summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
authorQi Wang <qiwan@redhat.com>2019-01-08 22:01:54 -0500
committerQi Wang <qiwan@redhat.com>2019-01-09 17:48:47 -0500
commitb01b2a78f4f8ffbd8d76ef7234ccc1ba8d7b42ce (patch)
tree094f510dfef5eb0efcde9b80d05852eaeedf0631 /cmd
parentc37f73159609b203545ca6fe54c86b9deacfca21 (diff)
downloadpodman-b01b2a78f4f8ffbd8d76ef7234ccc1ba8d7b42ce.tar.gz
podman-b01b2a78f4f8ffbd8d76ef7234ccc1ba8d7b42ce.tar.bz2
podman-b01b2a78f4f8ffbd8d76ef7234ccc1ba8d7b42ce.zip
Fix 'image trust' from PR1899
Signed-off-by: Qi Wang <qiwan@redhat.com>
Diffstat (limited to 'cmd')
-rw-r--r--cmd/podman/trust.go58
1 files changed, 18 insertions, 40 deletions
diff --git a/cmd/podman/trust.go b/cmd/podman/trust.go
index 7c404cd3f..863f36d09 100644
--- a/cmd/podman/trust.go
+++ b/cmd/podman/trust.go
@@ -13,7 +13,6 @@ import (
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/trust"
"github.com/pkg/errors"
- "github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
@@ -132,7 +131,7 @@ func showTrustCmd(c *cli.Context) error {
if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
return errors.Errorf("could not read trust policies")
}
- policyJSON, err := trust.GetPolicyJSON(policyContentStruct, systemRegistriesDirPath)
+ policyJSON, showOutputMap, err := trust.GetPolicy(policyContentStruct, systemRegistriesDirPath)
if err != nil {
return errors.Wrapf(err, "error reading registry config file")
}
@@ -144,31 +143,12 @@ func showTrustCmd(c *cli.Context) error {
}
sortedRepos := sortPolicyJSONKey(policyJSON)
- type policydefault struct {
- Repo string
- Trusttype string
- GPGid string
- Sigstore string
- }
- var policyoutput []policydefault
- for _, repo := range sortedRepos {
- repoval := policyJSON[repo]
- var defaultstruct policydefault
- defaultstruct.Repo = repo
- if repoval["type"] != nil {
- defaultstruct.Trusttype = trustTypeDescription(repoval["type"].(string))
- }
- if repoval["keys"] != nil && len(repoval["keys"].([]string)) > 0 {
- defaultstruct.GPGid = trust.GetGPGId(repoval["keys"].([]string))
- }
- if repoval["sigstore"] != nil {
- defaultstruct.Sigstore = repoval["sigstore"].(string)
- }
- policyoutput = append(policyoutput, defaultstruct)
- }
var output []interface{}
- for _, ele := range policyoutput {
- output = append(output, interface{}(ele))
+ for _, reponame := range sortedRepos {
+ showOutput, exists := showOutputMap[reponame]
+ if exists {
+ output = append(output, interface{}(showOutput))
+ }
}
out := formats.StdoutTemplateArray{Output: output, Template: "{{.Repo}}\t{{.Trusttype}}\t{{.GPGid}}\t{{.Sigstore}}"}
return formats.Writer(out).Out()
@@ -209,8 +189,10 @@ func setTrustCmd(c *cli.Context) error {
policyPath = trust.DefaultPolicyPath(runtime.SystemContext())
}
var policyContentStruct trust.PolicyContent
+ policyFileExists := false
_, err = os.Stat(policyPath)
if !os.IsNotExist(err) {
+ policyFileExists = true
policyContent, err := ioutil.ReadFile(policyPath)
if err != nil {
return errors.Wrapf(err, "unable to read %s", policyPath)
@@ -218,6 +200,9 @@ func setTrustCmd(c *cli.Context) error {
if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
return errors.Errorf("could not read trust policies")
}
+ if args[0] != "default" && len(policyContentStruct.Default) == 0 {
+ return errors.Errorf("Default trust policy must be set.")
+ }
}
var newReposContent []trust.RepoContent
if len(pubkeysfile) != 0 {
@@ -230,15 +215,18 @@ func setTrustCmd(c *cli.Context) error {
if args[0] == "default" {
policyContentStruct.Default = newReposContent
} else {
- exists := false
+ if policyFileExists == false && len(policyContentStruct.Default) == 0 {
+ return errors.Errorf("Default trust policy must be set to create the policy file.")
+ }
+ registryExists := false
for transport, transportval := range policyContentStruct.Transports {
- _, exists = transportval[args[0]]
- if exists {
+ _, registryExists = transportval[args[0]]
+ if registryExists {
policyContentStruct.Transports[transport][args[0]] = newReposContent
break
}
}
- if !exists {
+ if !registryExists {
if policyContentStruct.Transports == nil {
policyContentStruct.Transports = make(map[string]trust.RepoMap)
}
@@ -260,16 +248,6 @@ func setTrustCmd(c *cli.Context) error {
return nil
}
-var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
-
-func trustTypeDescription(trustType string) string {
- trustDescription, exist := typeDescription[trustType]
- if !exist {
- logrus.Warnf("invalid trust type %s", trustType)
- }
- return trustDescription
-}
-
func sortPolicyJSONKey(m map[string]map[string]interface{}) []string {
keys := make([]string, len(m))
i := 0