Metadata API: Fix role lookup for succinct delegation

get_delegated_role() should not return a Role if the rolename is not
a delegated role. This is already true for "normal" DelegatedRole but
was not actually verified for SuccinctRoles.

Signed-off-by: Jussi Kukkonen <[email protected]>

Author: jku

tuf/api/metadata.py

@@ -2117,10 +2117,13 @@ def get_delegated_role(self, delegated_role: str) -> Role:
         if self.delegations is None:
             raise ValueError("No delegations found")
 
+        role: Optional[Role] = None
         if self.delegations.roles is not None:
-            role: Optional[Role] = self.delegations.roles.get(delegated_role)
-        else:
-            role = self.delegations.succinct_roles
+            role = self.delegations.roles.get(delegated_role)
+        elif self.delegations.succinct_roles is not None:
+            succinct = self.delegations.succinct_roles
+            if succinct.is_delegated_role(delegated_role):
+                role = succinct
 
         if not role:
             raise ValueError(f"Delegated role {delegated_role} not found")