mirror of
https://github.com/containers/podman.git
synced 2025-07-03 09:17:15 +08:00
Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription
This will allow us to write unit tests without setting up the complete Podman runtime (and without the Linux dependency). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač
@ -4,11 +4,9 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"strings"
|
||||
|
||||
"github.com/containers/podman/v4/pkg/domain/entities"
|
||||
"github.com/containers/podman/v4/pkg/trust"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options entities.ShowTrustOptions) (*entities.ShowTrustReport, error) {
|
||||
@ -31,11 +29,7 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent
|
||||
if len(options.RegistryPath) > 0 {
|
||||
report.SystemRegistriesDirPath = options.RegistryPath
|
||||
}
|
||||
policyContentStruct, err := trust.GetPolicy(policyPath)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not read trust policies: %w", err)
|
||||
}
|
||||
report.Policies, err = getPolicyShowOutput(policyContentStruct, report.SystemRegistriesDirPath)
|
||||
report.Policies, err = trust.PolicyDescription(policyPath, report.SystemRegistriesDirPath)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not show trust policies: %w", err)
|
||||
}
|
||||
@ -59,63 +53,3 @@ func (ir *ImageEngine) SetTrust(ctx context.Context, args []string, options enti
|
||||
PubKeyFiles: options.PubKeysFile,
|
||||
})
|
||||
}
|
||||
|
||||
func getPolicyShowOutput(policyContentStruct trust.PolicyContent, systemRegistriesDirPath string) ([]*trust.Policy, error) {
|
||||
var output []*trust.Policy
|
||||
|
||||
registryConfigs, err := trust.LoadAndMergeConfig(systemRegistriesDirPath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(policyContentStruct.Default) > 0 {
|
||||
defaultPolicyStruct := trust.Policy{
|
||||
Transport: "all",
|
||||
Name: "* (default)",
|
||||
RepoName: "default",
|
||||
Type: trustTypeDescription(policyContentStruct.Default[0].Type),
|
||||
}
|
||||
output = append(output, &defaultPolicyStruct)
|
||||
}
|
||||
for transport, transval := range policyContentStruct.Transports {
|
||||
if transport == "docker" {
|
||||
transport = "repository"
|
||||
}
|
||||
|
||||
for repo, repoval := range transval {
|
||||
tempTrustShowOutput := trust.Policy{
|
||||
Name: repo,
|
||||
RepoName: repo,
|
||||
Transport: transport,
|
||||
Type: trustTypeDescription(repoval[0].Type),
|
||||
}
|
||||
uids := []string{}
|
||||
for _, repoele := range repoval {
|
||||
if len(repoele.KeyPath) > 0 {
|
||||
uids = append(uids, trust.GetGPGIdFromKeyPath(repoele.KeyPath)...)
|
||||
}
|
||||
if len(repoele.KeyData) > 0 {
|
||||
uids = append(uids, trust.GetGPGIdFromKeyData(repoele.KeyData)...)
|
||||
}
|
||||
}
|
||||
tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
|
||||
|
||||
registryNamespace := trust.HaveMatchRegistry(repo, registryConfigs)
|
||||
if registryNamespace != nil {
|
||||
tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
|
||||
}
|
||||
output = append(output, &tempTrustShowOutput)
|
||||
}
|
||||
}
|
||||
return output, nil
|
||||
}
|
||||
|
||||
var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
|
||||
|
||||
func trustTypeDescription(trustType string) string {
|
||||
trustDescription, exist := typeDescription[trustType]
|
||||
if !exist {
|
||||
logrus.Warnf("Invalid trust type %s", trustType)
|
||||
}
|
||||
return trustDescription
|
||||
}
|
||||
|
||||
@ -125,6 +125,16 @@ func GetPolicy(policyPath string) (PolicyContent, error) {
|
||||
return policyContentStruct, nil
|
||||
}
|
||||
|
||||
var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
|
||||
|
||||
func trustTypeDescription(trustType string) string {
|
||||
trustDescription, exist := typeDescription[trustType]
|
||||
if !exist {
|
||||
logrus.Warnf("Invalid trust type %s", trustType)
|
||||
}
|
||||
return trustDescription
|
||||
}
|
||||
|
||||
// AddPolicyEntriesInput collects some parameters to AddPolicyEntries,
|
||||
// primarily so that the callers use named values instead of just strings in a sequence.
|
||||
type AddPolicyEntriesInput struct {
|
||||
|
||||
@ -1,5 +1,10 @@
|
||||
package trust
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// Policy describes a basic trust policy configuration
|
||||
type Policy struct {
|
||||
Transport string `json:"transport"`
|
||||
@ -10,3 +15,66 @@ type Policy struct {
|
||||
Type string `json:"type"`
|
||||
GPGId string `json:"gpg_id,omitempty"`
|
||||
}
|
||||
|
||||
// PolicyDescription returns an user-focused description of the policy in policyPath and registries.d data from registriesDirPath.
|
||||
func PolicyDescription(policyPath, registriesDirPath string) ([]*Policy, error) {
|
||||
policyContentStruct, err := GetPolicy(policyPath)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not read trust policies: %w", err)
|
||||
}
|
||||
res, err := getPolicyShowOutput(policyContentStruct, registriesDirPath)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not show trust policies: %w", err)
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func getPolicyShowOutput(policyContentStruct PolicyContent, systemRegistriesDirPath string) ([]*Policy, error) {
|
||||
var output []*Policy
|
||||
|
||||
registryConfigs, err := LoadAndMergeConfig(systemRegistriesDirPath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(policyContentStruct.Default) > 0 {
|
||||
defaultPolicyStruct := Policy{
|
||||
Transport: "all",
|
||||
Name: "* (default)",
|
||||
RepoName: "default",
|
||||
Type: trustTypeDescription(policyContentStruct.Default[0].Type),
|
||||
}
|
||||
output = append(output, &defaultPolicyStruct)
|
||||
}
|
||||
for transport, transval := range policyContentStruct.Transports {
|
||||
if transport == "docker" {
|
||||
transport = "repository"
|
||||
}
|
||||
|
||||
for repo, repoval := range transval {
|
||||
tempTrustShowOutput := Policy{
|
||||
Name: repo,
|
||||
RepoName: repo,
|
||||
Transport: transport,
|
||||
Type: trustTypeDescription(repoval[0].Type),
|
||||
}
|
||||
uids := []string{}
|
||||
for _, repoele := range repoval {
|
||||
if len(repoele.KeyPath) > 0 {
|
||||
uids = append(uids, GetGPGIdFromKeyPath(repoele.KeyPath)...)
|
||||
}
|
||||
if len(repoele.KeyData) > 0 {
|
||||
uids = append(uids, GetGPGIdFromKeyData(repoele.KeyData)...)
|
||||
}
|
||||
}
|
||||
tempTrustShowOutput.GPGId = strings.Join(uids, ", ")
|
||||
|
||||
registryNamespace := HaveMatchRegistry(repo, registryConfigs)
|
||||
if registryNamespace != nil {
|
||||
tempTrustShowOutput.SignatureStore = registryNamespace.SigStore
|
||||
}
|
||||
output = append(output, &tempTrustShowOutput)
|
||||
}
|
||||
}
|
||||
return output, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user