Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metadata API: Move common metadata classes of TUF and In-toto in securesystemslib #1393

Closed
MVrachev opened this issue May 14, 2021 · 5 comments
Closed

Metadata API: Move common metadata classes of TUF and In-toto in securesystemslib #1393

MVrachev opened this issue May 14, 2021 · 5 comments

Comments

@MVrachev
Copy link
Collaborator

MVrachev commented May 14, 2021
edited
Loading

Description of issue or feature request:
In pr #1329 linting failed for file tuf/api/metadata.py because of the "C0302: Too many lines in module" warning which warns modules with more than 1000 lines.
This is a good reminder to move some of the common metadata classes TUF has with In-toto to securesystemslib.

Sync this issue with secure-systems-lab/securesystemslib#272

Current behavior:
All metadata classes are in tuf/api/metadata.py.

Expected behavior:
Move some of the common classes of TUF and In-toto in securesystemslib.
Probable candidates for this are Metadata, Signed and Key?
@MVrachev MVrachev changed the title Metadata API: Move some Metadata API: Move common metadata classes of TUF and In-toto in securesystemslib May 14, 2021
@MVrachev
Copy link
Collaborator Author

If we move part of the classes from TUF in securesystemslib we should make sure we test the migrated classes for:

  1. read-write-compare: check the unit test test_read_write_read_compare in tests/test_apy.py
  2. test_generic_read in tests/test_apy.py
  3. all class-specific tests
  4. unrecognized fields; see tests: API: Test unrecognized fields everywhere #1382
  5. the comprehensive testing that will be added for de/serialization; see Metadata API: comprehensive de/serialization testing #1391

@joshuagl
Copy link
Member

I think the first step should be to try and separate the common model in tuf, with a view to upstreaming. I think Metadata is mostly generic code that can be re-used between tuf and in-toto. But today the dispatch in from_dict hard-codes tuf classes – before we could move to securesystemslib we should figure out how to make that dispatch customisable. Perhaps even before we separate the module? Otherwise we will need some circular import dependencies...

@MVrachev
Copy link
Collaborator Author

Perhaps even before we separate the module? Otherwise we will need some circular import dependencies...

Sadly, I think this is the case. The way we have implemented serialization means we would easily end up with circular imports. That's something we should fix before moving on.

@MVrachev MVrachev mentioned this issue Jan 5, 2022
Closed
@MVrachev
Copy link
Collaborator Author

I think it's important to note that after 1.0.0 release if we decide to move common metadata classes outside tuf/api/metadata.py (where they are now) it will be good to have a version of the repository code ready.
The reason is that a user could have used the Metadata API as an immediate replacement for currently (as of 1.0.0 release) non-existent repository code.

@MVrachev
Copy link
Collaborator Author

Closing this one and the discussion can be continued in secure-systems-lab/securesystemslib#272

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshuagl @MVrachev