Skip to content

Commit

Permalink
Add to unit test to ensure delegation roles are respected and unchanged
Browse files Browse the repository at this point in the history 
when listing and converting to canonical ID

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
  • Loading branch information
@riyazdf
riyazdf committed Jul 22, 2016
1 parent b828631 commit a732128
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions client/client_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2325,6 +2325,25 @@ func TestPublishTargetsDelegationSuccessNeedsToDownloadRoles(t *testing.T) {
// delegation parents all get signed
ownerRec.requireAsked(t, []string{data.CanonicalTargetsRole, "targets/a"})

// assert both delegation roles appear to the other repo in a call to GetDelegationRoles
delgRoleList, err := delgRepo.GetDelegationRoles()
require.NoError(t, err)
require.Len(t, delgRoleList, 2)
// The walk is a pre-order so we can enforce ordering. Also check that canonical key IDs are reported from this walk
require.Equal(t, delgRoleList[0].Name, "targets/a")
require.NotContains(t, delgRoleList[0].KeyIDs, ownerRepo.tufRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles[0].KeyIDs)
canonicalAKeyID, err := utils.CanonicalKeyID(aKey)
require.NoError(t, err)
require.Contains(t, delgRoleList[0].KeyIDs, canonicalAKeyID)
require.Equal(t, delgRoleList[1].Name, "targets/a/b")
require.NotContains(t, delgRoleList[1].KeyIDs, ownerRepo.tufRepo.Targets["targets/a"].Signed.Delegations.Roles[0].KeyIDs)
canonicalBKeyID, err := utils.CanonicalKeyID(bKey)
require.NoError(t, err)
require.Contains(t, delgRoleList[1].KeyIDs, canonicalBKeyID)
// assert that the key ID data didn't somehow change between the two repos, since we translated to canonical key IDs
require.Equal(t, ownerRepo.tufRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles[0].KeyIDs, delgRepo.tufRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles[0].KeyIDs)
require.Equal(t, ownerRepo.tufRepo.Targets["targets/a"].Signed.Delegations.Roles[0].KeyIDs, delgRepo.tufRepo.Targets["targets/a"].Signed.Delegations.Roles[0].KeyIDs)

// delegated repo now publishes to delegated roles, but it will need
// to download those roles first, since it doesn't know about them
requirePublishToRolesSucceeds(t, delgRepo, []string{"targets/a/b"},
Expand Down

0 comments on commit a732128

Please sign in to comment.