Add support for PUT /api/v1/metadata/online

[MVrachev]

Description

Add support for PUT /api/v1/metadata which will force a new metadata version
of a given set of online roles.

Fixes #399

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality not to work as expected)

Additional requirements

• Tests have been added for the bug fix or new feature
• Docs have been added for the bug fix or new feature

Code of Conduct

By submitting this PR, you agree to follow our Code of Conduct.

• I agree to follow this project's Code of Conduct

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.09%. Comparing base (25928b7) to head (61e05da).
Report is 32 commits behind head on main.

❗ Current head 61e05da differs from pull request most recent head 5153aaa. Consider uploading reports for the commit 5153aaa to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #513      +/-   ##
==========================================
+ Coverage   98.97%   99.09%   +0.11%     
==========================================
  Files          14       14              
  Lines         588      666      +78     
==========================================
+ Hits          582      660      +78     
  Misses          6        6              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[MVrachev]

It's best to test this together with #513

[MVrachev]

Before merging this pr, lets merge: #514.

[MVrachev]

@kairoaraujo it's ready for a review.

[MVrachev]

I invited @fsavoia and @ivanayov for a review.

[kairoaraujo]

I think it should be a specific endpoint "/api/v1/metadata/"
Also, I would use the following behavior.
No rolename = bump all online roles.

[MVrachev]

It is already using api/v1/metadata:

I will address the second comment though.

[kairoaraujo]

Sorry, what I mean is to use a more specific endpoint /api/v1/metadata/<choose a name>
I see the /api/v1/metadata for more generic actions like Update Metadata.

As this description says, "Force a new version of online metadata role(s)." it should have a more specific endpoint
i.e.: /api/v1/metadata/online. Following our past changes, it is an asynchronous task that could be a POST.

[MVrachev]

After a discussion we agreed it will be POST /api/v1/metadata/online/

[MVrachev]

@kairoaraujo I did as you suggested if payload is empty I made sure force update on all roles.
I also added a check in Roles.online_roles to whether Targets is an online role.
If it's not we don't return it in this list.

It's ready for review.

[ivanayov]

What will happen if datetime.now() + <ROLE_NAME_EXPIRATION number of days> is less than the current expiration? I think we should either make it impossible or define it more strictly here (like extended or redused - practically it can also be the same, so we can just say "updated").

[ivanayov]

What I mean is that this description creates expectations that don't strictly match the functionality.

[MVrachev]

The whole idea is to be able to redefine current expiration.
For context: the idea of this feature came to life after I implemented PUT /api/v1/config.
With that API endpoint, you can change the expiration policy for each role.
Still, this policy will be enforced when an online role expires and the automatic job to bump that role is executed.
See: https://github.com/repository-service-tuf/repository-service-tuf-worker/blob/486e98cdbc16dd41c62c0ec8b473e2f94312ee9c/app.py#L139

The idea behind this new endpoint is that after you have called PUT /api/v1/config you can call this new endpoint PUT /api/v1/metadata and request a new metadata version of part or all online metadata roles.

For the future I have thought about adding a flag force_new_version to the PUT /api/v1/config endpoint which will do the same thing as this new endpoint but for all roles.

[MVrachev]

As suggested by Ivana I added a commit that makes sure we cannot push negative expiration days.
Here is the commit: 8a00f5b

[ivanayov]

Same about "extended" here.

[MVrachev]

Check my comment to your questions above.

[MVrachev]

I had to remove my latest changes where I added more requirements to our attributes as there was an issue.
I have added a new issue about this: #520.

[MVrachev]

@kairoaraujo I updated the pr by:

• changing the endpoint to PUT /api/v1/metadata/online
• the roles that could be forced bumped are not predefined literals, but any string
• added a check if bins are used, then only predefined roles (a.k.a roles defined in Roles) can be force bumped.
• removed comments about Fast API issue.

I suggest first merging custom target delegation prs and rebasing those on top of them.
That will allow us to check if we can bump custom target delegated roles.

[MVrachev]

@kairoaraujo ready to test together with repository-service-tuf/repository-service-tuf-worker#435.
Support for pushing a new version of custom target delegation is there.

The only remaining question that comes to my mind is whether we should keep the API call to POST /api/v1/metadata/online as we update our current online roles instead of adding a new one?
The other possibility is to instead use PUT /api/v1/metadat/online which to me sounds more precise.