feat(models): expose TrustedRoot, SigningConfig, ClientTrustConfig (#1496)

Promote TrustedRoot, SigningConfig, and ClientTrustConfig to the
public API via sigstore.models

Signed-off-by: SequeI <[email protected]>
Co-authored-by: Jussi Kukkonen <[email protected]>

Author: SequeI

CHANGELOG.md

@@ -59,11 +59,13 @@ All versions prior to 0.9.0 are untracked.
 ### Changed
 
 * API:
-  * ClientTrustConfig now provides methods `production()`, `staging()`and `from_tuf()`
+  * `TrustedRoot`, `SigningConfig`, and `ClientTrustConfig` are now exposed in
+    `sigstore.models`. [#1496](https://github.com/sigstore/sigstore-python/pull/1496)
+  * `ClientTrustConfig` now provides methods `production()`, `staging()`and `from_tuf()`
     to get access to current client configuration (trusted keys & certificates,
     URLs and their validity periods). [#1363](https://github.com/sigstore/sigstore-python/pull/1363)
-  * SigningConfig now has methods that return actual clients (like `RekorClient`) instead of
-    just URLs. The returned clients are also filtered according to SigningConfig contents.
+  * `SigningConfig` now has methods that return actual clients (like `RekorClient`) instead of
+    just URLs. The returned clients are also filtered according to `SigningConfig` contents.
     [#1407](https://github.com/sigstore/sigstore-python/pull/1407)
 * `--trust-config` now requires a file with SigningConfig v0.2, and is able to fully
   configure the used Sigstore instance [#1358]/(https://github.com/sigstore/sigstore-python/pull/1358)

sigstore/_cli.py

@@ -38,7 +38,6 @@
 from sigstore._internal.fulcio.client import ExpiredCertificate
 from sigstore._internal.rekor import _hashedrekord_from_parts
 from sigstore._internal.rekor.client import RekorClient
-from sigstore._internal.trust import ClientTrustConfig
 from sigstore._utils import sha256_digest
 from sigstore.dsse import StatementBuilder, Subject
 from sigstore.dsse._predicate import (
@@ -48,7 +47,7 @@
 )
 from sigstore.errors import CertValidationError, Error, VerificationError
 from sigstore.hashes import Hashed
-from sigstore.models import Bundle, InvalidBundle
+from sigstore.models import Bundle, ClientTrustConfig, InvalidBundle
 from sigstore.oidc import (
     ExpiredIdentity,
     IdentityToken,