keyid: verify adding an existing key is ignored

MVrachev · MVrachev · commit 68b76d3fc543 · 2021-04-28T13:01:41.000+03:00
Verify that adding an already existing key to keyid for a particular
role in Root won't create duplicate key.

Signed-off-by: Martin Vrachev &lt;mvrachev@vmware.com&gt;
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -381,6 +381,11 @@ def test_metadata_root(self):
         self.assertIn(keyid, root.signed.roles['root'].keyids)
         self.assertIn(keyid, root.signed.keys)
 
+        # Try adding the same key again and assert its ignored.
+        pre_add_keyid = root.signed.roles['root'].keyids
+        root.signed.add_key('root', keyid, key_metadata)
+        self.assertEqual(pre_add_keyid, root.signed.roles['root'].keyids)
+
         # Remove the key
         root.signed.remove_key('root', keyid)
 
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -577,9 +577,8 @@ def add_key(
         self, role: str, keyid: str, key_metadata: Mapping[str, Any]
     ) -> None:
         """Adds new key for 'role' and updates the key store."""
-        if keyid not in self.roles[role].keyids:
-            self.roles[role].keyids.add(keyid)
-            self.keys[keyid] = key_metadata
+        self.roles[role].keyids.add(keyid)
+        self.keys[keyid] = key_metadata
 
     # Remove key for a role.
     def remove_key(self, role: str, keyid: str) -> None:
