update default trust policy file

Signed-off-by: Aaron Weitekamp <aweiteka@redhat.com>

Closes: #822
Approved by: rhatdan

Atomic/trust.py

@@ -117,7 +117,8 @@ class Trust(Atomic):
                         if not "y" in confirm.lower():
                             exit(0)
             else:
-                policy={"transports":{sstype:{}}}
+                policy = self.default_policy_file
+                policy["transports"][sstype] = {}
 
             payload = []
             for k in pubkeys:
@@ -347,19 +348,25 @@ class Trust(Atomic):
         return True
 
     def _get_policy(self):
-        policy = None
+        policy = self.default_policy_file
         mode = "r+" if os.path.exists(self.policy_filename) else "w+"
         with open(self.policy_filename, mode) as policy_file:
             if mode == "r+":
                 policy = json.load(policy_file)
             else:
-                policy={ "default": [{ "type": "insecureAcceptAnything" }] }
                 policy_file.seek(0)
                 json.dump(policy, policy_file, indent=4)
                 policy_file.truncate()
 
         return policy
 
+    @property
+    def default_policy_file(self):
+        '''
+        Return default policy file
+        '''
+        return { "default": [{ "type": "insecureAcceptAnything" }], "transports": { "docker-daemon": { "": [{ "type": "insecureAcceptAnything" }]}}}
+
     def show_json(self, policy=None):
         if not policy:
             policy=self._get_policy()

Atomic/util.py

@@ -741,11 +741,9 @@ def is_valid_image_uri(uri, qualifying=None):
     :return: parsed URI
     '''
     try:
-        import urllib2
-        urlparse = urllib2.urlparse.urlparse
+        from urlparse import urlparse #pylint: disable=import-error
     except ImportError:
-        import urllib.parse
-        urlparse = urllib.parse.urlparse # pylint: disable=E1101
+        from urllib.parse import urlparse #pylint: disable=no-name-in-module,import-error
     min_attributes = ('scheme', 'netloc')
     qualifying = min_attributes if qualifying is None else qualifying
     # does it parse?

requirements.txt

@@ -7,3 +7,4 @@ gi
 xattr
 python-dateutil
 PyYAML
+urllib3

tests/unit/fixtures/default_policy.json

@@ -3,5 +3,14 @@
         {
             "type": "insecureAcceptAnything"
         }
-    ]
+    ], 
+    "transports": {
+        "docker-daemon": {
+            "": [
+                {
+                    "type": "insecureAcceptAnything"
+                }
+            ]
+        }
+    }
 }

tests/unit/fixtures/etc/containers/policy.json

@@ -3,5 +3,14 @@
         {
             "type": "insecureAcceptAnything"
         }
-    ]
+    ], 
+    "transports": {
+        "docker-daemon": {
+            "": [
+                {
+                    "type": "insecureAcceptAnything"
+                }
+            ]
+        }
+    }
 }

tests/unit/test_trust.py

@@ -45,8 +45,8 @@ class TestAtomicTrust(unittest.TestCase):
         with open(os.path.join(FIXTURE_DIR, "default_policy.json"), 'r') as default:
             policy_default = json.load(default)
         policy_default = testobj.check_policy(policy_default, "docker")
-        policy_expected = {"default": [{"type": "insecureAcceptAnything" }], "transports": {"docker": {}}}
-        self.assertEqual(policy_default, policy_expected)
+        policy_expected = {"default": [{"type": "insecureAcceptAnything" }], "transports": {"docker": {}, "docker-daemon": {"": [{"type": "insecureAcceptAnything"}]}}}
+        self.assertDictEqual(policy_default, policy_expected)
 
     def test_new_registry_sigstore(self):
         testobj = Trust(policy_filename = TEST_POLICY)