Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription

This will allow us to write unit tests without setting up the complete Podman runtime
(and without the Linux dependency).

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

2 files changed, 78 insertions, 0 deletions

diff --git a/pkg/trust/policy.go b/pkg/trust/policy.go
index 3a31b9338..0dc46eac3 100644
--- a/pkg/trust/policy.go
+++ b/pkg/trust/policy.go
@@ -125,6 +125,16 @@ func GetPolicy(policyPath string) (PolicyContent, error) {
 	return policyContentStruct, nil
 }
 
+var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
+
+func trustTypeDescription(trustType string) string {
+	trustDescription, exist := typeDescription[trustType]
+	if !exist {
+		logrus.Warnf("Invalid trust type %s", trustType)
+	}
+	return trustDescription
+}
+
 // AddPolicyEntriesInput collects some parameters to AddPolicyEntries,
 // primarily so that the callers use named values instead of just strings in a sequence.
 type AddPolicyEntriesInput struct {
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 6186d4cbd..2813b126d 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -1,5 +1,10 @@
 package trust
 
+import (
+	"fmt"
+	"strings"
+)
+
 // Policy describes a basic trust policy configuration
 type Policy struct {
 	Transport      string   `json:"transport"`
@@ -10,3 +15,66 @@ type Policy struct {
 	Type           string   `json:"type"`
 	GPGId          string   `json:"gpg_id,omitempty"`
 }
+
+// PolicyDescription returns an user-focused description of the policy in policyPath and registries.d data from registriesDirPath.
+func PolicyDescription(policyPath, registriesDirPath string) ([]*Policy, error) {
+	policyContentStruct, err := GetPolicy(policyPath)
+	if err != nil {
+		return nil, fmt.Errorf("could not read trust policies: %w", err)
+	}
+	res, err := getPolicyShowOutput(policyContentStruct, registriesDirPath)
+	if err != nil {
+		return nil, fmt.Errorf("could not show trust policies: %w", err)
+	}
+	return res, nil
+}
+
+func getPolicyShowOutput(policyContentStruct PolicyContent, systemRegistriesDirPath string) ([]*Policy, error) {
+	var output []*Policy
+
+	registryConfigs, err := LoadAndMergeConfig(systemRegistriesDirPath)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(policyContentStruct.Default) > 0 {
+		defaultPolicyStruct := Policy{
+			Transport: "all",
+			Name:      "* (default)",
+			RepoName:  "default",
+			Type:      trustTypeDescription(policyContentStruct.Default[0].Type),
+		}
+		output = append(output, &defaultPolicyStruct)
+	}
+	for transport, transval := range policyContentStruct.Transports {
+		if transport == "docker" {
+			transport = "repository"
+		}
+
+		for repo, repoval := range transval {
+			tempTrustShowOutput := Policy{
+				Name:      repo,
+				RepoName:  repo,
+				Transport: transport,
+				Type:      trustTypeDescription(repoval[0].Type),
+			}
+			uids := []string{}
+			for _, repoele := range repoval {
+				if len(repoele.KeyPath) > 0 {
+					uids = append(uids, GetGPGIdFromKeyPath(repoele.KeyPath)...)
+				}
+				if len(repoele.KeyData) > 0 {
+					uids = append(uids, GetGPGIdFromKeyData(repoele.KeyData)...)
+				}
+			}
+			tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
+
+			registryNamespace := HaveMatchRegistry(repo, registryConfigs)
+			if registryNamespace != nil {
+				tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
+			}
+			output = append(output, &tempTrustShowOutput)
+		}
+	}
+	return output, nil
+}