-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for succinct roles (TAP 15) #2010
Add support for succinct roles (TAP 15) #2010
Commits on Jun 9, 2022
-
Add SuccinctRoles class containing the information from the succint_roles dict described in TAP 15. This allows for easy mypy checks on the types, easy enforcement on TAP 15 restrictions (as for example that "bit_length" must be between 1 and 32) and support for unrecognized fields inside succinct_roles without much of a hassle. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for 9259ced - Browse repository at this point
Copy the full SHA 9259cedView commit details
Commits on Jun 14, 2022
-
SuccinctRoles: add zero padding to bins
Add zero padding to bin names inside SuccinctRoles. Zero padding ensures that the bin names always have the same length. This characteristic is implied in the example given by TAP 15 where the third bin is named "alice.hbd-03". For context read TAP 15: https://github.com/theupdateframework/taps/blob/master/tap15.md Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for d8808fb - Browse repository at this point
Copy the full SHA d8808fbView commit details
Commits on Jun 17, 2022
-
Add helper methods in SuccinctRoles
Add two helper methods in SuccinctRoles. Those methods proved useful in the testing code, but I believe they have a potential value for production code as well. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for 0a92cb9 - Browse repository at this point
Copy the full SHA 0a92cb9View commit details -
Clarifications and simplifications
Clarify explicitly that exactly one of "paths" and "path_hash_prefixes" must be set inside DelegatedRole. Also simplify the check for "paths" and "path_hash_prefixes". Finally, add a test case inside the "test_metadata_serialization.py" test file about wrong keyids type for "Role" serialization. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for f80b4ca - Browse repository at this point
Copy the full SHA f80b4caView commit details -
Delegations: add support for succinct_roles
This commit contains 2 API changes in "Delegations" class from tuf/api/metadata.py: 1. roles argment is made optional 2. unrecognized_fields argument becomes the 4-th rather than the 3-rd as it used to be In this commit, I add support for succinct_roles roles inside Delegations class. This change is related to TAP 15 proposal. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for 15cd42c - Browse repository at this point
Copy the full SHA 15cd42cView commit details -
Root and Targets key API changes
Here is the list of all breaking API changes: 1) The "role" and "key" arguments in "Root.add_key()" are in reverse order - "key" becomes first and "role" second. 2) "Root.remove_key()" has been renamed to "Root.revoke_key()". 3) The "role" and "keyid" arguments in "Root.revoke_key()" are in reverse order - "keyid" becomes first and "role" second. 4) The "role" and "key" arguments in "Targets.add_key()" are in reverse order - "key" becomes first and "role" second. 5) "Targets.remove_key()" has been renamed to "Targets.revoke_key()". 6) The "role" and "keyid" arguments in "Targets.revoke_key()" are in reverse order - "keyid" becomes first and "role" second. 7) In both methods "Targets.add_key()" and "Targets.revoke_key()" the "role" argument becomes an optional with a default value of None. Those changes are made in an effort to make those methods logical for both cases when standard roles and succinct_roles are used. The "Root" API change was done in order to preserve naming and argument order consistency with "Targets" API. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for 28b6917 - Browse repository at this point
Copy the full SHA 28b6917View commit details -
RepositorySimulator: support succinct_roles
Add support for Targets using delegation with succinct_roles. For that purpose, we needed a method that can add succinct_roles information with its all corresponding bins to the target metadata and self.md_delegates attribute in RepositorySimulator. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for 4abb826 - Browse repository at this point
Copy the full SHA 4abb826View commit details -
Test delegation tree with succinct_roles
Test traversing the delegation tree when there is a Targets using a delegation with succinct roles. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for 26abdfb - Browse repository at this point
Copy the full SHA 26abdfbView commit details -
SuccinctRoles: add readme information
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for c6488f0 - Browse repository at this point
Copy the full SHA c6488f0View commit details