targets: Use online root meta if not found locally

If a user has not taken neither root nor targets keys offline then there are only two root versions in a given factory. In such the case, the bundle will have no any root metadata. Therefore, to make the `show` command work properly the command needs to fetch the latest (i.e. version 2) root meta from the backend. Signed-off-by: Mike Sul <[email protected]>
foundriesio · Apr 16, 2024 · dde69aa · dde69aa
1 parent 3ce1763
commit dde69aa
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/subcommands/targets/offline-update.go b/subcommands/targets/offline-update.go
@@ -512,7 +512,10 @@ func getLatestRoot(bundleTufPath string) (*client.AtsTufRoot, error) {
 	if !errors.Is(readErr, os.ErrNotExist) {
 		return nil, readErr
 	}
-
+	if latestVersionBytes == nil {
+		// None of the N.root.json where N starts from 3 was found in the bundle
+		return nil, os.ErrNotExist
+	}
 	rootMeta := client.AtsTufRoot{}
 	if err := json.Unmarshal(latestVersionBytes, &rootMeta); err != nil {
 		return nil, err
@@ -562,6 +565,12 @@ func doShowBundle(cmd *cobra.Command, args []string) {
 	}
 
 	rootMeta, err := getLatestRoot(tufMetaPath)
+	if errors.Is(err, os.ErrNotExist) && bundleMeta.ouBundleMeta.Type == "ci" {
+		// If no any N.root.json is found in the bundle and this is the "ci" bundle,
+		// then this is the valid case - a user has not taken their TUF targets key offline.
+		// Therefore, instead of failing the command fetches the root meta from the backend.
+		rootMeta, err = api.TufRootGet(viper.GetString("factory"))
+	}
 	subcommands.DieNotNil(err)
 	fmt.Println("\tAllowed keys:")
 	for _, key := range rootMeta.Signed.Roles["targets"].KeyIDs {