diff --git a/Atomic/trust.py b/Atomic/trust.py index 1df154f..e3d639b 100644 --- a/Atomic/trust.py +++ b/Atomic/trust.py @@ -117,7 +117,8 @@ class Trust(Atomic): if not "y" in confirm.lower(): exit(0) else: - policy={"transports":{sstype:{}}} + policy = self.default_policy_file + policy["transports"][sstype] = {} payload = [] for k in pubkeys: @@ -347,19 +348,25 @@ class Trust(Atomic): return True def _get_policy(self): - policy = None + policy = self.default_policy_file mode = "r+" if os.path.exists(self.policy_filename) else "w+" with open(self.policy_filename, mode) as policy_file: if mode == "r+": policy = json.load(policy_file) else: - policy={ "default": [{ "type": "insecureAcceptAnything" }] } policy_file.seek(0) json.dump(policy, policy_file, indent=4) policy_file.truncate() return policy + @property + def default_policy_file(self): + ''' + Return default policy file + ''' + return { "default": [{ "type": "insecureAcceptAnything" }], "transports": { "docker-daemon": { "": [{ "type": "insecureAcceptAnything" }]}}} + def show_json(self, policy=None): if not policy: policy=self._get_policy() diff --git a/Atomic/util.py b/Atomic/util.py index 293c18c..4dde585 100644 --- a/Atomic/util.py +++ b/Atomic/util.py @@ -741,11 +741,9 @@ def is_valid_image_uri(uri, qualifying=None): :return: parsed URI ''' try: - import urllib2 - urlparse = urllib2.urlparse.urlparse + from urlparse import urlparse #pylint: disable=import-error except ImportError: - import urllib.parse - urlparse = urllib.parse.urlparse # pylint: disable=E1101 + from urllib.parse import urlparse #pylint: disable=no-name-in-module,import-error min_attributes = ('scheme', 'netloc') qualifying = min_attributes if qualifying is None else qualifying # does it parse? diff --git a/requirements.txt b/requirements.txt index 035304c..522309c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,3 +7,4 @@ gi xattr python-dateutil PyYAML +urllib3 diff --git a/tests/unit/fixtures/default_policy.json b/tests/unit/fixtures/default_policy.json index bb26e57..1dcc3db 100644 --- a/tests/unit/fixtures/default_policy.json +++ b/tests/unit/fixtures/default_policy.json @@ -3,5 +3,14 @@ { "type": "insecureAcceptAnything" } - ] + ], + "transports": { + "docker-daemon": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + } + } } diff --git a/tests/unit/fixtures/etc/containers/policy.json b/tests/unit/fixtures/etc/containers/policy.json index bb26e57..1dcc3db 100644 --- a/tests/unit/fixtures/etc/containers/policy.json +++ b/tests/unit/fixtures/etc/containers/policy.json @@ -3,5 +3,14 @@ { "type": "insecureAcceptAnything" } - ] + ], + "transports": { + "docker-daemon": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + } + } } diff --git a/tests/unit/test_trust.py b/tests/unit/test_trust.py index b83a4d4..88a847f 100644 --- a/tests/unit/test_trust.py +++ b/tests/unit/test_trust.py @@ -45,8 +45,8 @@ class TestAtomicTrust(unittest.TestCase): with open(os.path.join(FIXTURE_DIR, "default_policy.json"), 'r') as default: policy_default = json.load(default) policy_default = testobj.check_policy(policy_default, "docker") - policy_expected = {"default": [{"type": "insecureAcceptAnything" }], "transports": {"docker": {}}} - self.assertEqual(policy_default, policy_expected) + policy_expected = {"default": [{"type": "insecureAcceptAnything" }], "transports": {"docker": {}, "docker-daemon": {"": [{"type": "insecureAcceptAnything"}]}}} + self.assertDictEqual(policy_default, policy_expected) def test_new_registry_sigstore(self): testobj = Trust(policy_filename = TEST_POLICY)