From b01b2a78f4f8ffbd8d76ef7234ccc1ba8d7b42ce Mon Sep 17 00:00:00 2001 From: Qi Wang Date: Tue, 8 Jan 2019 22:01:54 -0500 Subject: Fix 'image trust' from PR1899 Signed-off-by: Qi Wang --- cmd/podman/trust.go | 58 +++++++++++++++++------------------------------------ 1 file changed, 18 insertions(+), 40 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/trust.go b/cmd/podman/trust.go index 7c404cd3f..863f36d09 100644 --- a/cmd/podman/trust.go +++ b/cmd/podman/trust.go @@ -13,7 +13,6 @@ import ( "github.com/containers/libpod/libpod/image" "github.com/containers/libpod/pkg/trust" "github.com/pkg/errors" - "github.com/sirupsen/logrus" "github.com/urfave/cli" ) @@ -132,7 +131,7 @@ func showTrustCmd(c *cli.Context) error { if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil { return errors.Errorf("could not read trust policies") } - policyJSON, err := trust.GetPolicyJSON(policyContentStruct, systemRegistriesDirPath) + policyJSON, showOutputMap, err := trust.GetPolicy(policyContentStruct, systemRegistriesDirPath) if err != nil { return errors.Wrapf(err, "error reading registry config file") } @@ -144,31 +143,12 @@ func showTrustCmd(c *cli.Context) error { } sortedRepos := sortPolicyJSONKey(policyJSON) - type policydefault struct { - Repo string - Trusttype string - GPGid string - Sigstore string - } - var policyoutput []policydefault - for _, repo := range sortedRepos { - repoval := policyJSON[repo] - var defaultstruct policydefault - defaultstruct.Repo = repo - if repoval["type"] != nil { - defaultstruct.Trusttype = trustTypeDescription(repoval["type"].(string)) - } - if repoval["keys"] != nil && len(repoval["keys"].([]string)) > 0 { - defaultstruct.GPGid = trust.GetGPGId(repoval["keys"].([]string)) - } - if repoval["sigstore"] != nil { - defaultstruct.Sigstore = repoval["sigstore"].(string) - } - policyoutput = append(policyoutput, defaultstruct) - } var output []interface{} - for _, ele := range policyoutput { - output = append(output, interface{}(ele)) + for _, reponame := range sortedRepos { + showOutput, exists := showOutputMap[reponame] + if exists { + output = append(output, interface{}(showOutput)) + } } out := formats.StdoutTemplateArray{Output: output, Template: "{{.Repo}}\t{{.Trusttype}}\t{{.GPGid}}\t{{.Sigstore}}"} return formats.Writer(out).Out() @@ -209,8 +189,10 @@ func setTrustCmd(c *cli.Context) error { policyPath = trust.DefaultPolicyPath(runtime.SystemContext()) } var policyContentStruct trust.PolicyContent + policyFileExists := false _, err = os.Stat(policyPath) if !os.IsNotExist(err) { + policyFileExists = true policyContent, err := ioutil.ReadFile(policyPath) if err != nil { return errors.Wrapf(err, "unable to read %s", policyPath) @@ -218,6 +200,9 @@ func setTrustCmd(c *cli.Context) error { if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil { return errors.Errorf("could not read trust policies") } + if args[0] != "default" && len(policyContentStruct.Default) == 0 { + return errors.Errorf("Default trust policy must be set.") + } } var newReposContent []trust.RepoContent if len(pubkeysfile) != 0 { @@ -230,15 +215,18 @@ func setTrustCmd(c *cli.Context) error { if args[0] == "default" { policyContentStruct.Default = newReposContent } else { - exists := false + if policyFileExists == false && len(policyContentStruct.Default) == 0 { + return errors.Errorf("Default trust policy must be set to create the policy file.") + } + registryExists := false for transport, transportval := range policyContentStruct.Transports { - _, exists = transportval[args[0]] - if exists { + _, registryExists = transportval[args[0]] + if registryExists { policyContentStruct.Transports[transport][args[0]] = newReposContent break } } - if !exists { + if !registryExists { if policyContentStruct.Transports == nil { policyContentStruct.Transports = make(map[string]trust.RepoMap) } @@ -260,16 +248,6 @@ func setTrustCmd(c *cli.Context) error { return nil } -var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"} - -func trustTypeDescription(trustType string) string { - trustDescription, exist := typeDescription[trustType] - if !exist { - logrus.Warnf("invalid trust type %s", trustType) - } - return trustDescription -} - func sortPolicyJSONKey(m map[string]map[string]interface{}) []string { keys := make([]string, len(m)) i := 0 -- cgit v1.2.3-54-g00ecf