Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/heartsucker/tuf-tap-7-example

A reference implementation of a TAP 7 conformance tester
https://github.com/heartsucker/tuf-tap-7-example

Last synced: 12 days ago
JSON representation

A reference implementation of a TAP 7 conformance tester

Awesome Lists containing this project

README

        

# tuf-tap7-example

A collection of test vectors that can be used to verify if a TUF or Uptane
client conforms to the specification with regards to processing metadata and
targets.

## Vectors

This repo contains `server.py` which provides an interactive API that directs
clients on how to perform updates. A client should use the following steps to
run through all the test vectors.

### List Vectors

Client does a `GET` on `/` to receive a JSON array of strings naming the rest of
the vectors.

```bash
$ curl localhost:8080/
["vector_1", "another_vector", ... ]
```

### Initialize the Vector

Because the vectors need to simulate time (via a "step"), each vector needs to
be intialized with a `POST`.

```bash
$ curl -X POST localhost:8080/$vector_name/step
{
"update": {
"is_success": true
},
"targets": {
"targets/file.txt": {
"is_success": true
}
}
}
```

The response will tell you what the result of an update cycle should be as well
as what targets to download and whether or not they should validate. If there
are errors, both the `update` and `target` object will have `err` and `err_msg`
along with `is_success`. `err` will be machine parseable and attempts to
enumerate common types and `err_msg` is a plain English sentance.

### Update the Local Metadata

The client should attempt to do a full update of all metadata as defined in the
spec, and the success of this update should match `update.is_success`.

### Download and Verify Targets

The client should download and verify the target. The success of this should
match `targets.$target_name.is_success`.

### Step

The client should `POST` to the same endpoint `/$vector_name/step` and repeate.
If the call to "step" returns `HTTP 204`, then the client is done.

### Reset

To reset the vector, the client may `POST` to `/$vector_name/reset`. The client
may run tests in parallel, but the client may not run many tests against the
same one vector in parallel.

The client may `POST` to

## License

This project is licensed under the MIT license. See [LICENSE](./LICENSE) for
more information.