Rename repo.GetRole to repo.GetRoleWithNames and use the Keys data structure more.

Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-11 09:51:08 -08:00 · 2016-02-11 09:51:08 -08:00 · ac265186ee
parent c88461d485
commit ac265186ee
6 changed files with 23 additions and 23 deletions
--- a/server/handlers/validation.go
+++ b/server/handlers/validation.go
@ -194,7 +194,7 @@ func loadTargetsFromStore(gun, role string, repo *tuf.Repo, store storage.MetaSt
 }

 func generateSnapshot(gun string, repo *tuf.Repo, store storage.MetaStore) (*storage.MetaUpdate, error) {
-	role, err := repo.GetRole(data.CanonicalSnapshotRole)
+	role, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
 	if err != nil {
 		return nil, validation.ErrBadRoot{Msg: "root did not include snapshot role"}
 	}
@ -265,7 +265,7 @@ func validateSnapshot(role string, oldSnap *data.SignedSnapshot, snapUpdate stor
 	}
 	// version specifically gets validated when writing to store to
 	// better handle race conditions there.
-	snapshotRole, err := repo.GetRole(role)
+	snapshotRole, err := repo.GetRoleWithKeys(role)
 	if err != nil {
 		return err
 	}
@ -329,7 +329,7 @@ func validateTargets(role string, roles map[string]storage.MetaUpdate, repo *tuf
 	}
 	// version specifically gets validated when writing to store to
 	// better handle race conditions there.
-	targetsRole, err := repo.GetRole(role)
+	targetsRole, err := repo.GetRoleWithKeys(role)
 	if err != nil {
 		return nil, err
 	}
--- a/server/handlers/validation_test.go
+++ b/server/handlers/validation_test.go
@ -270,7 +270,7 @@ func TestValidateSnapshotGenerateWithPrev(t *testing.T) {
 	kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
 	assert.NoError(t, err)
 	store := storage.NewMemStorage()
-	snapRole, err := repo.GetRole(data.CanonicalSnapshotRole)
+	snapRole, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
 	assert.NoError(t, err)

 	for _, k := range snapRole.Keys {
@ -310,7 +310,7 @@ func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) {
 	kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
 	assert.NoError(t, err)
 	store := storage.NewMemStorage()
-	snapRole, err := repo.GetRole(data.CanonicalSnapshotRole)
+	snapRole, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
 	assert.NoError(t, err)

 	for _, k := range snapRole.Keys {
@ -340,7 +340,7 @@ func TestValidateSnapshotGenerateNoTargets(t *testing.T) {
 	kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
 	assert.NoError(t, err)
 	store := storage.NewMemStorage()
-	snapRole, err := repo.GetRole(data.CanonicalSnapshotRole)
+	snapRole, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
 	assert.NoError(t, err)

 	for _, k := range snapRole.Keys {
@ -364,7 +364,7 @@ func TestValidateSnapshotGenerate(t *testing.T) {
 	kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
 	assert.NoError(t, err)
 	store := storage.NewMemStorage()
-	snapRole, err := repo.GetRole(data.CanonicalSnapshotRole)
+	snapRole, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
 	assert.NoError(t, err)

 	for _, k := range snapRole.Keys {
--- a/tuf/client/client.go
+++ b/tuf/client/client.go
@ -200,11 +200,11 @@ func (c *Client) downloadRoot() error {

 func (c Client) verifyRoot(role string, s *data.Signed, minVersion int) error {
 	// this will confirm that the root has been signed by the old root role
-	// as c.keysDB contains the root keys we bootstrapped with.
+	// with the root keys we bootstrapped with.
 	// Still need to determine if there has been a root key update and
 	// confirm signature with new root key
 	logrus.Debug("verifying root with existing keys")
-	rootRole, err := c.local.GetRole(role)
+	rootRole, err := c.local.GetRoleWithKeys(role)
 	if err != nil {
 		logrus.Debug("no previous root role loaded")
 		return err
@ -231,7 +231,7 @@ func (c Client) verifyRoot(role string, s *data.Signed, minVersion int) error {
 	// TODO(endophage): be more intelligent and only re-verify if we detect
 	//                  there has been a change in root keys
 	logrus.Debug("verifying root with updated keys")
-	rootRole, err = c.local.GetRole(role)
+	rootRole, err = c.local.GetRoleWithKeys(role)
 	if err != nil {
 		logrus.Debug("root role with new keys not loaded")
 		return err
@ -302,7 +302,7 @@ func (c *Client) downloadTimestamp() error {

 // verifies that a timestamp is valid, and returned the SignedTimestamp object to add to the tuf repo
 func (c *Client) verifyTimestamp(s *data.Signed, minVersion int) (*data.SignedTimestamp, error) {
-	timestampRole, err := c.local.GetRole(data.CanonicalTimestampRole)
+	timestampRole, err := c.local.GetRoleWithKeys(data.CanonicalTimestampRole)
 	if err != nil {
 		logrus.Debug("no timestamp role loaded")
 		return nil, err
@ -365,7 +365,7 @@ func (c *Client) downloadSnapshot() error {
 		s = old
 	}

-	snapshotRole, err := c.local.GetRole(role)
+	snapshotRole, err := c.local.GetRoleWithKeys(role)
 	if err != nil {
 		logrus.Debug("no snapshot role loaded")
 		return err
@ -508,7 +508,7 @@ func (c Client) getTargetsFile(role string, keyIDs []string, snapshotMeta data.F
 		s = old
 	}

-	targetsRole, err := c.local.GetRole(role)
+	targetsRole, err := c.local.GetRoleWithKeys(role)
 	if err != nil {
 		logrus.Debugf("no %s role loaded", role)
 		return nil, err
--- a/tuf/data/roles.go
+++ b/tuf/data/roles.go
@ -249,5 +249,5 @@ func subtractStrSlices(orig, remove []string) []string {
 // RoleWithKeys is a role that has the signing keys for the role embedded
 type RoleWithKeys struct {
 	Role
-	Keys map[string]PublicKey
+	Keys Keys
 }
--- a/tuf/signed/verify_test.go
+++ b/tuf/signed/verify_test.go
@ -23,7 +23,7 @@ func TestRoleNoKeys(t *testing.T) {
 		nil,
 	)
 	assert.NoError(t, err)
-	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k}}
+	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k}}

 	meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}

@ -47,7 +47,7 @@ func TestNotEnoughSigs(t *testing.T) {
 		nil,
 	)
 	assert.NoError(t, err)
-	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k}}
+	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k}}

 	meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}

@ -73,7 +73,7 @@ func TestMoreThanEnoughSigs(t *testing.T) {
 		nil,
 	)
 	assert.NoError(t, err)
-	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k1.ID(): k1, k2.ID(): k2}}
+	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k1.ID(): k1, k2.ID(): k2}}

 	meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}

@ -98,7 +98,7 @@ func TestDuplicateSigs(t *testing.T) {
 		nil,
 	)
 	assert.NoError(t, err)
-	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k}}
+	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k}}

 	meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}

@ -125,7 +125,7 @@ func TestUnknownKeyBelowThreshold(t *testing.T) {
 		nil,
 	)
 	assert.NoError(t, err)
-	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k, unknown.ID(): unknown}}
+	roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k, unknown.ID(): unknown}}

 	meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}

@ -209,7 +209,7 @@ func Test(t *testing.T) {
 				nil,
 			)
 			assert.NoError(t, err)
-			run.roleData = &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k}}
+			run.roleData = &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k}}
 			meta := &data.SignedCommon{Type: run.typ, Version: run.ver, Expires: *run.exp}

 			b, err := json.MarshalCanonical(meta)
--- a/tuf/tuf.go
+++ b/tuf/tuf.go
@ -772,13 +772,13 @@ func (tr Repo) sign(signedData *data.Signed, role data.Role) (*data.Signed, erro
 	return signedData, nil
 }

-// GetRole returns a RoleWithKeys object, given a role name.
-func (tr Repo) GetRole(role string) (*data.RoleWithKeys, error) {
+// GetRoleWithKeys returns a RoleWithKeys object, given a role name.
+func (tr Repo) GetRoleWithKeys(role string) (*data.RoleWithKeys, error) {
 	roleData := tr.keysDB.GetRole(role)
 	if roleData == nil {
 		return nil, ErrNotLoaded{role: role}
 	}
-	keysInRole := make(map[string]data.PublicKey)
+	keysInRole := make(data.Keys)
 	for _, keyID := range roleData.KeyIDs {
 		k := tr.keysDB.GetKey(keyID)
 		if k != nil {