aboutsummaryrefslogtreecommitdiff
path: root/pkg/trust
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2022-08-24 22:09:58 +0200
committerMiloslav Trmač <mitr@redhat.com>2022-08-25 01:50:43 +0200
commit7723a1ea654624b5cfcedc6d94e947169967c183 (patch)
tree6da7ef8788f03baf644cdcfb7b63524c922de1e8 /pkg/trust
parentff3f574fc0db5e442adfac54b86af7c462595ffc (diff)
downloadpodman-7723a1ea654624b5cfcedc6d94e947169967c183.tar.gz
podman-7723a1ea654624b5cfcedc6d94e947169967c183.tar.bz2
podman-7723a1ea654624b5cfcedc6d94e947169967c183.zip
Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription
This will allow us to write unit tests without setting up the complete Podman runtime (and without the Linux dependency). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'pkg/trust')
-rw-r--r--pkg/trust/policy.go10
-rw-r--r--pkg/trust/trust.go68
2 files changed, 78 insertions, 0 deletions
diff --git a/pkg/trust/policy.go b/pkg/trust/policy.go
index 3a31b9338..0dc46eac3 100644
--- a/pkg/trust/policy.go
+++ b/pkg/trust/policy.go
@@ -125,6 +125,16 @@ func GetPolicy(policyPath string) (PolicyContent, error) {
return policyContentStruct, nil
}
+var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
+
+func trustTypeDescription(trustType string) string {
+ trustDescription, exist := typeDescription[trustType]
+ if !exist {
+ logrus.Warnf("Invalid trust type %s", trustType)
+ }
+ return trustDescription
+}
+
// AddPolicyEntriesInput collects some parameters to AddPolicyEntries,
// primarily so that the callers use named values instead of just strings in a sequence.
type AddPolicyEntriesInput struct {
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 6186d4cbd..2813b126d 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -1,5 +1,10 @@
package trust
+import (
+ "fmt"
+ "strings"
+)
+
// Policy describes a basic trust policy configuration
type Policy struct {
Transport string `json:"transport"`
@@ -10,3 +15,66 @@ type Policy struct {
Type string `json:"type"`
GPGId string `json:"gpg_id,omitempty"`
}
+
+// PolicyDescription returns an user-focused description of the policy in policyPath and registries.d data from registriesDirPath.
+func PolicyDescription(policyPath, registriesDirPath string) ([]*Policy, error) {
+ policyContentStruct, err := GetPolicy(policyPath)
+ if err != nil {
+ return nil, fmt.Errorf("could not read trust policies: %w", err)
+ }
+ res, err := getPolicyShowOutput(policyContentStruct, registriesDirPath)
+ if err != nil {
+ return nil, fmt.Errorf("could not show trust policies: %w", err)
+ }
+ return res, nil
+}
+
+func getPolicyShowOutput(policyContentStruct PolicyContent, systemRegistriesDirPath string) ([]*Policy, error) {
+ var output []*Policy
+
+ registryConfigs, err := LoadAndMergeConfig(systemRegistriesDirPath)
+ if err != nil {
+ return nil, err
+ }
+
+ if len(policyContentStruct.Default) > 0 {
+ defaultPolicyStruct := Policy{
+ Transport: "all",
+ Name: "* (default)",
+ RepoName: "default",
+ Type: trustTypeDescription(policyContentStruct.Default[0].Type),
+ }
+ output = append(output, &defaultPolicyStruct)
+ }
+ for transport, transval := range policyContentStruct.Transports {
+ if transport == "docker" {
+ transport = "repository"
+ }
+
+ for repo, repoval := range transval {
+ tempTrustShowOutput := Policy{
+ Name: repo,
+ RepoName: repo,
+ Transport: transport,
+ Type: trustTypeDescription(repoval[0].Type),
+ }
+ uids := []string{}
+ for _, repoele := range repoval {
+ if len(repoele.KeyPath) > 0 {
+ uids = append(uids, GetGPGIdFromKeyPath(repoele.KeyPath)...)
+ }
+ if len(repoele.KeyData) > 0 {
+ uids = append(uids, GetGPGIdFromKeyData(repoele.KeyData)...)
+ }
+ }
+ tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
+
+ registryNamespace := HaveMatchRegistry(repo, registryConfigs)
+ if registryNamespace != nil {
+ tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
+ }
+ output = append(output, &tempTrustShowOutput)
+ }
+ }
+ return output, nil
+}