Small fixes to signing related APIs

This commit is contained in:
Joseph Schorr 2017-04-17 18:03:32 -04:00
parent 95e9cdaccc
commit 9601fd44f6
5 changed files with 15 additions and 9 deletions

View file

@ -416,4 +416,5 @@ import endpoints.api.team
import endpoints.api.trigger
import endpoints.api.user
import endpoints.api.secscan
import endpoints.api.signing

View file

@ -378,7 +378,7 @@ class Repository(RepositoryParamResource):
'is_organization': repo.namespace_user.organization,
'is_starred': is_starred,
'status_token': repo.badge_token if not is_public else '',
'trust_enabled': repo.trust_enabled,
'trust_enabled': features.SIGNING and repo.trust_enabled,
}
if stats is not None:

View file

@ -4,9 +4,10 @@ import logging
import features
from app import tuf_metadata_api
from data import model
from endpoints.api import (require_repo_read, path_param,
RepositoryParamResource, resource, nickname, show_if,
disallow_for_app_repositories)
RepositoryParamResource, resource, nickname, show_if,
disallow_for_app_repositories, NotFound)
logger = logging.getLogger(__name__)
@ -21,7 +22,11 @@ class RepositorySignatures(RepositoryParamResource):
@nickname('getRepoSignatures')
@disallow_for_app_repositories
def get(self, namespace, repository):
""" Fetches the list of signed tags for the repository"""
""" Fetches the list of signed tags for the repository. """
repo = model.repository.get_repository(namespace, repository)
if repo is None or not repo.trust_enabled:
raise NotFound()
tag_data, expiration = tuf_metadata_api.get_default_tags_with_expiration(namespace, repository)
return {
'tags': tag_data,

View file

@ -39,11 +39,11 @@ REPO_PARAMS = {'repository': 'devtable/someapp'}
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'freshuser', 403),
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'reader', 403),
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'devtable', 404),
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'freshuser', 403),
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'reader', 403),
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 200),
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 404),
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, None, 403),
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'freshuser', 403),
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'reader', 403),

View file

@ -30,7 +30,7 @@ def tags_equal(expected, actual):
return expected == actual
@pytest.mark.parametrize('targets,expected', [
(VALID_TARGETS, {'tags': VALID_TARGETS, 'expiration': 'expires'}),
(VALID_TARGETS, {'tags': VALID_TARGETS, 'expiration': 'expires'}),
({'bad': 'tags'}, {'tags': {'bad': 'tags'}, 'expiration': 'expires'}),
({}, {'tags': {}, 'expiration': 'expires'}),
(None, {'tags': None, 'expiration': 'expires'}), # API returns None on exceptions
@ -39,5 +39,5 @@ def test_get_signatures(targets, expected, client):
with patch('endpoints.api.signing.tuf_metadata_api') as mock_tuf:
mock_tuf.get_default_tags_with_expiration.return_value = (targets, 'expires')
with client_with_identity('devtable', client) as cl:
params = {'repository': 'devtable/repo'}
params = {'repository': 'devtable/trusted'}
assert tags_equal(expected, conduct_api_call(cl, RepositorySignatures, 'GET', params, None, 200).json)