Rename test files testing the old code by adding an "old" suffix.
This is done, so we can easily exclude them from linting.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Updated/removed documented commands and comments which were referencing Python2. Also updated links to documentation referencing Python2 docs (unchanged where needed)
Signed-off-by: Samuel Gregorovic <samuelgregorovic@gmail.com>
Signed-off-by: samuelgregorovic <samuelgregorovic@gmail.com>
Currently, we are importing the "utils" module in tests/utils
with "import utils".
This could become a problem when there is another module with
the same general name "utils" and could lead to import mistakes.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
secure-systems-lab/securesystemslib#288 changes the key generation
interface functions in such a way that it is clear if a call opens
a blocking prompt, or writes the key unencrypted. To do this two
functions are added per key type:
- `generate_and_write_*_keypair_with_prompt`
- `generate_and_write_unencrypted_*_keypair`
The default `generate_and_write_*_keypair` function now only allows
encrypted keys and only using a passed password. This respects the
principle of secure defaults and least surprise.
sslib#288 furthermore adds a protected
`_generate_and_write_*_keypair`, which is not exposed publicly
because it does not encrypt by default, but is more flexible and
thus convenient e.g. to consume all arguments from a key generation
command line tool such as 'repo.py'.
This commit adds the new public functions to the tuf namespace and
adopts their usage accordingly.
NOTE regarding repo.py:
This commit does not fix any problematic password behavior of
'repo.py' like default passwords, etc. (see #881). It only adopts
the sslib#288 changes to maintain the current behvior, plus
removing one glaringly obsolete password prompt.
NOTE regarding key import:
The securesystemslib private key import functions were also changed
to no longer auto-prompt for decryption passwords , TUF, however,
only exposes custom wrappers (see repository_lib) that do
auto-prompt. sslib#288 changes to the prompt texts are nevertheless
propagated to tuf and reflected in this commit.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
It's convenient to be able to run unit test scripts directly, rather than
having to pass them as arguments to Python. This is already possible for
several of our unit tests, make it possible for all by setting the execute
bit.
Signed-off-by: Joshua Lock <jlock@vmware.com>
all test_*.py files now accept zero or more '-v' to increase tuf
logging level. The default is now ERROR.
default: ERROR
"-v": ERROR, but unittest prints test names
"-vv": WARNING
"-vvv": INFO
"-vvvv": DEBUG
Example to run a single test with DEBUG level:
python3 test_updater.py -vvvv TestUpdater.test_4_refresh
Also make test_log.py restore the log level it modifies during test.
Fixes#1093
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Improve the coding style in TUTORIAL in the case
where absolute path to a file is needed to perform file system
access and at the same time is rejected by Targets methods.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
- add a test for _check_path() method of Targets class.
- update all tests calling _check_path() respectively
- update test_tutorial
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Merge the logger calls reporting information about the hashed bin
delegations into a single logger.info() call to ensure the messages
will be grouped together even when integrated into a logging system
with multiple parallel sources.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Add, remove and update function calls to match code snippets in
tutorial.
This commit also adds tests for outputs of `repo.status()` and
`repo.dirty_roles()` functions.
Note that the compare-to strings need to be constructed
programatically, akin to how they are constructed in the relevant
functions, in order to avoid issues with unicode prefixes in
Python2/3, e.g.
"Dirty roles: ['root']"
vs "Dirty roles: [u'root']"
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Instead of keeping track of files created during the tutorial and
removing them afterwards, this commit updates the test case to
create and change into a temporary directory in setUp and
change back and remove the tempdir in tearDown.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Note that target filepaths specified in the repo use '/' even on
Windows.
(That property is important to make sure that metadata is platform-
independent.)
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
(that is, despite currently existing issue to be remedied in #774)
Currently, repository_tool.get_filepaths_in_directory yields
relative paths, not the absolute paths it promises in its docstring.
This test will now function despite this and continue to function
after #774 is merged.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Because leading '/' is no longer allowed in target filenames in
target addition or delegation.
See https://github.com/theupdateframework/tuf/issues/639
While we're at it, remove some other unnecessary '/' characters
in repository creation and loading in the tutorial and tutorial
test.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
add_restricted_paths was renamed to add_path; however, this
function represents a problematic element of TUF that assumes
that roles are have a single delegator and delegatee, and that
one can refer to a role's expected keys without being concerned
about any delegation metadata....
So this is being removed from the tutorial. In time, add_paths
will either be removed or changed (to expect a delegator role
and a delegatee role, not just a delegatee role).
This comment does not do justice to the issue: please see TUF
GitHub Issue #660:
https://github.com/theupdateframework/tuf/issues/660
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
While it may be nice, the use of a keystore/ directory for the
temporary keys created in the tutorial complicates the code a
good bit when it's done in a portable way (tons of os.path.join()
calls), and that's not worth it. It also is a slight complication
in a tutorial that profits from being as simple as possible.
Tests will be run in multiple environments (including non-Linux
environments) and to leave so many extra subdirectory uses in the
tutorial means that the tutorial test will deviate over a large
number of lines from the TUTORIAL.md content it is intended to
test, which would be bad.
This commit adjusts both the tutorial doc and the regression test
for the tutorial.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
running test_tutorial.py attempts the commands replicated from
TUTORIAL.md. This should help us avoid breaking the tutorial with
future changes without noticing by having automated testing run
the tutorial and produce helpful output.
NOTE that this test currently fails because the tutorial is
currently broken!
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
