Small fixes to signing related APIs
This commit is contained in:
parent
95e9cdaccc
commit
9601fd44f6
5 changed files with 15 additions and 9 deletions
|
@ -416,4 +416,5 @@ import endpoints.api.team
|
|||
import endpoints.api.trigger
|
||||
import endpoints.api.user
|
||||
import endpoints.api.secscan
|
||||
import endpoints.api.signing
|
||||
|
||||
|
|
|
@ -378,7 +378,7 @@ class Repository(RepositoryParamResource):
|
|||
'is_organization': repo.namespace_user.organization,
|
||||
'is_starred': is_starred,
|
||||
'status_token': repo.badge_token if not is_public else '',
|
||||
'trust_enabled': repo.trust_enabled,
|
||||
'trust_enabled': features.SIGNING and repo.trust_enabled,
|
||||
}
|
||||
|
||||
if stats is not None:
|
||||
|
|
|
@ -4,9 +4,10 @@ import logging
|
|||
import features
|
||||
|
||||
from app import tuf_metadata_api
|
||||
from data import model
|
||||
from endpoints.api import (require_repo_read, path_param,
|
||||
RepositoryParamResource, resource, nickname, show_if,
|
||||
disallow_for_app_repositories)
|
||||
RepositoryParamResource, resource, nickname, show_if,
|
||||
disallow_for_app_repositories, NotFound)
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -21,7 +22,11 @@ class RepositorySignatures(RepositoryParamResource):
|
|||
@nickname('getRepoSignatures')
|
||||
@disallow_for_app_repositories
|
||||
def get(self, namespace, repository):
|
||||
""" Fetches the list of signed tags for the repository"""
|
||||
""" Fetches the list of signed tags for the repository. """
|
||||
repo = model.repository.get_repository(namespace, repository)
|
||||
if repo is None or not repo.trust_enabled:
|
||||
raise NotFound()
|
||||
|
||||
tag_data, expiration = tuf_metadata_api.get_default_tags_with_expiration(namespace, repository)
|
||||
return {
|
||||
'tags': tag_data,
|
||||
|
|
|
@ -39,11 +39,11 @@ REPO_PARAMS = {'repository': 'devtable/someapp'}
|
|||
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'freshuser', 403),
|
||||
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'reader', 403),
|
||||
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'devtable', 404),
|
||||
|
||||
|
||||
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'freshuser', 403),
|
||||
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'reader', 403),
|
||||
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 200),
|
||||
|
||||
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 404),
|
||||
|
||||
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, None, 403),
|
||||
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'freshuser', 403),
|
||||
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'reader', 403),
|
||||
|
|
|
@ -30,7 +30,7 @@ def tags_equal(expected, actual):
|
|||
return expected == actual
|
||||
|
||||
@pytest.mark.parametrize('targets,expected', [
|
||||
(VALID_TARGETS, {'tags': VALID_TARGETS, 'expiration': 'expires'}),
|
||||
(VALID_TARGETS, {'tags': VALID_TARGETS, 'expiration': 'expires'}),
|
||||
({'bad': 'tags'}, {'tags': {'bad': 'tags'}, 'expiration': 'expires'}),
|
||||
({}, {'tags': {}, 'expiration': 'expires'}),
|
||||
(None, {'tags': None, 'expiration': 'expires'}), # API returns None on exceptions
|
||||
|
@ -39,5 +39,5 @@ def test_get_signatures(targets, expected, client):
|
|||
with patch('endpoints.api.signing.tuf_metadata_api') as mock_tuf:
|
||||
mock_tuf.get_default_tags_with_expiration.return_value = (targets, 'expires')
|
||||
with client_with_identity('devtable', client) as cl:
|
||||
params = {'repository': 'devtable/repo'}
|
||||
params = {'repository': 'devtable/trusted'}
|
||||
assert tags_equal(expected, conduct_api_call(cl, RepositorySignatures, 'GET', params, None, 200).json)
|
||||
|
|
Reference in a new issue