summaryrefslogtreecommitdiff
path: root/pkg/domain
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2022-08-24 22:09:58 +0200
committerMiloslav Trmač <mitr@redhat.com>2022-08-29 17:55:38 +0200
commit5122eb793451bea71fe56f40212bd93575b65f06 (patch)
tree67e64c0b0996eb6f2deb4607f2b2ea42b7080da0 /pkg/domain
parentc413c46faf7db96e665d323f3faf97957d3086d3 (diff)
downloadpodman-5122eb793451bea71fe56f40212bd93575b65f06.tar.gz
podman-5122eb793451bea71fe56f40212bd93575b65f06.tar.bz2
podman-5122eb793451bea71fe56f40212bd93575b65f06.zip
Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription
This will allow us to write unit tests without setting up the complete Podman runtime (and without the Linux dependency). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'pkg/domain')
-rw-r--r--pkg/domain/infra/abi/trust.go68
1 files changed, 1 insertions, 67 deletions
diff --git a/pkg/domain/infra/abi/trust.go b/pkg/domain/infra/abi/trust.go
index 381ea5deb..c58ddff06 100644
--- a/pkg/domain/infra/abi/trust.go
+++ b/pkg/domain/infra/abi/trust.go
@@ -4,11 +4,9 @@ import (
"context"
"fmt"
"io/ioutil"
- "strings"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/trust"
- "github.com/sirupsen/logrus"
)
func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options entities.ShowTrustOptions) (*entities.ShowTrustReport, error) {
@@ -31,11 +29,7 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent
if len(options.RegistryPath) > 0 {
report.SystemRegistriesDirPath = options.RegistryPath
}
- policyContentStruct, err := trust.GetPolicy(policyPath)
- if err != nil {
- return nil, fmt.Errorf("could not read trust policies: %w", err)
- }
- report.Policies, err = getPolicyShowOutput(policyContentStruct, report.SystemRegistriesDirPath)
+ report.Policies, err = trust.PolicyDescription(policyPath, report.SystemRegistriesDirPath)
if err != nil {
return nil, fmt.Errorf("could not show trust policies: %w", err)
}
@@ -59,63 +53,3 @@ func (ir *ImageEngine) SetTrust(ctx context.Context, args []string, options enti
PubKeyFiles: options.PubKeysFile,
})
}
-
-func getPolicyShowOutput(policyContentStruct trust.PolicyContent, systemRegistriesDirPath string) ([]*trust.Policy, error) {
- var output []*trust.Policy
-
- registryConfigs, err := trust.LoadAndMergeConfig(systemRegistriesDirPath)
- if err != nil {
- return nil, err
- }
-
- if len(policyContentStruct.Default) > 0 {
- defaultPolicyStruct := trust.Policy{
- Transport: "all",
- Name: "* (default)",
- RepoName: "default",
- Type: trustTypeDescription(policyContentStruct.Default[0].Type),
- }
- output = append(output, &defaultPolicyStruct)
- }
- for transport, transval := range policyContentStruct.Transports {
- if transport == "docker" {
- transport = "repository"
- }
-
- for repo, repoval := range transval {
- tempTrustShowOutput := trust.Policy{
- Name: repo,
- RepoName: repo,
- Transport: transport,
- Type: trustTypeDescription(repoval[0].Type),
- }
- uids := []string{}
- for _, repoele := range repoval {
- if len(repoele.KeyPath) > 0 {
- uids = append(uids, trust.GetGPGIdFromKeyPath(repoele.KeyPath)...)
- }
- if len(repoele.KeyData) > 0 {
- uids = append(uids, trust.GetGPGIdFromKeyData(repoele.KeyData)...)
- }
- }
- tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
-
- registryNamespace := trust.HaveMatchRegistry(repo, registryConfigs)
- if registryNamespace != nil {
- tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
- }
- output = append(output, &tempTrustShowOutput)
- }
- }
- return output, nil
-}
-
-var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
-
-func trustTypeDescription(trustType string) string {
- trustDescription, exist := typeDescription[trustType]
- if !exist {
- logrus.Warnf("Invalid trust type %s", trustType)
- }
- return trustDescription
-}