aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2022-08-24 22:09:58 +0200
committerMiloslav Trmač <mitr@redhat.com>2022-08-25 01:50:43 +0200
commit7723a1ea654624b5cfcedc6d94e947169967c183 (patch)
tree6da7ef8788f03baf644cdcfb7b63524c922de1e8
parentff3f574fc0db5e442adfac54b86af7c462595ffc (diff)
downloadpodman-7723a1ea654624b5cfcedc6d94e947169967c183.tar.gz
podman-7723a1ea654624b5cfcedc6d94e947169967c183.tar.bz2
podman-7723a1ea654624b5cfcedc6d94e947169967c183.zip
Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription
This will allow us to write unit tests without setting up the complete Podman runtime (and without the Linux dependency). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-rw-r--r--pkg/domain/infra/abi/trust.go68
-rw-r--r--pkg/trust/policy.go10
-rw-r--r--pkg/trust/trust.go68
3 files changed, 79 insertions, 67 deletions
diff --git a/pkg/domain/infra/abi/trust.go b/pkg/domain/infra/abi/trust.go
index 381ea5deb..c58ddff06 100644
--- a/pkg/domain/infra/abi/trust.go
+++ b/pkg/domain/infra/abi/trust.go
@@ -4,11 +4,9 @@ import (
"context"
"fmt"
"io/ioutil"
- "strings"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/trust"
- "github.com/sirupsen/logrus"
)
func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options entities.ShowTrustOptions) (*entities.ShowTrustReport, error) {
@@ -31,11 +29,7 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent
if len(options.RegistryPath) > 0 {
report.SystemRegistriesDirPath = options.RegistryPath
}
- policyContentStruct, err := trust.GetPolicy(policyPath)
- if err != nil {
- return nil, fmt.Errorf("could not read trust policies: %w", err)
- }
- report.Policies, err = getPolicyShowOutput(policyContentStruct, report.SystemRegistriesDirPath)
+ report.Policies, err = trust.PolicyDescription(policyPath, report.SystemRegistriesDirPath)
if err != nil {
return nil, fmt.Errorf("could not show trust policies: %w", err)
}
@@ -59,63 +53,3 @@ func (ir *ImageEngine) SetTrust(ctx context.Context, args []string, options enti
PubKeyFiles: options.PubKeysFile,
})
}
-
-func getPolicyShowOutput(policyContentStruct trust.PolicyContent, systemRegistriesDirPath string) ([]*trust.Policy, error) {
- var output []*trust.Policy
-
- registryConfigs, err := trust.LoadAndMergeConfig(systemRegistriesDirPath)
- if err != nil {
- return nil, err
- }
-
- if len(policyContentStruct.Default) > 0 {
- defaultPolicyStruct := trust.Policy{
- Transport: "all",
- Name: "* (default)",
- RepoName: "default",
- Type: trustTypeDescription(policyContentStruct.Default[0].Type),
- }
- output = append(output, &defaultPolicyStruct)
- }
- for transport, transval := range policyContentStruct.Transports {
- if transport == "docker" {
- transport = "repository"
- }
-
- for repo, repoval := range transval {
- tempTrustShowOutput := trust.Policy{
- Name: repo,
- RepoName: repo,
- Transport: transport,
- Type: trustTypeDescription(repoval[0].Type),
- }
- uids := []string{}
- for _, repoele := range repoval {
- if len(repoele.KeyPath) > 0 {
- uids = append(uids, trust.GetGPGIdFromKeyPath(repoele.KeyPath)...)
- }
- if len(repoele.KeyData) > 0 {
- uids = append(uids, trust.GetGPGIdFromKeyData(repoele.KeyData)...)
- }
- }
- tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
-
- registryNamespace := trust.HaveMatchRegistry(repo, registryConfigs)
- if registryNamespace != nil {
- tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
- }
- output = append(output, &tempTrustShowOutput)
- }
- }
- return output, nil
-}
-
-var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
-
-func trustTypeDescription(trustType string) string {
- trustDescription, exist := typeDescription[trustType]
- if !exist {
- logrus.Warnf("Invalid trust type %s", trustType)
- }
- return trustDescription
-}
diff --git a/pkg/trust/policy.go b/pkg/trust/policy.go
index 3a31b9338..0dc46eac3 100644
--- a/pkg/trust/policy.go
+++ b/pkg/trust/policy.go
@@ -125,6 +125,16 @@ func GetPolicy(policyPath string) (PolicyContent, error) {
return policyContentStruct, nil
}
+var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
+
+func trustTypeDescription(trustType string) string {
+ trustDescription, exist := typeDescription[trustType]
+ if !exist {
+ logrus.Warnf("Invalid trust type %s", trustType)
+ }
+ return trustDescription
+}
+
// AddPolicyEntriesInput collects some parameters to AddPolicyEntries,
// primarily so that the callers use named values instead of just strings in a sequence.
type AddPolicyEntriesInput struct {
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 6186d4cbd..2813b126d 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -1,5 +1,10 @@
package trust
+import (
+ "fmt"
+ "strings"
+)
+
// Policy describes a basic trust policy configuration
type Policy struct {
Transport string `json:"transport"`
@@ -10,3 +15,66 @@ type Policy struct {
Type string `json:"type"`
GPGId string `json:"gpg_id,omitempty"`
}
+
+// PolicyDescription returns an user-focused description of the policy in policyPath and registries.d data from registriesDirPath.
+func PolicyDescription(policyPath, registriesDirPath string) ([]*Policy, error) {
+ policyContentStruct, err := GetPolicy(policyPath)
+ if err != nil {
+ return nil, fmt.Errorf("could not read trust policies: %w", err)
+ }
+ res, err := getPolicyShowOutput(policyContentStruct, registriesDirPath)
+ if err != nil {
+ return nil, fmt.Errorf("could not show trust policies: %w", err)
+ }
+ return res, nil
+}
+
+func getPolicyShowOutput(policyContentStruct PolicyContent, systemRegistriesDirPath string) ([]*Policy, error) {
+ var output []*Policy
+
+ registryConfigs, err := LoadAndMergeConfig(systemRegistriesDirPath)
+ if err != nil {
+ return nil, err
+ }
+
+ if len(policyContentStruct.Default) > 0 {
+ defaultPolicyStruct := Policy{
+ Transport: "all",
+ Name: "* (default)",
+ RepoName: "default",
+ Type: trustTypeDescription(policyContentStruct.Default[0].Type),
+ }
+ output = append(output, &defaultPolicyStruct)
+ }
+ for transport, transval := range policyContentStruct.Transports {
+ if transport == "docker" {
+ transport = "repository"
+ }
+
+ for repo, repoval := range transval {
+ tempTrustShowOutput := Policy{
+ Name: repo,
+ RepoName: repo,
+ Transport: transport,
+ Type: trustTypeDescription(repoval[0].Type),
+ }
+ uids := []string{}
+ for _, repoele := range repoval {
+ if len(repoele.KeyPath) > 0 {
+ uids = append(uids, GetGPGIdFromKeyPath(repoele.KeyPath)...)
+ }
+ if len(repoele.KeyData) > 0 {
+ uids = append(uids, GetGPGIdFromKeyData(repoele.KeyData)...)
+ }
+ }
+ tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
+
+ registryNamespace := HaveMatchRegistry(repo, registryConfigs)
+ if registryNamespace != nil {
+ tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
+ }
+ output = append(output, &tempTrustShowOutput)
+ }
+ }
+ return output, nil
+}