Commit graph

4493 commits

Author SHA1 Message Date
Martin Vrachev
9989d3c614 Tests: move decorator in utils so it can be reused
Generalize the decorator used in test_metadata_serialization.py and
move it inside tests/utils.py, so it can be reused in other similar
situations.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-10-07 15:19:50 +03:00
Martin Vrachev
76cf36eb86 Handle consistent targets same as legacy updater
The definition of consistent targets in the spec is ambiguous:
"consistent target files should be written to non-volatile storage
as digest.filename.ext"
Additionally, the specification describes consistent targets when the
client builds the download URL as follows:
"The filename is of the form HASH.FILENAME.EXT".
The issue is about how we interpreted those quotes.
The legacy updater has decided this means a target path "a/b" will
translate to a download url path "a/{HASH}.b".
The ngclient however translates the target path "a/b" to a download url
path "{HASH}.a/b".

We decided we want to follow the same approach taken from the legacy
updater and thus change how we construct the consistent targets.
Additionally, we want to make sure we test for cases when the TARGETPATH
is an empty string or points to a directory.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-10-07 15:19:50 +03:00
Jussi Kukkonen
d021331890
Merge pull request #1590 from jku/docs-tweaking
API doc improvements
2021-10-01 15:13:07 +03:00
Jussi Kukkonen
4e835855df ngclient: Fix docs link to specification
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-10-01 14:42:54 +03:00
Jussi Kukkonen
bb1ed9f5d8
Merge pull request #1589 from theupdateframework/dependabot/pip/urllib3-1.26.7
build(deps): bump urllib3 from 1.26.6 to 1.26.7
2021-09-30 10:30:28 +03:00
Jussi Kukkonen
bd84dcf2d3
Merge pull request #1592 from jku/encode-target-filename
ngclient: Don't use target path as local path
2021-09-30 10:28:41 +03:00
Jussi Kukkonen
eeebc41638 ngclient: Don't use target path as local path
Doing so is not always safe and has various other issues
(like target paths "a/../b" and "b" ending up as the same
local path).

Instead URL-encode the target path to make it a plain filename. This
removes any opportunity for path trickery and removes the need to create
the required sub directories (which we were not doing currently, leading
to failed downloads). URL-encoding encodes much more than we really need
but doing so should not hurt: the important thing is that it encodes
all path separators.

Return the actual filepath as return value. I would like to modify the
arguments so caller could decide the filename if they want to. But I
won't do it now because updated_targets() (the caching mechanism)
relies on filenames being chosen by TUF. The plan is to make it
possible for caller to choose the filename though.

This is clearly a "filesystem API break" for anyone depending on the
actual target file names, and does not make sense if we do not plan to
go forward with other updated_targets()/download_target() changes
listed in #1580.

This is part of bigger plan in #1580
Fixes #1571

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-27 11:47:53 +03:00
Jussi Kukkonen
82b09679cc
Merge pull request #1588 from sechkova/session-timeout
ngclient: handle timeout on session.get()
2021-09-27 10:22:54 +03:00
Jussi Kukkonen
e6787ae0e2
Merge pull request #1587 from jku/tests-repo-sim-targets-support
tests: Add target support to RepositorySimulator
2021-09-27 10:21:42 +03:00
Jussi Kukkonen
59b0b99ba3 tests: Improve the docs on RepositorySimulator
The handling of consistent snapshot was not very clear: try to make
it more obvious what is supported and what is not.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-24 13:41:52 +03:00
Jussi Kukkonen
1fb4204c26 tests: Add target support to RepositorySimulator
* Add very simple targets support into simulator
* Add documentation for the simulator
* Add an example targets test

This might need to be tweaked and/or extended as we add tests but the
implementation should give a good indication of how to extend it.

As an example, non-consistent targets are not yet supported, but
making fetch() check for the consistent_snapshot state and respond
accordingly should be easy.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-24 13:41:52 +03:00
Jussi Kukkonen
8ed446c14b Metadata API: Stop annotating __init__() return value
This may have been required by a linter at some point, but isn't
anymore: Not annotating makes the documentation look better.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:57:19 +03:00
Jussi Kukkonen
ed520ee55d Metadata API: Improve serialization docs
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:55 +03:00
Jussi Kukkonen
a77c0831e7 docs: rename "helpers" to "supporting classes"
Also add a summary to the page -- unfortunately getting a standard
TOC would require creating a rst page for each class.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:55 +03:00
Jussi Kukkonen
892aa04cb3 Metadata API: Rewrite module doc
Rewrite the module docstring to better fit the current sphinx documentation.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:55 +03:00
Jussi Kukkonen
424cc3282b docs: Include the Serialization interfaces
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:55 +03:00
Jussi Kukkonen
d5743c2312 metadata API docs: remove duplication
Annotations already include type info and e.g. Optional:
remove those from text where useful.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:55 +03:00
Jussi Kukkonen
21ce5e2915 Hide to_dict()/from_dict()
These are helpers for serialization implementers, not useful for
Metadata API users.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:55 +03:00
Jussi Kukkonen
217bd9dbc7 Separate API documentation pages
This makes the individual pages easier to read.

Use some autodoc configuration so we can have less config
in the automodule/autoclass declarations.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:52 +03:00
Jussi Kukkonen
868afda420 docs: Change object attribute doc style
Situation before
* constructor args are not documented
* object attributes are documented
* sphinx cannot show object attribute type annotations
* attribute docs take a lot of vertical space

Now:
* constructor args are documented
* sphinx can show annotated types of constructor args
* class docstring now explains the attributes are the same as
  constructor args (and attributes are not explicitly documented)

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:51:46 +03:00
dependabot[bot]
9133788f04
build(deps): bump urllib3 from 1.26.6 to 1.26.7
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.6 to 1.26.7.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.7/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.6...1.26.7)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-23 10:05:46 +00:00
Jussi Kukkonen
cc1f95e789
Merge pull request #1537 from MVrachev/role-name-uniqueness
Enforce role name uniqueness and add Targets key helpers
2021-09-22 11:12:52 +03:00
Teodora Sechkova
7b61ad8538
ngclient: use mock instead of slow_retrieval_server
Instead of starting a dedicated slow_retrieval_server
to test for read timeout in RequestsFetcher, use
unittest.mock to mock the response.raw.read call.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-09-21 14:04:28 +03:00
Teodora Sechkova
119693ff40
ngclient: handle timeout on session.get
RequestsFetcher now handles connect/read timeout
errors on session.get() as it does when reading data.

Adding a test which uses unittest.mock to patch the
session.get method instead of simulating the timeout
with a server.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-09-21 14:03:29 +03:00
Martin Vrachev
f00295f147 API CHANGE: ValueError in add/remove key in Root
This is an API change to the exceptions thrown in Root.add_key()
and Root.remove_key().
The reason for that change is that in my opinion the correct exceptions
in these cases should be "ValueError" instead of "KeyError" as
the problems are in the given values - role doesn't exist or
key is not used by a particular role.

Additionally, document the thrown exceptions in "Root.add_key" and
add a test which invokes that exception.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-21 12:20:09 +03:00
Martin Vrachev
e27070305f Metadata API: Add key helpers in Targets
Root class has the functionality to add and remove keys for delegated
metadata (add_key()/remove_key()) but the other delegator Targets does
not.
It should provide the same/similar functionality.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-21 12:20:09 +03:00
Martin Vrachev
1a5912aa7c Remove some unused imports
We can remove the conditional imports from tests as now we support
python versions 3.6+.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-21 12:20:09 +03:00
Martin Vrachev
510078b542 Move tests to test_metadata_serialization
Move the Delegation class serialization tests from "test_api.py"
to test_metadata_serialization.py module focused on serialization
testing.

Additionally, a test for empty keys and roles will be added in my
upcomming pr #1511.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-21 12:20:09 +03:00
Martin Vrachev
f8620c1992 API CHANGE: enforce role name uniqueness
The spec does not say anything about role name uniqueness in a
delegations object, but I believe we cannot safely allow multiple roles
with the same role name in the roles array of a delegations object.
If we did then the roles could have different keyids, and then we would
end up in a situation where metadata may be both a valid delegation
and an invalid delegation at the same time, depending on how the role
gets chosen and that does not seem like the intention of the design.
There is an issue open in the specification with number 167 about
that issue.

Regardless of the Metadata API, I think we should enforce role name
uniqueness.
I chose to change the data structure containing roles to
OrderedDict, where keys are role names and values are DelegatedRole
instances.
This made sense to me as role names are the unique identifier of a role
and their order is important to the way they are traversed afterward.

Note: we can't use OrderedDict as type annotation until we drop support
for Python 3.6:
https://docs.python.org/3/library/typing.html#typing.OrderedDict
That's why I used quotes around "OrderedDict" annotation, because I
can't import it.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-21 12:15:45 +03:00
Jussi Kukkonen
afc67d967b
Merge pull request #1586 from theupdateframework/dependabot/pip/charset-normalizer-2.0.6
build(deps): bump charset-normalizer from 2.0.5 to 2.0.6
2021-09-21 11:59:44 +03:00
Jussi Kukkonen
67c52987a6
Merge pull request #1446 from MVrachev/snapshot-property
Metadata API: change meta type in Timestamp
2021-09-20 14:39:55 +03:00
Martin Vrachev
bf12e7565f Metadata API: change meta type in Timestamp
In Timestamp, the only valid "meta" value is the dictionary representing
meta information for the snapshot file. This makes the API unnecessarily
complicated and requires validation that only information about snapshot
is available inside "meta".
Together with the python-tuf maintainers, we decided that snapshot meta
information will not be represented by a "meta" dictionary but instead
by a MetaFile instance and with this it will diverge from the
specification.
Additionally, to prevent confusion, I will rename the "meta" attribute
to "snapshot_meta" as this attribute will be related only to meta
information about snapshot.

This decision is coherent with ADR9 and the rationale
behind it is to provide easier, safer, and direct access to the
snapshot meta information.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-20 14:09:38 +03:00
dependabot[bot]
ba28b5a560
build(deps): bump charset-normalizer from 2.0.5 to 2.0.6
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.5 to 2.0.6.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Commits](https://github.com/ousret/charset_normalizer/compare/2.0.5...2.0.6)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-20 10:26:34 +00:00
Jussi Kukkonen
234cf64f0f
Merge pull request #1585 from jku/coveralls-fin-not-required
CI: Do not require coveralls-fin to succeed
2021-09-20 13:22:45 +03:00
Jussi Kukkonen
65fc968b7f CI: Do not require coveralls-fin to succeed
We already do not require individual build uploads to succeed: let's
also not require the final step to succeed.

The immediate context for this is that coveralls has been down for
three days now.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-20 12:51:32 +03:00
Joshua Lock
48eaeabef6
Merge pull request #1583 from jku/improve-ci-github-ui
GitHub CI workflow: tweak names
2021-09-20 10:48:32 +01:00
Jussi Kukkonen
553a4d3284
Merge pull request #1581 from theupdateframework/dependabot/pip/charset-normalizer-2.0.5
build(deps): bump charset-normalizer from 2.0.4 to 2.0.5
2021-09-17 19:43:40 +03:00
Jussi Kukkonen
4110a1cf9c GitHub workflow: Use Python 3.x for lint
pylint 2.7 supports Python 3.9. This issue might reappear with next
Python release but let's deal with that if it happens.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-17 19:34:08 +03:00
Jussi Kukkonen
b59679c374 GitHub CI workflow: tweak names
Currently the github UI dropdown for checks looks useless since
checks are named "Run TUF tests and...".

Tweak the workflow and job names to hopefully fit the actual
step name in the UI.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-17 19:34:08 +03:00
Jussi Kukkonen
c5e0bddcd9
Merge pull request #1584 from MVrachev/fix-warning
Fix pylint warnings
2021-09-17 19:25:38 +03:00
Martin Vrachev
f9442a507d Remove some uses of "global"
Simplify the code by removing some of the uses of "global" by using
alternativies to the assignements.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-17 19:15:06 +03:00
Martin Vrachev
1a96bdd2b9 Fix pylint warnings
New pylint warnings appeared with code "W0602: Using global for X but
no assignment is done (global-variable-not-assigned)" where X is a
global variable.
In the lines pointed by the warnings, "global" was used inside a
function scope in order to enable assignment of the global variable to
a new value in the function.
The reason for these warnings was that pylint noticed we are using
"global" for the variable X inside a function scope without actually
assigning it to a new value.
Overall that was true for the reported cases and I removed the use of
"global", but there were only two cases where pylint reported a
false-positive. Then we were using "global", but pylint didn't
understand there were assignments.
In those cases, I disabled the warnings.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-17 18:51:51 +03:00
Jussi Kukkonen
279ac7daf8
Merge pull request #1533 from MVrachev/update-metadata-api-documentation
Metadata API: improve metadata module documentation
2021-09-17 13:48:24 +03:00
Martin Vrachev
59c486bf57 Metadata API: improve module documentation
Clarify the purpose of metadata API and that it's a low-level API
and as such it doesn't use concepts like "repository" or
"trusted collection of metadata" and don't implement the repository
logic or client updater workflow.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-16 12:46:58 +03:00
dependabot[bot]
42eedcae56
build(deps): bump charset-normalizer from 2.0.4 to 2.0.5
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Commits](https://github.com/ousret/charset_normalizer/compare/2.0.4...2.0.5)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-15 10:07:20 +00:00
Jussi Kukkonen
6a5b64295c
Merge pull request #1521 from avelichka/targetfile-from-data
Add an option to create TargetFile from data/file
2021-09-13 09:50:35 +03:00
Jussi Kukkonen
57985a0e30
Merge pull request #1574 from jku/ngclient-persist-metadata-safely
Ngclient: persist metadata safely
2021-09-11 11:57:18 +03:00
Velichka Atanasova
65fd1aaf8a Add an option to create TargetFile from data/file
This is a repository tooling use case but also helpful when testing.
It could be useful when we need to update the targets object.

Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
2021-09-10 13:59:33 +03:00
Jussi Kukkonen
09534816bd
Merge pull request #1569 from jku/updater-tests-with-simulated-repo
test ngclient with simulated repo
2021-09-10 11:28:32 +03:00
Jussi Kukkonen
ad813a5d0d tests: Add type checks suggested by mypy
also black fixes.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-10 09:59:03 +03:00