Commit graph

201 commits

Author SHA1 Message Date
Lukas Puehringer
fe318be693 Metadata API: Add missing space in 2 err messages
Just came across two instances where line-continued strings missed
a separating whitespace and fixed them.

Note: I also checked the entire repo for more such cases using the
regex `[^ ]["']\n *f?["'][^ ]` but didn't find any.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-11 15:15:41 +01:00
Jussi Kukkonen
5809ec51e9
Merge pull request #1754 from jku/role-keyids-order-fix
Metadata API: Make Role.keyids ordered
2022-01-11 13:00:44 +02:00
Lukas Puehringer
8620f389a8 Metadata API: Remove Signed.bump_version() method
Remove `bump_version()` method, which is just an alias for "+= 1"
on the version attribute. For a slim low-level API it seems okay to
just directly access/modify the attribute.

The extra level of abstraction of "bumping a version" is more
appropriate for a repository library (see #1136).

This patch also removes a related unit test and updates another one
to directly do `(...).version +=`.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-11 10:56:41 +01:00
lukpueh
2840ff7c1a
Merge pull request #1750 from jku/targetfile-doc-fix
docs: Make it clear what is hashed
2022-01-11 10:47:40 +01:00
Martin Vrachev
0c9764925d Make make TargetFile.custom() visible in the docs
By adding a docstring to the property RTD noticed custom and
documented it.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-05 16:45:25 +02:00
Martin Vrachev
79df859078 Metadata API simplify dictionary.get() call
Dictionary.get() by default will return "None" if the key is not
found as documented in:
https://docs.python.org/3/library/stdtypes.html#dict.get
This means we don't get anything by passing the default type.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-05 16:21:04 +02:00
Jussi Kukkonen
80d3fcf56b Metadata API: Make Role.keyids ordered
keyids are ordered in the data we deserialize: Not preserving that order
breaks canonicalization. Set does not preserve order.

Change Role.keyids type from Set to List. This is strictly speaking
an API change but a minor one: keyids are supposed to be changed
via add_key()/remove_key().

Add tests for this for both Role and DelegatedRole. Shorten a related
exception message.

Fix #1752

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-05 14:28:17 +02:00
Jussi Kukkonen
cbf1e45572 docs: Make it clear what is hashed
TUF uses file name hashes elsewhere so make it clear when hashes are for
file _contents_.

Fixes #1737.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-03 11:55:23 +02:00
Lukas Puehringer
9f2c593813 Metadata API: Remove Signed.bump_expiration()
Remove `bump_expiration()` method, which is unlikely to be used as
is, i.e.  bump to "current expiration date plus delta". A more
realistic use case is to bump to "now plus delta" (see #1727 for
details).

Moreover, bump_expiration can either way easily be replaced by a
one-liner expression using the 'datetime' module. A corresponding
code snippet is added to the `expires` property's docstring.  Note:
`expires` became a property with a millisec-removing setter (for
spec conformance) in  #1712, which further reduces the need for a
convenience bump_expiration method.

This patch also removes a related unit test and updates another
one.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2021-12-22 11:40:36 +01:00
lukpueh
cc2326d3ca
Merge pull request #1736 from lukpueh/rm-metadata-api-update
Metadata API: Remove 3 'update' methods + tests
2021-12-21 10:52:32 +01:00
lukpueh
1f3654fb97
Merge pull request #1712 from ivanayov/no_microseconds_in_api_for_signed_expires
Remove microseconds from metadata API Signed.expires
2021-12-21 10:14:42 +01:00
Lukas Puehringer
f22f357934 Metadata API: Remove 3 'update' methods + tests
Remove ambiguous, unspecific, opinionated and trivial 'update'
methods, which can be replaced by feasible one-liners that assign
values directly to the object attribute to be *updated*. (see #1627
for details).

Reasons to have these methods would be increased usability in terms of
- reduced work
- immediate feedback on invalid assignments

However, given above described issues, the reasons against the
methods as they are now seem to outweigh the reasons for them.
Furthermore, it seems easier to re-add similar methods, which
addressed these issues, after the upcoming 1.0.0 release than to
remove or modify them.

This patch also removes the corresponding tests as they become
irrelevant (there is no need to test object assignment).  In the
case of the timestamp test, the removal also includes redundant
test logic, which is already tested in `test_metadata_base`.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2021-12-21 09:48:31 +01:00
Ivana Atanasova
c5ace07c58 Remove miscroseconds from metadata API Signed.expires
This change removes microseconds from expiry in order to fit TUF
specification

Fixes #1678

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
2021-12-15 22:55:47 +02:00
Martin Vrachev
181b1a7e6d Metadata API: remove dateutil requirement
I added "dateutil" as a possible argument type for
`Metadata.bump_expiration()` as we are already testing for this and
implying it should be supported.
The problem is that "dateutil" is not added as a nontest requirement
and after a discussion, we decided we don't want to add it as well.

That's why we decided to remove "dateutil" mentions from the code
and not confuse our users we support it.

We will create a separate issue discussing the validity of
`Metadata.bump_expiration()`.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-12-14 11:23:40 +02:00
Martin Vrachev
28602e4a91 Metadata API: change bump_expiration delta type
Change the delta argument type from the tuf/api/metadata.py module
in Signed.bump_expiration() to include relativedelta as
this provides an easier interface for the callers.
We are already testing for that inside test/api line 338.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-12-09 16:55:33 +02:00
Ivana Atanasova
00589f08e3 Apply top-level rolenames constants in tests
This applies the use of constants of top-level rolenames in the
tests instead of the previously hardcoded strings.
Fixes #1648

Signed-off-by: Ivana Atanasova <iyovcheva@iyovcheva-a02.vmware.com>
2021-12-02 12:25:48 +02:00
Ivana Atanasova
d7c653470a Create constants for top-level rolenames
This is a change in the metadata API to remove hardcoded rolenames
and use constants instead.
Fixes #1648

Signed-off-by: Ivana Atanasova <iyovcheva@iyovcheva-a02.vmware.com>
2021-12-02 12:16:25 +02:00
Martin Vrachev
5c8a86665f Fix small pylint error
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-12-01 16:28:15 +02:00
Martin Vrachev
8ba3cc4394 Move mypy and pylint configs in pyproject.toml
This aims to add a single source of truth for pylint and mypy
configurations.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-12-01 15:49:41 +02:00
Jussi Kukkonen
2de883aedc
Merge pull request #1690 from kairoaraujo/issue#1558-delegate-roles-name-not-top-level-roles
Prevents delegate role name as top-level role name
2021-11-29 15:52:58 +02:00
Kairo de Araujo
72d68f34fb Remove the unnecessary set()
The set() is not required in the OrderedDict.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2021-11-29 14:37:29 +01:00
Kairo de Araujo
b6c482e1ee Ccheck empty strings, remove comprehensive lists
- Add the check for empty strings in the Delegate Role name
- Remove the comprehensive lists to make the code more readable
- Remove the test for empty file name from
``test_updater_with_simulator``

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2021-11-24 17:12:45 +01:00
Jussi Kukkonen
8e6485b066
Merge pull request #1688 from MVrachev/delegationrole-attributes-validation
Delegations: paths & path_hash_prefixes validation
2021-11-24 14:12:02 +02:00
Kairo de Araujo
597fc88036 Fix reuse datasets/tests, better keyids, standards
- Reuse the dataset and the existing tests
- Fix the keyids in the tests datasets to be aligned
- Fix the ``ValueError`` message aligned to the existent messages

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2021-11-23 13:58:26 +01:00
Kairo de Araujo
f5bf6b0784 Prevents delegate role name as top-level role name
This commit adds the validation in the ``metadata.Delegations``
to prevent that one of the delegate role names given is a top-level
role name.

A ``ValueError`` will be raised if one of the roles names in the
list given to as delegated contains the role name as one of the
top-level roles.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2021-11-22 16:33:06 +01:00
Jussi Kukkonen
747ec19934
Merge pull request #1668 from MVrachev/validate-rest-of-metadata-api
Metadata API: make Root roles a Mapping
2021-11-22 16:02:09 +02:00
Martin Vrachev
2adddf7402 Delegations: paths & path_hash_prefixes validation
Add sanity types checks on Targets delegation paths and
path_hash_prefixes making sure that they are strings.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-11-22 14:43:43 +02:00
Martin Vrachev
74c657dc9b Pylint config: add _ as a good variable name
_ is often used when a function returns multiple values and you need
a sub-portion of them. Then, those values that are unnecessary can be
named _.
Currently, pylint warns us that this is not a good variable name, so
fix that.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-11-11 15:37:49 +02:00
Martin Vrachev
de27f09a44 Pylint: disable duplicate-code for the new code
Pylint reported a couple of warnings flagged as "duplicate-code".
We were truly duplicating code - one of the examples was when we
imported the same objects from tuf/api/metadata.py:
MetaFile, Role, Root, Snapshot, TargetFile, Targets, and Timestamp
in two separate modules.
So, I thought we do want to be repetitive here and include that code at
both modules. The problem is that besides importing the above
classes the modules imported other classes from tuf.api.metadata.py
and there was no way to disable this check.
I searched and found out that this is a known problem:
https://github.com/PyCQA/pylint/issues/214.

That's why the only solution I see is to disable this warning
temporarily and hoping that one day when this issue is fixed we will
remember to turn it on again.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-11-11 15:37:49 +02:00
Martin Vrachev
29da5da4bb Metadata API: make root roles Mapping
Mark roles as a Mapping to indicate that users should not add or remove
values from the dictionary during the lifetime of the Root object)

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-11-08 19:30:49 +02:00
Martin Vrachev
b137fbcc3f plyintrc: remove redundant format section
The "FORMAT" section in pylint is no longer needed after the format
checker is disabled.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-11-05 15:07:39 +02:00
Martin Vrachev
a7766ac53a pylintc for new code: disable format checker
By default pylint does format checks:
https://pylint.pycqa.org/en/latest/technical_reference/features.html?highlight=format#format-checker

The problem is we also use black and isort who have format checkers as
well. This makes pylint format checks obsolete.

Also, it's possible that you would want to disable a warning and you
can end up in the situation where you will have to disable it for
two tools altogether.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-11-02 19:45:18 +02:00
Martin Vrachev
4158272a7a Use TOP_LEVEL_ROLE_NAMES across TUF
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-10-25 15:58:56 +03:00
Martin Vrachev
9bc55ee568 Metadata API: validate root role names
Validate that root role names are 4 and that they are exactly
"root", "snapshot", "targets" and "timestamp" as described in
the spec:
https://theupdateframework.github.io/specification/latest/#root-role

Additionally, fix the valid_roots dataset, so each of the cases contains
the top metadata role names inside the roles dictionary.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-10-25 15:58:55 +03:00
Martin Vrachev
59b5498918 Add TOP_LEVEL_ROLE_NAMES constant
This constant can be used across tuf without defining it each time.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-10-25 15:32:43 +03:00
Lukas Puehringer
86d4b35a98 Add missing method args docs in metadata API
Affected methods are:

- Root.add_key()
- Root.remove_key()
- Targets.add_key()
- Targets.remove_key()
- DelegatedRole.is_delegated_path()
- Key.from_securesystemslib_key()

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2021-10-14 11:12:05 +02:00
Jussi Kukkonen
8ed446c14b Metadata API: Stop annotating __init__() return value
This may have been required by a linter at some point, but isn't
anymore: Not annotating makes the documentation look better.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:57:19 +03:00
Jussi Kukkonen
ed520ee55d Metadata API: Improve serialization docs
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:55 +03:00
Jussi Kukkonen
892aa04cb3 Metadata API: Rewrite module doc
Rewrite the module docstring to better fit the current sphinx documentation.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:55 +03:00
Jussi Kukkonen
d5743c2312 metadata API docs: remove duplication
Annotations already include type info and e.g. Optional:
remove those from text where useful.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:52:55 +03:00
Jussi Kukkonen
868afda420 docs: Change object attribute doc style
Situation before
* constructor args are not documented
* object attributes are documented
* sphinx cannot show object attribute type annotations
* attribute docs take a lot of vertical space

Now:
* constructor args are documented
* sphinx can show annotated types of constructor args
* class docstring now explains the attributes are the same as
  constructor args (and attributes are not explicitly documented)

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-09-23 17:51:46 +03:00
Martin Vrachev
f00295f147 API CHANGE: ValueError in add/remove key in Root
This is an API change to the exceptions thrown in Root.add_key()
and Root.remove_key().
The reason for that change is that in my opinion the correct exceptions
in these cases should be "ValueError" instead of "KeyError" as
the problems are in the given values - role doesn't exist or
key is not used by a particular role.

Additionally, document the thrown exceptions in "Root.add_key" and
add a test which invokes that exception.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-21 12:20:09 +03:00
Martin Vrachev
e27070305f Metadata API: Add key helpers in Targets
Root class has the functionality to add and remove keys for delegated
metadata (add_key()/remove_key()) but the other delegator Targets does
not.
It should provide the same/similar functionality.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-21 12:20:09 +03:00
Martin Vrachev
f8620c1992 API CHANGE: enforce role name uniqueness
The spec does not say anything about role name uniqueness in a
delegations object, but I believe we cannot safely allow multiple roles
with the same role name in the roles array of a delegations object.
If we did then the roles could have different keyids, and then we would
end up in a situation where metadata may be both a valid delegation
and an invalid delegation at the same time, depending on how the role
gets chosen and that does not seem like the intention of the design.
There is an issue open in the specification with number 167 about
that issue.

Regardless of the Metadata API, I think we should enforce role name
uniqueness.
I chose to change the data structure containing roles to
OrderedDict, where keys are role names and values are DelegatedRole
instances.
This made sense to me as role names are the unique identifier of a role
and their order is important to the way they are traversed afterward.

Note: we can't use OrderedDict as type annotation until we drop support
for Python 3.6:
https://docs.python.org/3/library/typing.html#typing.OrderedDict
That's why I used quotes around "OrderedDict" annotation, because I
can't import it.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-21 12:15:45 +03:00
Martin Vrachev
bf12e7565f Metadata API: change meta type in Timestamp
In Timestamp, the only valid "meta" value is the dictionary representing
meta information for the snapshot file. This makes the API unnecessarily
complicated and requires validation that only information about snapshot
is available inside "meta".
Together with the python-tuf maintainers, we decided that snapshot meta
information will not be represented by a "meta" dictionary but instead
by a MetaFile instance and with this it will diverge from the
specification.
Additionally, to prevent confusion, I will rename the "meta" attribute
to "snapshot_meta" as this attribute will be related only to meta
information about snapshot.

This decision is coherent with ADR9 and the rationale
behind it is to provide easier, safer, and direct access to the
snapshot meta information.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-20 14:09:38 +03:00
Martin Vrachev
59c486bf57 Metadata API: improve module documentation
Clarify the purpose of metadata API and that it's a low-level API
and as such it doesn't use concepts like "repository" or
"trusted collection of metadata" and don't implement the repository
logic or client updater workflow.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-09-16 12:46:58 +03:00
Velichka Atanasova
65fd1aaf8a Add an option to create TargetFile from data/file
This is a repository tooling use case but also helpful when testing.
It could be useful when we need to update the targets object.

Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
2021-09-10 13:59:33 +03:00
Teodora Sechkova
5d71aab9ec
Remove disable=broad-except
The pylint warning W0703:broad-except was raised only
when six was used and python 2 was still supported.

The warning is no longer raised, the exceptions are
handled/raised correctly and the disabling can be removed.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-09-01 17:41:32 +03:00
Jussi Kukkonen
e1ec782f19
Merge pull request #1520 from avelichka/sslib-key
Add Key.from_securesystemslib_key
2021-08-31 09:42:39 +03:00
Jussi Kukkonen
7d77eeec31
Merge pull request #1512 from MVrachev/glob-pattern-matching
Implement glob-like pattern matching
2021-08-31 09:42:27 +03:00