Merge pull request #1936 from emgee/asserts-revert-required-account-key-name

asserts: revert change that made the account-key's name mandatory.

2 files changed, 49 insertions, 22 deletions

diff --git a/asserts/account_key.go b/asserts/account_key.go
index 8987331a23..3e01b4ad12 100644
--- a/asserts/account_key.go
+++ b/asserts/account_key.go
@@ -108,26 +108,27 @@ func (ak *AccountKey) checkConsistency(db RODatabase, acck *AccountKey) error {
	if err != nil {
	return err
	}
-
-	// Check that we don't end up with multiple keys with
-	// different IDs but the same account-id and name.
-	// Note that this is a non-transactional check-then-add, so
-	// is not a hard guarantee. Backstores that can implement a
-	// unique constraint should do so.
-	assertions, err := db.FindMany(AccountKeyType, map[string]string{
-	"account-id": ak.AccountID(),
-	"name": ak.Name(),
-	})
-	if err != nil && err != ErrNotFound {
-	return err
-	}
-	for _, assertion := range assertions {
-	existingAccKey := assertion.(*AccountKey)
-	if ak.PublicKeyID() != existingAccKey.PublicKeyID() {
-	return fmt.Errorf("account-key assertion for %q with ID %q has the same name %q as existing ID %q", ak.AccountID(), ak.PublicKeyID(), ak.Name(), existingAccKey.PublicKeyID())
+	// XXX: Make this unconditional once account-key assertions are required to have a name.
+	if ak.Name() != "" {
+	// Check that we don't end up with multiple keys with
+	// different IDs but the same account-id and name.
+	// Note that this is a non-transactional check-then-add, so
+	// is not a hard guarantee. Backstores that can implement a
+	// unique constraint should do so.
+	assertions, err := db.FindMany(AccountKeyType, map[string]string{
+	"account-id": ak.AccountID(),
+	"name": ak.Name(),
+	})
+	if err != nil && err != ErrNotFound {
+	return err
+	}
+	for _, assertion := range assertions {
+	existingAccKey := assertion.(*AccountKey)
+	if ak.PublicKeyID() != existingAccKey.PublicKeyID() {
+	return fmt.Errorf("account-key assertion for %q with ID %q has the same name %q as existing ID %q", ak.AccountID(), ak.PublicKeyID(), ak.Name(), existingAccKey.PublicKeyID())
+	}
	}
	}
-
	return nil
 }
 
@@ -147,9 +148,13 @@ func assembleAccountKey(assert assertionBase) (Assertion, error) {
	return nil, err
	}
 
-	_, err = checkStringMatches(assert.headers, "name", validAccountKeyName)
-	if err != nil {
-	return nil, err
+	// XXX: We should require name to be present after backfilling existing assertions.
+	_, ok := assert.headers["name"]
+	if ok {
+	_, err = checkStringMatches(assert.headers, "name", validAccountKeyName)
+	if err != nil {
+	return nil, err
+	}
	}
 
	since, err := checkRFC3339Date(assert.headers, "since")
diff --git a/asserts/account_key_test.go b/asserts/account_key_test.go
index 366bffcc52..37887ce183 100644
--- a/asserts/account_key_test.go
+++ b/asserts/account_key_test.go
@@ -85,6 +85,27 @@ func (aks *accountKeySuite) TestDecodeOK(c *C) {
	c.Check(accKey.Since(), Equals, aks.since)
 }
 
+func (aks *accountKeySuite) TestDecodeNoName(c *C) {
+	// XXX: remove this test once name is mandatory
+	encoded := "type: account-key\n" +
+	"authority-id: canonical\n" +
+	"account-id: acc-id1\n" +
+	"public-key-sha3-384: " + aks.keyID + "\n" +
+	aks.sinceLine +
+	fmt.Sprintf("body-length: %v", len(aks.pubKeyBody)) + "\n" +
+	"sign-key-sha3-384: Jv8_JiHiIzJVcO9M55pPdqSDWUvuhfDIBJUS-3VW7F_idjix7Ffn5qMxB21ZQuij" + "\n\n" +
+	aks.pubKeyBody + "\n\n" +
+	"AXNpZw=="
+	a, err := asserts.Decode([]byte(encoded))
+	c.Assert(err, IsNil)
+	c.Check(a.Type(), Equals, asserts.AccountKeyType)
+	accKey := a.(*asserts.AccountKey)
+	c.Check(accKey.AccountID(), Equals, "acc-id1")
+	c.Check(accKey.Name(), Equals, "")
+	c.Check(accKey.PublicKeyID(), Equals, aks.keyID)
+	c.Check(accKey.Since(), Equals, aks.since)
+}
+
 func (aks *accountKeySuite) TestUntil(c *C) {
 
	untilSinceLine := "until: " + aks.since.Format(time.RFC3339) + "\n"
@@ -143,7 +164,8 @@ func (aks *accountKeySuite) TestDecodeInvalidHeaders(c *C) {
	invalidHeaderTests := []struct{ original, invalid, expectedErr string }{
	{"account-id: acc-id1\n", "", `"account-id" header is mandatory`},
	{"account-id: acc-id1\n", "account-id: \n", `"account-id" header should not be empty`},
-	{"name: default\n", "", `"name" header is mandatory`},
+	// XXX: enable this once name is mandatory
+	// {"name: default\n", "", `"name" header is mandatory`},
	{"name: default\n", "name: \n", `"name" header should not be empty`},
	{"name: default\n", "name: a b\n", `"name" header contains invalid characters: "a b"`},
	{"name: default\n", "name: -default\n", `"name" header contains invalid characters: "-default"`},