Ejemplo n.º 1
0
 def test_invalid_delegated_role_serialization(self, test_case_data: str):
     case_dict = json.loads(test_case_data)
     with self.assertRaises(ValueError):
         DelegatedRole.from_dict(copy.copy(case_dict))
Ejemplo n.º 2
0
    def test_targets_key_api(self) -> None:
        targets_path = os.path.join(self.repo_dir, "metadata", "targets.json")
        targets: Targets = Metadata[Targets].from_file(targets_path).signed

        # Add a new delegated role "role2" in targets
        delegated_role = DelegatedRole.from_dict({
            "keyids": [],
            "name": "role2",
            "paths": ["fn3", "fn4"],
            "terminating": False,
            "threshold": 1,
        })
        assert isinstance(targets.delegations, Delegations)
        assert isinstance(targets.delegations.roles, Dict)
        targets.delegations.roles["role2"] = delegated_role

        key_dict = {
            "keytype": "ed25519",
            "keyval": {
                "public":
                "edcd0a32a07dce33f7c7873aaffbff36d20ea30787574ead335eefd337e4dacd"
            },
            "scheme": "ed25519",
        }
        key = Key.from_dict("id2", key_dict)

        # Assert that add_key with old argument order will raise an error
        with self.assertRaises(ValueError):
            targets.add_key("role1", key)  # type: ignore

        # Assert that delegated role "role1" does not contain the new key
        self.assertNotIn(key.keyid, targets.delegations.roles["role1"].keyids)
        targets.add_key(key, "role1")

        # Assert that the new key is added to the delegated role "role1"
        self.assertIn(key.keyid, targets.delegations.roles["role1"].keyids)

        # Confirm that the newly added key does not break the obj serialization
        targets.to_dict()

        # Try adding the same key again and assert its ignored.
        past_keyid = targets.delegations.roles["role1"].keyids.copy()
        targets.add_key(key, "role1")
        self.assertEqual(past_keyid, targets.delegations.roles["role1"].keyids)

        # Try adding a key to a delegated role that doesn't exists
        with self.assertRaises(ValueError):
            targets.add_key(key, "nosuchrole")

        # Add the same key to "role2" as well
        targets.add_key(key, "role2")

        # Remove the key from "role1" role ("role2" still uses it)
        targets.revoke_key(key.keyid, "role1")

        # Assert that delegated role "role1" doesn't contain the key.
        self.assertNotIn(key.keyid, targets.delegations.roles["role1"].keyids)
        self.assertIn(key.keyid, targets.delegations.roles["role2"].keyids)

        # Remove the key from "role2" as well
        targets.revoke_key(key.keyid, "role2")
        self.assertNotIn(key.keyid, targets.delegations.roles["role2"].keyids)

        # Try remove key not used by "role1"
        with self.assertRaises(ValueError):
            targets.revoke_key(key.keyid, "role1")

        # Try removing a key from delegated role that doesn't exists
        with self.assertRaises(ValueError):
            targets.revoke_key(key.keyid, "nosuchrole")

        # Remove delegations as a whole
        targets.delegations = None
        # Test that calling add_key and revoke_key throws an error
        # and that delegations is still None after each of the api calls
        with self.assertRaises(ValueError):
            targets.add_key(key, "role1")
        self.assertTrue(targets.delegations is None)
        with self.assertRaises(ValueError):
            targets.revoke_key(key.keyid, "role1")
        self.assertTrue(targets.delegations is None)
Ejemplo n.º 3
0
 def test_delegated_role_serialization(self, test_case_data: str):
     case_dict = json.loads(test_case_data)
     deserialized_role = DelegatedRole.from_dict(copy.copy(case_dict))
     self.assertDictEqual(case_dict, deserialized_role.to_dict())