Add method to remove delegated roles, and fix issue with revoking a nested delegation

This commit is contained in:
Vladimir Diaz 2016-10-20 15:01:01 -04:00
parent 531b9ba61d
commit 0106b01885

View file

@ -1691,8 +1691,6 @@ def __call__(self, rolename):
def add_delegated_role(self, rolename, targets_object):
"""
<Purpose>
@ -1737,8 +1735,41 @@ def add_delegated_role(self, rolename, targets_object):
else:
self._delegated_roles[rolename] = targets_object
def remove_delegated_role(self, rolename):
"""
Remove 'rolename' from this Targets object's list of delegated roles.
This method does not update tuf.roledb and others.
<Arguments>
rolename:
The rolename of the delegated role to remove. 'rolename' should be a
role previously delegated by this Targets role.
<Exceptions>
tuf.FormatError, if the argument is improperly formatted.
<Side Effects>
Updates the Target object's dictionary of delegated targets.
<Returns>
None.
"""
# Do the arguments have the correct format?
# Ensure the arguments have the appropriate number of objects and object
# types, and that all dict keys are properly named.
# Raise 'tuf.FormatError' if any are improperly formatted.
tuf.formats.ROLENAME_SCHEMA.check_match(rolename)
if rolename not in self._delegated_roles:
logger.debug(repr(rolename) + ' has not been delegated.')
return
else:
del self._delegated_roles[rolename]
@ -2249,7 +2280,7 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1,
# The new targets object is added as an attribute to this Targets object.
new_targets_object = Targets(self._targets_directory, rolename,
roleinfo, parent_targets_object=self)
roleinfo, parent_targets_object=self._parent_targets_object)
# Update the 'delegations' field of the current role.
current_roleinfo = tuf.roledb.get_roleinfo(self.rolename)
@ -2289,8 +2320,9 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1,
else:
self._parent_targets_object.add_delegated_role(rolename, new_targets_object)
self.add_delegated_role(rolename, new_targets_object)
@ -2346,6 +2378,9 @@ def revoke(self, rolename):
# Remove the rolename delegation from the current role. For example, the
# 'django' role is removed from repository.targets('django').
del self._delegated_roles[rolename]
self._parent_targets_object.remove_delegated_role(rolename)