cri-o/vendor/github.com/containers/image/signature/policy_eval_simple.go

// Policy evaluation for the various simple PolicyRequirement types.

package signature

import (
	"fmt"

	"github.com/containers/image/transports"
	"github.com/containers/image/types"
)

func (pr *prInsecureAcceptAnything) isSignatureAuthorAccepted(image types.UnparsedImage, sig []byte) (signatureAcceptanceResult, *Signature, error) {
	// prInsecureAcceptAnything semantics: Every image is allowed to run,
	// but this does not consider the signature as verified.
	return sarUnknown, nil, nil
}

func (pr *prInsecureAcceptAnything) isRunningImageAllowed(image types.UnparsedImage) (bool, error) {
	return true, nil
}

func (pr *prReject) isSignatureAuthorAccepted(image types.UnparsedImage, sig []byte) (signatureAcceptanceResult, *Signature, error) {
	return sarRejected, nil, PolicyRequirementError(fmt.Sprintf("Any signatures for image %s are rejected by policy.", transports.ImageName(image.Reference())))
}

func (pr *prReject) isRunningImageAllowed(image types.UnparsedImage) (bool, error) {
	return false, PolicyRequirementError(fmt.Sprintf("Running image %s is rejected by policy.", transports.ImageName(image.Reference())))
}
Update containers/storage and containers/image Update the versions of containers/storage and containers/image, and add new dependencies that they pull in. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2016-11-22 19:32:10 +00:00			`// Policy evaluation for the various simple PolicyRequirement types.`

			`package signature`

			`import (`
			`"fmt"`

			`"github.com/containers/image/transports"`
			`"github.com/containers/image/types"`
			`)`

			`func (pr prInsecureAcceptAnything) isSignatureAuthorAccepted(image types.UnparsedImage, sig []byte) (signatureAcceptanceResult, Signature, error) {`
			`// prInsecureAcceptAnything semantics: Every image is allowed to run,`
			`// but this does not consider the signature as verified.`
			`return sarUnknown, nil, nil`
			`}`

			`func (pr *prInsecureAcceptAnything) isRunningImageAllowed(image types.UnparsedImage) (bool, error) {`
			`return true, nil`
			`}`

			`func (pr prReject) isSignatureAuthorAccepted(image types.UnparsedImage, sig []byte) (signatureAcceptanceResult, Signature, error) {`
			`return sarRejected, nil, PolicyRequirementError(fmt.Sprintf("Any signatures for image %s are rejected by policy.", transports.ImageName(image.Reference())))`
			`}`

			`func (pr *prReject) isRunningImageAllowed(image types.UnparsedImage) (bool, error) {`
			`return false, PolicyRequirementError(fmt.Sprintf("Running image %s is rejected by policy.", transports.ImageName(image.Reference())))`
			`}`