Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription

This will allow us to write unit tests without setting up the complete Podman runtime (and without the Linux dependency). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
author: Miloslav Trmač <mitr@redhat.com> 2022-08-24 22:09:58 +0200
committer: Miloslav Trmač <mitr@redhat.com> 2022-08-25 01:50:43 +0200
commit: 7723a1ea654624b5cfcedc6d94e947169967c183 (patch)
tree: 6da7ef8788f03baf644cdcfb7b63524c922de1e8
parent: ff3f574fc0db5e442adfac54b86af7c462595ffc (diff)
download: podman-7723a1ea654624b5cfcedc6d94e947169967c183.tar.gz
podman-7723a1ea654624b5cfcedc6d94e947169967c183.tar.bz2
podman-7723a1ea654624b5cfcedc6d94e947169967c183.zip
3 files changed, 79 insertions, 67 deletions
diff --git a/pkg/domain/infra/abi/trust.go b/pkg/domain/infra/abi/trust.go
index 381ea5deb..c58ddff06 100644
--- a/pkg/domain/infra/abi/trust.go
+++ b/pkg/domain/infra/abi/trust.go
@@ -4,11 +4,9 @@ import (
 	"context"
 	"fmt"
 	"io/ioutil"
-	"strings"
 
 	"github.com/containers/podman/v4/pkg/domain/entities"
 	"github.com/containers/podman/v4/pkg/trust"
-	"github.com/sirupsen/logrus"
 )
 
 func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options entities.ShowTrustOptions) (*entities.ShowTrustReport, error) {
@@ -31,11 +29,7 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent
 	if len(options.RegistryPath) > 0 {
 		report.SystemRegistriesDirPath = options.RegistryPath
 	}
-	policyContentStruct, err := trust.GetPolicy(policyPath)
-	if err != nil {
-		return nil, fmt.Errorf("could not read trust policies: %w", err)
-	}
-	report.Policies, err = getPolicyShowOutput(policyContentStruct, report.SystemRegistriesDirPath)
+	report.Policies, err = trust.PolicyDescription(policyPath, report.SystemRegistriesDirPath)
 	if err != nil {
 		return nil, fmt.Errorf("could not show trust policies: %w", err)
 	}
@@ -59,63 +53,3 @@ func (ir *ImageEngine) SetTrust(ctx context.Context, args []string, options enti
 		PubKeyFiles: options.PubKeysFile,
 	})
 }
-
-func getPolicyShowOutput(policyContentStruct trust.PolicyContent, systemRegistriesDirPath string) ([]*trust.Policy, error) {
-	var output []*trust.Policy
-
-	registryConfigs, err := trust.LoadAndMergeConfig(systemRegistriesDirPath)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(policyContentStruct.Default) > 0 {
-		defaultPolicyStruct := trust.Policy{
-			Transport: "all",
-			Name:      "* (default)",
-			RepoName:  "default",
-			Type:      trustTypeDescription(policyContentStruct.Default[0].Type),
-		}
-		output = append(output, &defaultPolicyStruct)
-	}
-	for transport, transval := range policyContentStruct.Transports {
-		if transport == "docker" {
-			transport = "repository"
-		}
-
-		for repo, repoval := range transval {
-			tempTrustShowOutput := trust.Policy{
-				Name:      repo,
-				RepoName:  repo,
-				Transport: transport,
-				Type:      trustTypeDescription(repoval[0].Type),
-			}
-			uids := []string{}
-			for _, repoele := range repoval {
-				if len(repoele.KeyPath) > 0 {
-					uids = append(uids, trust.GetGPGIdFromKeyPath(repoele.KeyPath)...)
-				}
-				if len(repoele.KeyData) > 0 {
-					uids = append(uids, trust.GetGPGIdFromKeyData(repoele.KeyData)...)
-				}
-			}
-			tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
-
-			registryNamespace := trust.HaveMatchRegistry(repo, registryConfigs)
-			if registryNamespace != nil {
-				tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
-			}
-			output = append(output, &tempTrustShowOutput)
-		}
-	}
-	return output, nil
-}
-
-var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
-
-func trustTypeDescription(trustType string) string {
-	trustDescription, exist := typeDescription[trustType]
-	if !exist {
-		logrus.Warnf("Invalid trust type %s", trustType)
-	}
-	return trustDescription
-}
diff --git a/pkg/trust/policy.go b/pkg/trust/policy.go
index 3a31b9338..0dc46eac3 100644
--- a/pkg/trust/policy.go
+++ b/pkg/trust/policy.go
@@ -125,6 +125,16 @@ func GetPolicy(policyPath string) (PolicyContent, error) {
 	return policyContentStruct, nil
 }
 
+var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
+
+func trustTypeDescription(trustType string) string {
+	trustDescription, exist := typeDescription[trustType]
+	if !exist {
+		logrus.Warnf("Invalid trust type %s", trustType)
+	}
+	return trustDescription
+}
+
 // AddPolicyEntriesInput collects some parameters to AddPolicyEntries,
 // primarily so that the callers use named values instead of just strings in a sequence.
 type AddPolicyEntriesInput struct {
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 6186d4cbd..2813b126d 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -1,5 +1,10 @@
 package trust
 
+import (
+	"fmt"
+	"strings"
+)
+
 // Policy describes a basic trust policy configuration
 type Policy struct {
 	Transport      string   `json:"transport"`
@@ -10,3 +15,66 @@ type Policy struct {
 	Type           string   `json:"type"`
 	GPGId          string   `json:"gpg_id,omitempty"`
 }
+
+// PolicyDescription returns an user-focused description of the policy in policyPath and registries.d data from registriesDirPath.
+func PolicyDescription(policyPath, registriesDirPath string) ([]*Policy, error) {
+	policyContentStruct, err := GetPolicy(policyPath)
+	if err != nil {
+		return nil, fmt.Errorf("could not read trust policies: %w", err)
+	}
+	res, err := getPolicyShowOutput(policyContentStruct, registriesDirPath)
+	if err != nil {
+		return nil, fmt.Errorf("could not show trust policies: %w", err)
+	}
+	return res, nil
+}
+
+func getPolicyShowOutput(policyContentStruct PolicyContent, systemRegistriesDirPath string) ([]*Policy, error) {
+	var output []*Policy
+
+	registryConfigs, err := LoadAndMergeConfig(systemRegistriesDirPath)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(policyContentStruct.Default) > 0 {
+		defaultPolicyStruct := Policy{
+			Transport: "all",
+			Name:      "* (default)",
+			RepoName:  "default",
+			Type:      trustTypeDescription(policyContentStruct.Default[0].Type),
+		}
+		output = append(output, &defaultPolicyStruct)
+	}
+	for transport, transval := range policyContentStruct.Transports {
+		if transport == "docker" {
+			transport = "repository"
+		}
+
+		for repo, repoval := range transval {
+			tempTrustShowOutput := Policy{
+				Name:      repo,
+				RepoName:  repo,
+				Transport: transport,
+				Type:      trustTypeDescription(repoval[0].Type),
+			}
+			uids := []string{}
+			for _, repoele := range repoval {
+				if len(repoele.KeyPath) > 0 {
+					uids = append(uids, GetGPGIdFromKeyPath(repoele.KeyPath)...)
+				}
+				if len(repoele.KeyData) > 0 {
+					uids = append(uids, GetGPGIdFromKeyData(repoele.KeyData)...)
+				}
+			}
+			tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
+
+			registryNamespace := HaveMatchRegistry(repo, registryConfigs)
+			if registryNamespace != nil {
+				tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
+			}
+			output = append(output, &tempTrustShowOutput)
+		}
+	}
+	return output, nil
+}
author	Miloslav Trmač <mitr@redhat.com>	2022-08-24 22:09:58 +0200
committer	Miloslav Trmač <mitr@redhat.com>	2022-08-25 01:50:43 +0200
commit	7723a1ea654624b5cfcedc6d94e947169967c183 (patch)
tree	6da7ef8788f03baf644cdcfb7b63524c922de1e8
parent	ff3f574fc0db5e442adfac54b86af7c462595ffc (diff)
download	podman-7723a1ea654624b5cfcedc6d94e947169967c183.tar.gz podman-7723a1ea654624b5cfcedc6d94e947169967c183.tar.bz2 podman-7723a1ea654624b5cfcedc6d94e947169967c183.zip