uploader API has two POST endpoints
/api/delegation/<ROLE>
Accepts new delegation keys for targetpath "<ROLE>/*" to role <ROLE>.
This data is not signed in any way: In a real service this action would
require some external authentication.
POST content:
{ <KEYID>: <TUF KEY> }
/api/role/<ROLE>
accepts uploads of new versions of <ROLE> metadata. The metadata
must be correctly signed by the keys assigned to this delegation.
POST content:
TUF targets metadata as json
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This tool works with the example repository: it can be used to
* Add a delegation (this is an unsafe API corresponding to e.g.
project creation in PyPI)
* Submit new delegated role version (this requires using signing keys
already submitted with the delegation)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
