This commit adds to the CI an automatic check for the TUF
specification version and compares it with the python-tuf metadata
API version.
If the version does not match and there is not a issue already open,
a new issue is opened.
Closes#1598
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
New pylint warnings appeared related to changes
in urlib3:
- tests/test_fetcher_ng.py:128: error: Argument 1 to "ReadTimeoutError"
has incompatible type "None"; expected "ConnectionPool" [arg-type]
- tests/test_fetcher_ng.py:128: error: Argument 2 to "ReadTimeoutError"
has incompatible type "None"; expected "str" [arg-type]
I noticed these error in this CI run:
https://github.com/theupdateframework/python-tuf/runs/4764931441?check_suite_focus=true
I fixed them by creating a urllib3.HTTPConnectionPool() instance as
the first argument and replaced the second argument with an empty
string.
This seems to do the job.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
After making a successful update of valid metadata which stores it
in cache and performing a second update with a new updater while
the metadata is already stored in cache, this test verifies that
timestamp, snaphot and targets are loaded from cache and not
downloaded
Fixes#1681
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
Dictionary.get() by default will return "None" if the key is not
found as documented in:
https://docs.python.org/3/library/stdtypes.html#dict.get
This means we don't get anything by passing the default type.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This test simulates the targets fast-forward attack recovery.
It simulates that the targets keys were compromised, the attacker
generated a new high version of the targets.
The repository generates new key for snapshot to rollback the
targets version to the initial version.
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Move the remaining
test_snapshot_rollback_with_local_snapshot_hash_mismatch
to test_updater_top_level_update.py and remove the file.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Remove TestUpdater.test_refresh from test_updater_with_simulator.
Testing refresh() is now extensively covered in the newly added
test_updater_top_level_update.py.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Update sphinx/rtd conf to display inherited members. This is
enabled specifically for the newly added `expires` property,
which has a useful code snippet in the docstring.
We don't display
- them on the tuf.api automodule overview page (avoid duplicates)
- members inherited from the built-in Exception class
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove `bump_expiration()` method, which is unlikely to be used as
is, i.e. bump to "current expiration date plus delta". A more
realistic use case is to bump to "now plus delta" (see #1727 for
details).
Moreover, bump_expiration can either way easily be replaced by a
one-liner expression using the 'datetime' module. A corresponding
code snippet is added to the `expires` property's docstring. Note:
`expires` became a property with a millisec-removing setter (for
spec conformance) in #1712, which further reduces the need for a
convenience bump_expiration method.
This patch also removes a related unit test and updates another
one.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add test cases covering downloading and loading from cache
targets with non-matching hash and length.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Remove parts of the test case which are covered in other
tests, this way making its purpose clearer.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Add a new test file and class for testing target files
fetching.
Move test_targets from test_updater_with_simulator.py to
tests/test_updater_fetch_targets.py.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Remove ambiguous, unspecific, opinionated and trivial 'update'
methods, which can be replaced by feasible one-liners that assign
values directly to the object attribute to be *updated*. (see #1627
for details).
Reasons to have these methods would be increased usability in terms of
- reduced work
- immediate feedback on invalid assignments
However, given above described issues, the reasons against the
methods as they are now seem to outweigh the reasons for them.
Furthermore, it seems easier to re-add similar methods, which
addressed these issues, after the upcoming 1.0.0 release than to
remove or modify them.
This patch also removes the corresponding tests as they become
irrelevant (there is no need to test object assignment). In the
case of the timestamp test, the removal also includes redundant
test logic, which is already tested in `test_metadata_base`.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This test simulates the snapshot fast-forward attack recovery.
It simulates that the snapshot keys were compromised, the attacker
generated a new high version of the snapshot.
The repository generates new keys for snapshot and timestamp and
rollbacks the snapshot version to the initial version.
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Using a raw string allows the use of backslashes
in the docstring comment whithout them being interpreted
as an escape character.
It also silences pylint W1401: anomalous-backslash-in-string.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Extend test_updater_delegation_graphs.py with tests
for targets metadata search.
- create a new test class TestTargetFileSearch which creates
a single repository and pefrorms multiple file searches in
subtests.
- group the common functionality in a base class TestDelegations.
- extend the data classes to accomodate for target_files.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Reduce the number of variables in the while loop by using
len(visited_role_names) instead of number_of_delegations.
Include equality in the comparison with config.max_delegations
to account for visiting "targets". Shorten the commit message.
Add max number of delegations test case.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
This test simulates the timestamp fast-forward attack recovery.
It simulates that the timestamp keys were compromised, the attacker
generated a new high version of the timestamp.
The repository generates a new key and rollbacks the timestamp
version to the initial version.
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Simplified ``tox`` environ list not to expect that developer has
all multiple Python version, but instead run with the python version
available.
Also, it adds docs build to environ list.
Running ``tox`` will run the lint, docs, and py.
The CI covers the multiple supported Python versions, and the
developers still can use tox -e py{version}
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
This commit adds to the docs tox session the flag ``-W``, which
turns the warnings into errors.
The CI will fail once it gets errors.
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
