Implement filesystem abstraction #232
Conversation
joshuagl
force-pushed
the
joshuagl/abstract-filesystem
branch
3 times, most recently
from
011c2cb to
7f4b1ab
Compare
joshuagl
force-pushed
the
joshuagl/abstract-filesystem
branch
2 times, most recently
from
c44e525 to
59e3ada
Compare
joshuagl
changed the title
There was a problem hiding this comment.
This looks good to me, but it would be nice to get a review from a non-TUF ssl user as well.
Regarding #222, would it be possible to require this as part of the abstract class? There could be a put_secure method that uses the permissions you would want for a key file.
|
Thanks for the review @mnm678
Agreed. @SantiagoTorres, would you be able to take a look?
That's an interesting suggestion. @sechkova proposed similar when we discussed #222 offline. Perhaps @woodruffw can help us understand how this might work on S3 and similar storage? |
|
I just tested this branch with the develop branch of in-toto and the tests run without issue. |
joshuagl
force-pushed
the
joshuagl/abstract-filesystem
branch
from
59e3ada to
67a8931
Compare
Implement an abstract base class (ABC) which defined an abstract interface for storage operations, regardless of backend. The aim is to enable securesystemslib functions to operate as normal on local filesystems by implementing the interface for local filesystem operations within securesystemslib, with users of the library able to provide implementations for use with their storage backend of choice when this is not a local filesystem, i.e. S3 buckets as used by Warehouse for the PEP 458 implementation. For more context see tuf issue #1009: theupdateframework/python-tuf#1009 Signed-off-by: Joshua Lock <[email protected]>
joshuagl
force-pushed
the
joshuagl/abstract-filesystem
branch
from
67a8931 to
4fcbd73
Compare
|
I've updated the PR here to note the I've also addressed other comments from @mnm678 and @woodruffw. I'd very much appreciate some re-review. |
| """ | ||
|
|
||
| class GetFile(object): | ||
| # Implementing get() as a function with the @contextmanager decorator |
There was a problem hiding this comment.
Thanks for this explanation!
Add FilesystemBackend implementing StorageBackendInterface using Python standard library functions to perform operations on local files and filesystems. Signed-off-by: Joshua Lock <[email protected]>
Add an optional 'storage_backend' argument to digest_filename() which expects an object implementing securesystemslib.storage.StorageBackendInterface and defaults to None Signed-off-by: Joshua Lock <[email protected]>
modify get_file_details(), ensure_parent_dir(), load_json_file() and persist_temp_file() to take an optional storage_backend argument which defaults to None. If no storage_backend is defined the functions will instantiate a FilesystemBackend and use that, otherwise the argument expects an object implementing securesystemslib.storage.StorageBackendInterface. persist_temp_file() now takes an additional should_close parameter, which defaults to True, indicating whether the persisted tempfile should be closed. This is to better support scenarios where the same temporary file might need to be persisted/put to storage multiple times under different names, such as in the case of python-tuf metadata written with consistent snapshots. Signed-off-by: Joshua Lock <[email protected]>
Add storage_backend as an optional parameter to functions in the interface module which read files from the disk. When no argument is provided and the default value of None is used, instantiate a FilesystemBackend and use that to access files on the local filesystem. Signed-off-by: Joshua Lock <[email protected]>
Improve the coverage numbers by marking an untested path as not having coverage. Signed-off-by: Joshua Lock <[email protected]>
joshuagl
force-pushed
the
joshuagl/abstract-filesystem
branch
from
4fcbd73 to
c60ef22
Compare
Note: this branch of securesystemslib doesn't currently work with theupdateframework/tuf – it's very much WIP.
It feels like the shape these changes are taking introduces a conflict between the desire to support abstract filesystem backends vs. reasonable feature enhancements that have been suggested such as #222. It's not yet clear to me how we will support both abstract filesystem backends and creating private key files with restricted privileges.
Fixes issue #: step one, two and four of theupdateframework/python-tuf#1009
Description of the changes being introduced by the pull request:
securesystemslib.hash.digest_filename()securesystemslib.util.[get_file_details|ensure_parent_dir|load_json_file]()Please verify and check that the pull request fulfils the following
requirements: