fix: remove the change of oci policy commands

Signed-off-by: Junjie Gao <[email protected]>

cmd/notation/policy/cmd.go

@@ -11,7 +11,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package policy provides the import and show command for OCI trust policy.
 package policy
 
 import "github.com/spf13/cobra"

cmd/notation/policy/import.go

@@ -50,14 +50,14 @@ Example - Import trust policy configuration from a file:
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.filePath = args[0]
-			return runImport(opts)
+			return runImport(cmd, opts)
 		},
 	}
 	command.Flags().BoolVar(&opts.force, "force", false, "override the existing trust policy configuration, never prompt")
 	return command
 }
 
-func runImport(opts importOpts) error {
+func runImport(command *cobra.Command, opts importOpts) error {
 	// read configuration
 	policyJSON, err := os.ReadFile(opts.filePath)
 	if err != nil {
@@ -75,7 +75,7 @@ func runImport(opts importOpts) error {
 
 	// optional confirmation
 	if !opts.force {
-		if _, err := trustpolicy.LoadOCIDocument(); err == nil {
+		if _, err := trustpolicy.LoadDocument(); err == nil {
 			confirmed, err := cmdutil.AskForConfirmation(os.Stdin, "The trust policy file already exists, do you want to overwrite it?", opts.force)
 			if err != nil {
 				return err
@@ -85,27 +85,17 @@ func runImport(opts importOpts) error {
 			}
 		}
 	} else {
-		fmt.Fprintln(os.Stderr, "Warning: existing trust policy file will be overwritten")
+		fmt.Fprintln(os.Stderr, "Warning: existing trust policy configuration file will be overwritten")
 	}
 
 	// write
-	policyPath, err := dir.ConfigFS().SysPath(dir.PathOCITrustPolicy)
+	policyPath, err := dir.ConfigFS().SysPath(dir.PathTrustPolicy)
 	if err != nil {
 		return fmt.Errorf("failed to obtain path of trust policy file: %w", err)
 	}
 	if err = osutil.WriteFile(policyPath, policyJSON); err != nil {
 		return fmt.Errorf("failed to write trust policy file: %w", err)
 	}
-
-	// clear old trust policy
-	oldPolicyPath, err := dir.ConfigFS().SysPath(dir.PathTrustPolicy)
-	if err != nil {
-		return fmt.Errorf("failed to obtain path of trust policy file: %w", err)
-	}
-	if err := osutil.RemoveIfExists(oldPolicyPath); err != nil {
-		fmt.Fprintf(os.Stderr, "Warning: failed to clear old trust policy %q: %v\n", oldPolicyPath, err)
-	}
-
-	_, err = fmt.Fprintln(os.Stdout, "Successfully imported trust policy file.")
+	_, err = fmt.Fprintln(os.Stdout, "Trust policy configuration imported successfully.")
 	return err
 }

cmd/notation/policy/show.go

@@ -17,7 +17,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"io/fs"
 	"os"
 
@@ -26,7 +25,11 @@ import (
 	"github.com/spf13/cobra"
 )
 
+type showOpts struct {
+}
+
 func showCmd() *cobra.Command {
+	var opts showOpts
 	command := &cobra.Command{
 		Use:   "show [flags]",
 		Short: "Show trust policy configuration",
@@ -42,14 +45,21 @@ Example - Save current trust policy configuration to a file:
 `,
 		Args: cobra.ExactArgs(0),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return runShow()
+			return runShow(cmd, opts)
 		},
 	}
 	return command
 }
 
-func runShow() error {
-	policyJSON, err := loadOCITrustPolicy()
+func runShow(command *cobra.Command, opts showOpts) error {
+	// get policy file path
+	policyPath, err := dir.ConfigFS().SysPath(dir.PathTrustPolicy)
+	if err != nil {
+		return fmt.Errorf("failed to obtain path of trust policy file: %w", err)
+	}
+
+	// core process
+	policyJSON, err := os.ReadFile(policyPath)
 	if err != nil {
 		if errors.Is(err, fs.ErrNotExist) {
 			return fmt.Errorf("failed to show trust policy as the trust policy file does not exist.\nYou can import one using `notation policy import <path-to-policy.json>`")
@@ -62,30 +72,11 @@ func runShow() error {
 	}
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Error: %s\n", err.Error())
-		fmt.Fprintf(os.Stderr, "Existing trust policy file is invalid, you may update or create a new one via `notation policy import <path-to-policy.json>`\n")
+		fmt.Fprintf(os.Stderr, "Existing trust policy configuration is invalid, you may update or create a new one via `notation policy import <path-to-policy.json>`\n")
 		// not returning to show the invalid policy configuration
 	}
 
 	// show policy content
 	_, err = os.Stdout.Write(policyJSON)
 	return err
 }
-
-// loadOCITrustPolicy loads OCI trust policy from notation configuration directory.
-//
-// It tries to load OCI trust policy (trustpolicy.oci.json) first, if it does
-// not exist, it falls back to old trust policy (trustpolicy.json).
-func loadOCITrustPolicy() ([]byte, error) {
-	f, err := dir.ConfigFS().Open(dir.PathOCITrustPolicy)
-	if err != nil {
-		if !errors.Is(err, fs.ErrNotExist) {
-			return nil, err
-		}
-		f, err = dir.ConfigFS().Open(dir.PathTrustPolicy)
-		if err != nil {
-			return nil, err
-		}
-	}
-	defer f.Close()
-	return io.ReadAll(f)
-}

test/e2e/internal/notation/init.go

@@ -25,7 +25,6 @@ import (
 const (
 	NotationDirName     = "notation"
 	TrustPolicyName     = "trustpolicy.json"
-	OCITrustPolicyName  = "trustpolicy.oci.json"
 	BlobTrustPolicyName = "trustpolicy.blob.json"
 	TrustStoreDirName   = "truststore"
 	TrustStoreTypeCA    = "ca"

test/e2e/suite/command/policy.go

@@ -14,8 +14,6 @@
 package command
 
 import (
-	"errors"
-	"io/fs"
 	"os"
 	"path/filepath"
 	"strings"
@@ -46,7 +44,7 @@ var _ = Describe("trust policy maintainer", func() {
 			})
 		})
 
-		It("should show exist old policy", func() {
+		It("should show exist policy", func() {
 			content, err := os.ReadFile(filepath.Join(NotationE2ETrustPolicyDir, TrustPolicyName))
 			Expect(err).NotTo(HaveOccurred())
 			Host(Opts(AddTrustPolicyOption(TrustPolicyName)), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
@@ -65,18 +63,6 @@ var _ = Describe("trust policy maintainer", func() {
 					MatchContent(string(content))
 			})
 		})
-
-		It("should failed if without permission to read policy", func() {
-			Host(Opts(AddTrustPolicyOption(TrustPolicyName)), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
-				notationPath := vhost.AbsolutePath(NotationDirName)
-				os.Chmod(notationPath, 0000)
-				defer os.Chmod(notationPath, 0755)
-
-				notation.ExpectFailure().
-					Exec("policy", "show").
-					MatchErrKeyWords("failed to show trust policy", "permission denied")
-			})
-		})
 	})
 
 	When("importing configuration without existing trust policy configuration", func() {
@@ -105,13 +91,6 @@ var _ = Describe("trust policy maintainer", func() {
 			})
 		})
 
-		It("should failed if provide file is malformed json", func() {
-			Host(opts, func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
-				notation.ExpectFailure().
-					Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, "invalid_format_trustpolicy.json"))
-			})
-		})
-
 		It("should fail if registry scope is malformed", func() {
 			Host(opts, func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
 				notation.ExpectFailure().
@@ -144,21 +123,6 @@ var _ = Describe("trust policy maintainer", func() {
 				notation.Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, TrustPolicyName), "--force")
 			})
 		})
-
-		It("should failed if without permission to write policy", func() {
-			Host(opts, func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
-				notation.
-					Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, TrustPolicyName))
-
-				trustPolicyPath := vhost.AbsolutePath(NotationDirName)
-				os.Chmod(trustPolicyPath, 0000)
-				defer os.Chmod(trustPolicyPath, 0755)
-
-				notation.ExpectFailure().
-					Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, TrustPolicyName), "--force").
-					MatchErrKeyWords("failed to write trust policy file")
-			})
-		})
 	})
 
 	When("importing configuration with existing trust policy configuration", func() {
@@ -254,41 +218,4 @@ var _ = Describe("trust policy maintainer", func() {
 			})
 		})
 	})
-
-	When("importing policy with existing old policy", func() {
-		It("should delete old policy", func() {
-			Host(Opts(AddTrustPolicyOption("trustpolicy.json")), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
-				newPolicyName := "any_registry_scope_trust_policy.json"
-				notation.WithInput(strings.NewReader("Y\n")).Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, newPolicyName)).
-					MatchKeyWords("Trust policy configuration imported successfully.")
-				// validate
-				content, err := os.ReadFile(filepath.Join(NotationE2ETrustPolicyDir, newPolicyName))
-				Expect(err).NotTo(HaveOccurred())
-				notation.Exec("policy", "show").MatchContent(string(content))
-
-				// check old policy doesn't exist
-				oldPolicyPath := vhost.AbsolutePath(NotationDirName, "trustpolicy.json")
-				_, err = os.Stat(oldPolicyPath)
-				Expect(errors.Is(err, fs.ErrNotExist)).To(BeTrue())
-			})
-		})
-	})
-
-	When("showing policy when both the old and oci policy exist", func() {
-		It("should show the oci policy", func() {
-			Host(Opts(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
-				// add oci policy
-				newPolicyName := "any_registry_scope_trust_policy.json"
-				notation.WithInput(strings.NewReader("Y\n")).Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, newPolicyName)).
-					MatchKeyWords("Trust policy configuration imported successfully.")
-
-				// add old policy
-				vhost.SetOption(AddTrustPolicyOption("trustpolicy.json"))
-
-				content, err := os.ReadFile(filepath.Join(NotationE2ETrustPolicyDir, newPolicyName))
-				Expect(err).NotTo(HaveOccurred())
-				notation.Exec("policy", "show").MatchContent(string(content))
-			})
-		})
-	})
 })