feat: migrate FT to use the new admin tool from CLI

.gitignore

@@ -1,11 +1,13 @@
 # RSTUF Specifics
 test-report.html
 test-report.json
-./metadata/
+metadata/
 payload.json
+update-payload.json
+ceremony-payload.json
+metadata-update-payload.json
 .rstuf.yml
 assets/
-metadata-update-payload.json
 
 # Byte-compiled / optimized / DLL files
 __pycache__/

docker-compose.yml

@@ -55,10 +55,8 @@ services:
     image: ghcr.io/repository-service-tuf/repository-service-tuf-worker:${WORKER_VERSION}
     environment:
       - RSTUF_STORAGE_BACKEND=LocalStorage
-      - RSTUF_KEYVAULT_BACKEND=LocalKeyVault
       - RSTUF_LOCAL_STORAGE_BACKEND_PATH=/var/opt/repository-service-tuf/storage
-      - RSTUF_LOCAL_KEYVAULT_PATH=/var/opt/repository-service-tuf/key_storage
-      - RSTUF_LOCAL_KEYVAULT_KEYS=online.key,strongPass
+      - RSTUF_ONLINE_KEY_DIR=/var/opt/repository-service-tuf/key_storage
       - RSTUF_BROKER_SERVER=redis://redis
       - RSTUF_REDIS_SERVER=redis://redis
       - RSTUF_SQL_SERVER=postgres:secret@postgres:5432

tests/files/key_storage/0d9d3d4bad91c455bc03921daa95774576b86625ac45570d0cac025b08e65043

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAwJNtmJy0bky0VZHhJoVwVR0oIto8ndLLicnaHPDUfFsv2dTP
+50uLiYuYhU/RLTh+PIMm9dU5gvfSQ0YIUFHOfdcDCBaMNYR9z9c9kvWkfgxP4H7c
+Mdy9ev3yh4pL+ua64AT1598QxmF0RSp9p8P4UDPJC4XsgVz3kKeCSQAgz02MJ+Kd
+HyTDP+rgOuWQfVL8bz53puMSSFojiaEJTmZQ7eBnI2n6UF6AAV6eo6Dc4cgPQLSj
+hDqcfoHCyk/AzpTQO5EV+ahofYmV/kQQtr7gz8MQXoKRwCbfIcWhPyfPNReOo7fq
+VK3uK3kkD1ouoNSr9DFRcnUbsX4QR/CQLcoPXwIDAQABAoIBAEWVwBdSIHxuqQb2
+hHXH59RJidQ2KYsZvURXtMGaYB1jUcITfOBl0tDrqTwaoEoHzM2O0ogn+PUTGV4H
+sz9aoBOmmsjUZOt9qXxtmSk+K6cESeSj0msOCUWk93r0hQnvT31dLYIQf14/nqTT
+er4hONu6Kp5IUTJZZndVn+VC75gYG7ccOc+7890oO9e7ohPfEBxgr+WFeaSPglaK
+rmqhnCxs5yoPvlitimUT33v2d1KPc2X8J5FJPuyMqE9EwNCMifPr677GQT6U6dlJ
+AmDzI6OK3AyspvQxKKfokSnC8n6otnMLbYzFKhctABUTfDodCaUx670udiyg7Zi6
+uvmC8akCgYEA6J9giPYeQ0BlvvplPcfij148tuKSLym8jTdRXxg5o3dNWeiy644Y
+XcwrMuQA7XodZSIbpujMMYoeY4NeK3gAOt1YCDEfe6ravvfrZwPaXutdkSL1CR3A
+4DP/QpRX7pWWtfUPhNhLm67oIxtWMkpm+bf0MY+t8tc0sGVuyMDnvZUCgYEA0+3H
+uEtXCp48kh+L0Qh402zHM36xedZQdNdgKXT4uaKgM5W6eulzsAs15rUQRfaSOQcX
+BMksBLDfCIkfvh9V7ppBDp54xjMIsOI7AL6E2dwGHGCBgX2LccyFExEeubMAwNve
+NvpDTw5X0zEvax2bPiw+f4jmBPCQzpNh5wg9lCMCgYEA4PWQE6N/7KWQP7pCwhZV
+gTQvHuXJXRbNovtGE+KHiw/KnBIvRSErazoQ5KweQYoAd1ceyrEDFz1s2eum2/62
+qjZ39aQbwCqgVGHJItxVB8oxuDPIJ8LATZG7XxW6W54KG3kcQuoxZCMnlxvOpd/R
+6dj9rBg4rkl0SMou8rGq6mkCgYEAgIcasvhuJ3BkB7K+Ft3ueTrlbKOPevaxAMuF
+9F6OYfbw9Zf+6oAeu0txOyPgZK3vbEqSeUKQQaALA6A18hYLBZPjlLwjPwDAapYp
+doAVDhNUWW1l3WSIZ1HD+xZM7g5TjKNLl0gb/hwSw3B2852XAxPOK4aZCbHkAIR9
+waHLxsUCgYA4lrGee035J5lxgw3LIi8adJOfPF6l6lFAcEq02rjZ2SMxBfe8ds9c
+UB+Q7S6qpN/rXEjbdD0zQdHQ03ys3w5XmUVBymET6W94twAvEoQ5BlSesgyQv5Vc
+C0G4j3udE35HMQPJn00vbH8nrzglxCF1W52AyAVMb3HnYQvOA3IBkw==
+-----END RSA PRIVATE KEY-----

tests/files/key_storage/0d9d3d4bad91c455bc03921daa95774576b86625ac45570d0cac025b08e65043.pub

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJNtmJy0bky0VZHhJoVw
+VR0oIto8ndLLicnaHPDUfFsv2dTP50uLiYuYhU/RLTh+PIMm9dU5gvfSQ0YIUFHO
+fdcDCBaMNYR9z9c9kvWkfgxP4H7cMdy9ev3yh4pL+ua64AT1598QxmF0RSp9p8P4
+UDPJC4XsgVz3kKeCSQAgz02MJ+KdHyTDP+rgOuWQfVL8bz53puMSSFojiaEJTmZQ
+7eBnI2n6UF6AAV6eo6Dc4cgPQLSjhDqcfoHCyk/AzpTQO5EV+ahofYmV/kQQtr7g
+z8MQXoKRwCbfIcWhPyfPNReOo7fqVK3uK3kkD1ouoNSr9DFRcnUbsX4QR/CQLcoP
+XwIDAQAB
+-----END PUBLIC KEY-----

tests/files/key_storage/JC.pub

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhX6rioiL/cX5Ys32InF
+U52H8tL14QeX0tacZdb+AwcH6nIh97h3RSHvGD7Xy6uaMRmGldAnSVYwJHqoJ5j2
+ynVzU/RFpr+6n8Ps0QFg5GmlEqZboFjLbS0bsRQcXXnqJNsVLEPT3ULvu1rFRbWz
+AMFjNtNNk5W/u0GEzXn3D03jIdhD8IKAdrTRf0VMD9TRCXLdMmEU2vkf1NVUnOTb
+/dRX5QA8TtBylVnouZknbavQ0J/pPlHLfxUgsKzodwDlJmbPG9BWwXqQCmP0DgOG
+NIZ1X281MOBaGbkNVEuntNjCSaQxQjfALVVU5NAfal2cwMINtqaoc7Wa+TWvpFEI
+WwIDAQAB
+-----END PUBLIC KEY-----

tests/files/key_storage/JC.rsa

@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE4TAbBgkqhkiG9w0BBQMwDgQI/DHsRq4QSygCAggABIIEwI3XLWQ170mJ3qYl
+miu7ULDvtIFfkp0Yjyvoo5PrwOQQYB5kD4Q4XkqPM3GOidmU0c0AiFtcLuxqD0/X
+ivxPy/rpE9IW0uEtzw/8bF/eqyTTs+JZryYDYoNEqrLN8SxA5oMI+SCiz8Q43/y4
+s6XOlaMKH9N+YcIZMSSVG0In/aQ7b5B2jehaB/eKTZmsvjk/7XMEHQ4vtjclswHd
+yFbNk/Qh4MAIDJ9SCghwWyQp382ledKzqYPJbngkUu70Inbx0T2trh4wHE9c2/0Q
+pymbSPLdPEPeDybt7VYenikQZBI9myyE7PfZN+Mj6HB01ziI1BTwegCtOL0XMYQD
+J8aOCf5+qIcbouqvroMKgTYhpivacgzPwiuX+zDZv6FxDwn2Y16nIsrCYssSMCK0
+COLynbXxTtijeHYF2GTymTKQD5caZ4eRV68JLpaPSees4UFGbgxUUmhrRtcO7vt4
+FS4axe7AFOIEnBYEAsrmKb0hfq45jaBp7FQQ2abG+xO2wG6pNvM0omaP7fAtUdfm
+agIxvRM4srboP7NK1TbmVufTTkOhGUw0gdW7Rom+VB6m/q3jcHdejQe4a4I9HyxP
+rtCiBksZ9+J0X+7PZcbuR5AYtNldDg799p9UTjBttvLmKKhyIVbbwXoGXsyp+Bzm
+W/1XWpMRT019jLb87adGR+HPPjAWF+kSe9TJA2XICekHvIxCfsZbi0TTq+5t31gH
+Jv71Dn52NCTa6JMLtmFHH3h5JrujN9vvhr2lvQChkK1bb8xzAG4yzjAiOr09gRC3
+hFK8in/6ePLnoEdfnTezzg5mK4NJnM65aY9IDCPdLzN+M0DgvZdM3NEzdOnvA8/w
+clnWT1N3r09aNPac5VrnlUC9eNS8pzgQwpshkae3vecT+HLe79uoI0KyYD5XSy5j
+HbQ6Fvl9AvMcWuZT7zx/V990Q/iYTRhuOTvyJhIe3iWikcO3zVzUl1UE6afmYmev
+Iz8WQpNoPdI82aVk+t1DqYQWtY1a/gAYGT1TfjCnQebWeqAYFhCPklv2pttmAVYj
+ThHiYLNR80v3KrrH+fFWynnVAmot23RuBIsM8rhTUIOd2Bxyq4YrE0SGTDKvFJ7H
+mn5RRrIbICTsqpx/dLNL1mgiazHdZAFSsnZApXGYiixsgc4QQfApsLlGg3LGZD4a
+STJW1+Ds9CQTzKZzMWnYDGCFhLjobH1LfnfzhvOpKA399uuv0L1P3ixgfUt30W+p
+d7AkYHE494EPx4ogoj40JBztGS2UvRb0l4tJlPv50v9x+kPXK+50dEmsW7NrCATt
+m1NbIGw2QzL9++SFbocf5P7RBdQBTPpXHQeClFduny6IXjQhWk+NKGIXdsVhMcLi
+gMjL83LYeY4VPpurFIU8nGVfa7bdTMlh/W5KHpQX4ecibIjxUza0ddbTWxdMTwUk
+XgpzvjIrz1XBy79J6H1AuSmh/+e+azmFv1fzkI+KCHGgtp8Q7uY/lDBeuc4zvARF
+YMnOqFyA93sMEL28GqjOJLDfERMLuscjIeibbUNDPjwkVErtnQDu9QqLppfnKtJv
+dOn20wNndpeo348k2RBO2yVzDTeuCRWkUnTmuhqYpCRopLVfqdv2q6+xM+paW7ZZ
+4/+i1Zc=
+-----END ENCRYPTED PRIVATE KEY-----

tests/files/key_storage/JH.ed25519

@@ -0,0 +1,6 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAi1r8RB+89SSQICCAAw
+DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC+4jGFz/I4eGd/sfUuFVXgEQD6d
+idJtTe06bGSHcI66yxwUHolWyiVnnup79tGvv1y6R40P3vvxdA5EThp33HCLEE29
+RAa02JqNkOK8DwzVZw8=
+-----END ENCRYPTED PRIVATE KEY-----

tests/files/key_storage/JH.pub

@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAT2bavrzzBiiWN4YAGYTAt1wXXNzzvEhVkzomKPDNCg8=
+-----END PUBLIC KEY-----

tests/files/key_storage/JJ.ecdsa

@@ -0,0 +1,6 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIGwMBsGCSqGSIb3DQEFAzAOBAi7xKwdryb3lAICCAAEgZBz9ttxivvOc6XJKG5j
+Ev55zbGqCRSoUn+deGgy/osENhbn4xTOYKRKXGMbfF16t7qvUtX9hHozrGeVIdYg
+4R7hFYxgMFlYTTVcN30fPwAV2ePtmFu4vo1/TSLhLxRhv1F3GPLoOSzZxT8FP9oh
+Rd9BeAgPPC5RPBJJVThTCXesCV4JWUpY2Wf0DjpFvo3OV4w=
+-----END ENCRYPTED PRIVATE KEY-----

tests/files/key_storage/JJ.pub

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcLYSZyFGeKdWNt5dWFbnv6N9NyHC
+oUNLcG6GZIxLwN8Q8MUdHdOOxGkDnyBRSJpIZ/r/oDECSTwfCYhdogweLA==
+-----END PUBLIC KEY-----

tests/files/key_storage/cb20fa1061dde8e6267e0bef0981766aaadae168e917030f7f26edc7a0bab9c2

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIC8cL7i0Q5rj0aSedfx/givYzqjbZLne6ewpA3icnWJoAoGCCqGSM49
+AwEHoUQDQgAEpsXQqNQPymbXz9efGsDRNyifLujgYRSp/TWmVDVBlLF2Ia+bSZD2
+GU5iPGlKsIX129yvUu1qQ49kdATqiuB6ow==
+-----END EC PRIVATE KEY-----

tests/files/key_storage/cb20fa1061dde8e6267e0bef0981766aaadae168e917030f7f26edc7a0bab9c2.pub

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpsXQqNQPymbXz9efGsDRNyifLujg
+YRSp/TWmVDVBlLF2Ia+bSZD2GU5iPGlKsIX129yvUu1qQ49kdATqiuB6ow==
+-----END PUBLIC KEY-----

tests/functional/bootstrap/test_bootstrap.py

@@ -19,7 +19,7 @@ def the_tufrepositoryservice_rstufcli_is_installed(rstuf_cli):
 @when("the admin run rstuf for ceremony bootstrap", target_fixture="bootstrap")
 def the_administrator_uses_rstufcli_bootstrap(rstuf_cli):
     rc, output = rstuf_cli(
-        "admin ceremony -b -u -f payload.json --api-server "
+        "admin-legacy ceremony -b -u -f payload.json --api-server "
         "http://repository-service-tuf-api"
     )
     return rc, output
@@ -52,7 +52,7 @@ def test_bootstrap_using_rstuf_cli_with_invalid_payload(): ...
 )
 def the_administrator_uses_rstufcli_bootstrap_invalid_payload(rstuf_cli):
     rc, output = rstuf_cli(
-        "admin ceremony -b -u -f tests/data/payload-invalid.json "
+        "admin-legacy ceremony -b -u -f tests/data/payload-invalid.json "
         "--api-server http://repository-service-tuf-api"
     )
 

tests/functional/metadata/test_update.py

@@ -89,7 +89,7 @@ def send_signed_update_metadata(send_rstuf_requests, http_request):
     time.sleep(2)
     LOGGER.info("[METADATA UPDATE] Submiting Root Metadata Update")
     try:
-        with open("metadata-update-payload.json") as f:
+        with open("update-payload.json") as f:
             paylaod_json = json.loads(f.read())
 
         result = http_request(

tests/functional/scripts/ft-base.sh

@@ -3,7 +3,7 @@
 CLI_VERSION=$1
 # Install required dependencies for Functional Tests
 apt update
-apt install -y make wget git
+apt install -y make wget git curl jq
 pip install -r ${UMBRELLA_PATH}/requirements.txt
 
 # Install CLI

tests/functional/scripts/rstuf-admin-ceremony.py

@@ -14,7 +14,7 @@ def _run(input):
     runner = CliRunner()
     output = runner.invoke(
         cli.admin.ceremony.ceremony,
-        ["--save"],
+        ["-s"],
         input="\n".join(input),
         obj=context,
         catch_exceptions=False,

tests/functional/scripts/rstuf-admin-metadata-sign.py

@@ -13,8 +13,8 @@ def _run(input):
     context = {"settings": Dynaconf(), "config": setting_file}
     runner = CliRunner()
     output = runner.invoke(
-        cli.admin.metadata.sign,
-        "",
+        cli.admin.sign.sign,
+        ["metadata/1.root.json", "-s"],
         input="\n".join(input),
         obj=context,
         catch_exceptions=False,

tests/functional/scripts/rstuf-admin-metadata-update.py

@@ -13,8 +13,8 @@ def _run(input):
     context = {"settings": Dynaconf(), "config": setting_file}
     runner = CliRunner()
     output = runner.invoke(
-        cli.admin.metadata.update,
-        "",
+        cli.admin.update.update,
+        ["metadata/1.root.json", "-s"],
         input="\n".join(input),
         obj=context,
         catch_exceptions=False,

tests/functional/scripts/run-ft-das.sh

@@ -9,85 +9,86 @@ SLOW=$3
 
 # Execute the Ceremony using DAS
 python ${UMBRELLA_PATH}/tests/functional/scripts/rstuf-admin-ceremony.py '{
-    "Do you want more information about roles and responsibilities?": "n",
-    "Do you want to start the ceremony?": "y",
-    "What is the metadata expiration for the root role?(Days)": "365",
-    "What is the number of keys for the root role?": "3",
-    "What is the key threshold for root role signing?": "2",
-    "What is the metadata expiration for the targets role?": "365",
-    "Show example?": "n",
-    "Choose the number of delegated hash bin roles": "4",
-    "What is the targets base URL": "http://rstuf.org/downloads",
-    "What is the metadata expiration for the snapshot role?(Days)": "1",
-    "What is the metadata expiration for the timestamp role?(Days)": "1",
-    "What is the metadata expiration for the bins role?(Days)": "1",
-    "(online) Select the ONLINE`s key type [ed25519/ecdsa/rsa] (ed25519)": "",
-    "(online) Enter ONLINE`s key id": "f7a6872f297634219a80141caa2ec9ae8802098b07b67963272603e36cc19fd8",
-    "(online) Enter ONLINE`s public key hash": "9fe7ddccb75b977a041424a1fdc142e01be4abab918dc4c611fbfe4a3360a9a8",
-    "Give a name/tag to the key [Optional]": "online v1",
-    "Ready to start loading the root keys?": "y",
-    "(root 1) Select the root`s key type [ed25519/ecdsa/rsa] (ed25519)": "ed25519",
-    "(root 1) Enter the root`s private key path": "tests/files/key_storage/JanisJoplin.key",
-    "(root 1) Enter the root`s private key password": "strongPass",
-    "(root 1) [Optional] Give a name/tag to the key": "JJ",
-    "(root 2) Select to use private key or public info? [private/public] (public)": "public",
-    "(root 2) Select the root`s key type [ed25519/ecdsa/rsa] (ed25519)": "",
-    "(root 2) Enter root`s key id": "800dfb5a1982b82b7893e58035e19f414f553fc08cbb1130cfbae302a7b7fee5",
-    "(root 2) Enter ONLINE`s public key hash": "7098f769f6ab8502b50f3b58686b8a042d5d3bb75d8b3a48a2fcbc15a0223501",
-    "(root 2) [Optional] Give a name/tag to the key": "JH",
-    "(root 3) Select to use private key or public info? [private/public] (public)": "public",
-    "(root 3) Select the root`s key type [ed25519/ecdsa/rsa] (ed25519)": "",
-    "(root 3) Enter root`s key id": "7641c1c12b98c18cfbadd87209fe190072e712cc0e14e13fe83febc2150f7520",
-    "(root 3) Enter ONLINE`s public key hash": "414af03cbaae93b5f44363f0bf757421e64bd892b891b0dff3ad6af5eb3a3038",
-    "(root 3) [Optional] Give a name/tag to the key": "JC",
-    "Is the online key configuration correct? [y/n]": "y",
-    "Is the root configuration correct? [y/n]": "y",
-    "Is the targets configuration correct? [y/n]": "y",
-    "Is the snapshot configuration correct? [y/n]": "y",
-    "Is the timestamp configuration correct? [y/n]": "y",
-    "Is the bins configuration correct? [y/n]": "y"
+    "Please enter days until expiry for timestamp role (1)": "",
+    "Please enter days until expiry for snapshot role (1)": "",
+    "Please enter days until expiry for targets role (1)": "",
+    "Please enter days until expiry for bins role (1)": "",
+    "Please enter number of delegated hash bins [2/4/8/16/32/64/128/256/512/1024/2048/4096/8192/16384] (256)": "2",
+    "Please enter days until expiry for root role (365)": "",
+    "Please enter root threshold": "2",
+    "(root 1) Please enter path to public key": "tests/files/key_storage/JJ.pub",
+    "(root 1) Please enter key name": "JanisJoplin",
+    "(root 2) Please press 0 to add key, or remove key by entering its index": "0",
+    "(root 2) Please enter path to public key:": "tests/files/key_storage/JH.pub",
+    "(root 2) Please enter key name": "JimiHendrix",
+    "(root 3) Please press 0 to add key, or remove key by entering its index. Press enter to continue": "0",
+    "(root 3) Please enter path to public key:": "tests/files/key_storage/JC.pub",
+    "(root 3) Please enter key name": "JoeCocker",
+    "(Finish root keys) Please press 0 to add key, or remove key by entering its index. Press enter to continue": "",
+    "(online key) Please enter path to public key": "tests/files/key_storage/0d9d3d4bad91c455bc03921daa95774576b86625ac45570d0cac025b08e65043.pub",
+    "(online key) Please enter key name": "online1",
+    "(Sign 1) Please enter signing key index": "1",
+    "(Sign 1) Please enter path to encrypted private key": "tests/files/key_storage/JJ.ecdsa",
+    "(Sign 1) Please enter password": "hunter2",
+    "(Sign 1) Please enter signing key index, or press enter to continue": "\n"
 }'
 
-# Bootstrap using DAS
-rstuf admin ceremony -b -u -f payload.json --api-server http://repository-service-tuf-api
+# Bootstrap using legacy with DAS
+rstuf admin-legacy ceremony -b -u -f ceremony-payload.json --api-server http://repository-service-tuf-api
 
 
+# Get initial trusted Root available for signing
+mkdir metadata
+curl http://repository-service-tuf-api/api/v1/metadata/sign | jq .data.metadata.root > metadata/1.root.json
+
+# Copy files when UMBRELLA_PATH is not the current dir (FT triggered from components)
+if [[ ${UMBRELLA_PATH} != "." ]]; then
+    cp -r metadata ${UMBRELLA_PATH}/
+fi
+
 # Finish the DAS signing the Root Metadata (bootstrap)
 python ${UMBRELLA_PATH}/tests/functional/scripts/rstuf-admin-metadata-sign.py '{
-    "API URL address:": "http://repository-service-tuf-api",
-    "Choose a metadata to sign [root]": "root",
-    "Do you still want to sign root? [y/n]": "y",
-    "Choose a private key to load [JH]": "JH",
-    "Select the root`s key type [ed25519/ecdsa/rsa] (ed25519)": "",
-    "Enter the root`s private key path": "tests/files/key_storage/JimiHendrix.key",
-    "Enter the root`s private key password": "strongPass"
+    "Please enter signing key index::": "1",
+    "Please enter path to encrypted private key": "tests/files/key_storage/JH.ed25519",
+    "Please enter password": "hunter2"
 }'
 
+# Send signature to RSTUF API
+curl -X POST -H "Content-Type: application/json" -d @sign-payload.json http://repository-service-tuf-api/api/v1/metadata/sign
+
 # Get initial trusted Root
+sleep 3 # wait for the metadata to be updated
+# Remove the DAS root metadata
 rm metadata/1.root.json
+# Get the updated root metadata (version 1)
 wget -P metadata/ http://web:8080/1.root.json
-
+# Copy files when UMBRELLA_PATH is not the current dir (FT triggered from components)
+if [[ ${UMBRELLA_PATH} != "." ]]; then
+    cp -r metadata ${UMBRELLA_PATH}/
+fi
 
 # Run metadata update to be used later (during FT)
 python ${UMBRELLA_PATH}/tests/functional/scripts/rstuf-admin-metadata-update.py '{
-    "File name or URL to the current root metadata": "metadata/1.root.json",
-    "(Authz threshold 1/2) Choose root key type [ed25519/ecdsa/rsa] (ed25519)": "",
-    "(Authz threshold 1/2) Enter the root`s private key path": "tests/files/key_storage/JanisJoplin.key",
-    "(Authz threshold 1/2) Enter the root`s private key password": "strongPass",
-    "(Authz threshold 2/2) Choose root key type [ed25519/ecdsa/rsa] (ed25519)": "",
-    "(Authz threshold 2/2) Enter the root`s private key path": "tests/files/key_storage/JimiHendrix.key",
-    "(Authz threshold 2/2) Enter the root`s private key password": "strongPass",
-    "Do you want to extend the root`s expiration?": "y",
-    "Days to extend root`s expiration starting from today (365)": "",
-    "New root expiration: YYYY-M-DD. Do you agree?": "y",
-    "Do you want to modify root keys? [y/n]": "n",
-    "Do you want to change the online key?": "n"
+  "Root expires on 04/16/25. Do you want to change the expiry date? [y/n]": "",
+  "Please enter days until expiry for root role (365)": "",
+  "Root signature threshold is 1. Do you want to change the threshold? [y/n] (n)": "",
+  "Please press 0 to add key, or remove key by entering its index. Press enter to continue": "",
+  "Do you want to change the online key? [y/n] (y)": "y",
+  "Please enter path to public key": "tests/files/key_storage/cb20fa1061dde8e6267e0bef0981766aaadae168e917030f7f26edc7a0bab9c2.pub",
+  "Please enter key name": "online2",
+  "Please enter signing key index": "1",
+  "(Sign 1) Please enter path to public key": "tests/files/key_storage/JJ.ecdsa",
+  "(Sign 1) Please enter password": "hunter2",
+  "(Sign 1) Please enter signing key index": "1",
+  "(Sign 2) Please enter path to public key": "tests/files/key_storage/JH.ed25519",
+  "(Sign 2) Please enter password": "hunter2",
+  "(Sign 2) Please enter signing key index, or press enter to continue": "\n"
 }'
 
 # Copy files when UMBRELLA_PATH is not the current dir (FT triggered from components)
 if [[ ${UMBRELLA_PATH} != "." ]]; then
-    cp -r metadata ${UMBRELLA_PATH}/
-    cp metadata-update-payload.json ${UMBRELLA_PATH}/
+    cp update-payload.json ${UMBRELLA_PATH}/
 fi
 
 make -C ${UMBRELLA_PATH}/ functional-tests-exitfirst PYTEST_GROUP=${PYTEST_GROUP} SLOW=${SLOW}
+