Small fixes to signing related APIs

2017-04-17 18:03:32 -04:00 · 2017-04-17 18:03:32 -04:00 · 9601fd44f6
commit 9601fd44f6
parent 95e9cdaccc
5 changed files with 15 additions and 9 deletions
--- a/endpoints/api/init.py
+++ b/endpoints/api/init.py
@ -416,4 +416,5 @@ import endpoints.api.team
 import endpoints.api.trigger
 import endpoints.api.user
 import endpoints.api.secscan
+import endpoints.api.signing

--- a/endpoints/api/repository.py
+++ b/endpoints/api/repository.py
@ -378,7 +378,7 @@ class Repository(RepositoryParamResource):
      'is_organization': repo.namespace_user.organization,
      'is_starred': is_starred,
      'status_token': repo.badge_token if not is_public else '',
-      'trust_enabled': repo.trust_enabled,
+      'trust_enabled': features.SIGNING and repo.trust_enabled,
    }

    if stats is not None:
--- a/endpoints/api/signing.py
+++ b/endpoints/api/signing.py
@ -4,9 +4,10 @@ import logging
 import features

 from app import tuf_metadata_api
+from data import model
 from endpoints.api import (require_repo_read, path_param,
-                           RepositoryParamResource, resource, nickname, show_if, 
-                           disallow_for_app_repositories)
+                           RepositoryParamResource, resource, nickname, show_if,
+                           disallow_for_app_repositories, NotFound)

 logger = logging.getLogger(__name__)

@ -21,7 +22,11 @@ class RepositorySignatures(RepositoryParamResource):
  @nickname('getRepoSignatures')
  @disallow_for_app_repositories
  def get(self, namespace, repository):
-    """ Fetches the list of signed tags for the repository"""
+    """ Fetches the list of signed tags for the repository. """
+    repo = model.repository.get_repository(namespace, repository)
+    if repo is None or not repo.trust_enabled:
+      raise NotFound()
+
    tag_data, expiration = tuf_metadata_api.get_default_tags_with_expiration(namespace, repository)
    return {
      'tags': tag_data,
--- a/endpoints/api/test/test_security.py
+++ b/endpoints/api/test/test_security.py
@ -39,11 +39,11 @@ REPO_PARAMS = {'repository': 'devtable/someapp'}
  (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'freshuser', 403),
  (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'reader', 403),
  (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None,  'devtable', 404),
-  
+
  (RepositorySignatures, 'GET', REPO_PARAMS, {}, 'freshuser', 403),
  (RepositorySignatures, 'GET', REPO_PARAMS, {}, 'reader', 403),
-  (RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 200),
-  
+  (RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 404),
+
  (RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, None, 403),
  (RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'freshuser', 403),
  (RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'reader', 403),
--- a/endpoints/api/test/test_signing.py
+++ b/endpoints/api/test/test_signing.py
@ -30,7 +30,7 @@ def tags_equal(expected, actual):
  return expected == actual

@pytest.mark.parametrize('targets,expected', [
-  (VALID_TARGETS, {'tags': VALID_TARGETS, 'expiration': 'expires'}), 
+  (VALID_TARGETS, {'tags': VALID_TARGETS, 'expiration': 'expires'}),
  ({'bad': 'tags'}, {'tags': {'bad': 'tags'}, 'expiration': 'expires'}),
  ({}, {'tags': {}, 'expiration': 'expires'}),
  (None, {'tags': None, 'expiration': 'expires'}),   # API returns None on exceptions
@ -39,5 +39,5 @@ def test_get_signatures(targets, expected, client):
  with patch('endpoints.api.signing.tuf_metadata_api') as mock_tuf:
    mock_tuf.get_default_tags_with_expiration.return_value = (targets, 'expires')
    with client_with_identity('devtable', client) as cl:
-      params = {'repository': 'devtable/repo'}
+      params = {'repository': 'devtable/trusted'}
      assert tags_equal(expected, conduct_api_call(cl, RepositorySignatures, 'GET', params, None, 200).json)