Use the full descriptionsOfPolicyRequirements for the default scope

... instead of taking a shortcut, e.g. not listing any keys if they are required. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-08-24 20:28:14 +02:00 · 2022-08-24 20:28:14 +02:00 · 2f6c145e86
parent b15afce551
commit 2f6c145e86
3 changed files with 36 additions and 16 deletions
--- a/pkg/trust/registries.go
+++ b/pkg/trust/registries.go
@ -102,8 +102,10 @@ func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) {
 }

 // registriesDConfigurationForScope returns registries.d configuration for the provided scope.
+// scope can be "" to return only the global default configuration entry.
 func registriesDConfigurationForScope(registryConfigs *registryConfiguration, scope string) *registryNamespace {
 	searchScope := scope
+	if searchScope != "" {
 		if !strings.Contains(searchScope, "/") {
 			val, exists := registryConfigs.Docker[searchScope]
 			if exists {
@ -119,5 +121,6 @@ func registriesDConfigurationForScope(registryConfigs *registryConfiguration, sc
 				searchScope = searchScope[:strings.LastIndex(searchScope, "/")]
 			}
 		}
+	}
 	return registryConfigs.DefaultDocker
 }
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@ -44,13 +44,12 @@ func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirP
 	}

 	if len(policyContentStruct.Default) > 0 {
-		defaultPolicyStruct := Policy{
+		template := Policy{
 			Transport: "all",
 			Name:      "* (default)",
 			RepoName:  "default",
-			Type:      trustTypeDescription(policyContentStruct.Default[0].Type),
 		}
-		output = append(output, &defaultPolicyStruct)
+		output = append(output, descriptionsOfPolicyRequirements(policyContentStruct.Default, template, registryConfigs, "", idReader)...)
 	}
 	// FIXME: This should use x/exp/maps.Keys after we update to Go 1.18.
 	transports := []string{}
@ -83,7 +82,7 @@ func getPolicyShowOutput(policyContentStruct policyContent, systemRegistriesDirP
 	return output, nil
 }

-// descriptionsOfPolicyRequirements turns reqs into user-readable policy entries, with Transport/Name/Reponame coming from template, potentially looking up scope in registryConfigs.
+// descriptionsOfPolicyRequirements turns reqs into user-readable policy entries, with Transport/Name/Reponame coming from template, potentially looking up scope (which may be "") in registryConfigs.
 func descriptionsOfPolicyRequirements(reqs []repoContent, template Policy, registryConfigs *registryConfiguration, scope string, idReader gpgIDReader) []*Policy {
 	entry := template
 	entry.Type = trustTypeDescription(reqs[0].Type)
--- a/pkg/trust/trust_test.go
+++ b/pkg/trust/trust_test.go
@ -79,6 +79,24 @@ func TestPolicyDescription(t *testing.T) {
 				},
 			},
 		},
+		{
+			&signature.Policy{
+				Default: signature.PolicyRequirements{
+					xNewPRSignedByKeyPath(t, "/1.pub", signature.NewPRMMatchRepoDigestOrExact()),
+					xNewPRSignedByKeyPath(t, "/2,3.pub", signature.NewPRMMatchRepoDigestOrExact()),
+				},
+			},
+			[]*Policy{
+				{
+					Transport:      "all",
+					Name:           "* (default)",
+					RepoName:       "default",
+					Type:           "signed",
+					SignatureStore: "",
+					GPGId:          "1, 2, 3",
+				},
+			},
+		},
 	} {
 		policyJSON, err := json.Marshal(c.policy)
 		require.NoError(t, err)