Add flag to enable trust per repo (#2541)

* Add flag to enable trust per repo * Add api for enabling/disabling trust * Add new LogEntryKind for changing repo trust settings Also add tests for repo trust api * Add `set_trust` method to repository * Expose new logkind to UI * Fix registry tests * Rebase migrations and regen test.db * Raise downstreamissue if trust metadata can't be removed * Refactor change_repo_trust * Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00 · 2017-04-15 08:26:33 -04:00 · 2661db7485
commit 2661db7485
parent aa1c8d47dd
13 changed files with 176 additions and 12 deletions
--- a/endpoints/v2/test/test_v2auth.py
+++ b/endpoints/v2/test/test_v2auth.py
@ -3,10 +3,14 @@ import pytest
 import flask
 from flask_principal import Identity, Principal

-from endpoints.v2.v2auth import get_tuf_root
+from endpoints.v2.v2auth import get_tuf_root 
 from auth import permissions
-from util.security.registry_jwt import QUAY_TUF_ROOT, SIGNER_TUF_ROOT
+from util.security.registry_jwt import QUAY_TUF_ROOT, SIGNER_TUF_ROOT, DISABLED_TUF_ROOT
  
+from test import testconfig
+from mock import Mock
+
+
 def admin_identity(namespace, reponame):
  identity = Identity('admin')
  identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'admin'))
@ -27,7 +31,7 @@ def read_identity(namespace, reponame):

 def app_with_principal():
  app = flask.Flask(__name__)
-  app.config.update(SECRET_KEY='secret', TESTING=True)
+  app.config.from_object(testconfig.TestConfig())
  principal = Principal(app) 
  return app, principal

@ -44,5 +48,17 @@ def test_get_tuf_root(identity, expected):
  app, principal = app_with_principal()
  with app.test_request_context('/'):
    principal.set_identity(identity)
-    actual = get_tuf_root("namespace", "repo")
+    actual = get_tuf_root(Mock(), "namespace", "repo")
    assert actual == expected, "should be %s, but was %s" % (expected, actual)
+    
+    
+@pytest.mark.parametrize('trust_enabled,tuf_root', [
+  (True, QUAY_TUF_ROOT),
+  (False, DISABLED_TUF_ROOT),
+])
+def test_trust_disabled(trust_enabled,tuf_root):
+  app, principal = app_with_principal()
+  with app.test_request_context('/'):
+    principal.set_identity(read_identity("namespace", "repo"))
+    actual = get_tuf_root(Mock(trust_enabled=trust_enabled), "namespace", "repo")
+    assert actual == tuf_root, "should be %s, but was %s" % (tuf_root, actual)