Additional tests for containers with 0 or >1 items

Those tests are needed to cover use cases when syntatcticly as standalone objects the metadata classes and their helper classes defined in tuf/api/metadata.py are valid even if they cannot be verified. An example where an object is valid, but cannot be verified is if we have a Role instance with an empty list of "keyids". This instance is valid and can be created, but cannot be verified because there is a requirement that the threshold should be above 1, meaning that there should be at least 1 element inside the "keyids" list to complete successful threshold verification. The situation is the same for the rest of the tests I am adding to this commit: - Root object without keys - Root object without roles - DelegationRole object with empty "keyids" - DelegationRole object with an empty list of "paths" - DelegationRole object with an empty list of "path_hash_prefixes" all of these objects can be instantiated, but cannot complete successfully threshold verification. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
theupdateframework · Aug 20, 2021 · ae3a671 · ae3a671
1 parent 65a9ec2
commit ae3a671
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/tests/test_metadata_serialization.py b/tests/test_metadata_serialization.py
@@ -142,6 +142,7 @@ def test_invalid_role_serialization(self, test_case_data: Dict[str, str]):
  valid_roles: DataSet = {
  "all": '{"keyids": ["keyid"], "threshold": 3}',
  "many keyids": '{"keyids": ["a", "b", "c", "d", "e"], "threshold": 1}',
+ "empty keyids": '{"keyids": [], "threshold": 1}',
  "unrecognized field": '{"keyids": ["keyid"], "threshold": 3, "foo": "bar"}',
  }
 
@@ -167,6 +168,11 @@ def test_role_serialization(self, test_case_data: str):
  "keys": {"keyid" : {"keytype": "rsa", "scheme": "rsassa-pss-sha256", "keyval": {"public": "foo"} }}, \
  "roles": { "targets": {"keyids": ["keyid"], "threshold": 3} } \
  }',
+ "empty keys and roles": '{"_type": "root", "spec_version": "1.0.0", "version": 1, \
+ "expires": "2030-01-01T00:00:00Z", "consistent_snapshot": false, \
+ "keys": {}, \
+ "roles": {} \
+ }',
  "unrecognized field": '{"_type": "root", "spec_version": "1.0.0", "version": 1, \
  "expires": "2030-01-01T00:00:00Z", "consistent_snapshot": false, \
  "keys": {"keyid" : {"keytype": "rsa", "scheme": "rsassa-pss-sha256", "keyval": {"public": "foo"}}}, \
@@ -262,12 +268,17 @@ def test_snapshot_serialization(self, test_case_data: str):
 
 
  valid_delegated_roles: DataSet = {
+ # DelegatedRole inherits Role and some use cases can be found in the valid_roles.
  "no hash prefix attribute":
  '{"keyids": ["keyid"], "name": "a", "paths": ["fn1", "fn2"], \
  "terminating": false, "threshold": 1}',
  "no path attribute":
  '{"keyids": ["keyid"], "name": "a", "terminating": false, \
  "path_hash_prefixes": ["h1", "h2"], "threshold": 99}',
+ "empty paths": '{"keyids": ["keyid"], "name": "a", "paths": [], \
+ "terminating": false, "threshold": 1}',
+ "empty path_hash_prefixes": '{"keyids": ["keyid"], "name": "a", "terminating": false, \
+ "path_hash_prefixes": [], "threshold": 99}',
  "unrecognized field":
  '{"keyids": ["keyid"], "name": "a", "terminating": true, "paths": ["fn1"], "threshold": 3, "foo": "bar"}',
  "many keyids":
@@ -283,6 +294,7 @@ def test_delegated_role_serialization(self, test_case_data: str):
 
 
  invalid_delegated_roles: DataSet = {
+ # DelegatedRole inherits Role and some use cases can be found in the invalid_roles.
  "missing hash prefixes and paths":
  '{"name": "a", "keyids": ["keyid"], "threshold": 1, "terminating": false}',
  "both hash prefixes and paths":