From 3743855add2c42fb1c2dc4dea91416866dfb35d9 Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Mon, 28 Aug 2023 16:43:01 +0200
Subject: [PATCH] Re-use part of _root_metadata_update

Factor out "finalize" part of _root_metadata_update to re-use in
sign_metadata.

Prior to this commit, sign_metadata would call _root_metadata_update
duplicating much of the verification behavior, although it only cared
for the finalization part. Now, it can call into the desired subroutine
only.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 repository_service_tuf_worker/repository.py | 28 +++++++++------------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/repository_service_tuf_worker/repository.py b/repository_service_tuf_worker/repository.py
index 9abecf1d..83b9b04c 100644
--- a/repository_service_tuf_worker/repository.py
+++ b/repository_service_tuf_worker/repository.py
@@ -1159,6 +1159,16 @@ def _root_metadata_update(
                 },
             )
 
+        self._root_metadata_update_finalize(current_root, new_root)
+        return self._task_result(
+            TaskName.METADATA_UPDATE,
+            True,
+            {"message": "Metadata Update Processed", "role": Root.type},
+        )
+
+    def _root_metadata_update_finalize(
+        self, current_root: Metadata[Root], new_root: Metadata[Root]
+    ) -> None:
         # We always persist the new root metadata, but we cannot persist
         # without verifying if the online key is rotated to avoid a mismatch
         # with the rest of the roles using the online key.
@@ -1198,12 +1208,6 @@ def _root_metadata_update(
                         f"({self._timeout} seconds)"
                     )
 
-        return self._task_result(
-            TaskName.METADATA_UPDATE,
-            True,
-            {"message": "Metadata Update Processed", "role": Root.type},
-        )
-
     def metadata_update(
         self,
         payload: Dict[Literal["metadata"], Dict[Literal[Root.type], Any]],
@@ -1422,16 +1426,8 @@ def _result(status, error=None, bootstrap=None, update=None):
                 msg = f"Root v{root.signed.version} is pending signatures"
                 return _result(True, update=msg)
 
-            # TODO: Refactor `_root_metadata_update` to de-duplicate validation
-            # and messaging. At this point, we know that root is valid and
-            # there can be only one message. (remove assert after refactor!)
-            result = self._root_metadata_update(root)
-            assert result == {  # nosec
-                "message": "Metadata Update Processed",
-                "role": "root",
-            }
-
-            # Update successful, root persisted -> finalize event...
+            # Threshold reached -> finalize event
+            self._root_metadata_update_finalize(trusted_root, root)
             self.write_repository_settings("ROOT_SIGNING", None)
             return _result(True, update="Metadata update finished")