Return hashes and expiration when fetching signed tags

endpoints/api/signing.py

@@ -11,17 +11,6 @@ from endpoints.api import (require_repo_read, path_param,
 logger = logging.getLogger(__name__)
 
 
-def _default_signed_tags_for_repository(namespace, repository):
-  """ Fetches the tags in the targets/releases delegation, which is the one the docker client will trust. """
-  tag_data, _ = tuf_metadata_api.get_default_tags(namespace, repository)
-  if not tag_data:
-    return {'tags': None}
-
-  return {
-    'tags': tag_data.keys()
-  }
-
-
 @show_if(features.SIGNING)
 @resource('/v1/repository/<apirepopath:repository>/signatures')
 @path_param('repository', 'The full path of the repository. e.g. namespace/name')
@@ -32,6 +21,10 @@ class RepositorySignatures(RepositoryParamResource):
   @nickname('getRepoSignatures')
   @disallow_for_app_repositories
   def get(self, namespace, repository):
-    """ Fetches the list of signed tags for the repository""" 
-    return _default_signed_tags_for_repository(namespace, repository)
+    """ Fetches the list of signed tags for the repository"""
+    tag_data, expiration = tuf_metadata_api.get_default_tags_with_expiration(namespace, repository)
+    return {
+      'tags': tag_data,
+      'expiration': expiration
+    }
 

endpoints/api/test/test_security.py

@@ -1,4 +1,5 @@
 import pytest
+from flask_principal import AnonymousIdentity
 
 from endpoints.api import api
 from endpoints.api.team import OrganizationTeamSyncing
@@ -10,6 +11,7 @@ from test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_f
 
 TEAM_PARAMS = {'orgname': 'buynlarge', 'teamname': 'owners'}
 BUILD_PARAMS = {'build_uuid': 'test-1234'}
+REPO_PARAMS = {'repository': 'devtable/someapp'}
 
 @pytest.mark.parametrize('resource,method,params,body,identity,expected', [
   (OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, None, 403),
@@ -37,10 +39,9 @@ BUILD_PARAMS = {'build_uuid': 'test-1234'}
   (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'reader', 403),
   (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None,  'devtable', 404),
   
-  (RepositorySignatures, 'GET', 401, None, None),
-  (RepositorySignatures, 'GET', 403, 'freshuser', None),
-  (RepositorySignatures, 'GET', 403, 'reader', None),
-  (RepositorySignatures, 'GET', 404, 'devtable', None),
+  (RepositorySignatures, 'GET', REPO_PARAMS, {}, 'freshuser', 403),
+  (RepositorySignatures, 'GET', REPO_PARAMS, {}, 'reader', 403),
+  (RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 200),
 ])
 def test_api_security(resource, method, params, body, identity, expected, client):
   with client_with_identity(identity, client) as cl:

endpoints/api/test/test_signing.py

@@ -30,14 +30,14 @@ def tags_equal(expected, actual):
   return expected == actual
 
 @pytest.mark.parametrize('targets,expected', [
-  (VALID_TARGETS, {'tags':['latest', 'test_tag']}),
-  ({'bad': 'tags'}, ({'tags': ['bad']})),
-  ({}, ({'tags': None})),
-  (None, ({'tags': None})),   # API returns None on exceptions
+  (VALID_TARGETS, {'tags': VALID_TARGETS, 'expiration': 'expires'}), 
+  ({'bad': 'tags'}, {'tags': {'bad': 'tags'}, 'expiration': 'expires'}),
+  ({}, {'tags': {}, 'expiration': 'expires'}),
+  (None, {'tags': None, 'expiration': 'expires'}),   # API returns None on exceptions
 ])
 def test_get_signatures(targets, expected, client):
   with patch('endpoints.api.signing.tuf_metadata_api') as mock_tuf:
-    mock_tuf.get_default_tags.return_value = (targets, False)
+    mock_tuf.get_default_tags_with_expiration.return_value = (targets, 'expires')
     with client_with_identity('devtable', client) as cl:
       params = {'repository': 'devtable/repo'}
       assert tags_equal(expected, conduct_api_call(cl, RepositorySignatures, 'GET', params, None, 200).json)