Metadata API: validate root role names

[MVrachev]

Fixes #1516

Description of the changes being introduced by the pull request:

Validate that root role names are 4 and that they are exactly
"root", "snapshot", "targets" and "timestamp" as described in
the spec:
https://theupdateframework.github.io/specification/latest/#root-role

Additionally, fix the valid_roots dataset, so each of the cases contains
the top metadata role names inside the roles dictionary.

Signed-off-by: Martin Vrachev [email protected]

Please verify and check that the pull request fulfills the following
requirements:

• The code follows the Code Style Guidelines
• Tests have been added for the bug fix or new feature
• Docs have been added for the bug fix or new feature

[MVrachev]

The CI failures are fixed in #1631.

[coveralls]

Pull Request Test Coverage Report for Build 1381179026

• 3 of 3 (100.0%) changed or added relevant lines in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.002%) to 97.43%

---

Totals
Change from base Build 1380118579:	0.002%
Covered Lines:	3946
Relevant Lines:	4030

---

💛 - Coveralls

[lukpueh]

Nice patch, @MVrachev, and thanks for considering my comments from earlier! I have two more comments/questions. Other than that this lgtm.

[lukpueh]

Note that sets are unordered. If the original order, i.e. ["root", "timestamp", "snapshot", "targets"], needs to be guaranteed, you can't use TOP_LEVEL_ROLE_NAMES here.

[MVrachev]

Good note. I don't think the order matters here, am I right @jku?

Also, I decided to use a set, instead of a list for TOP_LEVEL_ROLE_NAMES because of this check:
if set(roles) != TOP_LEVEL_ROLE_NAMES: in tuf/api/metadata.py in Root.init() will result as false even if roles have the same content as TOP_LEVEL_ROLE_NAMES. The reason is that one is a list and the other is a set.

[lukpueh]

I think using a set makes sense. If it turns out that there are many use cases that require the same particular order of the top-level role names, we can still add another global that is a list, or make this one an ordered set.

[jku]

WFM

[lukpueh]

It might be helpful to include the received, i.e. roles and expected, i.e. TOP_LEVEL_ROLE_NAMES value in the error message. I can't remember, do we have a general recommendation for error messages in that regard?

[jku]

I'd avoid any complexity. We're preparing for one of two options:

• deserialization: error message won't be useful
• construction of new Root: this is code that we hopefully write once in a repository component and that's it

complex error message would have very limited value in both cases

[lukpueh]

LGTM!

[lukpueh]

I think using a set makes sense. If it turns out that there are many use cases that require the same particular order of the top-level role names, we can still add another global that is a list, or make this one an ordered set.

[jku]

LGTM

[coveralls]

Pull Request Test Coverage Report for Build 1380621788

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

• For more information on this, see Tracking coverage changes with pull request builds.
• To avoid this issue with future PRs, see these Recommended CI Configurations.
• For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

• 2 of 2 (100.0%) changed or added relevant lines in 1 file are covered.
• 6 unchanged lines in 1 file lost coverage.
• Overall coverage increased (+1.1%) to 98.478%

---

Files with Coverage Reduction	New Missed Lines	%
tuf/api/metadata.py	6	97.97%

Totals
Change from base Build 1380118579:	1.1%
Covered Lines:	3785
Relevant Lines:	3811

---

💛 - Coveralls