Merge pull request #1922 from jku/constructor-defaults

Add default args to Signed constructors

Author: Lukas Pühringer

examples/repo_example/basic_repo.py

@@ -36,7 +36,6 @@
     Key,
     Metadata,
     MetaFile,
-    Role,
     Root,
     Snapshot,
     TargetFile,
@@ -96,12 +95,7 @@ def _in(days: float) -> datetime:
 # The targets role guarantees integrity for the files that TUF aims to protect,
 # i.e. target files. It does so by listing the relevant target files, along
 # with their hash and length.
-roles["targets"] = Metadata[Targets](
-    signed=Targets(
-        version=1, spec_version=SPEC_VERSION, expires=_in(7), targets={}
-    ),
-    signatures={},
-)
+roles["targets"] = Metadata(Targets(expires=_in(7)))
 
 # For the purpose of this example we use the top-level targets role to protect
 # the integrity of this very example script. The metadata entry contains the
@@ -124,15 +118,7 @@ def _in(days: float) -> datetime:
 # by listing all available targets metadata files at their latest version. This
 # becomes relevant, when there are multiple targets metadata files in a
 # repository and we want to protect the client against mix-and-match attacks.
-roles["snapshot"] = Metadata[Snapshot](
-    Snapshot(
-        version=1,
-        spec_version=SPEC_VERSION,
-        expires=_in(7),
-        meta={"targets.json": MetaFile(version=1)},
-    ),
-    {},
-)
+roles["snapshot"] = Metadata(Snapshot(expires=_in(7)))
 
 # Timestamp (freshness)
 # ---------------------
@@ -146,15 +132,7 @@ def _in(days: float) -> datetime:
 # format. But given that timestamp metadata always has only one entry in its
 # 'meta' field, i.e. for the latest snapshot file, the timestamp object
 # provides the shortcut 'snapshot_meta'.
-roles["timestamp"] = Metadata[Timestamp](
-    Timestamp(
-        version=1,
-        spec_version=SPEC_VERSION,
-        expires=_in(1),
-        snapshot_meta=MetaFile(version=1),
-    ),
-    {},
-)
+roles["timestamp"] = Metadata(Timestamp(expires=_in(1)))
 
 # Root (root of trust)
 # --------------------
@@ -168,32 +146,19 @@ def _in(days: float) -> datetime:
 # 'keys' field), and a configuration parameter that describes whether a
 # repository uses consistent snapshots (see section 'Persist metadata' below
 # for more details).
-#
+
+# Create root metadata object
+roles["root"] = Metadata(Root(expires=_in(365)))
+
 # For this example, we generate one 'ed25519' key pair for each top-level role
 # using python-tuf's in-house crypto library.
 # See https://github.com/secure-systems-lab/securesystemslib for more details
 # about key handling, and don't forget to password-encrypt your private keys!
 for name in ["targets", "snapshot", "timestamp", "root"]:
     keys[name] = generate_ed25519_key()
-
-# Create root metadata object
-roles["root"] = Metadata[Root](
-    signed=Root(
-        version=1,
-        spec_version=SPEC_VERSION,
-        expires=_in(365),
-        keys={
-            key["keyid"]: Key.from_securesystemslib_key(key)
-            for key in keys.values()
-        },
-        roles={
-            role: Role([key["keyid"]], threshold=1)
-            for role, key in keys.items()
-        },
-        consistent_snapshot=True,
-    ),
-    signatures={},
-)
+    roles["root"].signed.add_key(
+        name, Key.from_securesystemslib_key(keys[name])
+    )
 
 # NOTE: We only need the public part to populate root, so it is possible to use
 # out-of-band mechanisms to generate key pairs and only expose the public part

examples/repo_example/hashed_bin_delegation.py

@@ -147,22 +147,11 @@ def find_hash_bin(path: str) -> str:
 
 # Create preliminary delegating targets role (bins) and add public key for
 # delegated targets (bin_n) to key store. Delegation details are update below.
-roles["bins"] = Metadata[Targets](
-    signed=Targets(
-        version=1,
-        spec_version=SPEC_VERSION,
-        expires=_in(365),
-        targets={},
-        delegations=Delegations(
-            keys={
-                keys["bin-n"]["keyid"]: Key.from_securesystemslib_key(
-                    keys["bin-n"]
-                )
-            },
-            roles={},
-        ),
-    ),
-    signatures={},
+roles["bins"] = Metadata(Targets(expires=_in(365)))
+bin_n_key = Key.from_securesystemslib_key(keys["bin-n"])
+roles["bins"].signed.delegations = Delegations(
+    keys={bin_n_key.keyid: bin_n_key},
+    roles={},
 )
 
 # The hash bin generator yields an ordered list of incremental hash bin names
@@ -185,12 +174,7 @@ def find_hash_bin(path: str) -> str:
     )
 
     # Create delegated targets roles (bin_n)
-    roles[bin_n_name] = Metadata[Targets](
-        signed=Targets(
-            version=1, spec_version=SPEC_VERSION, expires=_in(7), targets={}
-        ),
-        signatures={},
-    )
+    roles[bin_n_name] = Metadata(Targets(expires=_in(7)))
 
 # Add target file
 # ---------------

tests/generated_data/generate_md.py

@@ -11,18 +11,7 @@
 from securesystemslib.signer import SSlibSigner
 
 from tests import utils
-from tuf.api.metadata import (
-    SPECIFICATION_VERSION,
-    TOP_LEVEL_ROLE_NAMES,
-    Key,
-    Metadata,
-    MetaFile,
-    Role,
-    Root,
-    Snapshot,
-    Targets,
-    Timestamp,
-)
+from tuf.api.metadata import Key, Metadata, Root, Snapshot, Targets, Timestamp
 from tuf.api.serialization.json import JSONSerializer
 
 # Hardcode keys and expiry time to achieve reproducibility.
@@ -61,13 +50,11 @@
 
 expires_str = "2050-01-01T00:00:00Z"
 EXPIRY = datetime.strptime(expires_str, "%Y-%m-%dT%H:%M:%SZ")
-SPEC_VERSION = ".".join(SPECIFICATION_VERSION)
 OUT_DIR = "generated_data/ed25519_metadata"
 if not os.path.exists(OUT_DIR):
     os.mkdir(OUT_DIR)
 
 SERIALIZER = JSONSerializer()
-ROLES = {role_name: Role([], 1) for role_name in TOP_LEVEL_ROLE_NAMES}
 
 
 def verify_generation(md: Metadata, path: str) -> None:
@@ -97,23 +84,15 @@ def generate_all_files(
         verify: Whether to verify the newly generated files with the
             local staored.
     """
-    root = Root(1, SPEC_VERSION, EXPIRY, {}, ROLES, True)
-    root.add_key("root", keys["ed25519_0"])
-    root.add_key("timestamp", keys["ed25519_1"])
-    root.add_key("snapshot", keys["ed25519_2"])
-    root.add_key("targets", keys["ed25519_3"])
-
-    md_root: Metadata[Root] = Metadata(root, {})
-
-    timestamp = Timestamp(1, SPEC_VERSION, EXPIRY, MetaFile(1))
-    md_timestamp: Metadata[Timestamp] = Metadata(timestamp, {})
-
-    meta: Dict[str, MetaFile] = {"targets.json": MetaFile(1)}
-    snapshot = Snapshot(1, SPEC_VERSION, EXPIRY, meta)
-    md_snapshot: Metadata[Snapshot] = Metadata(snapshot, {})
-
-    targets = Targets(1, SPEC_VERSION, EXPIRY, {})
-    md_targets: Metadata[Targets] = Metadata(targets, {})
+    md_root = Metadata(Root(expires=EXPIRY))
+    md_timestamp = Metadata(Timestamp(expires=EXPIRY))
+    md_snapshot = Metadata(Snapshot(expires=EXPIRY))
+    md_targets = Metadata(Targets(expires=EXPIRY))
+
+    md_root.signed.add_key("root", keys["ed25519_0"])
+    md_root.signed.add_key("timestamp", keys["ed25519_1"])
+    md_root.signed.add_key("snapshot", keys["ed25519_2"])
+    md_root.signed.add_key("targets", keys["ed25519_3"])
 
     for i, md in enumerate([md_root, md_timestamp, md_snapshot, md_targets]):
         assert isinstance(md, Metadata)

tests/repository_simulator.py

@@ -65,7 +65,6 @@
     Key,
     Metadata,
     MetaFile,
-    Role,
     Root,
     Snapshot,
     TargetFile,
@@ -176,26 +175,16 @@ def rotate_keys(self, role: str) -> None:
     def _initialize(self) -> None:
         """Setup a minimal valid repository."""
 
-        targets = Targets(1, SPEC_VER, self.safe_expiry, {}, None)
-        self.md_targets = Metadata(targets, {})
-
-        meta = {"targets.json": MetaFile(targets.version)}
-        snapshot = Snapshot(1, SPEC_VER, self.safe_expiry, meta)
-        self.md_snapshot = Metadata(snapshot, {})
-
-        snapshot_meta = MetaFile(snapshot.version)
-        timestamp = Timestamp(1, SPEC_VER, self.safe_expiry, snapshot_meta)
-        self.md_timestamp = Metadata(timestamp, {})
-
-        roles = {role_name: Role([], 1) for role_name in TOP_LEVEL_ROLE_NAMES}
-        root = Root(1, SPEC_VER, self.safe_expiry, {}, roles, True)
+        self.md_targets = Metadata(Targets(expires=self.safe_expiry))
+        self.md_snapshot = Metadata(Snapshot(expires=self.safe_expiry))
+        self.md_timestamp = Metadata(Timestamp(expires=self.safe_expiry))
+        self.md_root = Metadata(Root(expires=self.safe_expiry))
 
         for role in TOP_LEVEL_ROLE_NAMES:
             key, signer = self.create_key()
-            root.add_key(role, key)
+            self.md_root.signed.add_key(role, key)
             self.add_signer(role, signer)
 
-        self.md_root = Metadata(root, {})
         self.publish_root()
 
     def publish_root(self) -> None: