asserts,confdb: have operators as a list in confdb-control assertion

[st3v3nmw]

This is a follow-up on last week's design sessions.

Internal Format

I've simplified the internal model to this:

operator:
    id: operator
    views:
        path/to/view: OperatorKey|Store
        some/other/view: Store
        aa/bb/cc: OperatorKey|Store
operator2:
    id: operator2
    views:
        path/to/view: OperatorKey|Store
        path/to/another: OperatorKey
        aa/bb/cc: OperatorKey|Store
operator3:
    id: operator3
    views:
        path/to/view: Store

This format works best with the Delegate(operator, views, auth) and Undelegate(operator, views, auth) API as operations are done one operator at a time.

The view's authentication is represented as a bitmask which allows us to easily update it with bitwise operations.

This simple representation allows us to avoid writing complex code that re-compacts the groups every time an update is made.

External Format

Once we're ready to output the assertion, it's serialized in the compact format prescribed by SD172:

groups:
    - operators: [ operator2 ]
      authentications: [ operator-key ]
      views: [ path/to/another ]
    - operators: [ operator3 ]
      authentications: [ store ]
      views: [ path/to/view ]
    - operators: [ operator ]
      authentications: [ store ]
      views: [ some/other/view ]
    - operators: [ operator, operator2 ]
      authentications: [ operator-key, store ]
      views: [ aa/bb/cc, path/to/view ]

Groups are loosely sorted by authentications: groups with ["operator-key"] appear first, then groups with ["store"] only, and finally, groups with ["operator-key", "store"]. The fields group.operators, group.authentications, and group.views are always sorted alphabetically.

[github-actions]

Tue Feb 4 18:54:09 UTC 2025
The following results are from: https://github.com/canonical/snapd/actions/runs/13137106280

Failures:

Preparing:

• openstack:debian-12-64:tests/main/
• openstack:opensuse-tumbleweed-64
• openstack:opensuse-tumbleweed-64
• openstack:opensuse-tumbleweed-64
• openstack:opensuse-tumbleweed-64
• openstack:opensuse-15.6-64
• openstack:opensuse-15.6-64
• openstack:opensuse-15.6-64
• openstack:opensuse-15.6-64
• openstack:opensuse-tumbleweed-64
• openstack:opensuse-15.6-64
• openstack:opensuse-tumbleweed-64
• openstack:opensuse-15.6-64

Executing:

• openstack:debian-sid-64:tests/main/microk8s-smoke:edge
• google-core:ubuntu-core-22-64:tests/core/gadget-update-pc
• google:ubuntu-25.04-64:tests/main/cgroup-devices-v2
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-required-or-optional
• google:ubuntu-25.04-64:tests/main/security-device-cgroups:uinput
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-serial-port
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-helper
• google:ubuntu-25.04-64:tests/main/security-device-cgroups:kmsg
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-self-manage
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-strict-enforced
• google:ubuntu-18.04-64:tests/unit/go:clang

Restoring:

• openstack:debian-12-64:tests/main/
• openstack:debian-12-64:tests/main/
• openstack:debian-12-64:tests/unit/
• openstack:debian-12-64:tests/unit/
• google-core:ubuntu-core-22-64:tests/core/gadget-update-pc
• google-core:ubuntu-core-22-64:tests/core/
• google-core:ubuntu-core-22-64
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-strict-enforced

[codecov]

Codecov Report

Attention: Patch coverage is 98.15951% with 3 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@df374bd). Learn more about missing BASE report.
Report is 62 commits behind head on master.

Files with missing lines	Patch %	Lines
asserts/confdb.go	96.25%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             master   #15013   +/-   ##
=========================================
  Coverage          ?   78.24%           
=========================================
  Files             ?     1160           
  Lines             ?   154258           
  Branches          ?        0           
=========================================
  Hits              ?   120703           
  Misses            ?    26122           
  Partials          ?     7433           

Flag	Coverage Δ
unittests	78.24% <98.15%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.