func loadAndValidateTargets(gun string, builder tuf.RepoBuilder, roles map[string]storage.MetaUpdate, store storage.MetaStore) ([]storage.MetaUpdate, error) {
targetsRoles := make(utils.RoleList, 0)
for role := range roles {
if role == data.CanonicalTargetsRole || data.IsDelegation(role) {
targetsRoles = append(targetsRoles, role)
}
}
// N.B. RoleList sorts paths with fewer segments first.
// By sorting, we'll always process shallower targets updates before deeper
// ones (i.e. we'll load and validate targets before targets/foo). This
// helps ensure we only load from storage when necessary in a cleaner way.
sort.Sort(targetsRoles)
updatesToApply := make([]storage.MetaUpdate, 0, len(targetsRoles))
for _, roleName := range targetsRoles {
// don't load parent if current role is "targets",
// we must load all ancestor roles, starting from `targets` and working down,
// for delegations to validate the full parent chain
var parentsToLoad []string
ancestorRole := roleName
for ancestorRole != data.CanonicalTargetsRole {
ancestorRole = path.Dir(ancestorRole)
if !builder.IsLoaded(ancestorRole) {
parentsToLoad = append(parentsToLoad, ancestorRole)
}
}
for i := len(parentsToLoad) - 1; i >= 0; i-- {
if err := loadFromStore(gun, parentsToLoad[i], builder, store); err != nil {
// if the parent doesn't exist, just keep going - loading the role will eventually fail
// due to it being an invalid role
if _, ok := err.(storage.ErrNotFound); !ok {
return nil, err
}
}
}
if err := builder.Load(roleName, roles[roleName].Data, 1, false); err != nil {
logrus.Error("ErrBadTargets: ", err.Error())
return nil, validation.ErrBadTargets{Msg: err.Error()}
}
updatesToApply = append(updatesToApply, roles[roleName])
}
return updatesToApply, nil
}
