asserts: introduce SequenceMemberAfter in the asserts backstores

asserts/asserts_test.go

@@ -69,6 +69,7 @@ func (as *assertsSuite) TestTypeNames(c *C) {
 		"test-only-no-authority",
 		"test-only-no-authority-pk",
 		"test-only-rev",
+		"test-only-seq",
 		"validation",
 		"validation-set",
 	})
@@ -84,6 +85,7 @@ func (as *assertsSuite) TestMaxSupportedFormats(c *C) {
 		"snap-declaration": snapDeclMaxFormat,
 		"system-user":      systemUserMaxFormat,
 		"test-only":        1,
+		"test-only-seq":    2,
 	})
 
 	// all

asserts/database.go

@@ -1,7 +1,7 @@
 // -*- Mode: Go; indent-tabs-mode: t -*-
 
 /*
- * Copyright (C) 2015-2016 Canonical Ltd
+ * Copyright (C) 2015-2020 Canonical Ltd
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 3 as
@@ -65,6 +65,14 @@ type Backstore interface {
 	// Search returns assertions matching the given headers.
 	// It invokes foundCb for each found assertion.
 	Search(assertType *AssertionType, headers map[string]string, foundCb func(Assertion), maxFormat int) error
+	// SequenceMemberAfter returns for a sequence-forming assertType the
+	// first assertion in the sequence under the given sequenceKey
+	// with sequence number larger than after. If after==-1 it
+	// returns the assertion with largest sequence number. If none
+	// exists it returns a NotFoundError, usually with omitted
+	// Headers. If assertType is not sequence-forming it can
+	// panic.
+	SequenceMemberAfter(assertType *AssertionType, sequenceKey []string, after, maxFormat int) (SequenceMember, error)
 }
 
 type nullBackstore struct{}
@@ -81,6 +89,10 @@ func (nbs nullBackstore) Search(t *AssertionType, h map[string]string, f func(As
 	return nil
 }
 
+func (nbs nullBackstore) SequenceMemberAfter(t *AssertionType, kp []string, after, maxFormat int) (SequenceMember, error) {
+	return nil, &NotFoundError{Type: t}
+}
+
 // A KeypairManager is a manager and backstore for private/public key pairs.
 type KeypairManager interface {
 	// Put stores the given private/public key pair,

asserts/export_test.go

@@ -171,6 +171,33 @@ func assembleTestOnlyRev(assert assertionBase) (Assertion, error) {
 
 var TestOnlyRevType = &AssertionType{"test-only-rev", []string{"h"}, assembleTestOnlyRev, 0}
 
+// TestOnlySeq is a test-only assertion that is sequence-forming.
+type TestOnlySeq struct {
+	assertionBase
+	seq int
+}
+
+func (seq *TestOnlyRev) N() string {
+	return seq.HeaderString("n")
+}
+
+func (seq *TestOnlySeq) Sequence() int {
+	return seq.seq
+}
+
+func assembleTestOnlySeq(assert assertionBase) (Assertion, error) {
+	seq, err := checkSequence(assert.headers, "sequence")
+	if err != nil {
+		return nil, err
+	}
+	return &TestOnlySeq{
+		assertionBase: assert,
+		seq:           seq,
+	}, nil
+}
+
+var TestOnlySeqType = &AssertionType{"test-only-seq", []string{"n", "sequence"}, assembleTestOnlySeq, sequenceForming}
+
 type TestOnlyNoAuthority struct {
 	assertionBase
 }
@@ -208,6 +235,8 @@ func init() {
 	}
 	typeRegistry[TestOnlyDeclType.Name] = TestOnlyDeclType
 	typeRegistry[TestOnlyRevType.Name] = TestOnlyRevType
+	typeRegistry[TestOnlySeqType.Name] = TestOnlySeqType
+	maxSupportedFormat[TestOnlySeqType.Name] = 2
 }
 
 // AccountKeyIsKeyValidAt exposes isKeyValidAt on AccountKey for tests

asserts/findwildcard.go

@@ -21,8 +21,11 @@ package asserts
 
 import (
 	"fmt"
+	"io"
 	"os"
 	"path/filepath"
+	"sort"
+	"strconv"
 	"strings"
 )
 
@@ -31,14 +34,21 @@ findWildcard invokes foundCb once for each parent directory of regular files mat
 
 <top>/<descendantWithWildcard[0]>/<descendantWithWildcard[1]>...
 
-where each descendantWithWildcard component can contain the * wildcard;
+where each descendantWithWildcard component can contain the * wildcard.
+
+One of the descendantWithWildcard components except the last
+can be "#>" or "#<", in which case that level is assumed to have names
+that can be parsed as positive integers, which will be enumerated in
+ascending (#>) or descending order respectively (#<); if seqnum != -1
+then only the values >seqnum or respectively <seqnum will be
+considered.
 
 foundCb is invoked with the paths of the found regular files relative to top (that means top/ is excluded).
 
 Unlike filepath.Glob any I/O operation error stops the walking and bottoms out, so does a foundCb invocation that returns an error.
 */
-func findWildcard(top string, descendantWithWildcard []string, foundCb func(relpath []string) error) error {
-	return findWildcardDescend(top, top, descendantWithWildcard, foundCb)
+func findWildcard(top string, descendantWithWildcard []string, seqnum int, foundCb func(relpath []string) error) error {
+	return findWildcardDescend(top, top, descendantWithWildcard, seqnum, foundCb)
 }
 
 func findWildcardBottom(top, current string, pat string, names []string, foundCb func(relpath []string) error) error {
@@ -74,13 +84,21 @@ func findWildcardBottom(top, current string, pat string, names []string, foundCb
 	return foundCb(hits)
 }
 
-func findWildcardDescend(top, current string, descendantWithWildcard []string, foundCb func(relpath []string) error) error {
+func findWildcardDescend(top, current string, descendantWithWildcard []string, seqnum int, foundCb func(relpath []string) error) error {
 	k := descendantWithWildcard[0]
+	if k == "#>" || k == "#<" {
+		if len(descendantWithWildcard) == 1 {
+			return fmt.Errorf("findWildcard: sequence wildcard (#>|<#) cannot be the last component")
+		}
+		return findWildcardSequence(top, current, k, descendantWithWildcard[1:], seqnum, foundCb)
+	}
 	if len(descendantWithWildcard) > 1 && strings.IndexByte(k, '*') == -1 {
-		return findWildcardDescend(top, filepath.Join(current, k), descendantWithWildcard[1:], foundCb)
+		return findWildcardDescend(top, filepath.Join(current, k), descendantWithWildcard[1:], seqnum, foundCb)
 	}
 
 	d, err := os.Open(current)
+	// ignore missing directory, higher level will produce
+	// NotFoundError as needed
 	if os.IsNotExist(err) {
 		return nil
 	}
@@ -101,11 +119,69 @@ func findWildcardDescend(top, current string, descendantWithWildcard []string, f
 			return fmt.Errorf("findWildcard: invoked with malformed wildcard: %v", err)
 		}
 		if ok {
-			err = findWildcardDescend(top, filepath.Join(current, name), descendantWithWildcard[1:], foundCb)
+			err = findWildcardDescend(top, filepath.Join(current, name), descendantWithWildcard[1:], seqnum, foundCb)
 			if err != nil {
 				return err
 			}
 		}
 	}
 	return nil
 }
+
+func findWildcardSequence(top, current, seqWildcard string, descendantWithWildcard []string, seqnum int, foundCb func(relpath []string) error) error {
+	filter := func(i int) bool { return true }
+	if seqnum != -1 {
+		if seqWildcard == "#>" {
+			filter = func(i int) bool { return i > seqnum }
+		} else { // "#<", guaranteed by the caller
+			filter = func(i int) bool { return i < seqnum }
+		}
+	}
+
+	d, err := os.Open(current)
+	// ignore missing directory, higher level will produce
+	// NotFoundError as needed
+	if os.IsNotExist(err) {
+		return nil
+	}
+	if err != nil {
+		return err
+	}
+	defer d.Close()
+	var seq []int
+	for {
+		names, err := d.Readdirnames(100)
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return err
+		}
+		for _, n := range names {
+			sqn, err := strconv.Atoi(n)
+			if err != nil || sqn < 0 {
+				return fmt.Errorf("cannot parse %q name as a sequence number", filepath.Join(current, n))
+			}
+			if filter(sqn) {
+				seq = append(seq, sqn)
+			}
+		}
+	}
+	sort.Ints(seq)
+
+	var start, direction int
+	if seqWildcard == "#>" {
+		start = 0
+		direction = 1
+	} else {
+		start = len(seq) - 1
+		direction = -1
+	}
+	for i := start; i >= 0 && i < len(seq); i += direction {
+		err = findWildcardDescend(top, filepath.Join(current, strconv.Itoa(seq[i])), descendantWithWildcard, -1, foundCb)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}