RepositorySimulator: modify publish args

* Remove bump_version: it is not used at least for now * Add safety check for version number (and argument that can switch the safety check off) Also fix a bug in one test that was found by the safety test. Signed-off-by: Jussi Kukkonen <[email protected]>
AdamKorcz · Sep 19, 2024 · 87c2256 · 87c2256
1 parent af0259f
commit 87c2256
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/tuf_conformance/repository_simulator.py b/tuf_conformance/repository_simulator.py
@@ -193,7 +193,7 @@ def _initialize(self) -> None:
 
         self.publish([Targets.type, Snapshot.type, Timestamp.type, Root.type])
 
-    def publish(self, roles: Iterable[str], bump_version: bool = True) -> None:
+    def publish(self, roles: Iterable[str], verify_version: bool = True) -> None:
         """Makes the repositorys metadata public and available to clients.
 
         Tests run this helper after updating the repositorys metadata
@@ -214,7 +214,7 @@ def publish(self, roles: Iterable[str], bump_version: bool = True) -> None:
                 raise ValueError(f"Unknown role {role}")
 
             # only bump if there is a version already (this avoids bumping initial v1)
-            if bump_version and role in self.signed_mds:
+            if role in self.signed_mds:
                 md.signed.version += 1
 
             md.signatures.clear()
@@ -230,6 +230,13 @@ def publish(self, roles: Iterable[str], bump_version: bool = True) -> None:
 
             if role not in self.signed_mds:
                 self.signed_mds[role] = []
+            expected_ver = len(self.signed_mds[role]) + 1
+            if verify_version and md.signed.version != expected_ver:
+                raise ValueError(
+                    f"RepositorySimulator Expected {role} v{expected_ver}, got "
+                    "v{md.signed.version}. Use verify_version=False if this is intended"
+                )
+
             self.signed_mds[role].append(md.to_bytes(JSONSerializer()))
 
             hashes = None

diff --git a/tuf_conformance/test_basic.py b/tuf_conformance/test_basic.py
@@ -135,7 +135,6 @@ def test_unsigned_metadata(
 
     # remove signing key for role, increase version
     repo.signers[role].popitem()
-    repo.mds[role].signed.version += 1
     if role == "root":
         repo.publish([Root.type])
     else: