update pull policy code (#16237)

Reduce the DB call on pulling artifact with policy disabled

Signed-off-by: Wang Yan <wangyan@vmware.com>

src/server/middleware/contenttrust/notary.go

@@ -40,13 +40,6 @@ func Notary() func(http.Handler) http.Handler {
 		if af == none {
 			return errors.New("artifactinfo middleware required before this middleware").WithCode(errors.NotFoundCode)
 		}
-		if len(af.Digest) == 0 {
-			art, err := artifact.Ctl.GetByReference(ctx, af.Repository, af.Reference, nil)
-			if err != nil {
-				return err
-			}
-			af.Digest = art.Digest
-		}
 		pro, err := project.Ctl.GetByName(ctx, af.ProjectName)
 		if err != nil {
 			return err
@@ -59,6 +52,13 @@ func Notary() func(http.Handler) http.Handler {
 		}
 
 		if pro.ContentTrustEnabled() {
+			if len(af.Digest) == 0 {
+				art, err := artifact.Ctl.GetByReference(ctx, af.Repository, af.Reference, nil)
+				if err != nil {
+					return err
+				}
+				af.Digest = art.Digest
+			}
 			match, err := isArtifactSigned(r, af)
 			if err != nil {
 				return err

src/server/middleware/contenttrust/notary_test.go

@@ -100,6 +100,7 @@ func (suite *MiddlewareTestSuite) makeRequest() *http.Request {
 
 func (suite *MiddlewareTestSuite) TestGetArtifactFailed() {
 	mock.OnAnything(suite.artifactController, "GetByReference").Return(nil, fmt.Errorf("error"))
+	mock.OnAnything(suite.projectController, "GetByName").Return(suite.project, nil)
 
 	req := suite.makeRequest()
 	rr := httptest.NewRecorder()

src/server/middleware/vulnerable/vulnerable.go

@@ -49,17 +49,9 @@ func Middleware() func(http.Handler) http.Handler {
 			return errors.New("artifactinfo middleware required before this middleware").WithCode(errors.NotFoundCode)
 		}
 
-		art, err := artifactController.GetByReference(ctx, info.Repository, info.Reference, nil)
+		proj, err := projectController.Get(ctx, info.ProjectName, project.WithEffectCVEAllowlist())
 		if err != nil {
-			if !errors.IsNotFoundErr(err) {
-				logger.Errorf("get artifact failed, error %v", err)
-			}
-			return err
-		}
-
-		proj, err := projectController.Get(ctx, art.ProjectID, project.WithEffectCVEAllowlist())
-		if err != nil {
-			logger.Errorf("get the project %d failed, error: %v", art.ProjectID, err)
+			logger.Errorf("get the project %s failed, error: %v", info.ProjectName, err)
 			return err
 		}
 
@@ -71,12 +63,19 @@ func Middleware() func(http.Handler) http.Handler {
 
 		if util.SkipPolicyChecking(r, proj.ProjectID) {
 			// the artifact is pulling by the scanner, skip the checking
-			logger.Debugf("artifact %s@%s is pulling by the scanner, skip the checking", art.RepositoryName, art.Digest)
+			logger.Debugf("artifact %s@%s is pulling by the scanner, skip the checking", info.Repository, info.Reference)
 			return nil
 		}
 
-		checker := scanChecker()
+		art, err := artifactController.GetByReference(ctx, info.Repository, info.Reference, nil)
+		if err != nil {
+			if !errors.IsNotFoundErr(err) {
+				logger.Errorf("get artifact failed, error %v", err)
+			}
+			return err
+		}
 
+		checker := scanChecker()
 		scannable, err := checker.IsScannable(ctx, art)
 		if err != nil {
 			logger.Errorf("check the scannable status of the artifact %s@%s failed, error: %v", art.RepositoryName, art.Digest, err)

src/server/middleware/vulnerable/vulnerable_test.go

@@ -132,6 +132,7 @@ func (suite *MiddlewareTestSuite) TestNoArtifactInfo() {
 
 func (suite *MiddlewareTestSuite) TestGetArtifactFailed() {
 	mock.OnAnything(suite.artifactController, "GetByReference").Return(nil, fmt.Errorf("error"))
+	mock.OnAnything(suite.projectController, "Get").Return(suite.project, nil)
 
 	req := suite.makeRequest()
 	rr := httptest.NewRecorder()