python-tuf/tox.ini
Lukas Puehringer 3d8cade471 Add metadata serialization sub-package
Add sub-package with 3 abstract base classes to:
- serialize Metadata objects to bytes (transport)
- deserialize Metadata objects from bytes (transport)
- serialize Signed objects to bytes (signatures)

pylint notes:
- configure tox to use api/pylintrc
- configure api/pylintrc to allow classes without public methods
  (default was 2)

Design considerations
---------------------
- Why not implement de/serialization on metadata classes?
  -> See ADR0006.

- Why use separate classes for serialization and deserialization?
  -> Some users might only need either one, e.g. client only needs
     Deserializer. Maybe there are use cases where different
     implementations are used to serialize and deserialize.

- Why use separate classes for Metadata- and Signed-Serialization?
  -> They require different concrete types, i.e. Metadata and
     Signed as parameters, and using these specific types seems to
     make the interface stronger.

- Why are de/serialize methods not class/staticmethods?
  -> In reality we only use classes to namespace and define a
     type annotated interface, thus it would be enough to make the
     methods classmethods. However, to keep the de/serialize
     interface minimal, we move any custom format configuration to
     the constructor. (See e.g. "compact" for JSONSerializer in
     subsequent commit).

Naming considerations
---------------------
- Why de/serialize?
  -> Implies byte stream as input or output to the function, which
     is what our interface needs.
- Why not marshaling?
  -> Synonym for serialize but implies transport, would be okay.
- Why not encoding?
  -> Too abstract and too many connotations (character, a/v).
- Why not parse?
  -> Too abstract and no good opposite terms (unparse, write,
     dump?)

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2021-03-03 15:09:48 +01:00

50 lines
1.9 KiB
INI

# Tox (https://tox.readthedocs.io/en/latest/) is a tool for running tests
# in multiple virtualenvs. This configuration file will run the
# test suite on all supported python versions. To use it, "pip install tox"
# and then run "tox" from this directory.
[tox]
envlist = lint,py{36,37,38,39}
skipsdist = true
[testenv]
# TODO: Consider refactoring the tests to not require the aggregation script
# being invoked from the `tests` directory. This seems to be the convention and
# would make use of other testing tools such as coverage/coveralls easier.
changedir = tests
commands =
python --version
coverage run aggregate_tests.py
coverage report -m --fail-under 97
deps =
-r{toxinidir}/requirements-test.txt
# Install TUF in editable mode, instead of tox default virtual environment
# installation (see `skipsdist`), to get relative paths in coverage reports
--editable {toxinidir}
# FIXME: use legacy resolver because https://github.com/pypa/pip/issues/9215
install_command = pip install --use-deprecated=legacy-resolver --pre {opts} {packages}
# Develop test env to run tests against securesystemslib's master branch
# Must to be invoked explicitly with, e.g. `tox -e with-sslib-master`
[testenv:with-sslib-master]
deps =
git+http://github.com/secure-systems-lab/securesystemslib.git@master#egg=securesystemslib
-r{toxinidir}/requirements-test.txt
--editable {toxinidir}
commands =
coverage run aggregate_tests.py
coverage report -m
[testenv:lint]
commands =
# Use different pylint configs for legacy and new (tuf/api) code
# NOTE: Contrary to what the pylint docs suggest, ignoring full paths does
# work, unfortunately each subdirectory has to be ignored explicitly.
pylint {toxinidir}/tuf --ignore={toxinidir}/tuf/api,{toxinidir}/tuf/api/serialization
pylint {toxinidir}/tuf/api --rcfile={toxinidir}/tuf/api/pylintrc
bandit -r {toxinidir}/tuf