fix signer name (#19001)

Append the signer name to the error message which will be returned by the client Signed-off-by: wang yan <wangyan@vmware.com>
2024-11-22 02:05:41 +01:00 · 2023-07-25 21:30:32 +08:00 · 2023-07-25 21:30:32 +08:00 · db82d6e082
commit db82d6e082
parent c25a7ca68d
3 changed files with 10 additions and 6 deletions
--- a/src/server/middleware/contenttrust/contentrust.go
+++ b/src/server/middleware/contenttrust/contentrust.go
@ -46,11 +46,17 @@ func ContentTrust() func(http.Handler) http.Handler {
 		// If signature policy enabled, it has to at least have one signature.
 		if pro.ContentTrustCosignEnabled() {
 			if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeCosignSignature); err != nil {
+				if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
+					return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by cosign.")
+				}
 				return err
 			}
 		}
 		if pro.ContentTrustEnabled() {
 			if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeNotationSignature); err != nil {
+				if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
+					return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by notation.")
+				}
 				return err
 			}
 		}
@ -78,8 +84,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
 	}

 	if len(art.Accessories) == 0 {
-		pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
-		return pkgE
+		return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
 	}

 	var hasSignature bool
@ -90,8 +95,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
 		}
 	}
 	if !hasSignature {
-		pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
-		return pkgE
+		return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
 	}

 	return nil
--- a/tests/apitests/python/test_project_level_policy_content_trust.py
+++ b/tests/apitests/python/test_project_level_policy_content_trust.py
@ -84,7 +84,7 @@ class TestProjects(unittest.TestCase):
        restart_process("containerd")
        restart_process("dockerd")
        time.sleep(30)
-        pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed")
+        pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed by cosign")

 if __name__ == '__main__':
    unittest.main()
--- a/tests/robot-cases/Group1-Nightly/Common.robot
+++ b/tests/robot-cases/Group1-Nightly/Common.robot
@ -773,7 +773,7 @@ Test Case - Cosign And Cosign Deployment Security Policy
    Go Into Project  project${d}
    Go Into Repo  project${d}  ${image}
    Should Not Be Signed By Cosign  ${tag}
-    Cannot Pull Image  ${ip}  ${user}  ${pwd}  project${d}  ${image}:${tag}  err_msg=The image is not signed.
+    Cannot Pull Image  ${ip}  ${user}  ${pwd}  project${d}  ${image}:${tag}  err_msg=The image is not signed by cosign.
    Cosign Generate Key Pair
    Cosign Verify  ${ip}/project${d}/${image}:${tag}  ${false}