* Remove dead urls: trust reader to find Requests documentation on
their own
* Mention that "stream" means that downloading the body is deferred
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
* move code to only create objects after potential raises
* Use 'with' when possible
* close manually if those did not help
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
We want the tests own log output visible as well, and they are not
under the "tuf" logger. Set root level to the same value as "tuf".
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
all test_*.py files now accept zero or more '-v' to increase tuf
logging level. The default is now ERROR.
default: ERROR
"-v": ERROR, but unittest prints test names
"-vv": WARNING
"-vvv": INFO
"-vvvv": DEBUG
Example to run a single test with DEBUG level:
python3 test_updater.py -vvvv TestUpdater.test_4_refresh
Also make test_log.py restore the log level it modifies during test.
Fixes#1093
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
All of these tests create an exception and log it. They do not
actually test anything.
The alternative would be to change the log level to something that is
not error to prevent verbose error output on successful test runs --
but that still wouldn't make them actual tests.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Don't use log level ERROR when we are only raising an exception for user
to handle (the issue is not a bug in TUF: TUF is working as expected in
all of these cases). Don't log at all if all the info is included in the
raised exception.
Also definitely don't log at error level when we don't know if this will
even be raised (e.g. a 404 is expected at least once on every
Updater.refresh()).
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
A mismatched length will lead to DownloadLengthMismatchError that will
be handled by user. There is no need to log Errors or Criticals on the
way.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
See:
Add root metadata class to new TUF metadata model #1137
Add classes for complex metadata fields #1139
Add input validation to simple metadata api #1140
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Change Metadata.verify(key) behavior to raise an exception if
none or multiple signatures for the passed key are found on the
Metadata object.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add convenience wrapper that takes a json string and passes it
to from_dict to create a Metadata object.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit better separates the Metadata class model from the
Metadata wireline format, by tailoring the constructors
towards class-based parameters and adding an additional
factory classmethod that creates Metadata objects based on the
wireline json/dictionary metadata representation. (pythonic
way of constructor overloading).
This 'from_dict' factory method recurses into the 'from_dict'
methods of each contained complex field/attribute that is also
represented by a class. Currently 'signed' is the only such
attribute.
This commit further:
- Changes optional constructor keyword arguments to mandatory
positional arguments: Reduces code and simplifies usage by
restricting it. For now, users are unlikely to call
constructor directly anyway, but the 'from_dict' factory (or
its 'from_json_file' wrapper) instead.
- Removes Signed.__expiration (datetime) vs. Signed.expires
(datestring) dichotomy: Keeping only one representation of the
same attribute in memory makes the interface simpler and less
ambiguous. We choose the datetime object, because it is more
convenient to modify. Transformation from and to the string
format required by the tuf wireline format is performed in the
corresponding metadata de/serialization methods, i.e.
('to_dict' and 'from_dict').
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Consistenly rename de/serialization interface methods, using
a 'from_' and 'to_' prefix.
read_from_json -> from_json_file
write_to_json -> to_json_file
as_json -> to_json
as_dict -> to_dict
signed_bytes -> to_canonical_bytes
The latter is also changed from a property to a method for
consistency with the other serialization methods.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove metadata factory on Signed class, for the sake of API
simplicity/non-ambiguity, i.e. it's enough to have one
way of loading any Metadata, that is:
Metadata.read_from_json
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add simple methods to create or verify signatures of the
canonical_signed property of a Metadata object.
See corresponding docstrings for behavior and design
considerations.
The commit also adds tests and updates the test setup to load
some test keys into memory.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add simple as_json Metadata method and use it instead of repository
lib's internal _get_written_metadata function in write_to_json.
This commit further adds code documentation and the possibility to
write compact json by excluding whitespace to write_to_json, and
also removes a call to the sign method from write_to_json.
The commit also adds tests.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add generic read from json class method that returns a Metadata
object with a signed field that contains the appropriate Signed
subclass, based on the signed._type field of the read metadata.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The new metadata module uses constructs that are only available
on Python >= 3.6 (typing, f-format strings, etc.).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Consistently enclose filenames referred to througout the release process in
backticks to ensure they are rendered in the code style.
Signed-off-by: Joshua Lock <jlock@vmware.com>
PR #1014 removed uses of keyid_hash_algorithms in favour of using the calculated
keyid values from the metadata. A few instances of this removal were
unintentionally reintroduced in PR #1016, when changing to explicitly passing
a list of hash algorithms rather than changing securesystemslib settings
values.
This change removes uneccessary uses of keyid_hash_algorithms.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Add a new test case in test_generate_targets_metadata
to check if targets metadata is up-to-date with its delegated
roles.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Tests logic is modified to accommodate for the update of the
delegations during generate_targets_metadata().
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Use the delegation graph traversal during load_repository()
to load delegated roles' 'keyids' and 'threshold' by reading it
from the delegating role metadata.
If more than one delegation to the same role exists, only the first
one is loaded in roledb for this role.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Collect keys and threshold of delegated roles and update
delegations in generate_targets_metadata in a similar manner
as generate_root_metadata() does for top-level roles.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Use _keys_to_keydict() for the key dictionary generation in
generate_root_metadata().
Rename it as a public function keys_to_keydict().
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
