Feature: Command to change the number of hashed bins in a running repo.

Test results for features/commands/update_hashed_bins_count.feature

Running behat features/commands/update_hashed_bins_count.feature results in:

@rugged @commands @update-hashed-bins-count
Feature: Command to change the number of hashed bins in a running repo.
  In order to optimize performance for client downloads
  As a rugged administrator
  I need to change the number of hashed bins in a running repo.

  Background: Start with a fresh repo.
    Given I reset Rugged
    And I run "sudo cp features/fixtures/config/enable_hashed_bins.yaml /var/rugged/.config/rugged/config.yaml"
    And I run the Rugged command "rugged generate-keys --local"
    And I run the Rugged command "rugged initialize --local"

  Scenario: The 'update-hashed-bins-count' Rugged command exists.
    When I run the Rugged command "rugged update-hashed-bins-count --help"
    Then I should not get:
      """
      Error: No such command 'update-hashed-bins-count'.
      """
    And I should get:
      """
      Usage: rugged update-hashed-bins-count [OPTIONS]
      
        Re-write the repository to use a new number of hashed bins.
      
      Options:
        --confirm-backup                Confirm that a recent backup was taken.
        --skip-pause-checks             Skip checks to confirm that the repository
                                        is paused. (Not recommended)
        --skip-consistency-check        Skip validation of repository consistency.
                                        (Not recommended)
        --skip-current-bin-count-confirmation
                                        Skip confirmation of the current bin count.
                                        (Not recommended)
        --skip-desired-bin-count-confirmation
                                        Skip confirmation of the desired bin count.
                                        (Not recommended)
        --help                          Show this message and exit.
      """

  @gitlab-242
  Scenario: Stop if hashed bins is not enabled.
    Given I reset Rugged
    And I run "sudo cp features/fixtures/config/hashed_bins/disable_hashed_bins.yaml /var/rugged/.config/rugged/config.yaml"
    And I run the Rugged command "rugged generate-keys --local"
    And I run the Rugged command "rugged initialize --local"
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count"
    Then I should get:
      """
      Starting capability checks.
      Checking that hashed bins is enabled.
      Hashed bins is not enabled.
      This command is only relevant when hashed bins is enabled.
      """
    And I should not get:
      """
      Hashed bins is enabled.
      Starting safety checks."
      """

  @gitlab-242
  Scenario: Confirm that hashed bins is enabled.
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count"
    Then I should get:
      """
      Starting capability checks.
      Checking that hashed bins is enabled.
      Hashed bins is enabled.
      """
    And I should not get:
      """
      Hashed bins is not enabled.
      This command is only relevant when hashed bins is enabled.
      """

  @gitlab-242
  Scenario Outline: Stop if we are missing signing keys for any TUF roles.
    Given I run the Rugged command "rm /var/rugged/signing_keys/<KEY>/<KEY>"
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count"
    Then I should get:
      """
      Starting capability checks.
      Checking signing capability for roles: bins, targets, snapshot, timestamp.
      Checking signing capability for '<ROLE>' role.
      Finding keys for '<ROLE>' role.
      Did not find private key for '<ROLE>' role.
      Signing capability is not available for '<ROLE>' role.
      This command requires access to the TUF role signing keys, and write access to the repository metadata.
      This command must be run in a 'root' environment.
      """
    And I should not get:
      """
      Found private key for '<ROLE>' role.
      Signing capability available for '<ROLE>' role.
      """

    Examples:
      | ROLE      | KEY       |
      | bins      | targets   |
      | snapshot  | snapshot  |
      | timestamp | timestamp |

  @gitlab-242
  Scenario Outline: Confirm that we have signing keys for each TUF role.
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count"
    Then I should get:
      """
      Starting capability checks.
      Checking signing capability for roles: bins, targets, snapshot, timestamp.
      Checking signing capability for '<ROLE>' role.
      Finding keys for '<ROLE>' role.
      Found private key for '<ROLE>' role.
      Signing capability available for '<ROLE>' role.
      """
    And I should not get:
      """
      Did not find private key for '<ROLE>' role.
      Signing capability is not available for '<ROLE>' role.
      This command requires access to the TUF role signing keys, and write access to the repository metadata.
      This command must be run in a 'root' environment.
      """

    Examples:
      | ROLE      |
      | bins      |
      | targets   |
      | snapshot  |
      | timestamp |

  Scenario: Skip confirmation that a recent backup was taken.
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup"
    Then I should get:
      """
      Preparing to re-write the repository to use a new number of hashed bins.
      Starting safety checks.
      warning: If this operation is interrupted before completing, it can leave the TUF repository in an inconsistent state, and thus make it unusable.
      warning: Taking a backup is highly recommended. See: https://rugged.works/how-to/maintenance/backup_restore/)
      debug: --confirm-backup flag received. Skipping prompt.
      Recent backup confirmed.
      """
    And I should not get:
      """
      Please confirm that you have taken a recent backup. [y/N]
      Aborted!
      """

  Scenario: Check that the repository is paused.
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup"
    Then I should get:
      """
      Checking that the monitor-worker is paused.
      error: The monitor-worker appears not to be paused.
      Re-run the command with --debug for more information.
      Check status of repository.
      """
    And I should not get:
      """
      The monitor-worker is paused.
      """
    Given I run the Rugged command "touch /opt/post_to_tuf/tuf_paused"
    And I run the Rugged command "touch /opt/post_to_tuf/tuf_refreshing_expiry"
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup"
    Then I should get:
      """
      The monitor-worker is paused.
      The monitor-worker is not processing targets.
      error: The monitor-worker appears to be refreshing expiry periods.
      """
    And I should not get:
      """
      The monitor-worker is not refreshing expiry periods.
      """
    Given I run the Rugged command "touch /opt/post_to_tuf/tuf_processing_TEST"
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup"
    Then I should get:
      """
      error: The monitor-worker appears to be processing targets.
      """
    And I should not get:
      """
      The monitor-worker is not processing targets.
      """
    Given I run the Rugged command "rm /opt/post_to_tuf/tuf_processing_TEST"
    And I run the Rugged command "rm /opt/post_to_tuf/tuf_refreshing_expiry"
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup"
    Then I should get:
      """
      Checking that the monitor-worker is paused.
      The monitor-worker is paused.
      The monitor-worker is not processing targets.
      The monitor-worker is not refreshing expiry periods.
      """

  Scenario: Skip checks that the repository is paused.
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup --skip-pause-checks"
    Then I should get:
      """
      debug: --skip-pause-checks flag received. Skipping checks.
      """
    And I should not get:
      """
      Checking that the monitor-worker is paused.
      Checking that the monitor-worker is not processing targets.
      Checking that the monitor-worker is not refreshing expiry periods.
      """

  Scenario: Validate that the repository is consistent.
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup --skip-pause-checks"
    Then I should get:
      """
      Validating the consistency of the repository.
      Metadata for the 'root' role is valid.
      Metadata for the 'timestamp' role is valid.
      Metadata for the 'snapshot' role is valid.
      Metadata for the 'targets' role is valid.
      """
    And I should not get:
      """
      error:
      """
    Given I invalidate the signature in "/var/rugged/tuf_repo/metadata/targets.json"
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup --skip-pause-checks"
    Then I should get:
      """
      Validating the consistency of the repository.
      error: Metadata for the 'targets' role is not valid.
      """
    And I should not get:
      """
      Metadata for the 'targets' role is valid.
      """

  Scenario: Skip check that the repository is valid/consistent.
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup --skip-pause-checks --skip-consistency-check"
    Then I should get:
      """
      debug: --skip-consistency-check flag received. Skipping check.
      Skipped validation of repository consistency.
      """
    And I should not get:
      """
      Validating the consistency of the repository.
      """

  Scenario: Check that no collisions are found between new and old hashed bin names.
    Given I run "sudo cp features/fixtures/config/number_of_bins.yaml /var/rugged/.config/rugged/config.yaml"
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup --skip-pause-checks --skip-consistency-check --skip-current-bin-count-confirmation --skip-desired-bin-count-confirmation"
    Then I should get:
      """
      Current bin count: 16
      Desired bin count: 32
      No duplicates were found between the current bins names and desired bin names.
      """
    And I should not get:
      """
      debug: The following duplicates were found between the current bins names and desired bin names:
      error: Duplicates were found between the current bins names and desired bin names.
      Cannot update to desired hashed bins count
      """

  Scenario: Exit with an error if collisions are found between new and old hashed bin names.
    When I try to run the Rugged command "rugged --debug update-hashed-bins-count --confirm-backup --skip-pause-checks --skip-consistency-check --skip-current-bin-count-confirmation --skip-desired-bin-count-confirmation"
    Then I should get:
      """
      Current bin count: 16
      Desired bin count: 16
      debug: The following duplicates were found between the current bins names and desired bin names:
      error: Duplicates were found between the current bins names and desired bin names.
      Cannot update to desired hashed bins count (16).
      """
    And I should not get:
      """
      No duplicates were found between the current bins names and desired bin names.
      """

17 scenarios (17 passed)
144 steps (144 passed)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Rugged TUF Server is a trademark of Consensus Enterprises.