func changeTargetsDelegation(repo *tuf.Repo, c changelist.Change) error { switch c.Action() { case changelist.ActionCreate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, err := repo.GetDelegation(c.Scope()) if _, ok := err.(data.ErrNoSuchRole); err != nil && !ok { // error that wasn't ErrNoSuchRole return err } if err == nil { // role existed, attempt to merge paths and keys if err := r.AddPaths(td.AddPaths); err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) } // create brand new role r, err = td.ToNewRole(c.Scope()) if err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionUpdate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, err := repo.GetDelegation(c.Scope()) if err != nil { return err } // If we specify the only keys left delete the role, else just delete specified keys if strings.Join(r.KeyIDs, ";") == strings.Join(td.RemoveKeys, ";") && len(td.AddKeys) == 0 { r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) } // if we aren't deleting and the role exists, merge if err := r.AddPaths(td.AddPaths); err != nil { return err } if err := r.AddPathHashPrefixes(td.AddPathHashPrefixes); err != nil { return err } r.RemoveKeys(td.RemoveKeys) r.RemovePaths(td.RemovePaths) r.RemovePathHashPrefixes(td.RemovePathHashPrefixes) return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionDelete: r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) default: return fmt.Errorf("unsupported action against delegations: %s", c.Action()) } }
func changeTargetsDelegation(repo *tuf.Repo, c changelist.Change) error { switch c.Action() { case changelist.ActionCreate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, err := repo.GetDelegation(c.Scope()) if _, ok := err.(data.ErrNoSuchRole); err != nil && !ok { // error that wasn't ErrNoSuchRole return err } if err == nil { // role existed return data.ErrInvalidRole{ Role: c.Scope(), Reason: "cannot create a role that already exists", } } // role doesn't exist, create brand new r, err = td.ToNewRole(c.Scope()) if err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionUpdate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, err := repo.GetDelegation(c.Scope()) if err != nil { return err } // role exists, merge if err := r.AddPaths(td.AddPaths); err != nil { return err } if err := r.AddPathHashPrefixes(td.AddPathHashPrefixes); err != nil { return err } r.RemoveKeys(td.RemoveKeys) r.RemovePaths(td.RemovePaths) r.RemovePathHashPrefixes(td.RemovePathHashPrefixes) return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionDelete: r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) default: return fmt.Errorf("unsupported action against delegations: %s", c.Action()) } }
func changeTargetsDelegation(repo *tuf.Repo, c changelist.Change) error { switch c.Action() { case changelist.ActionCreate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, _, err := repo.GetDelegation(c.Scope()) if _, ok := err.(data.ErrNoSuchRole); err != nil && !ok { // error that wasn't ErrNoSuchRole return err } if err == nil { // role existed, attempt to merge paths and keys if err := r.AddPaths(td.AddPaths); err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) } // create brand new role r, err = td.ToNewRole(c.Scope()) if err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionUpdate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, keys, err := repo.GetDelegation(c.Scope()) if err != nil { return err } // We need to translate the keys from canonical ID to TUF ID for compatibility canonicalToTUFID := make(map[string]string) for tufID, pubKey := range keys { canonicalID, err := utils.CanonicalKeyID(pubKey) if err != nil { return err } canonicalToTUFID[canonicalID] = tufID } removeTUFKeyIDs := []string{} for _, canonID := range td.RemoveKeys { removeTUFKeyIDs = append(removeTUFKeyIDs, canonicalToTUFID[canonID]) } // If we specify the only keys left delete the role, else just delete specified keys if strings.Join(r.KeyIDs, ";") == strings.Join(removeTUFKeyIDs, ";") && len(td.AddKeys) == 0 { r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) } // if we aren't deleting and the role exists, merge if err := r.AddPaths(td.AddPaths); err != nil { return err } // Clear all paths if we're given the flag, else remove specified paths if td.ClearAllPaths { r.RemovePaths(r.Paths) } else { r.RemovePaths(td.RemovePaths) } r.RemoveKeys(removeTUFKeyIDs) return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionDelete: r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) default: return fmt.Errorf("unsupported action against delegations: %s", c.Action()) } }