patch default policy load error handling

Signed-off-by: Per Goncalves da Silva <pegoncal@redhat.com>

Author: Per Goncalves da Silva

catalogd/internal/source/containers_image.go

@@ -33,6 +33,8 @@ import (
 
 const ConfigDirLabel = "operators.operatorframework.io.index.configs.v1"
 
+var insecurePolicy = []byte(`{"default":[{"type":"insecureAcceptAnything"}]}`)
+
 type ContainersImageRegistry struct {
 	BaseCachePath     string
 	SourceContextFunc func(logger logr.Logger) (*types.SystemContext, error)
@@ -249,9 +251,11 @@ func resolveCanonicalRef(ctx context.Context, imgRef reference.Named, imageCtx *
 
 func loadPolicyContext(sourceContext *types.SystemContext, l logr.Logger) (*signature.PolicyContext, error) {
 	policy, err := signature.DefaultPolicy(sourceContext)
-	if os.IsNotExist(err) {
+	// TODO: there are security implications to silently moving to an insecure policy
+	// tracking issue: https://github.com/operator-framework/operator-controller/issues/1622
+	if err != nil {
 		l.Info("no default policy found, using insecure policy")
-		policy, err = signature.NewPolicyFromBytes([]byte(`{"default":[{"type":"insecureAcceptAnything"}]}`))
+		policy, err = signature.NewPolicyFromBytes(insecurePolicy)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("error loading default policy: %w", err)