Remove `SetRoot`, `SetTargets`, `SetTimestamp`, and `SetSnapshot` on tuf.Repo.

Builder is the only one that sets them now. Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-19 22:43:18 -07:00 · 2016-04-19 22:43:18 -07:00 · aba6317da0
parent 5acab543e4
commit aba6317da0
4 changed files with 18 additions and 49 deletions
--- a/tuf/builder.go
+++ b/tuf/builder.go
@ -254,7 +254,7 @@ func (rb *repoBuilder) GenerateSnapshot(prev *data.SignedSnapshot) ([]byte, int,
 			return nil, 0, err
 		}
 	} else {
-		rb.repo.SetSnapshot(prev)
+		rb.repo.Snapshot = prev
 	}

 	sgnd, err := rb.repo.SignSnapshot(data.DefaultExpires(data.CanonicalSnapshotRole))
@ -310,7 +310,7 @@ func (rb *repoBuilder) GenerateTimestamp(prev *data.SignedTimestamp) ([]byte, in
 			return nil, 0, err
 		}
 	} else {
-		rb.repo.SetTimestamp(prev)
+		rb.repo.Timestamp = prev
 	}

 	sgnd, err := rb.repo.SignTimestamp(data.DefaultExpires(data.CanonicalTimestampRole))
@ -371,7 +371,13 @@ func (rb *repoBuilder) loadRoot(content []byte, minVersion int, allowExpired boo
 		}
 	}

-	rb.repo.SetRoot(signedRoot)
+	rootRole, err := signedRoot.BuildBaseRole(data.CanonicalRootRole)
+	if err != nil { // this should never happen since the root has been validated
+		return err
+	}
+
+	rb.repo.Root = signedRoot
+	rb.repo.originalRootRole = rootRole
 	return nil
 }

@ -403,7 +409,7 @@ func (rb *repoBuilder) loadTimestamp(content []byte, minVersion int, allowExpire
 		}
 	}

-	rb.repo.SetTimestamp(signedTimestamp)
+	rb.repo.Timestamp = signedTimestamp
 	return rb.validateCachedTimestampChecksums(signedTimestamp)
 }

@ -435,7 +441,7 @@ func (rb *repoBuilder) loadSnapshot(content []byte, minVersion int, allowExpired
 		}
 	}

-	rb.repo.SetSnapshot(signedSnapshot)
+	rb.repo.Snapshot = signedSnapshot
 	return rb.validateCachedSnapshotChecksums(signedSnapshot)
 }

@ -467,7 +473,7 @@ func (rb *repoBuilder) loadTargets(content []byte, minVersion int, allowExpired
 		}
 	}

-	rb.repo.SetTargets(roleName, signedTargets)
+	rb.repo.Targets[roleName] = signedTargets
 	return nil
 }

@ -497,7 +503,7 @@ func (rb *repoBuilder) loadDelegation(roleName string, content []byte, minVersio
 		}
 	}

-	rb.repo.SetTargets(roleName, signedTargets)
+	rb.repo.Targets[roleName] = signedTargets
 	return nil
 }

--- a/tuf/testutils/swizzler_test.go
+++ b/tuf/testutils/swizzler_test.go
@ -11,7 +11,6 @@ import (
 	"testing"
 	"time"

-	"github.com/docker/notary/tuf"
 	"github.com/docker/notary/tuf/data"
 	"github.com/docker/notary/tuf/signed"
 	"github.com/docker/notary/tuf/store"
@ -387,8 +386,6 @@ func TestSwizzlerChangeRootKey(t *testing.T) {
 	err := f.ChangeRootKey()
 	require.NoError(t, err)

-	tufRepo := tuf.NewRepo(f.CryptoService)
-
 	// we want to test these in a specific order
 	roles := []string{data.CanonicalRootRole, data.CanonicalTargetsRole, data.CanonicalSnapshotRole,
 		data.CanonicalTimestampRole, "targets/a", "targets/a/b"}
@ -408,25 +405,22 @@ func TestSwizzlerChangeRootKey(t *testing.T) {

 			require.NotEqual(t, len(origRoot.Signed.Keys), len(newRoot.Signed.Keys))

-			var rootRole data.Role
 			for r, origRole := range origRoot.Signed.Roles {
 				newRole := newRoot.Signed.Roles[r]
 				require.Len(t, origRole.KeyIDs, 1)
 				require.Len(t, newRole.KeyIDs, 1)
 				if r == data.CanonicalRootRole {
 					require.NotEqual(t, origRole.KeyIDs[0], newRole.KeyIDs[0])
-					rootRole = data.Role{RootRole: *newRole, Name: data.CanonicalRootRole}
 				} else {
 					require.Equal(t, origRole.KeyIDs[0], newRole.KeyIDs[0])
 				}
 			}

-			require.NoError(t, tufRepo.SetRoot(newRoot))
+			rootRole, err := newRoot.BuildBaseRole(data.CanonicalRootRole)
+			require.NoError(t, err)
 			signedThing, err := newRoot.ToSigned()
 			require.NoError(t, err)
-			newKey := newRoot.Signed.Keys[rootRole.KeyIDs[0]]
-			require.NoError(t, signed.Verify(signedThing,
-				data.BaseRole{Name: data.CanonicalRootRole, Keys: map[string]data.PublicKey{newKey.ID(): newKey}, Threshold: 1}, 1))
+			require.NoError(t, signed.Verify(signedThing, rootRole, 1))
 		default:
 			require.True(t, bytes.Equal(origMeta, newMeta), "bytes have changed for role %s", role)
 		}
--- a/tuf/tuf.go
+++ b/tuf/tuf.go
@ -549,37 +549,6 @@ func (tr *Repo) InitTimestamp() error {
 	return nil
 }

-// SetRoot sets the Repo.Root field to the SignedRoot object.
-func (tr *Repo) SetRoot(s *data.SignedRoot) error {
-	tr.Root = s
-	var err error
-	// originalRootRole is the root role prior to any mutations that might
-	// occur on tr.Root.
-	tr.originalRootRole, err = tr.Root.BuildBaseRole(data.CanonicalRootRole)
-	return err
-}
-
-// SetTimestamp parses the Signed object into a SignedTimestamp object
-// and sets the Repo.Timestamp field.
-func (tr *Repo) SetTimestamp(s *data.SignedTimestamp) error {
-	tr.Timestamp = s
-	return nil
-}
-
-// SetSnapshot parses the Signed object into a SignedSnapshots object
-// and sets the Repo.Snapshot field.
-func (tr *Repo) SetSnapshot(s *data.SignedSnapshot) error {
-	tr.Snapshot = s
-	return nil
-}
-
-// SetTargets sets the SignedTargets object agaist the role in the
-// Repo.Targets map.
-func (tr *Repo) SetTargets(role string, s *data.SignedTargets) error {
-	tr.Targets[role] = s
-	return nil
-}
-
 // TargetMeta returns the FileMeta entry for the given path in the
 // targets file associated with the given role. This may be nil if
 // the target isn't found in the targets file.
--- a/tuf/tuf_test.go
+++ b/tuf/tuf_test.go
@ -1248,8 +1248,8 @@ func TestSignRootOldKeyCertMissing(t *testing.T) {
 	// Now forget all about the old certificate: drop it from the Root carried keys
 	delete(repo.Root.Signed.Keys, oldRootCertKey.ID())
 	repo2 := NewRepo(cs)
-	err = repo2.SetRoot(repo.Root)
-	require.NoError(t, err)
+	repo2.Root = repo.Root
+	repo2.originalRootRole = updatedRootRole

 	// Create a second signature
 	signedRoot, err = repo2.SignRoot(data.DefaultExpires(data.CanonicalRootRole))