Trusted-signers Add has inconsistent arguments

[heng-liu]

Thanks for @loic-sharma 's question in #10628 (comment)

In NuGet.exe command, the package path could be wildcard, so there might be multiple paths after parsing.
But there is a checking on "Name" to reject any existing "Name" at https://github.com/NuGet/NuGet.Client/blob/ac97d923e633f4ee65eec5ec690c4d99d7a922f3/src/NuGet.Core/NuGet.Commands/TrustedSignersCommand/TrustedSignerActionsProvider.cs#L243
So when there are multiple packages, the first one will be added successfully, but the rest will fail for A trusted signer 'Test' already exists.
Apparently this is a bug. We should make the two consistent.
That is, do not accept multiple paths, or, accept multiple 'Name'.

[aortiz-msft]

@erdembayar - Could we address this in the dotnet.exe implementation as first step?

[erdembayar]

But there is a checking on "Name" to reject any existing "Name" at https://github.com/NuGet/NuGet.Client/blob/ac97d923e633f4ee65eec5ec690c4d99d7a922f3/src/NuGet.Core/NuGet.Commands/TrustedSignersCommand/TrustedSignerActionsProvider.cs#L243
So when there are multiple packages, the first one will be added successfully, but the reset will fail for A trusted signer 'Test' already exists.
Apparently this is a bug. We should make the two consistent.
That is, do not accept multiple paths, or, accept multiple 'Name'.
What is reset here?
Can you give actual full command here for below cases and with expected result for reach?

1. do not accept multiple paths
2. accept multiple 'Name'

[heng-liu]

Hi @erdembayar , the command is nuget trusted-signers add <package(s)> -Name <name> [options]
we could do 1 or 2. I personally feel 1 is safer, but would love to learn more thoughts from others.

1. do not accept multiple paths, means when we pass package path to command, we verify if it's only 1 nupkg. If it's wildcard and there are multiple nupkgs resolved, it will fail and say like " there are multiple nupkgs found"
2. accept multiple 'Name', means if we decide to accept multiple nupkgs for package(s) , then we also need to accept a list of 'Name' of trusted-signers, so that each nupkg will be added as the according 'Name' in the list.

[erdembayar]

@zkat @dtivel @joelverhagen @loic-sharma @nkolev92 @zivkan @JonDouglas
Please give your opinion. *1 or *2? I prefer number *1 too, same as @heng-liu. If there're many it's hard to match visually and might lead to unwanted event.

[zkat]

I see from the code that, yes, we'll throw that error.

That said, I thought it was possible to have, say, multiple Author certificates under a single name (as in the example under "list" here: https://docs.microsoft.com/en-us/nuget/reference/cli-reference/cli-ref-trusted-signers#nuget-trusted-signers-list).

Am I misunderstanding how this command works? I would expect this to append new signers.

See also: #10628 (comment)

These are the assumptions I was working under with the spec.

[heng-liu]

I tried with multiple nupkgs in the path, like:
nuget trusted-signers add c:\testpackages\*.nupkg -Name TestTrustedSigner1 -Author
Only the first nupkg's author cert is added into trusted-signers section.
The rest of nupkgs failed to be added. As we have a duplicate checking on argument Name . So no duplicate Name could be added into trusted-signers section, and we don't accept multiple Name for now.

[erdembayar]

I tried with multiple nupkgs in the path, like:
nuget trusted-signers add c:\testpackages\*.nupkg -Name TestTrustedSigner1 -Author
Only the first nupkg's author cert is added into trusted-signers section.
The rest of nupkgs failed to be added. As we have a duplicate checking on argument Name . So no duplicate Name could be added into trusted-signers section, and we don't accept multiple Name for now.

But here you're only passing single Name not multiple. Can we pass comma separated names?

[heng-liu]

I tried, multiple Names doesn't work.
We assume there is only one Name in our code .