Support SNI in python requests, and only delete tuf metadata if it

exists
2017-05-01 15:51:54 -04:00 · 2017-05-01 15:51:54 -04:00 · b2569ffbb2
commit b2569ffbb2
parent 02c4d75634
6 changed files with 12 additions and 8 deletions
--- a/1
+++ b/1
@ -42,6 +42,7 @@ RUN apt-get install -y \
     nginx             \
     nodejs            \
     optipng           \
+     openssl           \
     python-dbg        \
     python-dev        \
     python-pip        \
--- a/endpoints/api/repository.py
+++ b/endpoints/api/repository.py
@ -499,8 +499,9 @@ class RepositoryTrust(RepositoryParamResource):
    if not repo:
      raise NotFound()
    
-    if not tuf_metadata_api.delete_metadata(namespace, repository):
-      raise DownstreamIssue({'message': 'Unable to delete downstream trust metadata'})
+    tags, _ = tuf_metadata_api.get_default_tags_with_expiration(namespace, repository)
+    if tags and not tuf_metadata_api.delete_metadata(namespace, repository):
+        raise DownstreamIssue({'message': 'Unable to delete downstream trust metadata'})
    
    values = request.get_json()
    model.repository.set_trust(repo, values['trust_enabled'])
--- a/endpoints/api/test/test_repository.py
+++ b/endpoints/api/test/test_repository.py
@ -36,9 +36,10 @@ NOT_FOUND_RESPONSE = {
  ('invalid_req', False, INVALID_RESPONSE , 400),
 ])
 def test_post_changetrust(trust_enabled, repo_found, expected_body, expected_status, client):
-  with patch('endpoints.api.repository.tuf_metadata_api'):
+  with patch('endpoints.api.repository.tuf_metadata_api') as mock_tuf:
    with patch('endpoints.api.repository.model') as mock_model:
      mock_model.repository.get_repository.return_value = MagicMock() if repo_found else None
+      mock_tuf.get_default_tags_with_expiration.return_value = ['tags', 'expiration']
      with client_with_identity('devtable', client) as cl:
        params = {'repository': 'devtable/repo'}
        request_body = {'trust_enabled': trust_enabled}
--- a/requirements.txt
+++ b/requirements.txt
@ -24,6 +24,7 @@ bitmath==1.3.1.2
 blinker==1.4
 boto==2.46.1
 cachetools==1.1.6
+certifi==2017.4.17
 cffi==1.10.0
 click==6.7
 contextlib2==0.5.4
@ -113,7 +114,7 @@ redis==2.10.5
 redlock==1.2.0
 reportlab==2.7
 requests-oauthlib==0.8.0
-requests==2.13.0
+requests[security]==2.13.0
 rfc3986==0.4.1
 semantic-version==2.6.0
 six==1.10.0
--- a/static/js/directives/ui/repository-signing-config/repository-signing-config.component.ts
+++ b/static/js/directives/ui/repository-signing-config/repository-signing-config.component.ts
@ -35,7 +35,7 @@ export class RepositorySigningConfigComponent {
      'trust_enabled': newState,
    };

-    var errorDisplay = this.ApiService.errorDisplay('Could not just change trust', callback);
+    var errorDisplay = this.ApiService.errorDisplay('Could not change trust', callback);
    this.ApiService.changeRepoTrust(data, params).then((resp) => {
      this.repository.trust_enabled = newState;
      callback(true);
--- a/util/tufmetadata/api.py
+++ b/util/tufmetadata/api.py
@ -199,7 +199,7 @@ class ImplementedTUFMetadataAPI(TUFMetadataAPIInterface):

    headers.update(DEFAULT_HTTP_HEADERS)
    resp = self._client.request(method, url, json=body, params=params, timeout=timeout,
-                                verify=MITM_CERT_PATH, headers=headers)
+                                verify=True, headers=headers)
    if resp.status_code // 100 != 2:
      raise Non200ResponseException(resp)
    return resp