Move verify_delegate() to Root/Targets #2378
Conversation
Pull Request Test Coverage Report for Build 4892122297Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
ec09778 to
4c7a08d
Compare
A "Mixin" is likely what I'm trying to remember here? |
|
I think this is ready for review. I have a branch cleanup-after-verify-delegate-move with changes based on this PR... but they are not required so I'll do those separately. |
tuf/api/metadata.py
Outdated
| @@ -1926,7 +1962,7 @@ def get_delegated_role(self, delegated_role: str) -> Role: | |||
| def get_key(self, keyid: str) -> Key: | |||
| """Return the key object for the given keyid. | |||
|
|
|||
| Raises ValueError if keyid is not found. | |||
| Raises ValueError if key is not found. | |||
There was a problem hiding this comment.
this change just makes the two implementations have the same docstring.
There was a problem hiding this comment.
You could actually remove docstrings for get_key and get_delegated_role in Targets and Root, since they can be reused from their definitions in the parent class. Pylint would need to be told to not complain. So maybe not worth it, the docstrings are short enough.
There was a problem hiding this comment.
I was sure that wouldn't work with sphinx but I tried and you are right.
tuf/api/metadata.py
Outdated
| def verify_delegate( | ||
| self, | ||
| delegated_role: str, | ||
| delegated_metadata: "Metadata", | ||
| signed_serializer: Optional[SignedSerializer] = None, | ||
| ) -> None: |
There was a problem hiding this comment.
Maybe a meaningful note here is that this makes Targets and Root "aware" of Metadata now.
The alternative would be for the arguments to include payload bytes and signatures so something like
def verify_delegate(
self,
delegated_role: str,
payload: bytes,
signatures: Dict[str, Signature]
)
Unfortunately I'm not sure how one would make that usable in calling code
There was a problem hiding this comment.
This change makes sense. I pointed out some nits that you may ignore. The only thing that should be changed is test_api.TestMetadata.test_metadata_verify_delegate, which still uses Metadata.verify_delegate. Otherwise, the tests pass even without that method.
Also, I think the version number in the deprecation notice is wrong (see inline comment).
tuf/api/metadata.py
Outdated
| @@ -1926,7 +1962,7 @@ def get_delegated_role(self, delegated_role: str) -> Role: | |||
| def get_key(self, keyid: str) -> Key: | |||
| """Return the key object for the given keyid. | |||
|
|
|||
| Raises ValueError if keyid is not found. | |||
| Raises ValueError if key is not found. | |||
There was a problem hiding this comment.
You could actually remove docstrings for get_key and get_delegated_role in Targets and Root, since they can be reused from their definitions in the parent class. Pylint would need to be told to not complain. So maybe not worth it, the docstrings are short enough.
I left a small test in place to make sure I didn't break that one -- just enough testing to make sure it's connected to the actual implementation in Signed.
|
The code that is failing on CI is exactly the code that my isort is suggesting I use. Same exact isort version (╯°□°)╯︵ ┻━┻ |
ba14ec0 to
8b7c2df
Compare
|
I've dropped the commit that would make lint work on my machine... CI doesn't seems to mind 🤷 Let's maybe not merge this yet though: I still feel like we might be designing ourselves into a corner wrt DSSE. Marking draft while thinking about it... |
This makes logical sense and makes a lot of code using verify_delegate() a little easier since there is no need to keep a reference to the containing metadata anymore. The implementation is in practice in a new class but that's an implementation detail that allows sharing between Targets and Root. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Avoid Metadata.verify_delegate() now that it's deprecated. Note that this commit does not try to make any code cleanups that are now possible: this is the minimal change to use the new API. Future improvements can make code in TrustedMetadataSet and Updater slightly easier to read: as an example there's no need for TrustedMetadataSet to actually store or expose actual Metadata in its cache -- Signed is all that's needed. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Make it clearer that this is not part of the main inheritance path. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Remove duplicate docstrings: these are already documented in _DelegatorMixin and sphinx will find them there. Tweak a few other strings to remove duplication in the sentence. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com> Metadata API: Improve dosctrings Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
- Add shortcut to canonical json representation of self.signed - Use in tests and Metadata.sign - Do not use in _Delegator.verify_delegate (will be updated in subsequent commit). Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Change new _Delegator.verify_delegate to take payload bytes and signatures instead of a Metadata object and a payload serializer. This allows using verify_delegate for payloads that do not come in a Metadata container, but e.g. in a DSSE envelope (see theupdateframework#2385). Usage becomes a bit more cumbersome, but still feels reasonable with the recently added shortcut for default canonical bytes representation of Metadata.signed. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
I have a patch for this on top of your (rebased) branch. It also adds an alias for default canonical signed bytes to Metadata. This makes the calling code only slightly more complicated: 635a287...lukpueh:move-verify-delegate-v2 I think this is a reasonable path towards #2385. @jku, feel free to take over my branch for this PR, or let me know if you want me to force push. |
8b7c2df to
15dd931
Compare
|
@jku, you may want to approve this pr too, now that it's a collaboration. |
|
It looks like original author cannot click "approve"... but I think this looks correct and reasonable. |
Fixes #2361
Description of the changes being introduced by the pull request:
_Delegatorclass that implements verify_delegate()This will make both ngclient and external repository code slightly easier to read and write (but note that the ngclient cleanups are not included here as they touch quite a lot of lines even if they are simple).
There are several ways to add verify_delegate() to Root and Targets, I think this helper class is a decent compromise between modularity and simplicity:
Please verify and check that the pull request fulfills the following
requirements: