-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New API: Add Key and Role classes #1360
Conversation
There is an interesting reason for the CI failure: I used many local variables to make it clear what their purpose is. |
This is interesting. I think local variables generally make code more readable, so I'm in favor of disabling this warning. |
I don't think the function looks horrible but ... you could make |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Martin. I have one potential bug (the keyids type issue which I'm not yet sure how to handle), the rest are just nits/suggestions/questions
There are currently no Key/Role specific tests: We probably should have at least very basic ones if we now have objects? One thing that might be nice to check for is invalid data -- what does the failure look like if the metadata is not valid (say a missing required field). I don't think this needs to be exhaustively tested but would be nice to see at least an example: I assume with this code we mostly get KeyErrors? |
26982f7
to
4f17315
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one real issue: the keyids uniqueness checks and creation of the set still have a smell around them: I think the error isn't currently raised (when using from_dict()
).
# Add unrecognized fields to all metadata sub (helper) classes. | ||
if metadata == "root": | ||
for keyid in dict1["signed"]["keys"].keys(): | ||
dict1["signed"]["keys"][keyid]["d"] = "c" | ||
for role_str in dict1["signed"]["roles"].keys(): | ||
dict1["signed"]["roles"][role_str]["e"] = "g" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks like it will become hard to maintain when more tests are added but I'm fine with it for now: can you make an issue about doing this in a more structured way (like automate the dictionary poisoning so that ever dictionary is injected, not just ones we list here)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, you are right. We should automate this.
In a discussion, you showed a prototype automating this process.
Will appreciate it if you propose these changes and we can discuss them, but I don't think this is in the scope of this pr.
4f17315
to
7d6dc65
Compare
Updated the pr by:
|
In the top level metadata classes, there are complex attributes such as "meta" in Targets and Snapshot, "key" and "roles" in Root etc. We want to represent those complex attributes with a class to allow easier verification and support for metadata with unrecognized fields. For more context read ADR 0004 and ADR 0008 in the docs/adr folder. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
In the top level metadata classes, there are complex attributes such as "meta" in Targets and Snapshot, "key" and "roles" in Root etc. We want to represent those complex attributes with a class to allow easier verification and support for metadata with unrecognized fields. For more context read ADR 0004 and ADR 0008 in the docs/adr folder. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
7d6dc65
to
e604c8b
Compare
The from_dict() method simplifies the object creation. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
e604c8b
to
ded92fc
Compare
Rebased after #1363 was merged. |
From the specification: "Clients MUST ensure that for any KEYID represented in this key list and in other files, only one unique key has that KEYID." The “only one unique key has that KEYID” is a requirement which can’t be achieved if two keyids are the same. So, in order to mandate that requirement it makes sense to use a set which will guarantee us the keyid’s uniqueness. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
ded92fc
to
54a535e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this looks good. I did notice one unneeded "if" that I had missed earlier (adding duplicates to a set is safe).
tuf/api/metadata.py
Outdated
if keyid not in self.roles[role].keyids: | ||
self.roles[role].keyids.add(keyid) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
only realized this now but the check here is not needed with a set
Verify that adding an already existing key to keyid for a particular role in Root won't create duplicate key. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
68b76d3
to
1ce94b9
Compare
Addresses, but doesn't fix: #1139
Description of the changes being introduced by the pull request:
In the top level metadata classes, there are complex attributes such as
meta
in Targets and Snapshot,key
androles
in Root etc.We want to represent those complex attributes with a class to allow
easier verification and support for metadata with unrecognized fields.
For more context read ADR 0004 and ADR 0008 in the docs/adr folder.
The changes in this pr include:
Key
class integrated into RootRoles
class integrated intoKey
andRoles
Please verify and check that the pull request fulfills the following
requirements: