Use the full descriptionsOfPolicyRequirements for the default scope

... instead of taking a shortcut, e.g. not listing any keys if they are required.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

pkg/trust/registries.go

@@ -102,21 +102,24 @@ func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) {
 }
 
 // registriesDConfigurationForScope returns registries.d configuration for the provided scope.
+// scope can be "" to return only the global default configuration entry.
 func registriesDConfigurationForScope(registryConfigs *registryConfiguration, scope string) *registryNamespace {
 	searchScope := scope
-	if !strings.Contains(searchScope, "/") {
+	if searchScope != "" {
-		val, exists := registryConfigs.Docker[searchScope]
+		if !strings.Contains(searchScope, "/") {
-		if exists {
+			val, exists := registryConfigs.Docker[searchScope]
-			return &val
+			if exists {
+				return &val
+			}
 		}
-	}
+		for range strings.Split(scope, "/") {
-	for range strings.Split(scope, "/") {
+			val, exists := registryConfigs.Docker[searchScope]
-		val, exists := registryConfigs.Docker[searchScope]
+			if exists {
-		if exists {
+				return &val
-			return &val
+			}
-		}
+			if strings.Contains(searchScope, "/") {
-		if strings.Contains(searchScope, "/") {
+				searchScope = searchScope[:strings.LastIndex(searchScope, "/")]
-			searchScope = searchScope[:strings.LastIndex(searchScope, "/")]
+			}
 		}
 	}
 	return registryConfigs.DefaultDocker

pkg/trust/trust.go

@@ -44,13 +44,12 @@ func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirP
 	}
 
 	if len(policyContentStruct.Default) > 0 {
-		defaultPolicyStruct := Policy{
+		template := Policy{
 			Transport: "all",
 			Name:      "* (default)",
 			RepoName:  "default",
-			Type:      trustTypeDescription(policyContentStruct.Default[0].Type),
 		}
-		output = append(output, &defaultPolicyStruct)
+		output = append(output, descriptionsOfPolicyRequirements(policyContentStruct.Default, template, registryConfigs, "", idReader)...)
 	}
 	// FIXME: This should use x/exp/maps.Keys after we update to Go 1.18.
 	transports := []string{}
@@ -83,7 +82,7 @@ func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirP
 	return output, nil
 }
 
-// descriptionsOfPolicyRequirements turns reqs into user-readable policy entries, with Transport/Name/Reponame coming from template, potentially looking up scope in registryConfigs.
+// descriptionsOfPolicyRequirements turns reqs into user-readable policy entries, with Transport/Name/Reponame coming from template, potentially looking up scope (which may be "") in registryConfigs.
 func descriptionsOfPolicyRequirements(reqs []repoContent, template Policy, registryConfigs *registryConfiguration, scope string, idReader gpgIDReader) []*Policy {
 	entry := template
 	entry.Type = trustTypeDescription(reqs[0].Type)

pkg/trust/trust_test.go

@@ -79,6 +79,24 @@ func TestPolicyDescription(t *testing.T) {
 				},
 			},
 		},
+		{
+			&signature.Policy{
+				Default: signature.PolicyRequirements{
+					xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+					xNewPRSignedByKeyPath(t, "/2,3.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				},
+			},
+			[]*Policy{
+				{
+					Transport:      "all",
+					Name:           "* (default)",
+					RepoName:       "default",
+					Type:           "signed",
+					SignatureStore: "",
+					GPGId:          "1, 2, 3",
+				},
+			},
+		},
 	} {
 		policyJSON, err := json.Marshal(c.policy)
 		require.NoError(t, err)