Additional add_key and remove_key tests

Make sure key is not removed from targets.delegations.keys on targets.remove_key() if another delegated role is still using the key. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
theupdateframework · Sep 2, 2021 · c37a63d · c37a63d
1 parent c0e51ed
commit c37a63d
Showing 1 changed file with 23 additions and 1 deletion.
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -531,6 +531,16 @@ def test_metadata_targets(self):
  targets.signed.targets[filename].to_dict(), fileinfo.to_dict()
  )
 
+ # Add a new delegated role "role2" in targets
+ delegated_role = DelegatedRole.from_dict({
+ "keyids": [],
+ "name": "role2",
+ "paths": ["fn3", "fn4"],
+ "terminating": False,
+ "threshold": 1
+ })
+ targets.signed.delegations.roles["role2"] = delegated_role
+
  key_dict = {
  "keytype": "ed25519",
  "keyval": {
@@ -565,13 +575,25 @@ def test_metadata_targets(self):
  with self.assertRaises(KeyError):
  targets.signed.add_key("abc", key)
 
- # Remove a key from the delegated "role1" role
+ # Add the same key to "role2" as well
+ targets.signed.add_key("role2", key)
+
+ # Remove the key from "role1" role ("role2" still uses it)
  targets.signed.remove_key("role1", key.keyid)
 
  # Assert that delegated role "role1" doesn't contain the key.
  self.assertNotIn(
  key.keyid, targets.signed.delegations.roles["role1"].keyids
  )
+ self.assertIn(
+ key.keyid, targets.signed.delegations.roles["role2"].keyids
+ )
+
+ # Remove the key from "role2" as well
+ targets.signed.remove_key("role2", key.keyid)
+ self.assertNotIn(
+ key.keyid, targets.signed.delegations.roles["role2"].keyids
+ )
 
  # Try removing a key from delegated role that doesn't exists
  with self.assertRaises(KeyError):