Small fixes to signing related APIs
This commit is contained in:
parent
95e9cdaccc
commit
9601fd44f6
5 changed files with 15 additions and 9 deletions
|
@ -416,4 +416,5 @@ import endpoints.api.team
|
||||||
import endpoints.api.trigger
|
import endpoints.api.trigger
|
||||||
import endpoints.api.user
|
import endpoints.api.user
|
||||||
import endpoints.api.secscan
|
import endpoints.api.secscan
|
||||||
|
import endpoints.api.signing
|
||||||
|
|
||||||
|
|
|
@ -378,7 +378,7 @@ class Repository(RepositoryParamResource):
|
||||||
'is_organization': repo.namespace_user.organization,
|
'is_organization': repo.namespace_user.organization,
|
||||||
'is_starred': is_starred,
|
'is_starred': is_starred,
|
||||||
'status_token': repo.badge_token if not is_public else '',
|
'status_token': repo.badge_token if not is_public else '',
|
||||||
'trust_enabled': repo.trust_enabled,
|
'trust_enabled': features.SIGNING and repo.trust_enabled,
|
||||||
}
|
}
|
||||||
|
|
||||||
if stats is not None:
|
if stats is not None:
|
||||||
|
|
|
@ -4,9 +4,10 @@ import logging
|
||||||
import features
|
import features
|
||||||
|
|
||||||
from app import tuf_metadata_api
|
from app import tuf_metadata_api
|
||||||
|
from data import model
|
||||||
from endpoints.api import (require_repo_read, path_param,
|
from endpoints.api import (require_repo_read, path_param,
|
||||||
RepositoryParamResource, resource, nickname, show_if,
|
RepositoryParamResource, resource, nickname, show_if,
|
||||||
disallow_for_app_repositories)
|
disallow_for_app_repositories, NotFound)
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -21,7 +22,11 @@ class RepositorySignatures(RepositoryParamResource):
|
||||||
@nickname('getRepoSignatures')
|
@nickname('getRepoSignatures')
|
||||||
@disallow_for_app_repositories
|
@disallow_for_app_repositories
|
||||||
def get(self, namespace, repository):
|
def get(self, namespace, repository):
|
||||||
""" Fetches the list of signed tags for the repository"""
|
""" Fetches the list of signed tags for the repository. """
|
||||||
|
repo = model.repository.get_repository(namespace, repository)
|
||||||
|
if repo is None or not repo.trust_enabled:
|
||||||
|
raise NotFound()
|
||||||
|
|
||||||
tag_data, expiration = tuf_metadata_api.get_default_tags_with_expiration(namespace, repository)
|
tag_data, expiration = tuf_metadata_api.get_default_tags_with_expiration(namespace, repository)
|
||||||
return {
|
return {
|
||||||
'tags': tag_data,
|
'tags': tag_data,
|
||||||
|
|
|
@ -39,11 +39,11 @@ REPO_PARAMS = {'repository': 'devtable/someapp'}
|
||||||
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'freshuser', 403),
|
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'freshuser', 403),
|
||||||
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'reader', 403),
|
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'reader', 403),
|
||||||
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'devtable', 404),
|
(SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'devtable', 404),
|
||||||
|
|
||||||
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'freshuser', 403),
|
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'freshuser', 403),
|
||||||
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'reader', 403),
|
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'reader', 403),
|
||||||
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 200),
|
(RepositorySignatures, 'GET', REPO_PARAMS, {}, 'devtable', 404),
|
||||||
|
|
||||||
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, None, 403),
|
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, None, 403),
|
||||||
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'freshuser', 403),
|
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'freshuser', 403),
|
||||||
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'reader', 403),
|
(RepositoryTrust, 'POST', REPO_PARAMS, {'trust_enabled': True}, 'reader', 403),
|
||||||
|
|
|
@ -30,7 +30,7 @@ def tags_equal(expected, actual):
|
||||||
return expected == actual
|
return expected == actual
|
||||||
|
|
||||||
@pytest.mark.parametrize('targets,expected', [
|
@pytest.mark.parametrize('targets,expected', [
|
||||||
(VALID_TARGETS, {'tags': VALID_TARGETS, 'expiration': 'expires'}),
|
(VALID_TARGETS, {'tags': VALID_TARGETS, 'expiration': 'expires'}),
|
||||||
({'bad': 'tags'}, {'tags': {'bad': 'tags'}, 'expiration': 'expires'}),
|
({'bad': 'tags'}, {'tags': {'bad': 'tags'}, 'expiration': 'expires'}),
|
||||||
({}, {'tags': {}, 'expiration': 'expires'}),
|
({}, {'tags': {}, 'expiration': 'expires'}),
|
||||||
(None, {'tags': None, 'expiration': 'expires'}), # API returns None on exceptions
|
(None, {'tags': None, 'expiration': 'expires'}), # API returns None on exceptions
|
||||||
|
@ -39,5 +39,5 @@ def test_get_signatures(targets, expected, client):
|
||||||
with patch('endpoints.api.signing.tuf_metadata_api') as mock_tuf:
|
with patch('endpoints.api.signing.tuf_metadata_api') as mock_tuf:
|
||||||
mock_tuf.get_default_tags_with_expiration.return_value = (targets, 'expires')
|
mock_tuf.get_default_tags_with_expiration.return_value = (targets, 'expires')
|
||||||
with client_with_identity('devtable', client) as cl:
|
with client_with_identity('devtable', client) as cl:
|
||||||
params = {'repository': 'devtable/repo'}
|
params = {'repository': 'devtable/trusted'}
|
||||||
assert tags_equal(expected, conduct_api_call(cl, RepositorySignatures, 'GET', params, None, 200).json)
|
assert tags_equal(expected, conduct_api_call(cl, RepositorySignatures, 'GET', params, None, 200).json)
|
||||||
|
|
Reference in a new issue