Logger should only be logged if the truststores and identities are present.

jagpreetstamber · jagpreetstamber · commit f22fed47563b · 2024-03-15T10:09:54.000-04:00
Signed-off-by: Jagpreet Singh Tamber &lt;jagpreetstamber@gmail.com&gt;
diff --git a/internal/oci/notation/notation.go b/internal/oci/notation/notation.go
@@ -193,14 +193,16 @@ func NewNotationVerifier(opts ...Options) (*NotationVerifier, error) {
 // SignatureVerification.VerificationLevel is set to trustpolicy.LevelSkip.Name.
 // If it is, it logs a warning message and removes the trust stores and trusted identities for that trust policy statement.
 // Finally, it returns the modified trustPolicy.
-func cleanTrustPolicy(trustPolicy *trustpolicy.Document, logger logr.Logger) *trustpolicy.Document {
+func CleanTrustPolicy(trustPolicy *trustpolicy.Document, logger logr.Logger) *trustpolicy.Document {
 	if trustPolicy == nil {
 		return nil
 	}
 
 	for i, j := range trustPolicy.TrustPolicies {
 		if j.SignatureVerification.VerificationLevel == trustpolicy.LevelSkip.Name {
-			logger.Info(fmt.Sprintf("warning: trust policy statement '%s' is set to skip signature verification but configured with trust stores and/or trusted identities. Removing trust stores and trusted identities", j.Name))
+			if len(j.TrustStores) > 0 || len(j.TrustedIdentities) > 0 {
+				logger.Info(fmt.Sprintf("warning: trust policy statement '%s' is set to skip signature verification but configured with trust stores and/or trusted identities. Removing trust stores and trusted identities", j.Name))
+			}
 			trustPolicy.TrustPolicies[i].TrustStores = []string{}
 			trustPolicy.TrustPolicies[i].TrustedIdentities = []string{}
 		}
