From 35fa8c16a2e921ac7c45d6df3fa09a0ec6fdbbdd Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Wed, 24 Aug 2022 22:36:38 +0200
Subject: Make most of pkg/trust package-private
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We now have only a few entrypoints that are called externally,
so make the rest private.  This will make it more obvious that
we are not breaking any external users.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
---
 pkg/trust/policy.go     | 51 +++++++++++++++++++++++++------------------------
 pkg/trust/registries.go | 24 +++++++++++------------
 pkg/trust/trust.go      | 12 ++++++------
 3 files changed, 44 insertions(+), 43 deletions(-)

(limited to 'pkg')

diff --git a/pkg/trust/policy.go b/pkg/trust/policy.go
index 0dc46eac3..d2b904b07 100644
--- a/pkg/trust/policy.go
+++ b/pkg/trust/policy.go
@@ -17,14 +17,15 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// PolicyContent struct for policy.json file
-type PolicyContent struct {
-	Default    []RepoContent     `json:"default"`
-	Transports TransportsContent `json:"transports,omitempty"`
+// policyContent is the overall structure of a policy.json file (= c/image/v5/signature.Policy)
+type policyContent struct {
+	Default    []repoContent     `json:"default"`
+	Transports transportsContent `json:"transports,omitempty"`
 }
 
-// RepoContent struct used under each repo
-type RepoContent struct {
+// repoContent is a single policy requirement (one of possibly several for a scope), representing all of the individual alternatives in a single merged struct
+// (= c/image/v5/signature.{PolicyRequirement,pr*})
+type repoContent struct {
 	Type           string          `json:"type"`
 	KeyType        string          `json:"keyType,omitempty"`
 	KeyPath        string          `json:"keyPath,omitempty"`
@@ -32,11 +33,11 @@ type RepoContent struct {
 	SignedIdentity json.RawMessage `json:"signedIdentity,omitempty"`
 }
 
-// RepoMap map repo name to policycontent for each repo
-type RepoMap map[string][]RepoContent
+// repoMap maps a scope name to requirements that apply to that scope (= c/image/v5/signature.PolicyTransportScopes)
+type repoMap map[string][]repoContent
 
-// TransportsContent struct for content under "transports"
-type TransportsContent map[string]RepoMap
+// transportsContent contains policies for individual transports (= c/image/v5/signature.Policy.Transports)
+type transportsContent map[string]repoMap
 
 // DefaultPolicyPath returns a path to the default policy of the system.
 func DefaultPolicyPath(sys *types.SystemContext) string {
@@ -66,8 +67,8 @@ func createTmpFile(dir, pattern string, content []byte) (string, error) {
 	return tmpfile.Name(), nil
 }
 
-// GetGPGIdFromKeyPath return user keyring from key path
-func GetGPGIdFromKeyPath(path string) []string {
+// getGPGIdFromKeyPath returns GPG key IDs of keys stored at the provided path.
+func getGPGIdFromKeyPath(path string) []string {
 	cmd := exec.Command("gpg2", "--with-colons", path)
 	results, err := cmd.Output()
 	if err != nil {
@@ -77,8 +78,8 @@ func GetGPGIdFromKeyPath(path string) []string {
 	return parseUids(results)
 }
 
-// GetGPGIdFromKeyData return user keyring from keydata
-func GetGPGIdFromKeyData(key string) []string {
+// getGPGIdFromKeyData returns GPG key IDs of keys in the provided keyring.
+func getGPGIdFromKeyData(key string) []string {
 	decodeKey, err := base64.StdEncoding.DecodeString(key)
 	if err != nil {
 		logrus.Errorf("%s, error decoding key data", err)
@@ -89,7 +90,7 @@ func GetGPGIdFromKeyData(key string) []string {
 		logrus.Errorf("Creating key date temp file %s", err)
 	}
 	defer os.Remove(tmpfileName)
-	return GetGPGIdFromKeyPath(tmpfileName)
+	return getGPGIdFromKeyPath(tmpfileName)
 }
 
 func parseUids(colonDelimitKeys []byte) []string {
@@ -112,9 +113,9 @@ func parseUids(colonDelimitKeys []byte) []string {
 	return parseduids
 }
 
-// GetPolicy parse policy.json into PolicyContent struct
-func GetPolicy(policyPath string) (PolicyContent, error) {
-	var policyContentStruct PolicyContent
+// getPolicy parses policy.json into policyContent.
+func getPolicy(policyPath string) (policyContent, error) {
+	var policyContentStruct policyContent
 	policyContent, err := ioutil.ReadFile(policyPath)
 	if err != nil {
 		return policyContentStruct, fmt.Errorf("unable to read policy file: %w", err)
@@ -146,8 +147,8 @@ type AddPolicyEntriesInput struct {
 // AddPolicyEntries adds one or more policy entries necessary to implement AddPolicyEntriesInput.
 func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error {
 	var (
-		policyContentStruct PolicyContent
-		newReposContent     []RepoContent
+		policyContentStruct policyContent
+		newReposContent     []repoContent
 	)
 	trustType := input.Type
 	if trustType == "accept" {
@@ -161,14 +162,14 @@ func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error {
 		if len(pubkeysfile) != 0 {
 			return fmt.Errorf("%d public keys unexpectedly provided for trust type %v", len(pubkeysfile), input.Type)
 		}
-		newReposContent = append(newReposContent, RepoContent{Type: trustType})
+		newReposContent = append(newReposContent, repoContent{Type: trustType})
 
 	case "signedBy":
 		if len(pubkeysfile) == 0 {
 			return errors.New("at least one public key must be defined for type 'signedBy'")
 		}
 		for _, filepath := range pubkeysfile {
-			newReposContent = append(newReposContent, RepoContent{Type: trustType, KeyType: "GPGKeys", KeyPath: filepath})
+			newReposContent = append(newReposContent, repoContent{Type: trustType, KeyType: "GPGKeys", KeyPath: filepath})
 		}
 
 	case "sigstoreSigned":
@@ -176,7 +177,7 @@ func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error {
 			return errors.New("at least one public key must be defined for type 'sigstoreSigned'")
 		}
 		for _, filepath := range pubkeysfile {
-			newReposContent = append(newReposContent, RepoContent{Type: trustType, KeyPath: filepath})
+			newReposContent = append(newReposContent, repoContent{Type: trustType, KeyPath: filepath})
 		}
 
 	default:
@@ -209,10 +210,10 @@ func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error {
 		}
 		if !registryExists {
 			if policyContentStruct.Transports == nil {
-				policyContentStruct.Transports = make(map[string]RepoMap)
+				policyContentStruct.Transports = make(map[string]repoMap)
 			}
 			if policyContentStruct.Transports["docker"] == nil {
-				policyContentStruct.Transports["docker"] = make(map[string][]RepoContent)
+				policyContentStruct.Transports["docker"] = make(map[string][]repoContent)
 			}
 			policyContentStruct.Transports["docker"][input.Scope] = append(policyContentStruct.Transports["docker"][input.Scope], newReposContent...)
 		}
diff --git a/pkg/trust/registries.go b/pkg/trust/registries.go
index ba6ffe281..da2e7eb42 100644
--- a/pkg/trust/registries.go
+++ b/pkg/trust/registries.go
@@ -12,16 +12,16 @@ import (
 	"github.com/ghodss/yaml"
 )
 
-// RegistryConfiguration is one of the files in registriesDirPath configuring lookaside locations, or the result of merging them all.
+// registryConfiguration is one of the files in registriesDirPath configuring lookaside locations, or the result of merging them all.
 // NOTE: Keep this in sync with docs/registries.d.md!
-type RegistryConfiguration struct {
-	DefaultDocker *RegistryNamespace `json:"default-docker"`
+type registryConfiguration struct {
+	DefaultDocker *registryNamespace `json:"default-docker"`
 	// The key is a namespace, using fully-expanded Docker reference format or parent namespaces (per dockerReference.PolicyConfiguration*),
-	Docker map[string]RegistryNamespace `json:"docker"`
+	Docker map[string]registryNamespace `json:"docker"`
 }
 
-// RegistryNamespace defines lookaside locations for a single namespace.
-type RegistryNamespace struct {
+// registryNamespace defines lookaside locations for a single namespace.
+type registryNamespace struct {
 	SigStore        string `json:"sigstore"`         // For reading, and if SigStoreStaging is not present, for writing.
 	SigStoreStaging string `json:"sigstore-staging"` // For writing only.
 }
@@ -48,9 +48,9 @@ func RegistriesDirPath(sys *types.SystemContext) string {
 	return systemRegistriesDirPath
 }
 
-// LoadAndMergeConfig loads configuration files in dirPath
-func LoadAndMergeConfig(dirPath string) (*RegistryConfiguration, error) {
-	mergedConfig := RegistryConfiguration{Docker: map[string]RegistryNamespace{}}
+// loadAndMergeConfig loads registries.d configuration files in dirPath
+func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) {
+	mergedConfig := registryConfiguration{Docker: map[string]registryNamespace{}}
 	dockerDefaultMergedFrom := ""
 	nsMergedFrom := map[string]string{}
 
@@ -74,7 +74,7 @@ func LoadAndMergeConfig(dirPath string) (*RegistryConfiguration, error) {
 		if err != nil {
 			return nil, err
 		}
-		var config RegistryConfiguration
+		var config registryConfiguration
 		err = yaml.Unmarshal(configBytes, &config)
 		if err != nil {
 			return nil, fmt.Errorf("error parsing %s: %w", configPath, err)
@@ -99,8 +99,8 @@ func LoadAndMergeConfig(dirPath string) (*RegistryConfiguration, error) {
 	return &mergedConfig, nil
 }
 
-// HaveMatchRegistry checks if trust settings for the registry have been configured in yaml file
-func HaveMatchRegistry(key string, registryConfigs *RegistryConfiguration) *RegistryNamespace {
+// haveMatchRegistry returns configuration from registryConfigs that is configured for key.
+func haveMatchRegistry(key string, registryConfigs *registryConfiguration) *registryNamespace {
 	searchKey := key
 	if !strings.Contains(searchKey, "/") {
 		val, exists := registryConfigs.Docker[searchKey]
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 2813b126d..606e4ed93 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -18,7 +18,7 @@ type Policy struct {
 
 // PolicyDescription returns an user-focused description of the policy in policyPath and registries.d data from registriesDirPath.
 func PolicyDescription(policyPath, registriesDirPath string) ([]*Policy, error) {
-	policyContentStruct, err := GetPolicy(policyPath)
+	policyContentStruct, err := getPolicy(policyPath)
 	if err != nil {
 		return nil, fmt.Errorf("could not read trust policies: %w", err)
 	}
@@ -29,10 +29,10 @@ func PolicyDescription(policyPath, registriesDirPath string) ([]*Policy, error)
 	return res, nil
 }
 
-func getPolicyShowOutput(policyContentStruct PolicyContent, systemRegistriesDirPath string) ([]*Policy, error) {
+func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirPath string) ([]*Policy, error) {
 	var output []*Policy
 
-	registryConfigs, err := LoadAndMergeConfig(systemRegistriesDirPath)
+	registryConfigs, err := loadAndMergeConfig(systemRegistriesDirPath)
 	if err != nil {
 		return nil, err
 	}
@@ -61,15 +61,15 @@ func getPolicyShowOutput(policyContentStruct PolicyContent, systemRegistriesDirP
 			uids := []string{}
 			for _, repoele := range repoval {
 				if len(repoele.KeyPath) > 0 {
-					uids = append(uids, GetGPGIdFromKeyPath(repoele.KeyPath)...)
+					uids = append(uids, getGPGIdFromKeyPath(repoele.KeyPath)...)
 				}
 				if len(repoele.KeyData) > 0 {
-					uids = append(uids, GetGPGIdFromKeyData(repoele.KeyData)...)
+					uids = append(uids, getGPGIdFromKeyData(repoele.KeyData)...)
 				}
 			}
 			tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
 
-			registryNamespace := HaveMatchRegistry(repo, registryConfigs)
+			registryNamespace := haveMatchRegistry(repo, registryConfigs)
 			if registryNamespace != nil {
 				tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
 			}
-- 
cgit v1.2.3-54-g00ecf