From f03bec56426d2e2f1dbffdc4e1ebf5a29fc29ee5 Mon Sep 17 00:00:00 2001 From: Martin Vrachev Date: Mon, 4 Dec 2023 14:16:19 +0200 Subject: [PATCH] Save TRUSTED_ROOT repository setting (#426) The TRUSTED_ROOT repository setting will be used by RSTUF API when composing the GET /api/v1/metadata/sign response. Signed-off-by: Martin Vrachev Co-authored-by: Martin Vrachev --- repository_service_tuf_worker/repository.py | 3 +++ .../test_repository.py | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/repository_service_tuf_worker/repository.py b/repository_service_tuf_worker/repository.py index fcc893c8..b56a7d42 100644 --- a/repository_service_tuf_worker/repository.py +++ b/repository_service_tuf_worker/repository.py @@ -217,6 +217,9 @@ def _persist(self, role: Metadata, role_name: str) -> str: if filename[0].isdigit() is False: filename = f"{role.signed.version}.{filename}" + if role_name == Root.type: + self.write_repository_settings("TRUSTED_ROOT", role.to_dict()) + bytes_data = role.to_bytes(JSONSerializer()) self._storage_backend.put(bytes_data, filename) logging.debug(f"{filename} saved") diff --git a/tests/unit/tuf_repository_service_worker/test_repository.py b/tests/unit/tuf_repository_service_worker/test_repository.py index fda66e92..61afc0f1 100644 --- a/tests/unit/tuf_repository_service_worker/test_repository.py +++ b/tests/unit/tuf_repository_service_worker/test_repository.py @@ -9,7 +9,7 @@ import pytest from celery.exceptions import ChordError from celery.result import states -from tuf.api.metadata import Metadata, Snapshot, Targets, Timestamp +from tuf.api.metadata import Metadata, Root, Snapshot, Targets, Timestamp from repository_service_tuf_worker import Dynaconf, repository from repository_service_tuf_worker.models import targets_schema @@ -187,6 +187,7 @@ def _test_helper_persist( fake_role = pretend.stub( signed=pretend.stub(version=version), to_bytes=pretend.call_recorder(lambda *a, **kw: fake_bytes), + to_dict=pretend.call_recorder(lambda: None), ) repository.JSONSerializer = pretend.call_recorder(lambda: None) @@ -194,6 +195,9 @@ def _test_helper_persist( test_repo._storage_backend = pretend.stub( put=pretend.call_recorder(lambda *a: None) ) + test_repo.write_repository_settings = pretend.call_recorder( + lambda *a: None + ) test_result = test_repo._persist(fake_role, role) assert test_result == expected_file_name @@ -206,6 +210,14 @@ def _test_helper_persist( expected_file_name, ) ] + if role == Root.type: + assert test_repo.write_repository_settings.calls == [ + pretend.call("TRUSTED_ROOT", None) + ] + assert fake_role.to_dict.calls == [pretend.call()] + else: + assert test_repo.write_repository_settings.calls == [] + assert fake_role.to_dict.calls == [] def test__persist(self, test_repo): self._test_helper_persist(test_repo, "snapshot", 2, "2.snapshot.json") @@ -221,6 +233,9 @@ def test__persist_file_has_number_name(self, test_repo): def test__persist_timestamp(self, test_repo): self._test_helper_persist(test_repo, "timestamp", 2, "timestamp.json") + def test__persist_root(self, test_repo): + self._test_helper_persist(test_repo, "root", 2, "2.root.json") + def test_bump_expiry(self, monkeypatch, test_repo, mocked_datetime): fake_settings = pretend.stub( get_fresh=pretend.call_recorder(lambda *a: 1460)