Fix remaining test failures

This commit is contained in:
Vladimir Diaz 2016-08-04 15:37:49 -04:00
parent 81a147614b
commit f05fdd9c05
4 changed files with 33 additions and 37 deletions

View file

@ -1087,7 +1087,7 @@ def test_delegate(self):
rolename = 'tuf'
list_of_targets = [target1_filepath, target2_filepath]
threshold = 1
restricted_paths = [self.targets_directory]
restricted_paths = [self.targets_directory + '/*']
path_hash_prefixes = ['e3a3', '8fae', 'd543']
self.targets_object.delegate(rolename, public_keys, list_of_targets,
@ -1334,7 +1334,7 @@ def test_add_restricted_paths(self):
restricted_path = os.path.join(self.targets_directory, 'tuf_files')
os.mkdir(restricted_path)
restricted_paths = [restricted_path]
restricted_paths = [restricted_path + '/*']
self.targets_object.add_restricted_paths(restricted_paths, 'tuf')
# Retrieve 'targets_object' roleinfo, and verify the roleinfo contains
@ -1344,7 +1344,7 @@ def test_add_restricted_paths(self):
targets_object_roleinfo = tuf.roledb.get_roleinfo(self.targets_object.rolename)
delegated_role = targets_object_roleinfo['delegations']['roles'][0]
self.assertEqual(['/tuf_files/'], delegated_role['paths'])
self.assertEqual(['/tuf_files/*'], delegated_role['paths'])
# Test improperly formatted arguments.

View file

@ -969,7 +969,7 @@ def test_6_target(self):
# the metadata store) so that it can be found later.
filepath, fileinfo = target_files.popitem()
target_files[filepath] = fileinfo
target_fileinfo = self.repository_updater.target(filepath)
self.assertTrue(tuf.formats.TARGETFILE_SCHEMA.matches(target_fileinfo))
self.assertEqual(target_fileinfo['filepath'], filepath)
@ -982,7 +982,7 @@ def test_6_target(self):
# Test updater.target() backtracking behavior (enabled by default.)
targets_directory = os.path.join(self.repository_directory, 'targets')
foo_directory = os.path.join(targets_directory, 'foo')
foo_pattern = os.path.join(targets_directory, 'foo*.tar.gz')
foo_pattern = os.path.join(foo_directory, 'foo*.tar.gz')
os.makedirs(foo_directory)
foo_package = os.path.join(foo_directory, 'foo1.1.tar.gz')
@ -998,6 +998,7 @@ def test_6_target(self):
repository.targets.delegate('role3', [self.role_keys['targets']['public']],
[foo_package], restricted_paths=[foo_pattern])
repository.targets.load_signing_key(self.role_keys['targets']['private'])
repository.targets('role2').load_signing_key(self.role_keys['targets']['private'])
repository.targets('role3').load_signing_key(self.role_keys['targets']['private'])

View file

@ -2599,9 +2599,8 @@ def target(self, target_filepath):
# Raise an exception if the target information could not be retrieved.
if target is None:
message = target_filepath + ' not found.'
logger.error(target_filepath + ' not found.')
raise tuf.UnknownTargetError(message)
raise tuf.UnknownTargetError(target_filepath + ' not found.')
# Otherwise, return the found target.
else:
@ -2843,6 +2842,10 @@ def _visit_child_role(self, child_role, target_filepath, parent_delegations):
if fnmatch.fnmatch(target_filepath, child_role_path):
child_role_is_relevant = True
else:
logger.debug('Target path' + repr(target_filepath) + ' does not'
' match child role path ' + repr(child_role_path))
else:
# 'role_name' should have been validated when it was downloaded.
# The 'paths' or 'path_hash_prefixes' fields should not be missing,

View file

@ -1728,22 +1728,22 @@ def target_files(self):
def add_restricted_paths(self, list_of_directory_paths, child_rolename):
def add_restricted_paths(self, restricted_paths, child_rolename):
"""
<Purpose>
Add 'list_of_directory_paths' to the restricted paths of 'child_rolename'.
Add 'restricted_paths' to the restricted paths of 'child_rolename'.
The updater client verifies the target paths specified by child roles, and
searches for targets by visiting these restricted paths. A child role may
only provide targets specifically listed in the delegations field of the
parent, or a target that falls under a restricted path.
parent, or a target that matches a restricted path.
>>>
>>>
>>>
<Arguments>
list_of_directory_paths:
A list of directory paths 'child_rolename' should also be restricted to.
restricted_paths:
A list of paths that 'child_rolename' should be restricted to.
child_rolename:
The child delegation that requires an update to its restricted paths,
@ -1751,8 +1751,8 @@ def add_restricted_paths(self, list_of_directory_paths, child_rolename):
'unclaimed').
<Exceptions>
tuf.Error, if a directory path in 'list_of_directory_paths' is not a
directory, or not under the repository's targets directory. If
tuf.Error, if a restricted path in 'restricted_paths' is not a string
path, doesn't live under the repository's targets directory, or if
'child_rolename' has not been delegated yet.
<Side Effects>
@ -1766,46 +1766,40 @@ def add_restricted_paths(self, list_of_directory_paths, child_rolename):
# Ensure the arguments have the appropriate number of objects and object
# types, and that all dict keys are properly named.
# Raise 'tuf.FormatError' if there is a mismatch.
tuf.formats.PATHS_SCHEMA.check_match(list_of_directory_paths)
tuf.formats.PATHS_SCHEMA.check_match(restricted_paths)
tuf.formats.ROLENAME_SCHEMA.check_match(child_rolename)
# A list of verified paths to be added to the child role's entry in the
# parent's delegations.
directory_paths = []
# A list of relative and verified paths to be added to the child role's
# entry in the parent's delegations.
relative_paths = []
# Ensure the 'child_rolename' has been delegated, otherwise it will not
# have an entry in the parent role's delegations field.
if not tuf.roledb.role_exists(child_rolename):
raise tuf.Error(repr(child_rolename) + ' has not been delegated.')
# Are the paths in 'list_of_directory_paths' valid?
for directory_path in list_of_directory_paths:
directory_path = os.path.abspath(directory_path)
if not os.path.isdir(directory_path):
raise tuf.Error(repr(directory_path) + ' is not a directory.')
# Are the paths in the repository's targets directory? Append a trailing
# path separator with os.path.join(path, '').
for restricted_path in restricted_paths:
# Do the restricted paths fall under the repository's targets directory?
# Append a trailing path separator with os.path.join(path, '').
targets_directory = os.path.join(self._targets_directory, '')
directory_path = os.path.join(directory_path, '')
if not directory_path.startswith(targets_directory):
raise tuf.Error(repr(directory_path) + ' is not under the'
if not restricted_path.startswith(targets_directory):
raise tuf.Error(repr(restricted_path) + ' does not live under the'
' Repository\'s targets directory: ' + repr(self._targets_directory))
directory_paths.append(directory_path[len(self._targets_directory):])
relative_paths.append(restricted_path[len(self._targets_directory):])
# Get the current role's roleinfo, so that its delegations field can be
# updated.
roleinfo = tuf.roledb.get_roleinfo(self._rolename)
# Update the restricted paths of 'child_rolename'.
# Update the restricted paths of 'child_rolename' to add relative paths.
for role in roleinfo['delegations']['roles']:
if role['name'] == child_rolename:
restricted_paths = role['paths']
for directory_path in directory_paths:
if directory_path not in restricted_paths:
restricted_paths.append(directory_path)
for relative_path in relative_paths:
if relative_path not in restricted_paths:
restricted_paths.append(relative_path)
tuf.roledb.update_roleinfo(self._rolename, roleinfo)
@ -2178,7 +2172,7 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1,
for target in list_of_targets:
target = os.path.abspath(target)
if not target.startswith(self._targets_directory+os.sep):
if not target.startswith(self._targets_directory + os.sep):
raise tuf.Error(repr(target) + ' is not under the Repository\'s'
' targets directory: ' + repr(self._targets_directory))
@ -2190,13 +2184,11 @@ def delegate(self, rolename, public_keys, list_of_targets, threshold=1,
if restricted_paths is not None:
for path in restricted_paths:
path = os.path.abspath(path) + os.sep
if not path.startswith(self._targets_directory + os.sep):
raise tuf.Error(repr(path) + ' is not under the Repository\'s'
' targets directory: ' +repr(self._targets_directory))
# Append a trailing path separator with os.path.join(path, '').
path = os.path.join(path, '')
relative_restricted_paths.append(path[targets_directory_length:])
# Create a new Targets object for the 'rolename' delegation. An initial