diff options
author | Miloslav Trmač <mitr@redhat.com> | 2022-08-24 20:28:14 +0200 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2022-08-29 17:55:38 +0200 |
commit | 8ef93bbb999e578c532105eb27d49d285a556cde (patch) | |
tree | 83d832f854785e3b50655a959cd3db761995f2f9 | |
parent | 79913c7154aef38f637ddf8441b19274b15d7100 (diff) | |
download | podman-8ef93bbb999e578c532105eb27d49d285a556cde.tar.gz podman-8ef93bbb999e578c532105eb27d49d285a556cde.tar.bz2 podman-8ef93bbb999e578c532105eb27d49d285a556cde.zip |
Use the full descriptionsOfPolicyRequirements for the default scope
... instead of taking a shortcut, e.g. not listing any keys if they are required.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-rw-r--r-- | pkg/trust/registries.go | 27 | ||||
-rw-r--r-- | pkg/trust/trust.go | 7 | ||||
-rw-r--r-- | pkg/trust/trust_test.go | 18 |
3 files changed, 36 insertions, 16 deletions
diff --git a/pkg/trust/registries.go b/pkg/trust/registries.go index e179b61ac..0adc38232 100644 --- a/pkg/trust/registries.go +++ b/pkg/trust/registries.go @@ -102,21 +102,24 @@ func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) { } // registriesDConfigurationForScope returns registries.d configuration for the provided scope. +// scope can be "" to return only the global default configuration entry. func registriesDConfigurationForScope(registryConfigs *registryConfiguration, scope string) *registryNamespace { searchScope := scope - if !strings.Contains(searchScope, "/") { - val, exists := registryConfigs.Docker[searchScope] - if exists { - return &val - } - } - for range strings.Split(scope, "/") { - val, exists := registryConfigs.Docker[searchScope] - if exists { - return &val + if searchScope != "" { + if !strings.Contains(searchScope, "/") { + val, exists := registryConfigs.Docker[searchScope] + if exists { + return &val + } } - if strings.Contains(searchScope, "/") { - searchScope = searchScope[:strings.LastIndex(searchScope, "/")] + for range strings.Split(scope, "/") { + val, exists := registryConfigs.Docker[searchScope] + if exists { + return &val + } + if strings.Contains(searchScope, "/") { + searchScope = searchScope[:strings.LastIndex(searchScope, "/")] + } } } return registryConfigs.DefaultDocker diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go index a9ce99dd3..7412fab20 100644 --- a/pkg/trust/trust.go +++ b/pkg/trust/trust.go @@ -44,13 +44,12 @@ func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirP } if len(policyContentStruct.Default) > 0 { - defaultPolicyStruct := Policy{ + template := Policy{ Transport: "all", Name: "* (default)", RepoName: "default", - Type: trustTypeDescription(policyContentStruct.Default[0].Type), } - output = append(output, &defaultPolicyStruct) + output = append(output, descriptionsOfPolicyRequirements(policyContentStruct.Default, template, registryConfigs, "", idReader)...) } // FIXME: This should use x/exp/maps.Keys after we update to Go 1.18. transports := []string{} @@ -83,7 +82,7 @@ func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirP return output, nil } -// descriptionsOfPolicyRequirements turns reqs into user-readable policy entries, with Transport/Name/Reponame coming from template, potentially looking up scope in registryConfigs. +// descriptionsOfPolicyRequirements turns reqs into user-readable policy entries, with Transport/Name/Reponame coming from template, potentially looking up scope (which may be "") in registryConfigs. func descriptionsOfPolicyRequirements(reqs []repoContent, template Policy, registryConfigs *registryConfiguration, scope string, idReader gpgIDReader) []*Policy { entry := template entry.Type = trustTypeDescription(reqs[0].Type) diff --git a/pkg/trust/trust_test.go b/pkg/trust/trust_test.go index ef2d10061..d04e9f211 100644 --- a/pkg/trust/trust_test.go +++ b/pkg/trust/trust_test.go @@ -79,6 +79,24 @@ func TestPolicyDescription(t *testing.T) { }, }, }, + { + &signature.Policy{ + Default: signature.PolicyRequirements{ + xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()), + xNewPRSignedByKeyPath(t, "/2,3.pub", signature.NewPRMMatchRepoDigestOrExact()), + }, + }, + []*Policy{ + { + Transport: "all", + Name: "* (default)", + RepoName: "default", + Type: "signed", + SignatureStore: "", + GPGId: "1, 2, 3", + }, + }, + }, } { policyJSON, err := json.Marshal(c.policy) require.NoError(t, err) |