keyid: verify adding an existing key is ignored

Verify that adding an already existing key to keyid for a particular role in Root won't create duplicate key. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2026-05-24 10:08:28 +00:00 · 2021-04-28 13:01:41 +03:00 · 2021-04-28 13:01:41 +03:00 · 1ce94b95cb
commit 1ce94b95cb
parent 54a535e4c3
2 changed files with 7 additions and 3 deletions
--- a/tests/test_api.py
+++ b/tests/test_api.py
@ -381,6 +381,11 @@ def test_metadata_root(self):
        self.assertIn(keyid, root.signed.roles['root'].keyids)
        self.assertIn(keyid, root.signed.keys)

+        # Try adding the same key again and assert its ignored.
+        pre_add_keyid = root.signed.roles['root'].keyids.copy()
+        root.signed.add_key('root', keyid, key_metadata)
+        self.assertEqual(pre_add_keyid, root.signed.roles['root'].keyids)
+
        # Remove the key
        root.signed.remove_key('root', keyid)

--- a/tuf/api/metadata.py
+++ b/tuf/api/metadata.py
@ -577,9 +577,8 @@ def add_key(
        self, role: str, keyid: str, key_metadata: Mapping[str, Any]
    ) -> None:
        """Adds new key for 'role' and updates the key store."""
-        if keyid not in self.roles[role].keyids:
-            self.roles[role].keyids.add(keyid)
-            self.keys[keyid] = key_metadata
+        self.roles[role].keyids.add(keyid)
+        self.keys[keyid] = key_metadata

    # Remove key for a role.
    def remove_key(self, role: str, keyid: str) -> None: