("Error generating key: %s", err)
-		}
-		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
-		if err != nil {
-			return nil, fmt.Errorf("Error serializing key: %s", err)
-		}
-		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
-			return nil, fmt.Errorf("Error saving key file: %s", err)
-		}
-	} else if err != nil {
-		return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
-	}
-	return trustKey, nil
-}
-
-func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
-	if ext == ".json" || ext == ".jwk" {
-		encoded, err = json.Marshal(key)
-		if err != nil {
-			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
-		}
-	} else {
-		pemBlock, err := key.PEMBlock()
-		if err != nil {
-			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
-		}
-		encoded = pem.EncodeToMemory(pemBlock)
-	}
-	return
+	return libtrust.LoadOrCreateTrustKey(trustKeyPath)
 }
--- a/daemon/trustkey_test.go
+++ b/daemon/trustkey_test.go
@ -7,29 +7,20 @@ import (

 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
-	"gotest.tools/v3/fs"
 )

 // LoadOrCreateTrustKey
 func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
-	tmpKeyFolderPath, err := os.MkdirTemp("", "api-trustkey-test")
+	tmpKeyFile, err := os.CreateTemp(t.TempDir(), "keyfile")
 	assert.NilError(t, err)
-	defer os.RemoveAll(tmpKeyFolderPath)
-
-	tmpKeyFile, err := os.CreateTemp(tmpKeyFolderPath, "keyfile")
-	assert.NilError(t, err)
-	defer tmpKeyFile.Close()
+	_ = tmpKeyFile.Close()

 	_, err = loadOrCreateTrustKey(tmpKeyFile.Name())
-	assert.Check(t, is.ErrorContains(err, "Error loading key file"))
+	assert.Check(t, is.ErrorContains(err, "error loading key file"))
 }

 func TestLoadOrCreateTrustKeyCreateKeyWhenFileDoesNotExist(t *testing.T) {
-	tmpKeyFolderPath := fs.NewDir(t, "api-trustkey-test")
-	defer tmpKeyFolderPath.Remove()
-
-	// Without the need to create the folder hierarchy
-	tmpKeyFile := tmpKeyFolderPath.Join("keyfile")
+	tmpKeyFile := filepath.Join(t.TempDir(), "keyfile")

 	key, err := loadOrCreateTrustKey(tmpKeyFile)
 	assert.NilError(t, err)
@ -40,10 +31,7 @@ func TestLoadOrCreateTrustKeyCreateKeyWhenFileDoesNotExist(t *testing.T) {
 }

 func TestLoadOrCreateTrustKeyCreateKeyWhenDirectoryDoesNotExist(t *testing.T) {
-	tmpKeyFolderPath := fs.NewDir(t, "api-trustkey-test")
-	defer tmpKeyFolderPath.Remove()
-	tmpKeyFile := tmpKeyFolderPath.Join("folder/hierarchy/keyfile")
-
+	tmpKeyFile := filepath.Join(t.TempDir(), "folder/hierarchy/keyfile")
 	key, err := loadOrCreateTrustKey(tmpKeyFile)
 	assert.NilError(t, err)
 	assert.Check(t, key != nil)