go-tuf icon indicating copy to clipboard operation
go-tuf copied to clipboard
verified publisher icon theupdateframework

Delegations: Unable to modify properties of a delegated role

Open asraa opened this issue 3 years ago • 1 comments

If a user adds a delegation with a repeated name, but with different properties (e.g. Updates it), then it will catch on this error:

https://github.com/theupdateframework/go-tuf/blob/355e39cb2df220fc3961396a6d0e30bcf2c9ac12/repo.go#L559-L563

@ethan-lowman-dd WDYT?

asraa avatar Jun 29 '22 14:06 asraa

A workaround is to call ResetTargetsDelegations and add back all delegations in the desired new state. You can see an example here https://github.com/theupdateframework/go-tuf/blob/9a41055/repo_test.go#L2158.

It would indeed be nice to have a new API for modifying though.

The spec says

The rolename MUST be unique in the delegations object: multiple roles with the same rolename are not allowed within a DELEGATIONS. (ref)

and I think enforcing this in AddDelegatedRoleWithExpires with an error is clearer than implicitly updating. I think we should have separate UpdateDelegatedRole... functions for modification.

ethan-lowman-dd avatar Jun 29 '22 14:06 ethan-lowman-dd

Closing since the code base changed and this is no longer valid.

Thanks for raising this 👍

rdimitrov avatar Jan 31 '24 21:01 rdimitrov