diff --git a/repository_service_tuf/cli/admin/sign.py b/repository_service_tuf/cli/admin/sign.py index 1f2d021de..f5cd943d6 100644 --- a/repository_service_tuf/cli/admin/sign.py +++ b/repository_service_tuf/cli/admin/sign.py @@ -66,37 +66,42 @@ def _get_pending_roles(settings: Any) -> Dict[str, Dict[str, Any]]: @metadata.command() # type: ignore +@click.option( + "--in", + "input", + help=( + "Input ile containing the JSON response from the " + "'GET /api/v1/metadata/sign' RSTUF API endpoint." + ), + type=click.File("r"), + required=False, +) @click.option( "--out", is_flag=False, flag_value=DEFAULT_PATH, help=f"Write output json result to FILENAME (default: '{DEFAULT_PATH}')", type=click.File("w"), -) -@click.argument( - "signing_json_input_file", required=False, - type=click.File("rb"), ) @click.pass_context def sign( context: click.Context, + input: Optional[click.File], out: Optional[click.File], - signing_json_input_file: Optional[click.File], ) -> None: """Add one signature to root metadata.""" console.print("\n", Markdown("# Metadata Signing Tool")) settings = context.obj["settings"] - if settings.get("SERVER") is None and signing_json_input_file is None: + if settings.get("SERVER") is None and input is None: raise click.ClickException( - "Either '--api-sever'/'SERVER' in RSTUF config or " - "'SIGNING_JSON_INPUT_FILE' must be set" + "Either '--api-sever'/'SERVER' in RSTUF config or '--in' needed" ) ########################################################################### # Load roots pending_roles: Dict[str, Dict[str, Any]] - if signing_json_input_file: - pending_roles = _parse_pending_data(json.load(signing_json_input_file)) # type: ignore # noqa + if input: + pending_roles = _parse_pending_data(json.load(input)) # type: ignore else: pending_roles = _get_pending_roles(settings) diff --git a/tests/unit/cli/admin/test_sign.py b/tests/unit/cli/admin/test_sign.py index 93e6f8edd..5f1133ee4 100644 --- a/tests/unit/cli/admin/test_sign.py +++ b/tests/unit/cli/admin/test_sign.py @@ -136,7 +136,7 @@ def test_sign_bootstap_root(self, patch_getpass): ) ] - def test_sign_local_file_input_and_custom_out( + def test_sign_input_option_and_custom_out( self, client, test_context, patch_getpass ): inputs = [ @@ -144,7 +144,7 @@ def test_sign_local_file_input_and_custom_out( f"{_PEMS / 'JH.ed25519'}", # Please enter path to encrypted private key # noqa ] - args = [f"{_PAYLOADS / 'sign_pending_roles.json'}"] + args = ["--in", f"{_PAYLOADS / 'sign_pending_roles.json'}"] custom_path = "custom_sign_path.json" with client.isolated_filesystem(): result = client.invoke( @@ -167,7 +167,7 @@ def test_sign_local_file_input_and_custom_out( assert result.data["signature"]["sig"] == expected["sig"] assert f"Saved result to '{custom_path}'" in result.stdout - def test_sign_with_file_input_and_api_server_set(self, patch_getpass): + def test_sign_with_input_option_and_api_server_set(self, patch_getpass): inputs = [ "1", # Please enter signing key index f"{_PEMS / 'JH.ed25519'}", # Please enter path to encrypted private key # noqa @@ -176,7 +176,7 @@ def test_sign_with_file_input_and_api_server_set(self, patch_getpass): sign.task_status = pretend.call_recorder(lambda *a: "OK") sign_input_path = f"{_PAYLOADS / 'sign_pending_roles.json'}" api_server = "http://localhost:80" - args = ["--api-server", api_server, sign_input_path] + args = ["--api-server", api_server, "--in", sign_input_path] result = invoke_command(sign.sign, inputs, args) expected = { @@ -210,7 +210,7 @@ def test_sign_with_file_input_and_api_server_set(self, patch_getpass): ) ] - def test_sign_no_api_server_and_no_file_input(self): + def test_sign_no_api_server_and_no_input_option(self): result = invoke_command(sign.sign, [], [], std_err_empty=False) assert "Either '--api-sever'/'SERVER'" in result.stderr