diff --git a/cmd/notation/policy/cmd.go b/cmd/notation/policy/cmd.go index 3e63070f4..a8b646859 100644 --- a/cmd/notation/policy/cmd.go +++ b/cmd/notation/policy/cmd.go @@ -11,7 +11,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package policy provides the import and show command for OCI trust policy. package policy import "github.com/spf13/cobra" diff --git a/cmd/notation/policy/import.go b/cmd/notation/policy/import.go index b6a5110df..ec3d3e854 100644 --- a/cmd/notation/policy/import.go +++ b/cmd/notation/policy/import.go @@ -50,14 +50,14 @@ Example - Import trust policy configuration from a file: }, RunE: func(cmd *cobra.Command, args []string) error { opts.filePath = args[0] - return runImport(opts) + return runImport(cmd, opts) }, } command.Flags().BoolVar(&opts.force, "force", false, "override the existing trust policy configuration, never prompt") return command } -func runImport(opts importOpts) error { +func runImport(command *cobra.Command, opts importOpts) error { // read configuration policyJSON, err := os.ReadFile(opts.filePath) if err != nil { @@ -75,7 +75,7 @@ func runImport(opts importOpts) error { // optional confirmation if !opts.force { - if _, err := trustpolicy.LoadOCIDocument(); err == nil { + if _, err := trustpolicy.LoadDocument(); err == nil { confirmed, err := cmdutil.AskForConfirmation(os.Stdin, "The trust policy file already exists, do you want to overwrite it?", opts.force) if err != nil { return err @@ -85,27 +85,17 @@ func runImport(opts importOpts) error { } } } else { - fmt.Fprintln(os.Stderr, "Warning: existing trust policy file will be overwritten") + fmt.Fprintln(os.Stderr, "Warning: existing trust policy configuration file will be overwritten") } // write - policyPath, err := dir.ConfigFS().SysPath(dir.PathOCITrustPolicy) + policyPath, err := dir.ConfigFS().SysPath(dir.PathTrustPolicy) if err != nil { return fmt.Errorf("failed to obtain path of trust policy file: %w", err) } if err = osutil.WriteFile(policyPath, policyJSON); err != nil { return fmt.Errorf("failed to write trust policy file: %w", err) } - - // clear old trust policy - oldPolicyPath, err := dir.ConfigFS().SysPath(dir.PathTrustPolicy) - if err != nil { - return fmt.Errorf("failed to obtain path of trust policy file: %w", err) - } - if err := osutil.RemoveIfExists(oldPolicyPath); err != nil { - fmt.Fprintf(os.Stderr, "Warning: failed to clear old trust policy %q: %v\n", oldPolicyPath, err) - } - - _, err = fmt.Fprintln(os.Stdout, "Successfully imported trust policy file.") + _, err = fmt.Fprintln(os.Stdout, "Trust policy configuration imported successfully.") return err } diff --git a/cmd/notation/policy/show.go b/cmd/notation/policy/show.go index 7e5461b31..dca73c942 100644 --- a/cmd/notation/policy/show.go +++ b/cmd/notation/policy/show.go @@ -17,7 +17,6 @@ import ( "encoding/json" "errors" "fmt" - "io" "io/fs" "os" @@ -26,7 +25,11 @@ import ( "github.com/spf13/cobra" ) +type showOpts struct { +} + func showCmd() *cobra.Command { + var opts showOpts command := &cobra.Command{ Use: "show [flags]", Short: "Show trust policy configuration", @@ -42,14 +45,21 @@ Example - Save current trust policy configuration to a file: `, Args: cobra.ExactArgs(0), RunE: func(cmd *cobra.Command, args []string) error { - return runShow() + return runShow(cmd, opts) }, } return command } -func runShow() error { - policyJSON, err := loadOCITrustPolicy() +func runShow(command *cobra.Command, opts showOpts) error { + // get policy file path + policyPath, err := dir.ConfigFS().SysPath(dir.PathTrustPolicy) + if err != nil { + return fmt.Errorf("failed to obtain path of trust policy file: %w", err) + } + + // core process + policyJSON, err := os.ReadFile(policyPath) if err != nil { if errors.Is(err, fs.ErrNotExist) { return fmt.Errorf("failed to show trust policy as the trust policy file does not exist.\nYou can import one using `notation policy import `") @@ -62,7 +72,7 @@ func runShow() error { } if err != nil { fmt.Fprintf(os.Stderr, "Error: %s\n", err.Error()) - fmt.Fprintf(os.Stderr, "Existing trust policy file is invalid, you may update or create a new one via `notation policy import `\n") + fmt.Fprintf(os.Stderr, "Existing trust policy configuration is invalid, you may update or create a new one via `notation policy import `\n") // not returning to show the invalid policy configuration } @@ -70,22 +80,3 @@ func runShow() error { _, err = os.Stdout.Write(policyJSON) return err } - -// loadOCITrustPolicy loads OCI trust policy from notation configuration directory. -// -// It tries to load OCI trust policy (trustpolicy.oci.json) first, if it does -// not exist, it falls back to old trust policy (trustpolicy.json). -func loadOCITrustPolicy() ([]byte, error) { - f, err := dir.ConfigFS().Open(dir.PathOCITrustPolicy) - if err != nil { - if !errors.Is(err, fs.ErrNotExist) { - return nil, err - } - f, err = dir.ConfigFS().Open(dir.PathTrustPolicy) - if err != nil { - return nil, err - } - } - defer f.Close() - return io.ReadAll(f) -} diff --git a/test/e2e/internal/notation/init.go b/test/e2e/internal/notation/init.go index d7a60320e..96a58d88d 100644 --- a/test/e2e/internal/notation/init.go +++ b/test/e2e/internal/notation/init.go @@ -25,7 +25,6 @@ import ( const ( NotationDirName = "notation" TrustPolicyName = "trustpolicy.json" - OCITrustPolicyName = "trustpolicy.oci.json" BlobTrustPolicyName = "trustpolicy.blob.json" TrustStoreDirName = "truststore" TrustStoreTypeCA = "ca" diff --git a/test/e2e/suite/command/policy.go b/test/e2e/suite/command/policy.go index b1d31c714..118939c58 100644 --- a/test/e2e/suite/command/policy.go +++ b/test/e2e/suite/command/policy.go @@ -14,8 +14,6 @@ package command import ( - "errors" - "io/fs" "os" "path/filepath" "strings" @@ -46,7 +44,7 @@ var _ = Describe("trust policy maintainer", func() { }) }) - It("should show exist old policy", func() { + It("should show exist policy", func() { content, err := os.ReadFile(filepath.Join(NotationE2ETrustPolicyDir, TrustPolicyName)) Expect(err).NotTo(HaveOccurred()) Host(Opts(AddTrustPolicyOption(TrustPolicyName)), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { @@ -65,18 +63,6 @@ var _ = Describe("trust policy maintainer", func() { MatchContent(string(content)) }) }) - - It("should failed if without permission to read policy", func() { - Host(Opts(AddTrustPolicyOption(TrustPolicyName)), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { - notationPath := vhost.AbsolutePath(NotationDirName) - os.Chmod(notationPath, 0000) - defer os.Chmod(notationPath, 0755) - - notation.ExpectFailure(). - Exec("policy", "show"). - MatchErrKeyWords("failed to show trust policy", "permission denied") - }) - }) }) When("importing configuration without existing trust policy configuration", func() { @@ -105,13 +91,6 @@ var _ = Describe("trust policy maintainer", func() { }) }) - It("should failed if provide file is malformed json", func() { - Host(opts, func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { - notation.ExpectFailure(). - Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, "invalid_format_trustpolicy.json")) - }) - }) - It("should fail if registry scope is malformed", func() { Host(opts, func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { notation.ExpectFailure(). @@ -144,21 +123,6 @@ var _ = Describe("trust policy maintainer", func() { notation.Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, TrustPolicyName), "--force") }) }) - - It("should failed if without permission to write policy", func() { - Host(opts, func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { - notation. - Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, TrustPolicyName)) - - trustPolicyPath := vhost.AbsolutePath(NotationDirName) - os.Chmod(trustPolicyPath, 0000) - defer os.Chmod(trustPolicyPath, 0755) - - notation.ExpectFailure(). - Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, TrustPolicyName), "--force"). - MatchErrKeyWords("failed to write trust policy file") - }) - }) }) When("importing configuration with existing trust policy configuration", func() { @@ -254,41 +218,4 @@ var _ = Describe("trust policy maintainer", func() { }) }) }) - - When("importing policy with existing old policy", func() { - It("should delete old policy", func() { - Host(Opts(AddTrustPolicyOption("trustpolicy.json")), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { - newPolicyName := "any_registry_scope_trust_policy.json" - notation.WithInput(strings.NewReader("Y\n")).Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, newPolicyName)). - MatchKeyWords("Trust policy configuration imported successfully.") - // validate - content, err := os.ReadFile(filepath.Join(NotationE2ETrustPolicyDir, newPolicyName)) - Expect(err).NotTo(HaveOccurred()) - notation.Exec("policy", "show").MatchContent(string(content)) - - // check old policy doesn't exist - oldPolicyPath := vhost.AbsolutePath(NotationDirName, "trustpolicy.json") - _, err = os.Stat(oldPolicyPath) - Expect(errors.Is(err, fs.ErrNotExist)).To(BeTrue()) - }) - }) - }) - - When("showing policy when both the old and oci policy exist", func() { - It("should show the oci policy", func() { - Host(Opts(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { - // add oci policy - newPolicyName := "any_registry_scope_trust_policy.json" - notation.WithInput(strings.NewReader("Y\n")).Exec("policy", "import", filepath.Join(NotationE2ETrustPolicyDir, newPolicyName)). - MatchKeyWords("Trust policy configuration imported successfully.") - - // add old policy - vhost.SetOption(AddTrustPolicyOption("trustpolicy.json")) - - content, err := os.ReadFile(filepath.Join(NotationE2ETrustPolicyDir, newPolicyName)) - Expect(err).NotTo(HaveOccurred()) - notation.Exec("policy", "show").MatchContent(string(content)) - }) - }) - }) })