move cleanUpTrustpolicy call to Options func.

jagpreetstamber · jagpreetstamber · commit 7581f6983b74 · 2024-03-15T10:56:52.000-04:00
Signed-off-by: Jagpreet Singh Tamber &lt;jagpreetstamber@gmail.com&gt;
diff --git a/internal/controller/helmchart_controller.go b/internal/controller/helmchart_controller.go
@@ -1402,12 +1402,12 @@ func (r *HelmChartReconciler) makeVerifiers(ctx context.Context, obj *helmv1.Hel
 		}
 
 		defaultNotaryOciOpts := []notation.Options{
+			notation.WithLogger(ctrl.LoggerFrom(ctx)),
 			notation.WithTrustStore(&doc),
 			notation.WithRemoteOptions(verifyOpts...),
 			notation.WithAuth(clientOpts.Authenticator),
 			notation.WithKeychain(clientOpts.Keychain),
 			notation.WithInsecureRegistry(clientOpts.Insecure),
-			notation.WithLogger(ctrl.LoggerFrom(ctx)),
 		}
 
 		for k, data := range pubSecret.Data {
diff --git a/internal/controller/ocirepository_controller.go b/internal/controller/ocirepository_controller.go
@@ -730,12 +730,12 @@ func (r *OCIRepositoryReconciler) verifySignature(ctx context.Context, obj *ociv
 		verifiedResult := soci.VerificationResultFailed
 
 		defaultNotationOciOpts := []notation.Options{
+			notation.WithLogger(ctrl.LoggerFrom(ctx)),
 			notation.WithTrustStore(&doc),
 			notation.WithRemoteOptions(opt...),
 			notation.WithAuth(auth),
 			notation.WithKeychain(keychain),
 			notation.WithInsecureRegistry(obj.Spec.Insecure),
-			notation.WithLogger(ctrl.LoggerFrom(ctx)),
 		}
 
 		for k, data := range pubSecret.Data {
diff --git a/internal/oci/notation/notation.go b/internal/oci/notation/notation.go
@@ -71,7 +71,7 @@ func WithInsecureRegistry(insecure bool) Options {
 // WithTrustStore sets the trust store configuration.
 func WithTrustStore(trustStore *trustpolicy.Document) Options {
 	return func(opts *options) {
-		opts.trustPolicy = trustStore
+		opts.trustPolicy = cleanTrustPolicy(trustStore, opts.logger)
 	}
 }
 
@@ -165,7 +165,7 @@ func NewNotationVerifier(opts ...Options) (*NotationVerifier, error) {
 		cert: o.rootCertificate,
 	}
 
-	trustpolicy := cleanTrustPolicy(o.trustPolicy, o.logger)
+	trustpolicy := o.trustPolicy
 	if trustpolicy == nil {
 		return nil, fmt.Errorf("trust policy cannot be empty")
 	}

Original file line number	Diff line number	Diff line change
`@@ -1402,12 +1402,12 @@ func (r HelmChartReconciler) makeVerifiers(ctx context.Context, obj helmv1.Hel`
`1402`	`1402`	`}`
`1403`	`1403`
`1404`	`1404`	`defaultNotaryOciOpts := []notation.Options{`
	`1405`	`+ notation.WithLogger(ctrl.LoggerFrom(ctx)),`
`1405`	`1406`	`notation.WithTrustStore(&doc),`
`1406`	`1407`	`notation.WithRemoteOptions(verifyOpts...),`
`1407`	`1408`	`notation.WithAuth(clientOpts.Authenticator),`
`1408`	`1409`	`notation.WithKeychain(clientOpts.Keychain),`
`1409`	`1410`	`notation.WithInsecureRegistry(clientOpts.Insecure),`
`1410`		`- notation.WithLogger(ctrl.LoggerFrom(ctx)),`
`1411`	`1411`	`}`
`1412`	`1412`
`1413`	`1413`	`for k, data := range pubSecret.Data {`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ func WithInsecureRegistry(insecure bool) Options {`
`71`	`71`	`// WithTrustStore sets the trust store configuration.`
`72`	`72`	`func WithTrustStore(trustStore *trustpolicy.Document) Options {`
`73`	`73`	`return func(opts *options) {`
`74`		`- opts.trustPolicy = trustStore`
	`74`	`+ opts.trustPolicy = cleanTrustPolicy(trustStore, opts.logger)`
`75`	`75`	`}`
`76`	`76`	`}`
`77`	`77`
`@@ -165,7 +165,7 @@ func NewNotationVerifier(opts ...Options) (*NotationVerifier, error) {`
`165`	`165`	`cert: o.rootCertificate,`
`166`	`166`	`}`
`167`	`167`
`168`		`- trustpolicy := cleanTrustPolicy(o.trustPolicy, o.logger)`
	`168`	`+ trustpolicy := o.trustPolicy`
`169`	`169`	`if trustpolicy == nil {`
`170`	`170`	`return nil, fmt.Errorf("trust policy cannot be empty")`
`171`	`171`	`}`