New metadata API: add MetaFile and TargetFile classes

[MVrachev]

This pr is a continuation from pr #1223

This is the final pr planned for #1139,

Description of the changes being introduced by the pull request:

In the top-level metadata classes, there are complex attributes such as
"meta" in Targets and Snapshot, "key" and "roles" in Root etc.
We want to represent those complex attributes with a class to allow
easier verification and support for metadata with unrecognized fields.
For more context read ADR 0004 and ADR 0008 in the docs/adr folder.

Please verify and check that the pull request fulfills the following
requirements:

• The code follows the Code Style Guidelines
• Tests have been added for the bug fix or new feature
• Docs have been added for the bug fix or new feature

[sechkova]

In the PR description you say that it will:

Rename a few instances of the update method in our classes and use a more verbose name.

but there is only one commit with marked TODOs.

My general comment is about removing hardcoded file extensions and mentions of "json" throughout the code. After the abstract (de)serialization was implemented, TUF supposedly supports other file formats too.

[MVrachev]

I rebased and fixed your two small comments @sechkova about other issues besides the hard-coded file names.

I fixed the problem of hardcoded json strings partially in the places I modified already.
To fully fix this problem we either have to use a more complicate solution or wait and consider other alternatives
which will give us the ability to set metadata extensions as a configuration option.

Created an issue about the hardcoded filename problems: #1333

[jku]

Apologies for not looking at this before. I've gone through most, but maybe not quite processed all of it.

Martin knows of this but for others information: the changes to .pop() usage are going to clash with another PR #1345: they need to be coordinated. In general I think this PR could have been several smaller instead -- I get that it means annoying depending PRs... but this way means I feel bad for leaving so many comments 😁

Would be great to see a bit more prose about the design and usability of the specific API classes somewhere: If we go through the trouble of creating objects for everything, we should try to make them more usable than the dictionaries they replace. As examples, see question in code about snapshot_info attribute and ideas like 'should Targets maybe implement abc.Mapping so caller could access targets.signed["target_name"] instead of targets.signed.targets["target_name"]' -- that last one may not be a good idea but it would be good to see some ideas and discussion before we start maintaining more code.

This feels like a lot to ask on a big PR but would be nice to see how the code now copes without broken input in tests (missing fields, extra fields, etc) -- to confirm the benefits that we should be getting from this work.

[jku]

Apologies for not looking at this before. I've gone through most, but maybe not quite processed all of it.

Also grumpy yesterday me sounds like he is unsatisfied with this PR but that's not true so I'll say it now:
PR looks correct to me (no bugs that I can find), good work, thank you

[jku]

Would be great to see a bit more prose about the design and usability of the specific API classes somewhere: If we go through the trouble of creating objects for everything, we should try to make them more usable than the dictionaries they replace

After further discussion, this opinion seems to go against previous decisions to keep the API as close to file format as possible -- so possibly we need to discuss further or implement this as "faithful reproduction of spec" (disregarding my comments) and think about potential usability improvements afterwards...

[MVrachev]

There were a lot of discussions after my last update on this pr.
I would prefer if we wait for #1345 and #1360 to be merged first.
Then, I will update/split this pr.

[MVrachev]

I have rebased and made changes in this pr after "develop" has evolved a lot.

Some of the changes I made:

• rename MetadataInfo to MetaFile and TargetInfo to TargetFile. Those names seem better in my opinion because they communicate better what the classes represent.
• added support for unrecognized fields in MetaFile and TargetFile. I didn't add a test, because tests: API: Test unrecognized fields everywhere #1382 will add an automatic test for that for dictionaries and classes.
• dropped a couple of the planned commits after Make hashes, length and delegations optional + improvements #1367 was merged.
• dropped a couple more commits, because I realized they were not needed - removing the side effect of destroying the dictionaries when calling from_dict() from the classes (this is needed for ADR 8) and adding a todo comment about the update() functions naming (there is an issue for that New API: Revise "update" methods in tuf/api/metadata.py #1230)
• added from_dict() for MetaFile and TargetFile
• added MetaFile and TargetFile specific tests
• disabled the C0302: Too many lines in module warning for tuf/api/metadata.py.

@jku and @sechkova pr is again ready for a fresh review.

[jku]

A question on the __eq__ implementations: do we need them? None of the other classes seem to have them -- I assumed you used them in the tests but that does not seem the case (or maybe I just missed it)

[MVrachev]

Updated the pr addressing almost all of the comments @jku made with the only exceptions when commenting on the update functions.
There I feel the changes Jussi proposed are out of scope for this pr as I described here #1329 (comment).

Additionally, I added a new commit where I remove the __eq__ methods.

[jku]

Everything else is a style comment (feel free to disregard) but I think there's a bug in the "custom" handling

[MVrachev]

Addressed all of @jku commets, and additionally I wanted to make sure that each of the commits passes the CI and makes sense.
That's why I also made the following changes:

1. Merge changes in "Replace usage of dict.copy with copy.deepcopy()" in "Add MetaFile" and "Add TargetFile". Then drop "Replace usage of dict.copy with copy.deepcopy()"
2. Simplified how we handle "custom" in TargetFile.to_dict()
3. Squash "New API: represent custom with unrecognized_fields" into "Add TargetFile"
4. Added a new commit removing two tests testing "update with only version" because they are obsolete.

[jku]

I think my comment in-source won't show up since it's in a resolved discussion but:

The __eq__() implementation is still not complete: if it is there, it should compare unrecognized_fields instead of custom.

Altogether this looks good, thanks. The docstrings are very verbose but let's trim those later... I'm marking this approved already, but please fix __eq__() still in this PR.

[MVrachev]

I think my comment in-source won't show up since it's in a resolved discussion but:

The __eq__() implementation is still not complete: if it is there, it should compare unrecognized_fields instead of custom.

Altogether this looks good, thanks. The docstrings are very verbose but let's trim those later... I'm marking this approved already, but please fix __eq__() still in this PR.

I thought I had removed the __eq__ methods.
It was a mistake that they are left there.
Removed them and rebased.

[jku]

I was about to merge but now it has conflicts with a bug fix I merged yesterday. Sorry. Could you rebase?

[MVrachev]

Done.