Use globalOptions for policy configuration

This requires us to propagate globalOptions to the per-command
*Options state.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač
2018-07-07 03:01:04 +02:00
parent f30756a9bb
commit e1cc97d9d7
2 changed files with 20 additions and 17 deletions

View File

@@ -32,14 +32,15 @@ func contextsFromGlobalOptions(c *cli.Context) (*types.SystemContext, *types.Sys
}
type copyOptions struct {
global *globalOptions
additionalTags cli.StringSlice // For docker-archive: destinations, in addition to the name:tag specified as destination, also add these
removeSignatures bool // Do not copy signatures from the source image
signByFingerprint string // Sign the image using a GPG key with the specified fingerprint
format optionalString // Force conversion of the image to a specified format
}
func copyCmd() cli.Command {
opts := copyOptions{}
func copyCmd(global *globalOptions) cli.Command {
opts := copyOptions{global: global}
return cli.Command{
Name: "copy",
Usage: "Copy an IMAGE-NAME from one location to another",
@@ -147,7 +148,7 @@ func (opts *copyOptions) run(c *cli.Context) error {
return errors.New("Exactly two arguments expected")
}
policyContext, err := getPolicyContext(c)
policyContext, err := opts.global.getPolicyContext()
if err != nil {
return fmt.Errorf("Error loading trust policy: %v", err)
}

View File

@@ -16,7 +16,9 @@ import (
var gitCommit = ""
type globalOptions struct {
debug bool // Enable debug output
debug bool // Enable debug output
policyPath string // Path to a signature verification policy file
insecurePolicy bool // Use an "allow everything" signature verification policy
}
// createApp returns a cli.App to be run or tested.
@@ -44,13 +46,14 @@ func createApp() *cli.App {
Hidden: true,
},
cli.StringFlag{
Name: "policy",
Value: "",
Usage: "Path to a trust policy file",
Name: "policy",
Usage: "Path to a trust policy file",
Destination: &opts.policyPath,
},
cli.BoolFlag{
Name: "insecure-policy",
Usage: "run the tool without any policy check",
Name: "insecure-policy",
Usage: "run the tool without any policy check",
Destination: &opts.insecurePolicy,
},
cli.StringFlag{
Name: "registries.d",
@@ -74,7 +77,7 @@ func createApp() *cli.App {
}
app.Before = opts.before
app.Commands = []cli.Command{
copyCmd(),
copyCmd(&opts),
inspectCmd(),
layersCmd(),
deleteCmd(),
@@ -107,17 +110,16 @@ func main() {
}
}
// getPolicyContext handles the global "policy" flag.
func getPolicyContext(c *cli.Context) (*signature.PolicyContext, error) {
policyPath := c.GlobalString("policy")
var policy *signature.Policy // This could be cached across calls, if we had an application context.
// getPolicyContext returns a *signature.PolicyContext based on opts.
func (opts *globalOptions) getPolicyContext() (*signature.PolicyContext, error) {
var policy *signature.Policy // This could be cached across calls in opts.
var err error
if c.GlobalBool("insecure-policy") {
if opts.insecurePolicy {
policy = &signature.Policy{Default: []signature.PolicyRequirement{signature.NewPRInsecureAcceptAnything()}}
} else if policyPath == "" {
} else if opts.policyPath == "" {
policy, err = signature.DefaultPolicy(nil)
} else {
policy, err = signature.NewPolicyFromFile(policyPath)
policy, err = signature.NewPolicyFromFile(opts.policyPath)
}
if err != nil {
return nil, err