From 9cb21dd85d61e9adf72273103b076605edbc1ef8 Mon Sep 17 00:00:00 2001 From: Katrina Prosise Date: Wed, 2 Oct 2024 11:05:16 -0400 Subject: [PATCH] Cleanup of text for subcommands c-k Applied style-guide rules and made other changes towards readability. Changes made to files/directories in alphabetical order from "c" to "k". Due to the number of files, cleanup is being broken up over multiple commits. This commit applies to FFTK-2391, "Fix Fioctl style and typos" Signed-off-by: Katrina Prosise --- subcommands/common.go | 2 +- subcommands/common_config.go | 2 +- subcommands/config/cmd.go | 2 +- subcommands/config/device_group.go | 8 +++--- subcommands/config/log.go | 2 +- subcommands/config/rotate_certs.go | 8 +++--- subcommands/config/set.go | 16 ++++++------ subcommands/config/updates.go | 3 +-- subcommands/config/wireguard.go | 2 +- subcommands/devices/apps_states.go | 4 +-- subcommands/devices/chown.go | 2 +- subcommands/devices/cmd.go | 2 +- subcommands/devices/config_group.go | 2 +- subcommands/devices/config_log.go | 2 +- subcommands/devices/config_rotate_certs.go | 4 +-- subcommands/devices/config_set.go | 4 +-- subcommands/devices/config_updates.go | 2 +- subcommands/devices/config_wireguard.go | 2 +- subcommands/devices/delete.go | 2 +- subcommands/devices/list.go | 6 ++--- subcommands/devices/list_denied.go | 2 +- subcommands/devices/show.go | 24 ++++++++--------- subcommands/docker/cmd.go | 6 ++--- subcommands/el2g/devices.go | 4 +-- subcommands/el2g/gateway.go | 2 +- subcommands/events/cmd.go | 6 ++--- subcommands/events/listen.go | 2 +- subcommands/factories/cmd.go | 2 +- subcommands/git/cmd.go | 2 +- subcommands/keys/ca_add_device_ca.go | 6 ++--- subcommands/keys/ca_create.go | 14 +++++----- subcommands/keys/ca_revoke_device_ca.go | 18 ++++++------- subcommands/keys/ca_rotate_tls.go | 6 ++--- subcommands/keys/ca_show.go | 2 +- subcommands/keys/cmd.go | 10 +++---- subcommands/keys/est.go | 10 +++---- subcommands/keys/tuf_copy_targets.go | 12 ++++----- subcommands/keys/tuf_rotate_all_keys.go | 12 ++++----- subcommands/keys/tuf_show_root.go | 2 +- subcommands/keys/tuf_updates.go | 24 ++++++++--------- .../keys/tuf_updates_add_offline_key.go | 6 ++--- subcommands/keys/tuf_updates_apply.go | 6 ++--- .../keys/tuf_updates_delete_offline_key.go | 10 +++---- subcommands/keys/tuf_updates_init.go | 2 +- subcommands/keys/tuf_updates_review.go | 2 +- .../keys/tuf_updates_rotate_offline_key.go | 24 ++++++++--------- .../keys/tuf_updates_rotate_online_key.go | 10 +++---- subcommands/keys/tuf_updates_set_threshold.go | 6 ++--- .../keys/tuf_updates_sign_prod_targets.go | 26 +++++++++---------- subcommands/keys/tuf_utils.go | 10 +++---- 50 files changed, 172 insertions(+), 173 deletions(-) diff --git a/subcommands/common.go b/subcommands/common.go index f0be9021..d76c53ec 100644 --- a/subcommands/common.go +++ b/subcommands/common.go @@ -26,7 +26,7 @@ var ( ) func RequireFactory(cmd *cobra.Command) { - cmd.PersistentFlags().StringP("factory", "f", "", "Factory to list targets for") + cmd.PersistentFlags().StringP("factory", "f", "", "Factory to list Targets for") cmd.PersistentFlags().StringP("token", "t", "", "API token from https://app.foundries.io/settings/tokens/") } diff --git a/subcommands/common_config.go b/subcommands/common_config.go index e691cabb..8fe65429 100644 --- a/subcommands/common_config.go +++ b/subcommands/common_config.go @@ -292,7 +292,7 @@ func loadSotaConfig(dcl *client.DeviceConfigList) (sota *toml.Tree, err error) { } if !found { - logrus.Debugf("Not found a FIO toml in the latest config") + logrus.Debugf("FIO toml not found in the latest config") } // In case if FIO TOML file is missing or an error - return an empty one. // Let a caller decide what to do in case of an error. diff --git a/subcommands/config/cmd.go b/subcommands/config/cmd.go index 9379d1ef..80cbe6c4 100644 --- a/subcommands/config/cmd.go +++ b/subcommands/config/cmd.go @@ -13,7 +13,7 @@ var ( var cmd = &cobra.Command{ Use: "config", - Short: "Manage configuration common to all devices in a factory", + Short: "Manage configuration common to all devices in a Factory", PersistentPreRun: func(cmd *cobra.Command, args []string) { api = subcommands.Login(cmd) }, diff --git a/subcommands/config/device_group.go b/subcommands/config/device_group.go index 339a162f..40213c29 100644 --- a/subcommands/config/device_group.go +++ b/subcommands/config/device_group.go @@ -14,7 +14,7 @@ import ( func init() { groupCmd := &cobra.Command{ Use: "device-group", - Short: "Manage factory device groups", + Short: "Manage Factory device groups", } cmd.AddCommand(groupCmd) @@ -25,7 +25,7 @@ func init() { }) groupCmd.AddCommand(&cobra.Command{ Use: "create []", - Short: "Create a new device groups", + Short: "Create a new device group", Run: doCreateDeviceGroup, Args: cobra.RangeArgs(1, 2), }) @@ -49,7 +49,7 @@ func init() { func doListDeviceGroup(cmd *cobra.Command, args []string) { factory := viper.GetString("factory") - logrus.Debugf("Showing a list of device groups for %s", factory) + logrus.Debugf("Showing list of device groups for %s", factory) lst, err := api.FactoryListDeviceGroup(factory) subcommands.DieNotNil(err) @@ -95,7 +95,7 @@ func doUpdateDeviceGroup(cmd *cobra.Command, args []string) { factory := viper.GetString("factory") old_name := args[0] var new_name, new_desc *string - logrus.Debugf("Updating a device group %s for %s", old_name, factory) + logrus.Debugf("Updating device group %s for %s", old_name, factory) if cmd.Flags().Changed("name") { s, _ := cmd.Flags().GetString("name") logrus.Debugf("New name: %s", s) diff --git a/subcommands/config/log.go b/subcommands/config/log.go index ac020416..9216b2ca 100644 --- a/subcommands/config/log.go +++ b/subcommands/config/log.go @@ -12,7 +12,7 @@ import ( func init() { logCmd := &cobra.Command{ Use: "log", - Short: "Show a changelog of configuration", + Short: "Show a configuration changelog", Run: doConfigLog, } cmd.AddCommand(logCmd) diff --git a/subcommands/config/rotate_certs.go b/subcommands/config/rotate_certs.go index 3d388910..f66ffa27 100644 --- a/subcommands/config/rotate_certs.go +++ b/subcommands/config/rotate_certs.go @@ -22,12 +22,12 @@ This command will only work for devices running LmP version 90 and later.`, } cmd.AddCommand(rotateCmd) rotateCmd.Flags().StringP("group", "g", "", "Device group to use") - rotateCmd.Flags().StringP("est-resource", "e", "/.well-known/est", "The path the to EST resource on your server") - rotateCmd.Flags().IntP("est-port", "p", 8443, "The EST server port") - rotateCmd.Flags().StringP("reason", "r", "", "The reason for changing the cert") + rotateCmd.Flags().StringP("est-resource", "e", "/.well-known/est", "Path to the EST resource on your server") + rotateCmd.Flags().IntP("est-port", "p", 8443, "EST server port") + rotateCmd.Flags().StringP("reason", "r", "", "reason for changing the cert") rotateCmd.Flags().StringP("hsm-pkey-ids", "", "01,07", "Available PKCS11 slot IDs for the private key") rotateCmd.Flags().StringP("hsm-cert-ids", "", "03,09", "Available PKCS11 slot IDs for the client certificate") - rotateCmd.Flags().StringP("server-name", "", "", "EST server name when not using the Foundries managed server. e.g. est.example.com") + rotateCmd.Flags().StringP("server-name", "", "", "EST server name when not using the Foundries.io managed server. e.g. est.example.com") rotateCmd.Flags().BoolP("dryrun", "", false, "Show what the fioconfig entry will be and exit") _ = cmd.MarkFlagRequired("reason") _ = cmd.MarkFlagRequired("group") diff --git a/subcommands/config/set.go b/subcommands/config/set.go index 7fa4611a..81c3a4b7 100644 --- a/subcommands/config/set.go +++ b/subcommands/config/set.go @@ -12,18 +12,18 @@ import ( func init() { setCmd := &cobra.Command{ Use: "set file=content ", - Short: "Create a new factory-wide configuration", - Long: `Creates a factory wide configuration. The fioconfig daemon running on -each device will then be able to grab the latest version of the configuration -and the device's configuration and apply it. Use the --group parameter to + Short: "Create a new Factory-wide configuration", + Long: `Creates a Factory wide configuration. The fioconfig daemon running on +each device will then be able to grab and apply the latest version of the configuration +and the device's configuration. Use the --group parameter to create a device group wide configuration instead.`, Example: ` # Basic use fioctl config set npmtok="root" githubtok="1234" readme.md==./readme.md - There are several ways how to pass a file content into this command: - - with filename="filecontent" format, a file content is passed directly. - - with filename==/path/to/file format, a file content is read from a specified file path. + There are several ways to pass a file's content into this command: + - with the filename="filecontent" format, content is passed directly. + - with the filename==/path/to/file format, content is read from the specified file path. # The configuration format also allows specifying what command to # run after a configuration file is updated on the device. To take @@ -61,7 +61,7 @@ create a device group wide configuration instead.`, setCmd.Flags().StringP("group", "g", "", "Device group to use") setCmd.Flags().StringP("reason", "m", "", "Add a message to store as the \"reason\" for this change") setCmd.Flags().BoolP("raw", "", false, "Use raw configuration file") - setCmd.Flags().BoolP("create", "", false, "Replace the whole config with these values. Default is to merge these values in with the existing config values") + setCmd.Flags().BoolP("create", "", false, "Replace the whole config with these values. Default is to merge these values with the existing config values") } func doConfigSet(cmd *cobra.Command, args []string) { diff --git a/subcommands/config/updates.go b/subcommands/config/updates.go index 1a9a974b..26a57315 100644 --- a/subcommands/config/updates.go +++ b/subcommands/config/updates.go @@ -15,8 +15,7 @@ func init() { Short: "Configure aktualizr-lite settings for how updates are applied to a device group", Run: doConfigUpdates, Long: `View or change configuration parameters used by aktualizr-lite for updating devices -in a device group. When run with no options, this command will print out how the -group is currently configured.`, +in a device group. When run without options, prints out the current configuration.`, Example: ` # Make devices start taking updates from Targets tagged with "devel": fioctl config updates --group beta --tag devel diff --git a/subcommands/config/wireguard.go b/subcommands/config/wireguard.go index c7285999..85ed42a4 100644 --- a/subcommands/config/wireguard.go +++ b/subcommands/config/wireguard.go @@ -18,7 +18,7 @@ var wireguardDisable bool func init() { wireguardCmd := &cobra.Command{ Use: "wireguard", - Short: "Show current wireguard server config for factory", + Short: "Show current wireguard server config for Factory", Run: doWireguard, Args: cobra.MinimumNArgs(0), } diff --git a/subcommands/devices/apps_states.go b/subcommands/devices/apps_states.go index ce33190e..856709e6 100644 --- a/subcommands/devices/apps_states.go +++ b/subcommands/devices/apps_states.go @@ -16,12 +16,12 @@ var ( func init() { appsStatesCmd := &cobra.Command{ Use: "apps-states ", - Short: "List states of Apps reported by a device", + Short: "List the states of Apps reported by a device", Run: doListStates, Args: cobra.ExactArgs(1), } cmd.AddCommand(appsStatesCmd) - appsStatesCmd.Flags().IntVarP(&asListLimit, "limit", "n", 1, "Limit the number of Apps states to display.") + appsStatesCmd.Flags().IntVarP(&asListLimit, "limit", "n", 1, "Limit the number of App states to display.") } func doListStates(cmd *cobra.Command, args []string) { diff --git a/subcommands/devices/chown.go b/subcommands/devices/chown.go index d3ddbf00..c6d28bdb 100644 --- a/subcommands/devices/chown.go +++ b/subcommands/devices/chown.go @@ -12,7 +12,7 @@ func init() { Short: "Change the device's owner", Run: doChown, Args: cobra.ExactArgs(2), - Long: `Change the owner of a device. This command can only be run by factory admins + Long: `Change the owner of a device. This command can only be run by Factory admins and owners. The new owner-id can be found by running 'fioctl users'`, }) } diff --git a/subcommands/devices/cmd.go b/subcommands/devices/cmd.go index bf7eaf7d..0079b5f1 100644 --- a/subcommands/devices/cmd.go +++ b/subcommands/devices/cmd.go @@ -20,7 +20,7 @@ var ( var cmd = &cobra.Command{ Use: "devices", Aliases: []string{"device"}, - Short: "Manage devices registered to a factory", + Short: "Manage devices registered to a Factory", PersistentPreRun: func(cmd *cobra.Command, args []string) { api = subcommands.Login(cmd) }, diff --git a/subcommands/devices/config_group.go b/subcommands/devices/config_group.go index 3ffc1458..beb805eb 100644 --- a/subcommands/devices/config_group.go +++ b/subcommands/devices/config_group.go @@ -12,7 +12,7 @@ import ( func init() { groupCmd := &cobra.Command{ Use: "group []", - Short: "Assign a device to an existing factory device group", + Short: "Assign a device to an existing Factory device group", Run: doConfigGroup, Args: cobra.RangeArgs(1, 2), } diff --git a/subcommands/devices/config_log.go b/subcommands/devices/config_log.go index a6bf4e5e..ac12c08a 100644 --- a/subcommands/devices/config_log.go +++ b/subcommands/devices/config_log.go @@ -12,7 +12,7 @@ import ( func init() { logConfigCmd := &cobra.Command{ Use: "log ", - Short: "Show a changelog of device's configuration", + Short: "Show a changelog of the device's configuration", Run: doConfigLog, Args: cobra.ExactArgs(1), } diff --git a/subcommands/devices/config_rotate_certs.go b/subcommands/devices/config_rotate_certs.go index 73789248..4e9b83e6 100644 --- a/subcommands/devices/config_rotate_certs.go +++ b/subcommands/devices/config_rotate_certs.go @@ -16,7 +16,7 @@ func init() { Short: "Rotate a device's x509 keypair used to connect to the device gateway", Args: cobra.ExactArgs(1), Run: doConfigRotate, - Long: `This command will send a fioconfig change to a device to instruct it to perform + Long: `This command will send a fioconfig change to a device instructing it to perform a certificate rotation using the EST server configured with "fioctl keys est". This command will only work for devices running LmP version 90 and later.`, @@ -26,7 +26,7 @@ This command will only work for devices running LmP version 90 and later.`, cmd.Flags().StringP("reason", "r", "", "The reason for changing the cert") cmd.Flags().StringP("hsm-pkey-ids", "", "01,07", "Available PKCS11 slot IDs for the private key") cmd.Flags().StringP("hsm-cert-ids", "", "03,09", "Available PKCS11 slot IDs for the client certificate") - cmd.Flags().StringP("server-name", "", "", "EST server name when not using the Foundries managed server. e.g. est.example.com") + cmd.Flags().StringP("server-name", "", "", "EST server name when not using the Foundries.io managed server. e.g. est.example.com") cmd.Flags().BoolP("dryrun", "", false, "Show what the fioconfig entry will be and exit") configCmd.AddCommand(cmd) _ = cmd.MarkFlagRequired("reason") diff --git a/subcommands/devices/config_set.go b/subcommands/devices/config_set.go index 2143f11e..be71bb27 100644 --- a/subcommands/devices/config_set.go +++ b/subcommands/devices/config_set.go @@ -20,7 +20,7 @@ func init() { setConfigCmd := &cobra.Command{ Use: "set ", Short: "Create a secure configuration for the device", - Long: `Creates a secure configuration for device encrypting the contents each + Long: `Creates a secure configuration for the device, encrypting the contents of each file using the device's public key. The fioconfig daemon running on each device will then be able to grab the latest version of the device's configuration and apply it. The maximum size of a config is 1Mb.`, @@ -68,7 +68,7 @@ device's configuration and apply it. The maximum size of a config is 1Mb.`, configCmd.AddCommand(setConfigCmd) setConfigCmd.Flags().StringP("reason", "m", "", "Add a message to store as the \"reason\" for this change") setConfigCmd.Flags().BoolP("raw", "", false, "Use raw configuration file") - setConfigCmd.Flags().BoolP("create", "", false, "Replace the whole config with these values. Default is to merge these values in with the existing config values") + setConfigCmd.Flags().BoolP("create", "", false, "Replace the whole config with these values. Default is to merge these values with the existing config values") } func loadEciesPub(pubkey string) *ecies.PublicKey { diff --git a/subcommands/devices/config_updates.go b/subcommands/devices/config_updates.go index 908e2864..f8f2e090 100644 --- a/subcommands/devices/config_updates.go +++ b/subcommands/devices/config_updates.go @@ -15,7 +15,7 @@ func init() { Run: doConfigUpdates, Args: cobra.ExactArgs(1), Long: `View or change configuration parameters used by aktualizr-lite for updating a device. -When run with no options, this command will print out how the device is +When run with no options, this command prinst out how the device is currently configured and reporting.`, Example: ` # Make a device start taking updates from Targets tagged with "devel" diff --git a/subcommands/devices/config_wireguard.go b/subcommands/devices/config_wireguard.go index 15f2c6b5..e991c300 100644 --- a/subcommands/devices/config_wireguard.go +++ b/subcommands/devices/config_wireguard.go @@ -105,7 +105,7 @@ func factoryIps(factory string) map[uint32]bool { func findVpnAddress(factory string) string { wsc := config.LoadWireguardServerConfig(factory, api) if len(wsc.VpnAddress) == 0 || !wsc.Enabled { - fmt.Println("ERROR: A wireguard server has not been configured for this factory") + fmt.Println("ERROR: A wireguard server has not been configured for this Factory") os.Exit(1) } logrus.Debugf("VPN server address is: %s", wsc.VpnAddress) diff --git a/subcommands/devices/delete.go b/subcommands/devices/delete.go index ebb4a70a..86738b5b 100644 --- a/subcommands/devices/delete.go +++ b/subcommands/devices/delete.go @@ -11,7 +11,7 @@ import ( func init() { cmd.AddCommand(&cobra.Command{ Use: "delete", - Short: "Delete a device(s) registered to a factory.", + Short: "Delete device(s) registered to a Factory.", Run: doDelete, Args: cobra.MinimumNArgs(1), }) diff --git a/subcommands/devices/list.go b/subcommands/devices/list.go index 6639ab57..a26b8f7f 100644 --- a/subcommands/devices/list.go +++ b/subcommands/devices/list.go @@ -53,7 +53,7 @@ func ownerFormatter(d *client.Device) string { if ok { return name } - logrus.Debugf("Looking up user %s in factory %s", d.Owner, d.Factory) + logrus.Debugf("Looking up user %s in Factory %s", d.Owner, d.Factory) users, err := api.UsersList(d.Factory) if err != nil { logrus.Errorf("Unable to look up users: %s", err) @@ -137,7 +137,7 @@ func init() { sort.Strings(allCols) listCmd := &cobra.Command{ Use: "list [pattern]", - Short: "List devices registered to factories. Optionally include filepath style patterns to limit to device names. eg device-*", + Short: "List devices registered to Factories. Optionally, include filepath style patterns to limit to device names. e.g. device-*", Run: doList, Args: cobra.MaximumNArgs(1), Long: "Available columns for display:\n\n * " + strings.Join(allCols, "\n * "), @@ -148,7 +148,7 @@ func init() { listCmd.Flags().BoolVarP(&deviceOnlyNonProd, "only-non-prod", "", false, "Only include non-production devices") listCmd.Flags().StringVarP(&deviceByTag, "by-tag", "", "", "Only list devices configured with the given tag") listCmd.Flags().StringVarP(&deviceByTarget, "by-target", "", "", "Only list devices updated to the given target name") - listCmd.Flags().StringVarP(&deviceByGroup, "by-group", "g", "", "Only list devices belonging to this group (factory is mandatory)") + listCmd.Flags().StringVarP(&deviceByGroup, "by-group", "g", "", "Only list devices belonging to this group (Factory is mandatory)") listCmd.Flags().IntVarP(&deviceInactiveHours, "offline-threshold", "", 4, "List the device as 'OFFLINE' if not seen in the last X hours") listCmd.Flags().StringVarP(&deviceUuid, "uuid", "", "", "Find device with the given UUID") listCmd.Flags().StringSliceVarP(&showColumns, "columns", "", defCols, "Specify which columns to display") diff --git a/subcommands/devices/list_denied.go b/subcommands/devices/list_denied.go index 0a9fd580..9c11492e 100644 --- a/subcommands/devices/list_denied.go +++ b/subcommands/devices/list_denied.go @@ -14,7 +14,7 @@ func init() { Short: "List device UUIDs that have been denied access to the device-gateway", Run: doListDenied, Long: `Devices created using a factory-registration-reference server get created -created on-demand. Because of this, devices are placed into a deny-list when +on-demand. Because of this, devices are placed into a deny-list when they are deleted, so that they can't continue to access the system by getting re-created.`, } diff --git a/subcommands/devices/show.go b/subcommands/devices/show.go index fc4c73a9..4d78fb19 100644 --- a/subcommands/devices/show.go +++ b/subcommands/devices/show.go @@ -46,21 +46,21 @@ func doShow(cmd *cobra.Command, args []string) { fmt.Printf("Production:\t%v%s\n", device.IsProd, waveSuffix) fmt.Printf("Up to date:\t%v\n", device.UpToDate) fmt.Printf("Target:\t\t%s / sha256(%s)\n", device.TargetName, device.OstreeHash) - fmt.Printf("Ostree Hash:\t%s\n", device.OstreeHash) + fmt.Printf("Ostree hash:\t%s\n", device.OstreeHash) if len(device.LmpVer) > 0 { - fmt.Printf("LmP Version:\t%s\n", device.LmpVer) + fmt.Printf("LmP version:\t%s\n", device.LmpVer) } - fmt.Printf("Created At:\t%s\n", device.ChangeMeta.CreatedAt) + fmt.Printf("Created at:\t%s\n", device.ChangeMeta.CreatedAt) if len(device.ChangeMeta.CreatedBy) > 0 { - fmt.Printf("Created By:\t%s\n", device.ChangeMeta.CreatedBy) + fmt.Printf("Created by:\t%s\n", device.ChangeMeta.CreatedBy) } if len(device.ChangeMeta.UpdatedAt) > 0 { - fmt.Printf("Updated At:\t%s\n", device.ChangeMeta.UpdatedAt) + fmt.Printf("Updated at:\t%s\n", device.ChangeMeta.UpdatedAt) } if len(device.ChangeMeta.UpdatedBy) > 0 { - fmt.Printf("Updated By:\t%s\n", device.ChangeMeta.UpdatedBy) + fmt.Printf("Updated by:\t%s\n", device.ChangeMeta.UpdatedBy) } - fmt.Printf("Last Seen:\t%s\n", device.LastSeen) + fmt.Printf("Last seen:\t%s\n", device.LastSeen) if len(device.Tag) > 0 { fmt.Printf("Tag:\t\t%s\n", device.Tag) } @@ -71,7 +71,7 @@ func doShow(cmd *cobra.Command, args []string) { fmt.Printf("Status:\t\t%s\n", device.Status) } if len(device.CurrentUpdate) > 0 { - fmt.Printf("Update Id:\t%s\n", device.CurrentUpdate) + fmt.Printf("Update ID:\t%s\n", device.CurrentUpdate) } if device.AppsState != nil && device.AppsState.Apps != nil { var healthyApps []string @@ -87,7 +87,7 @@ func doShow(cmd *cobra.Command, args []string) { fmt.Printf("Unhealthy Apps:\t%s\n", strings.Join(unhealthyApps, ",")) } if device.Network != nil { - fmt.Println("Network Info:") + fmt.Println("Network info:") fmt.Printf("\tHostname:\t%s\n", device.Network.Hostname) fmt.Printf("\tIP:\t\t%s\n", device.Network.Ipv4) fmt.Printf("\tMAC:\t\t%s\n", device.Network.MAC) @@ -108,11 +108,11 @@ func doShow(cmd *cobra.Command, args []string) { fmt.Println("Unable to marshall hardware info: ", err) } if showHWInfo { - fmt.Printf("Hardware Info:\n\t") + fmt.Printf("Hardware info:\n\t") os.Stdout.Write(b) fmt.Println("") } else { - fmt.Printf("Hardware Info: (hidden, use --hwinfo)\n") + fmt.Printf("Hardware info: (hidden, use --hwinfo)\n") } } if len(device.AktualizrToml) > 0 { @@ -126,7 +126,7 @@ func doShow(cmd *cobra.Command, args []string) { } if device.ActiveConfig != nil { - fmt.Println("Active Config:") + fmt.Println("Active config:") if len(device.ActiveConfig.CreatedBy) > 0 { user, err := api.UserAccessDetails(device.Factory, device.ActiveConfig.CreatedBy) if err != nil { diff --git a/subcommands/docker/cmd.go b/subcommands/docker/cmd.go index 0a9e465d..c4ff9266 100644 --- a/subcommands/docker/cmd.go +++ b/subcommands/docker/cmd.go @@ -44,8 +44,8 @@ func NewCommand() *cobra.Command { Long: `Configure a Docker credential helper that allows Docker to access hub.foundries.io. -This command will likely need to be run as root. It creates a symlink, -docker-credential-fio, in the same directory as the docker client binary. +This command likely needs to be run as root. It creates a symlink, +docker-credential-fio, in the same directory as the Docker client binary. NOTE: The credentials will need the "containers:read" scope to work with Docker`, Run: doDockerCreds, @@ -97,7 +97,7 @@ func doDockerCreds(cmd *cobra.Command, args []string) { if errors.Is(err, fs.ErrNotExist) { dockerConfig := filepath.Dir(dockerConfigFile) if _, err := os.Stat(dockerConfig); errors.Is(err, fs.ErrNotExist) { - fmt.Println("Creating docker config directory:", dockerConfig) + fmt.Println("Creating Docker config directory:", dockerConfig) subcommands.DieNotNil(os.Mkdir(dockerConfig, 0o755)) } config = make(map[string]interface{}) diff --git a/subcommands/el2g/devices.go b/subcommands/el2g/devices.go index 8f8419cb..ef7b3fab 100644 --- a/subcommands/el2g/devices.go +++ b/subcommands/el2g/devices.go @@ -28,7 +28,7 @@ func init() { devicesCmd.AddCommand(&cobra.Command{ Use: "show ", - Short: "Show the integrations details for a device", + Short: "Show the integration details for a device", Args: cobra.ExactArgs(1), Run: doShow, }) @@ -39,7 +39,7 @@ func init() { Args: cobra.ExactArgs(2), Run: doAdd, Example: `# Add a device with an SE050 (product ID: 935389312472) -# The product IDs configured for you factory can be found by running +# The product IDs configured for you Factory can be found by running # fioctl el2g status # Device ID can be found on a device by running: # $ ssscli se05x uid | grep "Unique ID:" | cut -d: -f2 diff --git a/subcommands/el2g/gateway.go b/subcommands/el2g/gateway.go index 32574dcc..b3032c47 100644 --- a/subcommands/el2g/gateway.go +++ b/subcommands/el2g/gateway.go @@ -57,7 +57,7 @@ func doDeviceGateway(cmd *cobra.Command, args []string) { errPrefix := "Unable to upload certificate:\n" + generatedCa subcommands.DieNotNil(api.El2gUploadDgCert(factory, csr.Id, ca.RootCrt, generatedCa), errPrefix) - fmt.Println("Updating factory allowed CA's with") + fmt.Println("Updating Factory allowed CA's with") fmt.Println(generatedCa) newCa := ca.CaCrt + "\n" + generatedCa certs := client.CaCerts{CaCrt: newCa} diff --git a/subcommands/events/cmd.go b/subcommands/events/cmd.go index 94710649..bb830aa2 100644 --- a/subcommands/events/cmd.go +++ b/subcommands/events/cmd.go @@ -17,9 +17,9 @@ var cmd = &cobra.Command{ PersistentPreRun: func(cmd *cobra.Command, args []string) { api = subcommands.Login(cmd) }, - Long: `Event queues provide a way for customers to receive notifications about events -happening in a Factory such as when a device is first seen or has started an -over-the-air update. + Long: `Event queues provide a way to receive notifications about events +happening in a Factory, such as when a device is first seen or an +over-the-air update starts. There are two types of event queues: push and pull. A pull queue works like a traditional message queue system. Push queues are synonymous with web hooks.`, diff --git a/subcommands/events/listen.go b/subcommands/events/listen.go index fa3900eb..1592dc59 100644 --- a/subcommands/events/listen.go +++ b/subcommands/events/listen.go @@ -23,7 +23,7 @@ func init() { Args: cobra.ExactArgs(2), Run: doListen, Long: `Listens to pull queue events. This command is useful for debugging or as a -reference implementation of queue listener.`, +reference implementation of a queue listener.`, }) } diff --git a/subcommands/factories/cmd.go b/subcommands/factories/cmd.go index 13c00fb7..607a56d3 100644 --- a/subcommands/factories/cmd.go +++ b/subcommands/factories/cmd.go @@ -15,7 +15,7 @@ var ( func NewCommand() *cobra.Command { cmd := &cobra.Command{ Use: "factories", - Short: "List factories a user is a member of.", + Short: "List Factories a user is a member of.", Hidden: true, // Only useful support work Run: doFactories, PersistentPreRun: func(cmd *cobra.Command, args []string) { diff --git a/subcommands/git/cmd.go b/subcommands/git/cmd.go index cbef26b1..7865a0cb 100644 --- a/subcommands/git/cmd.go +++ b/subcommands/git/cmd.go @@ -36,7 +36,7 @@ func NewCommand() *cobra.Command { Long: `Configure a Git credential helper that allows Git to access source.foundries.io. -This command will likely need to be run as root. It creates a symlink, +This command likely needs to be run as root. It creates a symlink, git-credential-fio, in the same directory as the git client binary. NOTE: The credentials will need the "source:read-update" scope to work with Git`, diff --git a/subcommands/keys/ca_add_device_ca.go b/subcommands/keys/ca_add_device_ca.go index 071485df..f8e71499 100644 --- a/subcommands/keys/ca_add_device_ca.go +++ b/subcommands/keys/ca_add_device_ca.go @@ -27,13 +27,13 @@ This command can add one or both of the following certificates: ### online-ca - A Foundries.io owned keypair to support lmp-device-register. In order for lmp-device-register to work, Foundries.io needs the ability to sign client certificates for devices. If enabled, the factory_ca keypair will sign the certificate signing request returned from the API. -If the online-ca was already created earlier, a new online-ca will replace it for the registration process. +If a online-ca was already created, a new online-ca will replace it for the registration process. Still, the previous online-ca will be present in a list of device CAs trusted by the device gateway, -so that devices with client certificates issued by it may continue to connect to Foundries.io services. +This is so that devices with client certificates issued by it may continue to connect to Foundries.io services. ### local-ca - A keypair you own that can be used for things like your manufacturing process, where you may generate device client certificates without having to communicate with Foundries.io web services. -You can create as many local-ca files as you need, and use each of them to generate device client certificates. +You can create as many local-ca files as you need, and use each to generate device client certificates. All such CAs will be added to the list of device CAs trusted by the device gateway.`, } caCmd.AddCommand(cmd) diff --git a/subcommands/keys/ca_create.go b/subcommands/keys/ca_create.go index c42fb335..d31f1402 100644 --- a/subcommands/keys/ca_create.go +++ b/subcommands/keys/ca_create.go @@ -31,7 +31,7 @@ func init() { the device gateway. Caution: this can only be done once. This command creates a few things: -### Root of trust for your factory: factory_ca.key / factory_ca.pem +### Root of trust for your Factory: factory_ca.key / factory_ca.pem The factory_ca keypair is generated by this command to define the PKI root of trust for this factory. @@ -48,8 +48,8 @@ sign the certificate signing request returned from the API. This is optional. ### local-ca - A keypair you own -This keypair can be used for things like your manufacturing process where you -may set up devices without having to communicate with Foundries.io web +This keypair can be used for things like during your manufacturing process, +to set up devices without having to communicate with Foundries.io web services. This keypair is capable of signing client certificates for devices. If enabled, the local-ca.pem will be shared with the Foundries.io device gateway so that it will trust the client certificate of devices signed with this @@ -58,7 +58,7 @@ keypair. This is optional.`, } caCmd.AddCommand(cmd) - cmd.Flags().BoolVarP(&createOnlineCA, "online-ca", "", true, "Create an online CA owned by Foundries that works with lmp-device-register") + cmd.Flags().BoolVarP(&createOnlineCA, "online-ca", "", true, "Create an online CA owned by Foundries.io that works with lmp-device-register") cmd.Flags().BoolVarP(&createLocalCA, "local-ca", "", true, "Create a local CA that you can use for signing your own device certificates") cmd.Flags().StringVarP(&hsmModule, "hsm-module", "", "", "Create a root CA key on a PKCS#11 compatible HSM using this module") cmd.Flags().StringVarP(&hsmPin, "hsm-pin", "", "", "The PKCS#11 PIN to log into the HSM") @@ -94,11 +94,11 @@ func doCreateCA(cmd *cobra.Command, args []string) { fmt.Println("Creating offline root CA for Factory") certs.RootCrt = x509.CreateFactoryCa(factory) - fmt.Println("Signing Foundries TLS CSR") + fmt.Println("Signing Foundries.io TLS CSR") certs.TlsCrt = x509.SignTlsCsr(csrs.TlsCsr) if createOnlineCA { - fmt.Println("Signing Foundries CSR for online use") + fmt.Println("Signing Foundries.io CSR for online use") certs.CaCrt = x509.SignCaCsr(csrs.CaCsr) } @@ -111,6 +111,6 @@ func doCreateCA(cmd *cobra.Command, args []string) { certs.CaCrt += x509.CreateDeviceCa(commonName, factory) } - fmt.Println("Uploading signed certs to Foundries") + fmt.Println("Uploading signed certs to Foundries.io") subcommands.DieNotNil(api.FactoryPatchCA(factory, certs)) } diff --git a/subcommands/keys/ca_revoke_device_ca.go b/subcommands/keys/ca_revoke_device_ca.go index bb1fa913..9b690387 100644 --- a/subcommands/keys/ca_revoke_device_ca.go +++ b/subcommands/keys/ca_revoke_device_ca.go @@ -48,7 +48,7 @@ fioctl keys ca revoke-device-ca /path/to/pki/dir --ca-file /path/to/ca1.pem --ca # Revoke two device CAs given their serial numbers: fioctl keys ca revoke-device-ca /path/to/pki/dir --ca-serial --ca-file -# Revoke a local device CA, when your factory root CA private key is stored on an HSM: +# Revoke a local device CA, when your Factory root CA private key is stored on an HSM: fioctl keys ca revoke-device-ca /path/to/pki/dir --ca-file local-ca \ --hsm-module /path/to/pkcs11-module.so --hsm-pin 1234 --hsm-token-label @@ -152,11 +152,11 @@ func doRevokeDeviceCa(cmd *cobra.Command, args []string) { } for serial := range toRevoke { if _, ok := validSerials[serial]; !ok { - subcommands.DieNotNil(fmt.Errorf("There is no actual device CA with serial %s", serial)) + subcommands.DieNotNil(fmt.Errorf("There is no device CA with serial %s", serial)) } } - fmt.Println("Signing CRL by factory root CA") + fmt.Println("Signing CRL by Factory root CA") certs := client.CaCerts{CaRevokeCrl: x509.CreateCrl(toRevoke)} if dryRun { @@ -179,17 +179,17 @@ func prettyPrintCrl(crlPem string) { } c, err := x509Lib.ParseRevocationList(block.Bytes) subcommands.DieNotNil(err, "Failed to parse generated CRL:") - fmt.Println("Certificate Revocation List:") + fmt.Println("Certificate revocation list:") fmt.Println("\tIssuer:", c.Issuer) fmt.Println("\tValidity:") - fmt.Println("\t\tNot Before:", c.ThisUpdate) - fmt.Println("\t\tNot After:", c.NextUpdate) - fmt.Println("\tSignature Algorithm:", c.SignatureAlgorithm) + fmt.Println("\t\tNot before:", c.ThisUpdate) + fmt.Println("\t\tNot after:", c.NextUpdate) + fmt.Println("\tSignature algorithm:", c.SignatureAlgorithm) fmt.Println("\tSignature:", hex.EncodeToString(c.Signature)) - fmt.Println("\tRevoked Certificates:") + fmt.Println("\tRevoked certificates:") for _, crt := range c.RevokedCertificates { fmt.Println("\t\tSerial:", crt.SerialNumber.Text(10)) - fmt.Println("\t\t\tRevocation Date:", crt.RevocationTime) + fmt.Println("\t\t\tRevocation date:", crt.RevocationTime) if len(crt.Extensions) > 0 { fmt.Println("\t\t\tExtensions:") for _, ext := range crt.Extensions { diff --git a/subcommands/keys/ca_rotate_tls.go b/subcommands/keys/ca_rotate_tls.go index ffc43221..dce80bca 100644 --- a/subcommands/keys/ca_rotate_tls.go +++ b/subcommands/keys/ca_rotate_tls.go @@ -35,7 +35,7 @@ func doRotateTls(cmd *cobra.Command, args []string) { subcommands.DieNotNil(err) x509.InitHsm(hsm) - fmt.Println("Requesting new Foundries TLS CSR") + fmt.Println("Requesting new Foundries.io TLS CSR") csrs, err := api.FactoryCreateCA(factory, client.CaCreateOptions{CreateTlsCert: true}) subcommands.DieNotNil(err) @@ -43,9 +43,9 @@ func doRotateTls(cmd *cobra.Command, args []string) { fmt.Printf("Moving existing TLS cert file from %s to %s.bak", x509.TlsCertFile, x509.TlsCertFile) subcommands.DieNotNil(os.Rename(x509.TlsCertFile, x509.TlsCertFile+".bak")) } - fmt.Println("Signing Foundries TLS CSR") + fmt.Println("Signing Foundries.io TLS CSR") certs := client.CaCerts{TlsCrt: x509.SignTlsCsr(csrs.TlsCsr)} - fmt.Println("Uploading signed certs to Foundries") + fmt.Println("Uploading signed certs to Foundries.io") subcommands.DieNotNil(api.FactoryPatchCA(factory, certs)) } diff --git a/subcommands/keys/ca_show.go b/subcommands/keys/ca_show.go index 17155493..4e33e936 100644 --- a/subcommands/keys/ca_show.go +++ b/subcommands/keys/ca_show.go @@ -31,7 +31,7 @@ var ( func init() { cmd := &cobra.Command{ Use: "show", - Short: "Show what certificates are known to the factory", + Short: "Show certificates known to the Factory", Run: doShowCA, } caCmd.AddCommand(cmd) diff --git a/subcommands/keys/cmd.go b/subcommands/keys/cmd.go index 063e83a6..87756a46 100644 --- a/subcommands/keys/cmd.go +++ b/subcommands/keys/cmd.go @@ -13,7 +13,7 @@ var ( var cmd = &cobra.Command{ Use: "keys", - Short: "Manage keys in use by your factory fleet", + Short: "Manage keys in use by your Factory fleet", PersistentPreRun: func(cmd *cobra.Command, args []string) { api = subcommands.Login(cmd) }, @@ -22,14 +22,14 @@ var cmd = &cobra.Command{ var caCmd = &cobra.Command{ Use: "ca", Short: "Manage Public Key Infrastructure for your device gateway", - Long: `Every factory can have its own dedicated device gateway. This allows customers -to own the PKI infrastructure of their factory. This infrastructure is used + Long: `Every Factory can have its own dedicated device gateway. This allows you +to own the PKI infrastructure of your Factory. This infrastructure is used to manage mutual TLS between your devices and the Foundries.io device gateway.`, } var estCmd = &cobra.Command{ Use: "est", - Short: "Manage the Foundries EST server TLS keypair for your factory", + Short: "Manage the Foundries EST server TLS keypair for your Factory", Long: `This command allows users to authorize Foundries.io to run an EST 7030 server for device certificate renewal.`, Hidden: true, @@ -37,7 +37,7 @@ for device certificate renewal.`, var tufCmd = &cobra.Command{ Use: "tuf", - Short: "Manage The Update Framework Keys for your factory", + Short: "Manage The Update Framework Keys for your Factory", Long: `These sub-commands allow you to manage your Factory's TUF private keys to ensure that you are in complete control of your OTA metadata.`, } diff --git a/subcommands/keys/est.go b/subcommands/keys/est.go index b81a95f1..fe6ea6e9 100644 --- a/subcommands/keys/est.go +++ b/subcommands/keys/est.go @@ -15,7 +15,7 @@ import ( func init() { cmd := &cobra.Command{ Use: "show", - Short: "Show the EST TLS certificate authorized for this factory", + Short: "Show the EST TLS certificate authorized for this Factory", Run: doShowEst, } estCmd.AddCommand(cmd) @@ -28,9 +28,9 @@ func init() { Args: cobra.ExactArgs(1), Long: `This command will initiate a transaction with api.foundries.io that: - * api.foundries.io will create a new private key and TLS certificate signing request - * This command will sign the request using the Factory's root key. - * Upload the resultant TLS certificate to api.foundries.io`, + * will have api.foundries.io create a new private key and TLS certificate signing request + * signs the request using the Factory's root key. + * Uploads the resultant TLS certificate to api.foundries.io`, } estCmd.AddCommand(cmd) // HSM variables defined in ca_create.go @@ -46,7 +46,7 @@ func doShowEst(cmd *cobra.Command, args []string) { cert, err := api.FactoryGetCA(factory) subcommands.DieNotNil(err) if len(cert.EstCrt) == 0 { - fmt.Println("EST TLS certificate has not been configured for this factory.") + fmt.Println("EST TLS certificate has not been configured for this Factory.") } else if prettyFormat { prettyPrint(cert.EstCrt) } else { diff --git a/subcommands/keys/tuf_copy_targets.go b/subcommands/keys/tuf_copy_targets.go index 61b62c8b..ba9b1140 100644 --- a/subcommands/keys/tuf_copy_targets.go +++ b/subcommands/keys/tuf_copy_targets.go @@ -14,14 +14,14 @@ import ( func init() { copy := &cobra.Command{ Use: "copy-targets ", - Short: "Copy the target signing credentials from the offline key archive", + Short: "Copy the Target signing credentials from the offline key archive", Hidden: true, Run: doCopyTargets, Args: cobra.ExactArgs(2), - Long: `This command extracts the target signing credentials required for initializing -waves into a new tarball so that the offline key archive isn't required for -rolling out production updates. This should be run after each target key -rotation and distributed to the operator in charge of production OTAs.`, + Long: `This command extracts the Target signing credentials required for initializing +waves into a new tarball so that the offline key archive is not required for +rolling out production updates. Run after each Target key rotation and distribute +to the operator in charge of production OTAs.`, Deprecated: `it will be removed in the future. Please, use a new approach to rotate the targets key into a separate file: fioctl keys tuf rotate-offline-key --role=targets \ @@ -69,5 +69,5 @@ func createTargetsCreds(factory string, root client.AtsTufRoot, creds OfflineCre } } } - return targets, errors.New("Unable to find offline target key for factory") + return targets, errors.New("Unable to find offline Target key for Factory") } diff --git a/subcommands/keys/tuf_rotate_all_keys.go b/subcommands/keys/tuf_rotate_all_keys.go index 12cb17a6..63eed4a9 100644 --- a/subcommands/keys/tuf_rotate_all_keys.go +++ b/subcommands/keys/tuf_rotate_all_keys.go @@ -21,12 +21,12 @@ func init() { The new signing keys are rotated in both CI and production TUF root transactionally. -When you rotate all TUF signing leys: -- if there are CI or production targets in your factory, they are re-signed using the new keys. -- if there is an active wave in your factory, this command is not allowed. -- new CI targets upload is temporarily disabled for the duration of transaction.`, +When you rotate all TUF signing keys: +- CI or production Targets in your Factory are re-signed using the new keys. +- If there is an active wave in your Factory, this command is not allowed. +- Uploading New CI Targets is temporarily disabled for the duration of the transaction.`, Example: ` -Migrate an old factory to use Ed25519 key type for all TUF signing keys (online and offline): +Migrate a Factory to use Ed25519 key type for all TUF signing keys (online and offline): fioctl keys tuf rotate-all-keys --key-type=ed25519 \ --keys=offline-tuf-root-keys.tgz --targets-keys=offline-tuf-targets-keys.tgz`, Run: doRotateAllKeys, @@ -34,7 +34,7 @@ Migrate an old factory to use Ed25519 key type for all TUF signing keys (online rotate.Flags().StringP("keys", "k", "", "Path to used to sign TUF root.") _ = rotate.MarkFlagRequired("keys") _ = rotate.MarkFlagFilename("keys") - rotate.Flags().StringP("targets-keys", "K", "", "Path to used to sign prod & wave TUF targets.") + rotate.Flags().StringP("targets-keys", "K", "", "Path to used to sign prod & wave TUF Targets.") _ = rotate.MarkFlagFilename("targets-keys") rotate.Flags().BoolP("first-time", "", false, "Used for the first customer rotation. The command will download the initial root key.") rotate.Flags().StringP("key-type", "y", tufKeyTypeNameEd25519, "Key type, supported: Ed25519, RSA.") diff --git a/subcommands/keys/tuf_show_root.go b/subcommands/keys/tuf_show_root.go index 84139d10..225a2e86 100644 --- a/subcommands/keys/tuf_show_root.go +++ b/subcommands/keys/tuf_show_root.go @@ -26,7 +26,7 @@ func init() { Use: "show-root", Short: "Show the Factory's TUF root metadata", Deprecated: `it has moved to a new place. -Instead, please, use the "fioctl keys tuf show-root". +Instead, use "fioctl keys tuf show-root". `, Hidden: true, Run: doShowRoot, diff --git a/subcommands/keys/tuf_updates.go b/subcommands/keys/tuf_updates.go index 47bb98d2..524b11e1 100644 --- a/subcommands/keys/tuf_updates.go +++ b/subcommands/keys/tuf_updates.go @@ -13,28 +13,28 @@ var isTufUpdatesShortcut, isTufUpdatesInitialized bool var tufUpdatesCmd = &cobra.Command{ Use: "updates", - Short: "Manage updates to the TUF root for your factory (expert mode)", + Short: "Manage updates to the TUF root for your Factory (expert mode)", Long: `These sub-commands allow you to transactionally stage and apply changes -to your Factory's TUF private keys in a granular way familiar for TUF experts. +to your Factory's TUF private keys in a granular way, familiar to TUF experts. -The TUF updates transaction starts by running the "fioctl keys tuf updates init" command. -That command returns a unique secure Transaction ID which is then required for other actions. -The admin initiating the transaction should save that TXID for the timespan of the transaction. -It must only be shared with those Factory admins which will participate in the transaction. +The TUF updates transaction starts by running "fioctl keys tuf updates init". +This returns a unique secure Transaction ID which is then required for other actions. +The admin initiating the transaction should save this TXID for the timespan of the transaction. +It must only be shared with Factory admins which will participate in the transaction. Typically, admin(s) will run other subcommands to make changes to the TUF root (see examples). -The staged changes can be checked using the "fioctl keys tuf updates review" command. +The staged changes can be checked using "fioctl keys tuf updates review". -Finally, the transaction can be applied using the "fioctl keys tuf updates apply" command. -If admin decides to abandon the staged changes they can run "fioctl keys tuf updates cancel". +Finally, the transaction can be applied using "fioctl keys tuf updates apply". +If an admin decides to abandon the staged changes they can run "fioctl keys tuf updates cancel". For increased safety there can be only one active TUF updates transaction at a time.`, Example: ` -- Take ownership of TUF root and targets keys for a new factory, keep them on separate machines: +- Take ownership of TUF root and Target keys for a new Factory and keep them on separate machines: 1. On TUF root admin's shell: fioctl keys tuf updates init --first-time --keys=tuf-root-keys.tgz - 2. The above command prints a transaction ID (e.g. abcdef42) to be shared with TUF targets admin. - 3. On TUF targets admin's shell: + 2. The above command prints a transaction ID (e.g. abcdef42) to be shared with TUF Targets admin. + 3. On TUF Targets admin's shell: fioctl keys tuf updates rotate-offline-key \ --role=targets --txid=abcdef42 --targets-keys=tuf-targets-keys.tgz 4. On TUF root admin's shell: diff --git a/subcommands/keys/tuf_updates_add_offline_key.go b/subcommands/keys/tuf_updates_add_offline_key.go index 2134ee6b..ac75f1b6 100644 --- a/subcommands/keys/tuf_updates_add_offline_key.go +++ b/subcommands/keys/tuf_updates_add_offline_key.go @@ -21,8 +21,8 @@ func init() { The new offline signing key will be used in both CI and production TUF root. -When you add a new TUF targets offline signing key, existing production targets are not signed by it. -Please, use the sign-prod-targets subcommand if you want to sign existing production targets with a new key.`, +When you add a new TUF Targets offline signing key, existing production Targets are not signed by it. +Use the sign-prod-targets subcommand if you want to sign existing production Targets with a new key.`, Example: ` - Add offline TUF root key: fioctl keys tuf updates add-offline-key \ @@ -75,7 +75,7 @@ func doTufUpdatesAddOfflineKey(cmd *cobra.Command, args []string) { case tufRoleNameTargets: onlineTargetsId := updates.Updated.OnlineKeys["targets"] if onlineTargetsId == "" { - subcommands.DieNotNil(errors.New("Unable to find online target key for factory")) + subcommands.DieNotNil(errors.New("Unable to find online target key for Factory")) } addOfflineTargetsKey(newCiRoot, creds, keyType, onlineTargetsId) default: diff --git a/subcommands/keys/tuf_updates_apply.go b/subcommands/keys/tuf_updates_apply.go index 08fee611..36fdcbb1 100644 --- a/subcommands/keys/tuf_updates_apply.go +++ b/subcommands/keys/tuf_updates_apply.go @@ -51,9 +51,9 @@ There are two options available for you now: - cancel the staged TUF root updates using the "fioctl keys tuf updates cancel"` } else { msg += ` -This is a critical error: Staged TUF root updates may be partially applied to your Factory. -Please, re-run the "fioctl keys tuf updates apply" again after some time, but as soon as possible. -If the error persists, please, contact the customer support.` +This is a critical error: Staged TUF root updates may be only partially applied to your Factory. +Please re-run the "fioctl keys tuf updates apply" soon after a short pause. +If the error persists, please contact customer support.` } err = fmt.Errorf(msg, err) } diff --git a/subcommands/keys/tuf_updates_delete_offline_key.go b/subcommands/keys/tuf_updates_delete_offline_key.go index 5045469b..3e64d8af 100644 --- a/subcommands/keys/tuf_updates_delete_offline_key.go +++ b/subcommands/keys/tuf_updates_delete_offline_key.go @@ -27,9 +27,9 @@ There are two ways to delete the offline TUF signing key: When you delete the TUF targets offline signing key: -- if there are production targets in your factory, corresponding signatures are also deleted. - if any production targets lack enough signatures - you need to sign them using the "sign-prod-targets" command. -- if there is an active wave in your factory, the TUF targets key deletion is not allowed.`, +- For production Targets, the corresponding signatures are also deleted. + if any production Targets lack enough signatures, you will need to sign them using the "sign-prod-targets" command. +- if there is an active wave, the TUF Targets key deletion is not allowed.`, Example: ` - Delete offline TUF root key: fioctl keys tuf updates delete-offline-key \ @@ -89,11 +89,11 @@ func doTufUpdatesDeleteOfflineKey(cmd *cobra.Command, args []string) { roleToUpdate = newCiRoot.Signed.Roles["targets"] onlineTargetsId := updates.Updated.OnlineKeys["targets"] if onlineTargetsId == "" { - subcommands.DieNotNil(errors.New("Unable to find online target key for factory")) + subcommands.DieNotNil(errors.New("Unable to find online Target key for Factory")) } if keyId != "" && keyId == onlineTargetsId { subcommands.DieNotNil(fmt.Errorf( - "It is not allowed to delete an online TUF targets key: %s", onlineTargetsId, + "It is not allowed to delete an online TUF Targets key: %s", onlineTargetsId, )) } validKeyIds = subcommands.SliceRemove(roleToUpdate.KeyIDs, onlineTargetsId) diff --git a/subcommands/keys/tuf_updates_init.go b/subcommands/keys/tuf_updates_init.go index beee7a8a..eca47cd5 100644 --- a/subcommands/keys/tuf_updates_init.go +++ b/subcommands/keys/tuf_updates_init.go @@ -35,7 +35,7 @@ func doTufUpdatesInit(cmd *cobra.Command, args []string) { if firstTime { if _, err := os.Stat(keysFile); err == nil { subcommands.DieNotNil(errors.New(`Destination file exists. -Please make sure you aren't accidentally overwriting another factory's keys`)) +Please make sure you aren't accidentally overwriting another Factory's keys`)) } } diff --git a/subcommands/keys/tuf_updates_review.go b/subcommands/keys/tuf_updates_review.go index 9e6ced8a..77975542 100644 --- a/subcommands/keys/tuf_updates_review.go +++ b/subcommands/keys/tuf_updates_review.go @@ -108,7 +108,7 @@ func doTufUpdatesReview(cmd *cobra.Command, args []string) { } } } else { - fmt.Println("The following TUF root updates are staged for your factory:") + fmt.Println("The following TUF root updates are staged for your Factory:") for _, amendment := range updates.Amendments { fmt.Printf(" - %s\n", amendment.Message) } diff --git a/subcommands/keys/tuf_updates_rotate_offline_key.go b/subcommands/keys/tuf_updates_rotate_offline_key.go index 1d9ec20e..eae519b3 100644 --- a/subcommands/keys/tuf_updates_rotate_offline_key.go +++ b/subcommands/keys/tuf_updates_rotate_offline_key.go @@ -20,13 +20,13 @@ func init() { Short: "Stage rotation of the offline TUF signing key for the Factory", Long: `Stage rotation of the offline TUF signing key for the Factory. -The new offline signing key will be used in both CI and production TUF root. +The new offline signing key will be used for both CI and production TUF root. -When you rotate the TUF targets offline signing key: +When you rotate the TUF Targets offline signing key: -- If there are production targets in your factory, they are re-signed using the new key. - This only applies to those production targets that were signed by a key you rotate. -- If there is an active wave in your factory, the TUF targets rotation is not allowed.`, +- Production Targets in your Factory are re-signed using the new key. + This only applies to those production Targets that were signed by a key you rotate. +- If there is an active wave, the TUF targets rotation is not allowed.`, Example: ` - Rotate offline TUF root key and re-sign the new TUF root with both old and new keys: fioctl keys tuf updates rotate-offline-key \ @@ -128,7 +128,7 @@ func doTufUpdatesRotateOfflineTargetsKey(cmd *cobra.Command) { } if targetsKeysFile == "" { subcommands.DieNotNil(errors.New( - "The --keys or --targets-keys option is required to rotate the offline TUF targets key.", + "The --keys or --targets-keys option is required to rotate the offline TUF Targets key.", )) } if shouldSign && keysFile == "" { @@ -170,14 +170,14 @@ func doTufUpdatesRotateOfflineTargetsKey(cmd *cobra.Command) { // 4. Re-sign existing production targets. onlineTargetsId := updates.Updated.OnlineKeys["targets"] if onlineTargetsId == "" { - subcommands.DieNotNil(errors.New("Unable to find online target key for factory")) + subcommands.DieNotNil(errors.New("Unable to find online Target key for Factory")) } subcommands.DieNotNil(err) newKey, newCreds := replaceOfflineTargetsKey(newCiRoot, onlineTargetsId, targetsCreds, keyType) - fmt.Println("= New target keyid:", newKey.Id) + fmt.Println("= New Target keyid:", newKey.Id) newCiRoot, newProdRoot = finalizeTufRootChanges(newCiRoot, newProdRoot) - fmt.Println("= Re-signing prod targets") + fmt.Println("= Re-signing prod Targets") var oldestKey TufSigner if len(curCiRoot.Signed.Roles["targets"].KeyIDs) > 1 { // Seaching for old key in curCiRoot supports several rotations in one transaction. @@ -187,13 +187,13 @@ func doTufUpdatesRotateOfflineTargetsKey(cmd *cobra.Command) { } targetsProdMap, err := api.ProdTargetsList(factory, false) - subcommands.DieNotNil(err, "Failed to fetch production targets:") + subcommands.DieNotNil(err, "Failed to fetch production Targets:") excludeTargetsWithoutKeySigInplace(targetsProdMap, oldestKey.Id) newTargetsProdSigs, err := signProdTargets(newKey, targetsProdMap) subcommands.DieNotNil(err) targetsWaveMap, err := api.WaveTargetsList(factory, false) - subcommands.DieNotNil(err, "Failed to fetch production wave targets:") + subcommands.DieNotNil(err, "Failed to fetch production wave Targets:") excludeTargetsWithoutKeySigInplace(targetsWaveMap, oldestKey.Id) newTargetsWaveSigs, err := signProdTargets(newKey, targetsWaveMap) subcommands.DieNotNil(err) @@ -261,6 +261,6 @@ func handleTufRootUpdatesUpload(tmpKeysFile, keysFile string, err error) { if err = os.Rename(tmpKeysFile, keysFile); err != nil { fmt.Println("\nERROR: Unable to update offline keys file.", err) fmt.Println("Temp copy still available at:", tmpKeysFile) - fmt.Println("This temp file contains your new factory private key. You must copy this file.") + fmt.Println("This temp file contains your new Tactory private key. You must copy this file.") } } diff --git a/subcommands/keys/tuf_updates_rotate_online_key.go b/subcommands/keys/tuf_updates_rotate_online_key.go index c3085802..bde4ced1 100644 --- a/subcommands/keys/tuf_updates_rotate_online_key.go +++ b/subcommands/keys/tuf_updates_rotate_online_key.go @@ -20,15 +20,15 @@ func init() { The new online signing key will be used in both CI and production TUF root. When you rotate the TUF online signing key: -- if there are CI or production targets in your factory, they are re-signed using the new key. -- if there is an active wave in your factory, the TUF online key rotation is not allowed. +- any CI or production Targets are re-signed using the new key. +- if there is an active wave, the TUF online key rotation is not allowed. - the new wave cannot be created until you apply the online keys rotation. When you apply the online key rotation, these features are temporarily disabled until it succeeds: -- new CI targets upload (including the targets upload during CI builds). -- automatic re-signing of expired TUF roles using online keys (both CI and production targets).`, +- new CI targets upload (including the Targets upload during CI builds). +- automatic re-signing of expired TUF roles using online keys (both CI and production Targets).`, Example: ` -- Rotate online TUF targets key and re-sign the new TUF root: +- Rotate online TUF Targets key and re-sign the new TUF root: fioctl keys tuf updates rotate-online-key \ --txid=abc --role=targets --keys=tuf-root-keys.tgz --sign - Rotate all online TUF keys explicitly specifying new key type (and signing algorithm): diff --git a/subcommands/keys/tuf_updates_set_threshold.go b/subcommands/keys/tuf_updates_set_threshold.go index 1cae7939..136654fd 100644 --- a/subcommands/keys/tuf_updates_set_threshold.go +++ b/subcommands/keys/tuf_updates_set_threshold.go @@ -14,12 +14,12 @@ import ( func init() { setCmd := &cobra.Command{ Use: "set-threshold --role=root|targets ", - Short: "Set signature threshold for the TUF root or production targets for your Factory", - Long: `Set signature threshold for the TUF root or production targets for your Factory + Short: "Set signature threshold for the TUF root or production Targets for your Factory", + Long: `Set signature threshold for the TUF root or production Targets for your Factory For the TUF root the signature threshold is set for both CI and production roles (default 1). For the TUF targets the signature threshold is only set for the production role (default 2). -Signature threshold for the CI TUF targets is always set to 1. +Signature threshold for the CI TUF Targets is always set to 1. Make sure to add enough offline signing keys, and add enough signatures to satisfy the new signature threshold. `, diff --git a/subcommands/keys/tuf_updates_sign_prod_targets.go b/subcommands/keys/tuf_updates_sign_prod_targets.go index 8fa30a60..5006a849 100644 --- a/subcommands/keys/tuf_updates_sign_prod_targets.go +++ b/subcommands/keys/tuf_updates_sign_prod_targets.go @@ -15,21 +15,21 @@ import ( func init() { signCmd := &cobra.Command{ Use: "sign-prod-targets --txid= --keys=", - Short: "Sign production targets for your Factory with the offline targets key", - Long: `Sign production targets for your Factory with the offline targets key. + Short: "Sign production targets for your Factory with the offline Targets key", + Long: `Sign production targets for your Factory with the offline Targets key. New signatures are staged for commit along with TUF root modifications. There are 3 use cases when this command comes handy: -- You want to sign your Factory's production targets with a newly added offline TUF Targets key. +- Signing your Factory's production Targets with a newly added offline TUF Targets key. - You increase the TUF targets signature threshold - and need to sign your production targets with an additional key. -- You remove an offline TUF targets keys - and need to replace its signatures on production targets with signatures by another key.`, + and need to sign your production Targets with an additional key. +- You remove an offline TUF Targets keys + and need to replace its signatures on production Targets with signatures by another key.`, Run: doTufUpdatesSignProdTargets, } signCmd.Flags().StringP("txid", "x", "", "TUF root updates transaction ID.") - signCmd.Flags().StringP("keys", "k", "", "Path to used to sign TUF targets.") + signCmd.Flags().StringP("keys", "k", "", "Path to used to sign TUF Targets.") _ = signCmd.MarkFlagFilename("keys") _ = signCmd.MarkFlagRequired("keys") signCmd.Flags().StringP("tags", "", "", "A comma-separated list of tags to sign; default: all tags.") @@ -59,13 +59,13 @@ func doTufUpdatesSignProdTargets(cmd *cobra.Command, args []string) { _, newCiRoot, newProdRoot := checkTufRootUpdatesStatus(updates, true) if newProdRoot == nil { - subcommands.DieNotNil(errors.New(`Please, make changes to your Factory TUF root. -For example, add a new offline TUF targets key, before signing production targets with it.`)) + subcommands.DieNotNil(errors.New(`Please make changes to your Factory TUF root. +For example, add a new offline TUF Targets key before signing production Targets with it.`)) } onlineTargetsId := updates.Updated.OnlineKeys["targets"] if onlineTargetsId == "" { - subcommands.DieNotNil(errors.New("Unable to find online target key for factory")) + subcommands.DieNotNil(errors.New("Unable to find online Target key for Factory")) } signer, err := FindOneTufSigner(newCiRoot, creds, subcommands.SliceRemove(newCiRoot.Signed.Roles["targets"].KeyIDs, onlineTargetsId)) @@ -73,18 +73,18 @@ For example, add a new offline TUF targets key, before signing production target var newTargetsProdSigs, newTargetsWaveSigs map[string][]tuf.Signature - fmt.Println("= Signing prod targets") + fmt.Println("= Signing prod Targets") // If both wave names and tags specified, or none specified - re-sign both prod and wave targets. // If only wave names or only tags specified - re-sign only what was specified (either wave names or tags). if len(tags) > 0 || len(waveNames) == 0 { targetsProdMap, err := api.ProdTargetsList(factory, true, tags...) - subcommands.DieNotNil(err, "Failed to fetch production targets:") + subcommands.DieNotNil(err, "Failed to fetch production Targets:") newTargetsProdSigs, err = signProdTargets(signer, targetsProdMap) subcommands.DieNotNil(err) } if len(waveNames) > 0 || len(tags) == 0 { targetsWaveMap, err := api.WaveTargetsList(factory, true, waveNames...) - subcommands.DieNotNil(err, "Failed to fetch production wave targets:") + subcommands.DieNotNil(err, "Failed to fetch production wave Targets:") newTargetsWaveSigs, err = signProdTargets(signer, targetsWaveMap) subcommands.DieNotNil(err) } diff --git a/subcommands/keys/tuf_utils.go b/subcommands/keys/tuf_utils.go index aa6dcd70..f776801f 100644 --- a/subcommands/keys/tuf_utils.go +++ b/subcommands/keys/tuf_utils.go @@ -24,7 +24,7 @@ import ( "github.com/foundriesio/fioctl/subcommands" ) -var errFoundNoKey = errors.New("Found no private key") +var errFoundNoKey = errors.New("No private key found") type OfflineCreds map[string][]byte @@ -43,7 +43,7 @@ type TufKeyPair struct { } func ErrMsgReadingTufKey(role, treat string) string { - return fmt.Sprintf("Error reading %s TUF %s private key from a specified file:\n", treat, role) + return fmt.Sprintf("Error reading %s TUF %s private key from specified file:\n", treat, role) } func ParseTufKeyType(s string) TufKeyType { @@ -252,7 +252,7 @@ func checkNoTufSigner(root *client.AtsTufRoot, creds OfflineCreds, keyids []stri var signers []TufSigner if signers, err = findTufSigners(root, creds, keyids); err == nil { if len(signers) > 0 { - err = errors.New("It is not allowed to store more than one active private key into one file.") + err = errors.New("It is not allowed to store more than one active private key per file.") } } return @@ -469,11 +469,11 @@ func signProdTargets( for tag, targets := range targetsMap { bytes, err := canonical.MarshalCanonical(targets.Signed) if err != nil { - return nil, fmt.Errorf("Failed to marshal targets for tag %s: %w", tag, err) + return nil, fmt.Errorf("Failed to marshal Targets for tag %s: %w", tag, err) } signatures, err := SignTufMeta(bytes, signer) if err != nil { - return nil, fmt.Errorf("Failed to re-sign targets for tag %s: %w", tag, err) + return nil, fmt.Errorf("Failed to re-sign Targets for tag %s: %w", tag, err) } signatureMap[tag] = signatures }