mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Add method to remove delegated roles, and fix issue with revoking a nested delegation
This commit is contained in:
parent
531b9ba61d
commit
0106b01885
1 changed files with 40 additions and 5 deletions
|
|
@ -1691,8 +1691,6 @@ def __call__(self, rolename):
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
def add_delegated_role(self, rolename, targets_object):
|
||||
"""
|
||||
<Purpose>
|
||||
|
|
@ -1737,8 +1735,41 @@ def add_delegated_role(self, rolename, targets_object):
|
|||
|
||||
else:
|
||||
self._delegated_roles[rolename] = targets_object
|
||||
|
||||
|
||||
|
||||
def remove_delegated_role(self, rolename):
|
||||
"""
|
||||
Remove 'rolename' from this Targets object's list of delegated roles.
|
||||
This method does not update tuf.roledb and others.
|
||||
|
||||
<Arguments>
|
||||
rolename:
|
||||
The rolename of the delegated role to remove. 'rolename' should be a
|
||||
role previously delegated by this Targets role.
|
||||
|
||||
<Exceptions>
|
||||
tuf.FormatError, if the argument is improperly formatted.
|
||||
|
||||
<Side Effects>
|
||||
Updates the Target object's dictionary of delegated targets.
|
||||
|
||||
<Returns>
|
||||
None.
|
||||
"""
|
||||
|
||||
# Do the arguments have the correct format?
|
||||
# Ensure the arguments have the appropriate number of objects and object
|
||||
# types, and that all dict keys are properly named.
|
||||
# Raise 'tuf.FormatError' if any are improperly formatted.
|
||||
tuf.formats.ROLENAME_SCHEMA.check_match(rolename)
|
||||
|
||||
if rolename not in self._delegated_roles:
|
||||
logger.debug(repr(rolename) + ' has not been delegated.')
|
||||
return
|
||||
|
||||
else:
|
||||
del self._delegated_roles[rolename]
|
||||
|
||||
|
||||
|
||||
|
|
@ -2249,7 +2280,7 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1,
|
|||
|
||||
# The new targets object is added as an attribute to this Targets object.
|
||||
new_targets_object = Targets(self._targets_directory, rolename,
|
||||
roleinfo, parent_targets_object=self)
|
||||
roleinfo, parent_targets_object=self._parent_targets_object)
|
||||
|
||||
# Update the 'delegations' field of the current role.
|
||||
current_roleinfo = tuf.roledb.get_roleinfo(self.rolename)
|
||||
|
|
@ -2289,8 +2320,9 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1,
|
|||
|
||||
else:
|
||||
self._parent_targets_object.add_delegated_role(rolename, new_targets_object)
|
||||
|
||||
|
||||
self.add_delegated_role(rolename, new_targets_object)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -2346,6 +2378,9 @@ def revoke(self, rolename):
|
|||
# Remove the rolename delegation from the current role. For example, the
|
||||
# 'django' role is removed from repository.targets('django').
|
||||
del self._delegated_roles[rolename]
|
||||
self._parent_targets_object.remove_delegated_role(rolename)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue