Fix issue where on loading private key we continue (#468)

* Fix issue where on loading priv key we continue Signed-off-by: Martin Vrachev <mvrachev@vmware.com> * Add unit test to improve coverage Signed-off-by: Martin Vrachev <mvrachev@vmware.com> * Remove redundant check for keyid This check is already made by the "_key_already_in_use" helper function inside repository_service_tuf/cli/admin/ceremony.py file which we already use after loading the key. Signed-off-by: Martin Vrachev <mvrachev@vmware.com> --------- Signed-off-by: Martin Vrachev <mvrachev@vmware.com> Co-authored-by: Martin Vrachev <mvrachev@vmware.com> Co-authored-by: Kairo Araujo <kairo@kairo.eti.br>
repository-service-tuf · Jan 11, 2024 · 35b6ee9 · 35b6ee9
1 parent 3ed686f
commit 35b6ee9
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 5 deletions.
diff --git a/repository_service_tuf/cli/admin/ceremony.py b/repository_service_tuf/cli/admin/ceremony.py
@@ -249,7 +249,7 @@
 
 def _key_already_in_use(key: Dict[str, Any]) -> bool:
     """Check if a key is duplicated, used in a role or the online_key"""
-    if key is None:
+    if key is None or len(key) < 0 or key.get("keyid") is None:
         return False
 
     keyid = key["keyid"]
@@ -378,6 +378,7 @@ def _configure_keys(
             role_key: RSTUFKey = get_key(role, key_type, ask_name=True)
             if role_key.error:
                 console.print(role_key.error)
+                continue
 
             console.print(
                 ":white_check_mark: Key "
@@ -433,10 +434,6 @@ def _configure_keys(
                 name=name,
             )
 
-        if role_key.key.get("keyid") is None:
-            console.print(":cross_mark: [red]Failed[/]: Key `keyid` is None.")
-            continue
-
         if _key_already_in_use(role_key.key) is True:
             console.print(":cross_mark: [red]Failed[/]: Key is duplicated.")
             continue

diff --git a/tests/unit/cli/admin/test_ceremony.py b/tests/unit/cli/admin/test_ceremony.py
@@ -14,6 +14,21 @@ def test__key_already_in_use(self, test_setup):
         result = ceremony._key_already_in_use({"keyid": "ema"})
         assert result is False
 
+    def test__key_already_in_use_key_none(self, test_setup):
+        ceremony.setup = test_setup
+        result = ceremony._key_already_in_use(None)
+        assert result is False
+
+    def test__key_already_in_use_empty_dict(self, test_setup):
+        ceremony.setup = test_setup
+        result = ceremony._key_already_in_use({})
+        assert result is False
+
+    def test__key_already_in_use_no_keyid(self, test_setup):
+        ceremony.setup = test_setup
+        result = ceremony._key_already_in_use({"abc": "bd"})
+        assert result is False
+
     def test__key_already_in_use_exists_in_role(self, test_setup):
         test_setup.root_keys["ema"] = ceremony.RSTUFKey(key={"keyid": "ema"})
         ceremony.setup = test_setup
@@ -70,6 +85,46 @@ def test_ceremony_start_not_ready_load_the_keys(
         assert "Ceremony aborted." in test_result.output
         assert test_result.exit_code == 1
 
+    def test_ceremony_problem_loading_priv_key_fix_and_continue(
+        self, client, test_context, test_setup, test_inputs
+    ):
+        ceremony.setup = test_setup
+        input_step1, input_step2, _, input_step4 = test_inputs
+
+        input_step3 = [
+            "y",  # Ready to start loading the root keys? [y/n]
+            "",  # Choose root`s key type [ed25519/ecdsa/rsa] (ed25519)
+            "foo",  # Enter the root`s private key path  # noqa
+            "bar",  # Enter the root`s private key password
+            "",  # [Optional] Give a name/tag to the root`s key
+            "",  # Choose root`s key type [ed25519/ecdsa/rsa] (ed25519)
+            "tests/files/key_storage/JanisJoplin.key",  # Enter the root`s private key path  # noqa
+            "strongPass",  # Enter the root`s private key password
+            "",  # [Optional] Give a name/tag to the root`s key
+            "private",  # Select to use private key or public? [private/public] (public)  # noqa
+            "",  # Choose root`s key type [ed25519/ecdsa/rsa] (ed25519)
+            "tests/files/key_storage/JimiHendrix.key",  # Enter the root`s private key path  # noqa
+            "strongPass",  # Enter the root`s private key password
+            "",  # [Optional] Give a name/tag to the root`s key
+        ]
+
+        test_result = client.invoke(
+            ceremony.ceremony,
+            input="\n".join(
+                input_step1 + input_step2 + input_step3 + input_step4
+            ),
+            obj=test_context,
+            catch_exceptions=False,
+        )
+        assert test_result.exit_code == 0, test_result.output
+        # Assert there was a problem loading the key.
+        assert "Failed" in test_result.output
+        # Assert first root key was logged as VERIFIED only ONCE.
+        assert test_result.output.count("Key 1/2 Verified") == 1
+        assert "Ceremony done. 🔐 🎉." in test_result.output
+        # passwords not shown in output
+        assert "strongPass" not in test_result.output
+
     def test_ceremony_start_default_values(
         self, client, test_context, test_inputs, test_setup
     ):