tuftool: Allow specifying version in root init

A new repo is created by calling `tuftool root init <path>`. It is a common pattern when renewing an expiring root to then have to call `tuftool root bump-version` multiple times or `tuftool root set-version`. Since this is so common, this change makes it possible to provide an option initial version to `root init` to avoid needing to run multiple commmands. This adds an optional `--version` or `-v` argument that can take a positive integer to set as the initial root version. Signed-off-by: Sean McGinnis <[email protected]>
awslabs · Aug 8, 2023 · d75e889 · d75e889
1 parent 532596d
commit d75e889
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 5 deletions.
diff --git a/tuftool/src/root.rs b/tuftool/src/root.rs
@@ -28,6 +28,9 @@ pub(crate) enum Command {
     Init {
         /// Path to new root.json
         path: PathBuf,
+        /// Initial metadata file version
+        #[clap(short, long)]
+        version: Option<u64>,
     },
     /// Increment the version
     BumpVersion {
@@ -131,7 +134,7 @@ macro_rules! role_keys {
 impl Command {
     pub(crate) fn run(self) -> Result<()> {
         match self {
-            Command::Init { path } => Command::init(&path),
+            Command::Init { path, version } => Command::init(&path, version),
             Command::BumpVersion { path } => Command::bump_version(&path),
             Command::Expire { path, time } => Command::expire(&path, &time),
             Command::SetThreshold {
@@ -162,14 +165,15 @@ impl Command {
         }
     }
 
-    fn init(path: &Path) -> Result<()> {
+    fn init(path: &Path, version: Option<u64>) -> Result<()> {
+        let init_version = version.unwrap_or(1);
         write_file(
             path,
             &Signed {
                 signed: Root {
                     spec_version: crate::SPEC_VERSION.to_owned(),
                     consistent_snapshot: true,
-                    version: NonZeroU64::new(1).unwrap(),
+                    version: NonZeroU64::new(init_version).unwrap(),
                     expires: round_time(Utc::now()),
                     keys: HashMap::new(),
                     roles: hashmap! {

diff --git a/tuftool/tests/root_command.rs b/tuftool/tests/root_command.rs
@@ -175,6 +175,34 @@ fn create_root() {
     assert_eq!(get_sign_len(root_json.to_str().unwrap()), 2);
 }
 
+#[test]
+fn create_root_to_version() {
+    let out_dir = TempDir::new().unwrap();
+    let root_json = out_dir.path().join("root.json");
+    let version = NonZeroU64::new(99).unwrap();
+
+    Command::cargo_bin("tuftool")
+        .unwrap()
+        .args(["root", "init", root_json.to_str().unwrap(), "-v", "99"])
+        .assert()
+        .success();
+
+    // validate version number
+    assert_eq!(get_version(root_json.to_str().unwrap()), version);
+}
+
+#[test]
+fn create_root_invalid_version() {
+    let out_dir = TempDir::new().unwrap();
+    let root_json = out_dir.path().join("root.json");
+
+    Command::cargo_bin("tuftool")
+        .unwrap()
+        .args(["root", "init", root_json.to_str().unwrap(), "-v", "0"])
+        .assert()
+        .failure();
+}
+
 #[test]
 // Ensure creating an unstable root throws error
 fn create_unstable_root() {
@@ -351,13 +379,13 @@ fn set_version_root() {
     initialize_root_json(root_json.to_str().unwrap());
     let version = NonZeroU64::new(5).unwrap();
 
-    //set version to 5
+    // set version to 5
     Command::cargo_bin("tuftool")
         .unwrap()
         .args(["root", "set-version", root_json.to_str().unwrap(), "5"])
         .assert()
         .success();
 
-    //validate version number
+    // validate version number
     assert_eq!(get_version(root_json.to_str().unwrap()), version);
 }