Add root metadata class to new TUF metadata model #1193
Conversation
joshuagl
left a comment
joshuagl
left a comment
There was a problem hiding this comment.
Great catch on the use of dictionaries in the test!
I think your proposed interface for Root.update() here might be inconsistent with the API in the other metadata classes. More details on that inline, what do you think?
tuf/api/metadata.py
Outdated
| Attributes: | ||
| consistent_snapshot: A boolean indicating whether the repository | ||
| supports consistent snapshots, |
There was a problem hiding this comment.
| supports consistent snapshots, | |
| supports consistent snapshots. |
tuf/api/metadata.py
Outdated
| def update(self, keys: JsonDict, roles: JsonDict, | ||
| consistent_snapshot: bool) -> None: |
There was a problem hiding this comment.
I think we might have an API granularity mismatch here.
Snapshot.update() takes information for a single targets metadata file, to update/add to the listed files in the snapshot metadata file.
Targets.update() takes information for a single target file, to update/add the fileinfo for a single target file.
Whereas Root.update() is overwriting all of the keys and roles defined in the root metadata.
Perhaps keys and roles parameters should be optional and singular (key and role), taking a single keydict to add/update and a single roleinfo to add/update? That probably gets easier with classes for complex metadata fields (#1139).
I'd appreciate hearing from some library users (@trishankatdatadog, @woodruffw, @jku) and co-maintainers (@lukpueh) on this topic of API granularity.
There was a problem hiding this comment.
Now that you've said it, it seems you have a point. I think I like an api of the form:
Root.update('timestamp', key)
but what if you want to revoke a key and remove it, not only add/update one?
Should we then extend Root with Root.remove/delete(role, key) or implement this logic ... somewhere else?
How do you feel about consistent snapshot? Maybe we need a setter/getter pattern for toggling it independently? I am not sure ... a user of the class can access it anyway directly
There was a problem hiding this comment.
Good questions! I think the update methods on Targets/Snapshot/Timestamp are supposed to facilitate the chain of (currently manual) updates that are necessary when the target files in the repository are updated.
Root is not part of that chain, so it may not need to be consistent with the other update functions. Regardless, something like Root.update/delete(role_name, key) IMHO seems to add more value than mere (multi-)setter logic.
Generally, I think we should do in these methods whatever is convenient for updating an individual role either manually or from within methods like Repository.update_targets(...), Repository.create_snapshot(...), Repository.rotate_keys(...) etc., i.e. the methods that actually do TUF.
This discussion seems related to #1134.
There was a problem hiding this comment.
Generally, I think we should do in these methods whatever is convenient for updating an individual role either manually or from within methods like
Repository.update_targets(...),Repository.create_snapshot(...),Repository.rotate_keys(...)etc., i.e. the methods that actually do TUF.
I think that sounds like a sensible approach.
I like the Root.update() and Root.remove() interfaces you've proposed here @sechkova. Do they fulfil the needs which led you to create this PR?
I think the best path forward for this PR would be to implement as much of Root functionality as you need to proceed. We can modify/extend the metadata API as we work on making use of it from higher-level pieces of the refactor.
There was a problem hiding this comment.
I worked on this PR in the context of the client meaning that I only need read access to 'signed' dictionaries.
Anyway I think we all agree on implementing a set of Root.update() and Root.remove() interfaces which won't cost me much and will be valuable for moving the metadata API forward.
Add root metadata class to tuf.api.metadata module and implement (de)serialisation and modification methods. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Use deepcopy to ensure that the dictionaries with expected data are not referencing the same memory as the tested ones. Add a check asserting that metadata is not equal prior to its update. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Add test cases for Root(Signed) and Targets(Signed) classes. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
sechkova
force-pushed
the
metadata-root
branch
from
512c262 to
5bfd9dd
Compare
|
Added two root methods that should be enough for a key revocation:
I think this is what we can do for now, until we decide how to represent the internal metadata fields. For the same reason I haven't added any errors/warnings on missing/already existing keyids but I will if you don't like the idea of silently ignoring these cases. |
|
I see your point about consistency but what would We don't expect different keys with the same keyid, do we? |
You're right,
Not as I understand it. From TAP 12
|
joshuagl
left a comment
joshuagl
left a comment
There was a problem hiding this comment.
Thanks for working through the details with me
|
Trying a close/re-open to trigger CI. |
3 participants
Fixes #1137
Description of the changes being introduced by the pull request:
tuf.api.metadatamodule and implements serialization and update methods.Please verify and check that the pull request fulfills the following
requirements: