adding --role flag to key import

[avaid96]

closes #881

Signed-off-by: Avi Vaid avaid1996@gmail.com

[docker-jenkins]

Can one of the admins verify this patch?

[avaid96]

This is still WIP
Discussion:

1. should we have a --gun flag for compatibility with the flat key store? as of now you can specify the path if you want a key associated with a gun but this won't be possible in a flat keystore. followup: should we even have a path if we have a flat keystore
2. if there is a role flag should we limit to importing only one key or add that to all specified keys?

[HuKeping]

Thanks for the quick fixing!
btw, isn't it 1:00 AM at CA?

[HuKeping]

Do you get this error when import keys:

failed to import key to store: PEM headers did not contain import path

[cyli]

@avaid96 I think taking a GUN makes sense, and a GUN header makes sense more than a path header in the flattened keystore. I think #825 included both headers - can import guess the path based on the GUN for now until flatten keystore is merged?

[riyazdf]

I think this conditional logic should be slightly different to match the usage comment - we should check if block.Headers["role"] exists, and set it to role if it's empty.

Also, I think this logic should combine with the pathing logic below since to-be-imported delegation keys may not have a path PEM header. We can check if we have a provided role and if it's a delegation we can write it to private/tuf_keys/<KEY_ID>.key. If we follow @cyli's suggestion for GUN headers we can include that in the path we construct for non-delegation keys as well.

[cyli]

@HuKeping Yep, that's what we are trying to fix. :)

[cyli]

nit: can we call role and gun -> fallbackRole and fallbackGun or some such, to make it clear they're only used if there is no provided role or gun/path?

[riyazdf]

nit: I think this was originally a typo for consistency

[riyazdf]

nit: can we put these keys in the fixtures directory? Also, you may not need this key without the role header because we other keys (ex: secure.example.com.key) without headers that we can test with

[riyazdf]

jenkins, ok to test.

[cyli]

Non-blocking: Should we move this logic out of the if block? E.g. after setting the path, we can delete the "gun" header if the role is root or a delegation? Since currently it's only deleted if the path is not specified.

[cyli]

Should we add an assertion that no gun is included in the header as well?

[avaid96]

added it, thanks 😄

[cyli]

Non-blocking nitpick: should this be "TestBlockHeaderPrecedencePathRole", since the header has both the path and the role, but not the gun?

[cyli]

Non-blocking question, just because I don't know what we decided for this: it seems like we are ok with one of the base non-root roles not having a gun also (we don't delete it, but we don't error if we can't infer one) - we infer a path being just the non-root subdirectory + the key ID, as you've included in your test.

I'm ok with that, since the user messed this up, but this would mean that earlier versions of docker probably wouldn't be able to use this key? cc @riyazdf @endophage

[avaid96]

I'm okay with either method, but I would be tempted to lean towards not importing it since we don't import encrypted keys without a path etc (cases where the user messed up as well). Would make sense to have some consistency there. This would mean changing the code and this test etc since as @cyli mentioned correctly we now just import the key. Happy to do it once we decide @riyazdf @endophage

[endophage]

LGTM when CI goes green!

[riyazdf]

nit: tempFile3.Close()

[riyazdf]

super non-blocking nit: we can remove this line and just directly use k.getRetriever in the next line since we don't use the passRetriever variable elsewhere

[riyazdf]

LGTM pending CI. Thank you for all of your hard work on this feature!

[avaid96]

Of course, thanks for the detailed review on this PR! 😄

[cyli]

Thank you for all your work on this @avaid96! :D