Skip to content

Commit

Permalink
adding tests and updating functionality to allow roles with too few keys
Browse files Browse the repository at this point in the history
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
  • Loading branch information
David Lawrence committed Jul 21, 2016
1 parent fca6cf4 commit abc8943
Show file tree
Hide file tree
Showing 8 changed files with 294 additions and 95 deletions.
2 changes: 1 addition & 1 deletion client/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3022,7 +3022,7 @@ func TestRemoveDelegationChangefileApplicable(t *testing.T) {
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[2]))

targetRole = repo.tufRepo.Targets[data.CanonicalTargetsRole]
require.Empty(t, targetRole.Signed.Delegations.Roles)
require.Len(t, targetRole.Signed.Delegations.Roles, 1)
require.Empty(t, targetRole.Signed.Delegations.Keys)
}

Expand Down
5 changes: 0 additions & 5 deletions client/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"encoding/json"
"fmt"
"net/http"
"strings"
"time"

"github.com/Sirupsen/logrus"
Expand Down Expand Up @@ -116,10 +115,6 @@ func changeTargetsDelegation(repo *tuf.Repo, c changelist.Change) error {
removeTUFKeyIDs = append(removeTUFKeyIDs, canonicalToTUFID[canonID])
}

// If we specify the only keys left delete the role, else just delete specified keys
if strings.Join(delgRole.ListKeyIDs(), ";") == strings.Join(removeTUFKeyIDs, ";") && len(td.AddKeys) == 0 {
return repo.DeleteDelegation(c.Scope())
}
err = repo.UpdateDelegationKeys(c.Scope(), td.AddKeys, removeTUFKeyIDs, td.NewThreshold)
if err != nil {
return err
Expand Down
14 changes: 7 additions & 7 deletions cmd/notary/delegations.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ var cmdDelegationRemoveTemplate = usageTemplate{
Long: "Remove KeyID(s) from the specified Role delegation in a specific Global Unique Name.",
}

var cmdDelegationRemoveKeysTemplate = usageTemplate{
var cmdDelegationPurgeKeysTemplate = usageTemplate{
Use: "purge [ GUN ]",
Short: "Remove KeyID(s) from all delegations it is found in.",
Long: "Remove KeyID(s) from all delegations it is found in, for which the signing keys are available. Warnings will be printed for delegations that cannot be updated.",
Expand All @@ -58,9 +58,9 @@ func (d *delegationCommander) GetCommand() *cobra.Command {
cmd := cmdDelegationTemplate.ToCommand(nil)
cmd.AddCommand(cmdDelegationListTemplate.ToCommand(d.delegationsList))

cmdRemDelgKeys := cmdDelegationRemoveKeysTemplate.ToCommand(d.delegationRemoveKeys)
cmdRemDelgKeys.Flags().StringSliceVar(&d.keyIDs, "key", nil, "Delegation keys to be removed from the GUN")
cmd.AddCommand(cmdRemDelgKeys)
cmdPurgeDelgKeys := cmdDelegationPurgeKeysTemplate.ToCommand(d.delegationPurgeKeys)
cmdPurgeDelgKeys.Flags().StringSliceVar(&d.keyIDs, "key", nil, "Delegation keys to be removed from the GUN")
cmd.AddCommand(cmdPurgeDelgKeys)

cmdRemDelg := cmdDelegationRemoveTemplate.ToCommand(d.delegationRemove)
cmdRemDelg.Flags().StringSliceVar(&d.paths, "paths", nil, "List of paths to remove")
Expand All @@ -75,10 +75,10 @@ func (d *delegationCommander) GetCommand() *cobra.Command {
return cmd
}

func (d *delegationCommander) delegationRemoveKeys(cmd *cobra.Command, args []string) error {
if len(args) > 1 {
func (d *delegationCommander) delegationPurgeKeys(cmd *cobra.Command, args []string) error {
if len(args) != 1 {
cmd.Usage()
return fmt.Errorf("Please provide a Global Unique Name as an argument to remove")
return fmt.Errorf("Please provide a single Global Unique Name as an argument to remove")
}

if len(d.keyIDs) == 0 {
Expand Down
89 changes: 57 additions & 32 deletions cmd/notary/delegations_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,36 @@ import (
"github.com/stretchr/testify/require"
)

var testTrustDir = "trust_dir"

func setup() *delegationCommander {
func setup(trustDir string) *delegationCommander {
return &delegationCommander{
configGetter: func() (*viper.Viper, error) {
mainViper := viper.New()
mainViper.Set("trust_dir", testTrustDir)
mainViper.Set("trust_dir", trustDir)
return mainViper, nil
},
retriever: nil,
}
}

func TestAddInvalidDelegationName(t *testing.T) {
// Cleanup after test
defer os.RemoveAll(testTrustDir)
func TestPurgeDelegationKeys(t *testing.T) {
tmpDir, err := ioutil.TempDir("/tmp", "notary-cmd-test-")
require.NoError(t, err)
defer os.RemoveAll(tmpDir)

cmdr := setup(tmpDir)
cmd := cmdr.GetCommand()
err = cmdr.delegationPurgeKeys(cmd, []string{})
require.Error(t, err)

err = cmdr.delegationPurgeKeys(cmd, []string{"gun"})
require.Error(t, err)

cmdr.keyIDs = []string{"abc"}
err = cmdr.delegationPurgeKeys(cmd, []string{"gun"})
require.NoError(t, err)
}

func TestAddInvalidDelegationName(t *testing.T) {
// Setup certificate
tempFile, err := ioutil.TempFile("/tmp", "pemfile")
require.NoError(t, err)
Expand All @@ -41,17 +54,17 @@ func TestAddInvalidDelegationName(t *testing.T) {
defer os.Remove(tempFile.Name())

// Setup commander
commander := setup()
tmpDir, err := ioutil.TempDir("/tmp", "notary-cmd-test-")
require.NoError(t, err)
defer os.RemoveAll(tmpDir)
commander := setup(tmpDir)

// Should error due to invalid delegation name (should be prefixed by "targets/")
err = commander.delegationAdd(commander.GetCommand(), []string{"gun", "INVALID_NAME", tempFile.Name()})
require.Error(t, err)
}

func TestAddInvalidDelegationCert(t *testing.T) {
// Cleanup after test
defer os.RemoveAll(testTrustDir)

// Setup certificate
tempFile, err := ioutil.TempFile("/tmp", "pemfile")
require.NoError(t, err)
Expand All @@ -62,17 +75,17 @@ func TestAddInvalidDelegationCert(t *testing.T) {
defer os.Remove(tempFile.Name())

// Setup commander
commander := setup()
tmpDir, err := ioutil.TempDir("/tmp", "notary-cmd-test-")
require.NoError(t, err)
defer os.RemoveAll(tmpDir)
commander := setup(tmpDir)

// Should error due to expired cert
err = commander.delegationAdd(commander.GetCommand(), []string{"gun", "targets/delegation", tempFile.Name(), "--paths", "path"})
require.Error(t, err)
}

func TestAddInvalidShortPubkeyCert(t *testing.T) {
// Cleanup after test
defer os.RemoveAll(testTrustDir)

// Setup certificate
tempFile, err := ioutil.TempFile("/tmp", "pemfile")
require.NoError(t, err)
Expand All @@ -83,61 +96,73 @@ func TestAddInvalidShortPubkeyCert(t *testing.T) {
defer os.Remove(tempFile.Name())

// Setup commander
commander := setup()
tmpDir, err := ioutil.TempDir("/tmp", "notary-cmd-test-")
require.NoError(t, err)
defer os.RemoveAll(tmpDir)
commander := setup(tmpDir)

// Should error due to short RSA key
err = commander.delegationAdd(commander.GetCommand(), []string{"gun", "targets/delegation", tempFile.Name(), "--paths", "path"})
require.Error(t, err)
}

func TestRemoveInvalidDelegationName(t *testing.T) {
// Cleanup after test
defer os.RemoveAll(testTrustDir)

// Setup commander
commander := setup()
tmpDir, err := ioutil.TempDir("/tmp", "notary-cmd-test-")
require.NoError(t, err)
defer os.RemoveAll(tmpDir)
commander := setup(tmpDir)

// Should error due to invalid delegation name (should be prefixed by "targets/")
err := commander.delegationRemove(commander.GetCommand(), []string{"gun", "INVALID_NAME", "fake_key_id1", "fake_key_id2"})
err = commander.delegationRemove(commander.GetCommand(), []string{"gun", "INVALID_NAME", "fake_key_id1", "fake_key_id2"})
require.Error(t, err)
}

func TestRemoveAllInvalidDelegationName(t *testing.T) {
// Cleanup after test
defer os.RemoveAll(testTrustDir)

// Setup commander
commander := setup()
tmpDir, err := ioutil.TempDir("/tmp", "notary-cmd-test-")
require.NoError(t, err)
defer os.RemoveAll(tmpDir)
commander := setup(tmpDir)

// Should error due to invalid delegation name (should be prefixed by "targets/")
err := commander.delegationRemove(commander.GetCommand(), []string{"gun", "INVALID_NAME"})
err = commander.delegationRemove(commander.GetCommand(), []string{"gun", "INVALID_NAME"})
require.Error(t, err)
}

func TestAddInvalidNumArgs(t *testing.T) {
// Setup commander
commander := setup()
tmpDir, err := ioutil.TempDir("/tmp", "notary-cmd-test-")
require.NoError(t, err)
defer os.RemoveAll(tmpDir)
commander := setup(tmpDir)

// Should error due to invalid number of args (2 instead of 3)
err := commander.delegationAdd(commander.GetCommand(), []string{"not", "enough"})
err = commander.delegationAdd(commander.GetCommand(), []string{"not", "enough"})
require.Error(t, err)
}

func TestListInvalidNumArgs(t *testing.T) {
// Setup commander
commander := setup()
tmpDir, err := ioutil.TempDir("/tmp", "notary-cmd-test-")
require.NoError(t, err)
defer os.RemoveAll(tmpDir)
commander := setup(tmpDir)

// Should error due to invalid number of args (0 instead of 1)
err := commander.delegationsList(commander.GetCommand(), []string{})
err = commander.delegationsList(commander.GetCommand(), []string{})
require.Error(t, err)
}

func TestRemoveInvalidNumArgs(t *testing.T) {
// Setup commander
commander := setup()
tmpDir, err := ioutil.TempDir("/tmp", "notary-cmd-test-")
require.NoError(t, err)
defer os.RemoveAll(tmpDir)
commander := setup(tmpDir)

// Should error due to invalid number of args (1 instead of 2)
err := commander.delegationRemove(commander.GetCommand(), []string{"notenough"})
err = commander.delegationRemove(commander.GetCommand(), []string{"notenough"})
require.Error(t, err)
}

Expand Down
3 changes: 2 additions & 1 deletion cmd/notary/integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -555,7 +555,8 @@ func TestClientDelegationsInteraction(t *testing.T) {
// list delegations - we should see no delegations
output, err = runCommand(t, tempDir, "-s", server.URL, "delegation", "list", "gun")
require.NoError(t, err)
require.Contains(t, output, "No delegations present in this repository.")
require.NotContains(t, output, keyID)
require.NotContains(t, output, keyID2)

// add delegation with multiple certs and multiple paths
output, err = runCommand(t, tempDir, "delegation", "add", "gun", "targets/delegation", tempFile.Name(), tempFile2.Name(), "--paths", "path1,path2")
Expand Down
89 changes: 53 additions & 36 deletions tuf/data/roles_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,44 +105,61 @@ func TestErrInvalidRole(t *testing.T) {
}

func TestIsDelegation(t *testing.T) {
require.True(t, IsDelegation(path.Join(CanonicalTargetsRole, "level1")))
require.True(t, IsDelegation(
path.Join(CanonicalTargetsRole, "level1", "level2", "level3")))
require.True(t, IsDelegation(path.Join(CanonicalTargetsRole, "under_score")))
require.True(t, IsDelegation(path.Join(CanonicalTargetsRole, "hyphen-hyphen")))
require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, strings.Repeat("x", 255-len(CanonicalTargetsRole)))))

require.False(t, IsDelegation(""))
require.False(t, IsDelegation(CanonicalRootRole))
require.False(t, IsDelegation(path.Join(CanonicalRootRole, "level1")))

require.False(t, IsDelegation(CanonicalTargetsRole))
require.False(t, IsDelegation(CanonicalTargetsRole+"/"))
require.False(t, IsDelegation(path.Join(CanonicalTargetsRole, "level1")+"/"))
require.False(t, IsDelegation(path.Join(CanonicalTargetsRole, "UpperCase")))

require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, "directory")+"/../../traversal"))

require.False(t, IsDelegation(CanonicalTargetsRole+"///test/middle/slashes"))

require.False(t, IsDelegation(CanonicalTargetsRole+"/./././"))

require.False(t, IsDelegation(
path.Join(" ", CanonicalTargetsRole, "level1")))

require.False(t, IsDelegation(
path.Join(" "+CanonicalTargetsRole, "level1")))

require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, "level1"+" ")))
f := require.False
tr := require.True
for val, check := range map[string]func(require.TestingT, bool, ...interface{}){
// false checks
path.Join(CanonicalTargetsRole, strings.Repeat("x", 255-len(CanonicalTargetsRole))): f,
"": f,
CanonicalRootRole: f,
path.Join(CanonicalRootRole, "level1"): f,
CanonicalTargetsRole: f,
CanonicalTargetsRole + "/": f,
path.Join(CanonicalTargetsRole, "level1") + "/": f,
path.Join(CanonicalTargetsRole, "UpperCase"): f,
path.Join(CanonicalTargetsRole, "directory") + "/../../traversal": f,
CanonicalTargetsRole + "///test/middle/slashes": f,
CanonicalTargetsRole + "/./././": f,
path.Join(" ", CanonicalTargetsRole, "level1"): f,
path.Join(" "+CanonicalTargetsRole, "level1"): f,
path.Join(CanonicalTargetsRole, "level1"+" "): f,
path.Join(CanonicalTargetsRole, "white space"+"level2"): f,
path.Join(CanonicalTargetsRole, strings.Repeat("x", 256-len(CanonicalTargetsRole))): f,

// true checks
path.Join(CanonicalTargetsRole, "level1"): tr,
path.Join(CanonicalTargetsRole, "level1", "level2", "level3"): tr,
path.Join(CanonicalTargetsRole, "under_score"): tr,
path.Join(CanonicalTargetsRole, "hyphen-hyphen"): tr,
} {
check(t, IsDelegation(val))
}

require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, "white space"+"level2")))
}

require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, strings.Repeat("x", 256-len(CanonicalTargetsRole)))))
func TestIsWildDelegation(t *testing.T) {
f := require.False
tr := require.True
for val, check := range map[string]func(require.TestingT, bool, ...interface{}){
// false checks
CanonicalRootRole: f,
CanonicalTargetsRole: f,
CanonicalSnapshotRole: f,
CanonicalTimestampRole: f,
"foo": f,
"foo/*": f,
path.Join(CanonicalRootRole, "*"): f,
path.Join(CanonicalSnapshotRole, "*"): f,
path.Join(CanonicalTimestampRole, "*"): f,
path.Join(CanonicalTargetsRole, "*", "foo"): f,
path.Join(CanonicalTargetsRole, "*", "*"): f,

// true checks
path.Join(CanonicalTargetsRole, "*"): tr,
path.Join(CanonicalTargetsRole, "foo", "*"): tr,
} {
check(t, IsWildDelegation(val))
}
}

func TestValidRoleFunction(t *testing.T) {
Expand Down
Loading

0 comments on commit abc8943

Please sign in to comment.