aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2022-08-24 20:28:14 +0200
committerMiloslav Trmač <mitr@redhat.com>2022-08-25 01:52:59 +0200
commit2f6c145e86027da7ecf352331db70f5e688701b6 (patch)
tree6c68327aac711c4eb478102fd547093c975945b2
parentb15afce551a521b6224cf0a0c5a29beb89556e91 (diff)
downloadpodman-2f6c145e86027da7ecf352331db70f5e688701b6.tar.gz
podman-2f6c145e86027da7ecf352331db70f5e688701b6.tar.bz2
podman-2f6c145e86027da7ecf352331db70f5e688701b6.zip
Use the full descriptionsOfPolicyRequirements for the default scope
... instead of taking a shortcut, e.g. not listing any keys if they are required. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-rw-r--r--pkg/trust/registries.go27
-rw-r--r--pkg/trust/trust.go7
-rw-r--r--pkg/trust/trust_test.go18
3 files changed, 36 insertions, 16 deletions
diff --git a/pkg/trust/registries.go b/pkg/trust/registries.go
index e179b61ac..0adc38232 100644
--- a/pkg/trust/registries.go
+++ b/pkg/trust/registries.go
@@ -102,21 +102,24 @@ func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) {
}
// registriesDConfigurationForScope returns registries.d configuration for the provided scope.
+// scope can be "" to return only the global default configuration entry.
func registriesDConfigurationForScope(registryConfigs *registryConfiguration, scope string) *registryNamespace {
searchScope := scope
- if !strings.Contains(searchScope, "/") {
- val, exists := registryConfigs.Docker[searchScope]
- if exists {
- return &val
- }
- }
- for range strings.Split(scope, "/") {
- val, exists := registryConfigs.Docker[searchScope]
- if exists {
- return &val
+ if searchScope != "" {
+ if !strings.Contains(searchScope, "/") {
+ val, exists := registryConfigs.Docker[searchScope]
+ if exists {
+ return &val
+ }
}
- if strings.Contains(searchScope, "/") {
- searchScope = searchScope[:strings.LastIndex(searchScope, "/")]
+ for range strings.Split(scope, "/") {
+ val, exists := registryConfigs.Docker[searchScope]
+ if exists {
+ return &val
+ }
+ if strings.Contains(searchScope, "/") {
+ searchScope = searchScope[:strings.LastIndex(searchScope, "/")]
+ }
}
}
return registryConfigs.DefaultDocker
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index a9ce99dd3..7412fab20 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -44,13 +44,12 @@ func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirP
}
if len(policyContentStruct.Default) > 0 {
- defaultPolicyStruct := Policy{
+ template := Policy{
Transport: "all",
Name: "* (default)",
RepoName: "default",
- Type: trustTypeDescription(policyContentStruct.Default[0].Type),
}
- output = append(output, &defaultPolicyStruct)
+ output = append(output, descriptionsOfPolicyRequirements(policyContentStruct.Default, template, registryConfigs, "", idReader)...)
}
// FIXME: This should use x/exp/maps.Keys after we update to Go 1.18.
transports := []string{}
@@ -83,7 +82,7 @@ func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirP
return output, nil
}
-// descriptionsOfPolicyRequirements turns reqs into user-readable policy entries, with Transport/Name/Reponame coming from template, potentially looking up scope in registryConfigs.
+// descriptionsOfPolicyRequirements turns reqs into user-readable policy entries, with Transport/Name/Reponame coming from template, potentially looking up scope (which may be "") in registryConfigs.
func descriptionsOfPolicyRequirements(reqs []repoContent, template Policy, registryConfigs *registryConfiguration, scope string, idReader gpgIDReader) []*Policy {
entry := template
entry.Type = trustTypeDescription(reqs[0].Type)
diff --git a/pkg/trust/trust_test.go b/pkg/trust/trust_test.go
index ef2d10061..d04e9f211 100644
--- a/pkg/trust/trust_test.go
+++ b/pkg/trust/trust_test.go
@@ -79,6 +79,24 @@ func TestPolicyDescription(t *testing.T) {
},
},
},
+ {
+ &signature.Policy{
+ Default: signature.PolicyRequirements{
+ xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+ xNewPRSignedByKeyPath(t, "/2,3.pub", signature.NewPRMMatchRepoDigestOrExact()),
+ },
+ },
+ []*Policy{
+ {
+ Transport: "all",
+ Name: "* (default)",
+ RepoName: "default",
+ Type: "signed",
+ SignatureStore: "",
+ GPGId: "1, 2, 3",
+ },
+ },
+ },
} {
policyJSON, err := json.Marshal(c.policy)
require.NoError(t, err)