diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py index 6f8bb1b1..ff12b863 100755 --- a/tuf/repository_tool.py +++ b/tuf/repository_tool.py @@ -1691,8 +1691,6 @@ def __call__(self, rolename): - - def add_delegated_role(self, rolename, targets_object): """ @@ -1737,8 +1735,41 @@ def add_delegated_role(self, rolename, targets_object): else: self._delegated_roles[rolename] = targets_object + + def remove_delegated_role(self, rolename): + """ + Remove 'rolename' from this Targets object's list of delegated roles. + This method does not update tuf.roledb and others. + + + rolename: + The rolename of the delegated role to remove. 'rolename' should be a + role previously delegated by this Targets role. + + + tuf.FormatError, if the argument is improperly formatted. + + + Updates the Target object's dictionary of delegated targets. + + + None. + """ + + # Do the arguments have the correct format? + # Ensure the arguments have the appropriate number of objects and object + # types, and that all dict keys are properly named. + # Raise 'tuf.FormatError' if any are improperly formatted. + tuf.formats.ROLENAME_SCHEMA.check_match(rolename) + + if rolename not in self._delegated_roles: + logger.debug(repr(rolename) + ' has not been delegated.') + return + + else: + del self._delegated_roles[rolename] @@ -2249,7 +2280,7 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1, # The new targets object is added as an attribute to this Targets object. new_targets_object = Targets(self._targets_directory, rolename, - roleinfo, parent_targets_object=self) + roleinfo, parent_targets_object=self._parent_targets_object) # Update the 'delegations' field of the current role. current_roleinfo = tuf.roledb.get_roleinfo(self.rolename) @@ -2289,8 +2320,9 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1, else: self._parent_targets_object.add_delegated_role(rolename, new_targets_object) - - + self.add_delegated_role(rolename, new_targets_object) + + @@ -2346,6 +2378,9 @@ def revoke(self, rolename): # Remove the rolename delegation from the current role. For example, the # 'django' role is removed from repository.targets('django'). del self._delegated_roles[rolename] + self._parent_targets_object.remove_delegated_role(rolename) + +