-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Metadata API: change meta type in Timestamp #1446
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There may still be a discussion on "is this the way we want to solve the issue", but the patch is small so why not finish anyway...
Left a couple of small comments, also note that there is a third reference to meta['snapshot.json']
in the tests you could change (it probably wasn't there when you made this patch)
Expanding on this a bit: The context is that validating something like meta is a bit tricky and is affected by the API we provide:
The last two options of course mean more code in the API itself -- and don't provide any real value. The real options are
Externally snapshot_meta will look the same in both cases so I guess this is good to go whatever we decide in the future? |
135fc69
to
06a1914
Compare
Thanks, @jku for all of your comments.
I agree with this, but I want to remove this one and change the other I agree that If we decide to remove What do you think of my proposal? |
Not following the spec is not an option on the table, we do want to implement it. The decisions on
are not related to each other and should not be mixed. I'm not a big fan of adding multiple seemingly supported APIs for one purpose (as I think you are doing with meta property and snapshot_meta property). Also, validating dictionaries like that feels a bit futile as there are so many other ways to modify them:
Validating standard containers is probably only possible at serialization time or by hiding the container from the caller behind a more restrictive API (like add_key/remove_key): this is what I meant when I said the other day that the more interesting validating discussions are related to the containers, not the individual attributes or classes. But in this specific case I think we don't need to go that far: documenting I think the only reasonable option would be to not keep meta dict in the API at all (in other words stop mimicking the file format) but there does not seem to be consensus on doing that. |
06a1914
to
c7e9e45
Compare
Okay, I documented |
c7e9e45
to
1b5481b
Compare
I think I have clarified that the user should use |
I have updated the pr description describing the pr modifications that were made in the pr. |
Can you also fix the mypy errors in the CI? |
1b5481b
to
8e1a5ec
Compare
Yes, I forgot to do it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Keeping both a property and an internal dictionary for snapshot seems like an overkill to me (in this particular case).
I share the opinion that we should drop the dictionary.
This issue is blocked until we come up with an agreement what to do with |
After #1547 got merged this pr will be unblocked. |
7bb05bd
to
dc2fc1f
Compare
This pr is no longer blocked.
That's why I will update the pr naming and description. |
dc2fc1f
to
bfda818
Compare
I reword the doc strings for the |
bfda818
to
ef03212
Compare
Pull Request Test Coverage Report for Build 1244983582Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know we agreed on snapshot
as the name of the Timestamp
class member but when using it as a single variable I've suggested snapshot_meta
, to avoid confusion.
The rest LGTM.
c332a84
to
784a445
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good I think. Timestamp.update() is now even weirder than before but you've said you'd rather remove it in a separate change: this sounds good to me.
The names in the attribute chains do end up looking a bit goofy when the name is just "snapshot" (and data type is not actually Snapshot).... @joshuagl do you have an opinion on the naming (looking at test code with e.g. self.timestamp.snapshot
and timestamp.signed.snapshot
). I think I can live with this but wouldn't object to calling this attribute snapshot_meta either 🤷
tests/test_api.py
Outdated
@@ -350,11 +350,11 @@ def test_metadata_timestamp(self): | |||
fileinfo = MetaFile(2, 520, hashes) | |||
|
|||
self.assertNotEqual( | |||
timestamp.signed.meta['snapshot.json'].to_dict(), fileinfo.to_dict() | |||
timestamp.signed.snapshot.to_dict(), fileinfo.to_dict() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is an example of code that looks a bit weird... we have a timestamp that is not a Timestamp
, and a snapshot that is not a Snapshot
-- the first one is just local variable naming of course, but naming that our API design easily leads to...
While I appreciate that it's a long variable name, I am fond of |
For sure |
784a445
to
af5090e
Compare
Done, renamed |
no conflicts expected so separate PR seems like it would not be much more work? |
It won't be. Will post a pr today. |
Fixed in #1584. |
Can you rebase please (branch protection does not allow merging with failing checks) |
In Timestamp, the only valid "meta" value is the dictionary representing meta information for the snapshot file. This makes the API unnecessarily complicated and requires validation that only information about snapshot is available inside "meta". Together with the python-tuf maintainers, we decided that snapshot meta information will not be represented by a "meta" dictionary but instead by a MetaFile instance and with this it will diverge from the specification. Additionally, to prevent confusion, I will rename the "meta" attribute to "snapshot_meta" as this attribute will be related only to meta information about snapshot. This decision is coherent with ADR9 and the rationale behind it is to provide easier, safer, and direct access to the snapshot meta information. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
af5090e
to
bf12e75
Compare
Fixes #1443
Description of the changes being introduced by the pull request:
In Timestamp, the only valid "meta" value is the dictionary representing
meta information for the snapshot file. This makes the API unnecessarily
complicated and requires validation that only information about snapshot
is available inside "meta".
Together with the python-tuf maintainers we decided that snapshot meta
information will not be represented by a "meta" dictionary but instead
by a MetaFile instance and with this it will diverge from the
specification.
This decision is coherent with ADR9 and the rationale
behind it is to provide easier, safer, and direct access to the
snapshot meta information.
Signed-off-by: Martin Vrachev mvrachev@vmware.com
History of modifications made on the pr:
snapshot_meta
as a property with a setter and getter.update
function forTimestamp
, will be handled in New API: Revise "update" methods in tuf/api/metadata.py #1230snapshot_meta as the "API for interacting with snapshot meta information"
and that
meta is an implementation detail that mimics the file format
.and we will change the
timestamp.meta
type toMetaFile
.Please verify and check that the pull request fulfills the following
requirements: