mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-25 11:46:43 +01:00
fix cosign conflict error on landing data (#16228)
Cosign client will generate the same signature to the same manifest, ignore the conflict error in middleware Signed-off-by: Wang Yan <wangyan@vmware.com>
This commit is contained in:
parent
01c6f6084b
commit
0b4f98074e
@ -1,12 +1,14 @@
|
|||||||
package cosign
|
package cosign
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/docker/distribution/reference"
|
"github.com/docker/distribution/reference"
|
||||||
"github.com/goharbor/harbor/src/controller/artifact"
|
"github.com/goharbor/harbor/src/controller/artifact"
|
||||||
"github.com/goharbor/harbor/src/lib"
|
"github.com/goharbor/harbor/src/lib"
|
||||||
"github.com/goharbor/harbor/src/lib/errors"
|
"github.com/goharbor/harbor/src/lib/errors"
|
||||||
"github.com/goharbor/harbor/src/lib/log"
|
"github.com/goharbor/harbor/src/lib/log"
|
||||||
|
"github.com/goharbor/harbor/src/lib/orm"
|
||||||
"github.com/goharbor/harbor/src/pkg/accessory"
|
"github.com/goharbor/harbor/src/pkg/accessory"
|
||||||
"github.com/goharbor/harbor/src/pkg/accessory/model"
|
"github.com/goharbor/harbor/src/pkg/accessory/model"
|
||||||
"github.com/goharbor/harbor/src/pkg/distribution"
|
"github.com/goharbor/harbor/src/pkg/distribution"
|
||||||
@ -104,16 +106,20 @@ func CosignSignatureMiddleware() func(http.Handler) http.Handler {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = accessory.Mgr.Create(ctx, model.AccessoryData{
|
if err := orm.WithTransaction(func(ctx context.Context) error {
|
||||||
ArtifactID: art.ID,
|
_, err := accessory.Mgr.Create(ctx, model.AccessoryData{
|
||||||
SubArtifactID: subjectArt.ID,
|
ArtifactID: art.ID,
|
||||||
Size: desc.Size,
|
SubArtifactID: subjectArt.ID,
|
||||||
Digest: desc.Digest.String(),
|
Size: desc.Size,
|
||||||
Type: model.TypeCosignSignature,
|
Digest: desc.Digest.String(),
|
||||||
})
|
Type: model.TypeCosignSignature,
|
||||||
if err != nil {
|
})
|
||||||
logger.Errorf("failed to get cosign signature artifact: %s, error: %v", desc.Digest.String(), err)
|
|
||||||
return err
|
return err
|
||||||
|
})(orm.SetTransactionOpNameToContext(ctx, "tx-create-cosign-accessory")); err != nil {
|
||||||
|
if !errors.IsConflictErr(err) {
|
||||||
|
logger.Errorf("failed to create cosign signature artifact: %s, error: %v", desc.Digest.String(), err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -7,6 +7,7 @@ import (
|
|||||||
"github.com/goharbor/harbor/src/lib/q"
|
"github.com/goharbor/harbor/src/lib/q"
|
||||||
"github.com/goharbor/harbor/src/pkg/accessory"
|
"github.com/goharbor/harbor/src/pkg/accessory"
|
||||||
"github.com/goharbor/harbor/src/pkg/accessory/model"
|
"github.com/goharbor/harbor/src/pkg/accessory/model"
|
||||||
|
accessorymodel "github.com/goharbor/harbor/src/pkg/accessory/model"
|
||||||
"github.com/goharbor/harbor/src/pkg/artifact"
|
"github.com/goharbor/harbor/src/pkg/artifact"
|
||||||
"github.com/goharbor/harbor/src/pkg/distribution"
|
"github.com/goharbor/harbor/src/pkg/distribution"
|
||||||
htesting "github.com/goharbor/harbor/src/testing"
|
htesting "github.com/goharbor/harbor/src/testing"
|
||||||
@ -81,6 +82,44 @@ func (suite *MiddlewareTestSuite) addArt(pid, repositoryID int64, repositoryName
|
|||||||
return afid
|
return afid
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (suite *MiddlewareTestSuite) addArtAcc(pid, repositoryID int64, repositoryName, dgt, accdgt string) int64 {
|
||||||
|
subaf := &artifact.Artifact{
|
||||||
|
Type: "Docker-Image",
|
||||||
|
ProjectID: pid,
|
||||||
|
RepositoryID: repositoryID,
|
||||||
|
RepositoryName: repositoryName,
|
||||||
|
Digest: dgt,
|
||||||
|
Size: 1024,
|
||||||
|
PushTime: time.Now(),
|
||||||
|
PullTime: time.Now(),
|
||||||
|
}
|
||||||
|
subafid, err := artifact.Mgr.Create(suite.Context(), subaf)
|
||||||
|
suite.Nil(err, fmt.Sprintf("Add artifact failed for %d", repositoryID))
|
||||||
|
|
||||||
|
af := &artifact.Artifact{
|
||||||
|
Type: "Cosign",
|
||||||
|
ProjectID: pid,
|
||||||
|
RepositoryID: repositoryID,
|
||||||
|
RepositoryName: repositoryName,
|
||||||
|
Digest: accdgt,
|
||||||
|
Size: 1024,
|
||||||
|
PushTime: time.Now(),
|
||||||
|
PullTime: time.Now(),
|
||||||
|
}
|
||||||
|
afid, err := artifact.Mgr.Create(suite.Context(), af)
|
||||||
|
suite.Nil(err, fmt.Sprintf("Add artifact failed for %d", repositoryID))
|
||||||
|
|
||||||
|
accid, err := accessory.Mgr.Create(suite.Context(), accessorymodel.AccessoryData{
|
||||||
|
ID: 1,
|
||||||
|
ArtifactID: afid,
|
||||||
|
SubArtifactID: subafid,
|
||||||
|
Digest: accdgt,
|
||||||
|
Type: accessorymodel.TypeCosignSignature,
|
||||||
|
})
|
||||||
|
suite.Nil(err, fmt.Sprintf("Add artifact accesspry failed for %d", repositoryID))
|
||||||
|
return accid
|
||||||
|
}
|
||||||
|
|
||||||
func (suite *MiddlewareTestSuite) TestCosignSignature() {
|
func (suite *MiddlewareTestSuite) TestCosignSignature() {
|
||||||
suite.WithProject(func(projectID int64, projectName string) {
|
suite.WithProject(func(projectID int64, projectName string) {
|
||||||
name := fmt.Sprintf("%s/hello-world", projectName)
|
name := fmt.Sprintf("%s/hello-world", projectName)
|
||||||
@ -112,6 +151,34 @@ func (suite *MiddlewareTestSuite) TestCosignSignature() {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (suite *MiddlewareTestSuite) TestCosignSignatureDup() {
|
||||||
|
suite.WithProject(func(projectID int64, projectName string) {
|
||||||
|
name := fmt.Sprintf("%s/hello-world", projectName)
|
||||||
|
subArtDigest := suite.DigestString()
|
||||||
|
ref := fmt.Sprintf("%s.sig", strings.ReplaceAll(subArtDigest, "sha256:", "sha256-"))
|
||||||
|
_, descriptor, req := suite.prepare(name, ref)
|
||||||
|
|
||||||
|
_, repoId, err := repository.Ctl.Ensure(suite.Context(), name)
|
||||||
|
suite.Nil(err)
|
||||||
|
accID := suite.addArtAcc(projectID, repoId, name, subArtDigest, descriptor.Digest.String())
|
||||||
|
|
||||||
|
res := httptest.NewRecorder()
|
||||||
|
next := suite.NextHandler(http.StatusCreated, map[string]string{"Docker-Content-Digest": descriptor.Digest.String()})
|
||||||
|
CosignSignatureMiddleware()(next).ServeHTTP(res, req)
|
||||||
|
suite.Equal(http.StatusCreated, res.Code)
|
||||||
|
|
||||||
|
accs, err := accessory.Mgr.List(suite.Context(), &q.Query{
|
||||||
|
Keywords: map[string]interface{}{
|
||||||
|
"ID": accID,
|
||||||
|
},
|
||||||
|
})
|
||||||
|
suite.Equal(1, len(accs))
|
||||||
|
suite.Equal(descriptor.Digest.String(), accs[0].GetData().Digest)
|
||||||
|
suite.True(accs[0].IsHard())
|
||||||
|
suite.Equal(model.TypeCosignSignature, accs[0].GetData().Type)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func (suite *MiddlewareTestSuite) TestMatchManifestURLPattern() {
|
func (suite *MiddlewareTestSuite) TestMatchManifestURLPattern() {
|
||||||
_, _, ok := matchCosignSignaturePattern("/v2/library/hello-world/manifests/.Invalid")
|
_, _, ok := matchCosignSignaturePattern("/v2/library/hello-world/manifests/.Invalid")
|
||||||
suite.False(ok)
|
suite.False(ok)
|
||||||
|
Loading…
Reference in New Issue
Block a user