Task: review & implement missing features of admin2 commands

[MVrachev]

What is the task about?

Compare all missing features from admin2 commands that exist in our current corresponding commands.

This will be an umbrella issue for missing features for each of the commands.

Parent feature

#532

TODO

• Sign command
• Ceremony command
• Metadata Update command
• New command: rstuf admin send

Sign missing features

• Get metadata that requires signature with API endpoint GET /api/v1/metadata/sign (check _get_pending_roles() from repository_service_tuf/cli/admin/metadata.py) -- @MVrachev :
• Push new signatures for metadata to API endpoint POST /api/v1/metadata/sign (check send_payload from repository_service_tuf/helpers/api_client.py) -- @MVrachev:
• Wait for the task to finish and report back to the CLI user (check task_status fromrepository_service_tuf/helpers/api_client.py) -- @MVrachev
• Add an option to sign locally available files. Check

  repository-service-tuf-cli/repository_service_tuf/helpers/api_client.py

  Line 233 in 4851b56

  def get_md_file(file_uri: str) -> Metadata:

  if it could be useful. - @MVrachev
• Show key information from previous root keys even if they do not exist in new root for signing. - @KAUTH
• Decide if in this command or another to implement rstuf admin metadata sign --delete used to delete/stop a DAS process. Should be replaced with something else. Maybe rstuf admin metadata sign stop or rstuf admin metadata sign delete. - @MVrachev - It should be rstuf admin metadata sign delete and select role from unsigned list if more than 1.
• Add --dry-run mode.
• Document different ways to operate the command.

Ceremony missing features

• Don't allow threshold < 2. -- @MVrachev
• Make sure the online key is not any of the root keys. - @MVrachev
• Make it mandatory to describe at least a threshold number of root keys. This means that it's not required to load their private keys, but only their public keys. - @MVrachev
• An api_server option as in the current ceremony

  repository-service-tuf-cli/repository_service_tuf/cli/admin/ceremony.py

  Line 678 in 0dfa5c2

  @click.option(

  -- - @MVrachev
• Check bootstrap status before pushing to the API. -- - @MVrachev
• Push resulting payload to API POST /api/v1/bootstrap (check send_payload from repository_service_tuf/helpers/api_client.py) - @MVrachev
• Save file if --save is set or --upload is not set. -- - @MVrachev
• Wait for the task to finish and report back to the CLI user (check task_status fromrepository_service_tuf/helpers/api_client.py) - @MVrachev
• Choice between custom target delegation and hash bin delegation - @MVrachev
• Add prompts that gather the necessary information for custom target delegations - @MVrachev
• Add timeout option as we use it in our current ceremony check:

  repository-service-tuf-cli/repository_service_tuf/cli/admin/ceremony.py

  Line 756 in 0dfa5c2

  if timeout:

  - @MVrachev
• Add --dry-run mode.
• Document different ways to operate the command.

Metadata Update missing features

• URI to trusted root
• An api_server option.
• Don't allow threshold < 2.
• Send payload to the API server.
• Check if we don't allow online key to be the same as root keys
• Support DAS metadata update - @MVrachev
• Make it mandatory to describe at least a threshold number of root keys. This means that it's not required to load their private keys, but only their public keys.
• Add --dry-run mode.
• Wait for the task to finish and report back to the CLI user (check task_status fromrepository_service_tuf/helpers/api_client.py)
• Document different ways to operate the command.

New command: rstuf admin send

• Add a new command rstuf admin bootstrap which can be used to upload a completed ceremony, sign or md update payload file.

Code of Conduct

• I agree to follow this project's Code of Conduct