Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-22 02:05:41 +01:00
Code Issues Projects Releases Wiki Activity

fix signer name (#19001)

Browse Source 
Append the signer name to the error message which will be returned by the client

Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
Wang Yan 2023-07-25 21:30:32 +08:00 committed by GitHub
parent c25a7ca68d
commit db82d6e082
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/server/middleware/contenttrust/contentrust.go
View File

@ -46,11 +46,17 @@ func ContentTrust() func(http.Handler) http.Handler {
// If signature policy enabled, it has to at least have one signature. // If signature policy enabled, it has to at least have one signature.
if pro.ContentTrustCosignEnabled() { if pro.ContentTrustCosignEnabled() {
if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeCosignSignature); err != nil { if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeCosignSignature); err != nil {
if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by cosign.")
}
return err return err
} }
} }
if pro.ContentTrustEnabled() { if pro.ContentTrustEnabled() {
if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeNotationSignature); err != nil { if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeNotationSignature); err != nil {
if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by notation.")
}
return err return err
} }
} }
@ -78,8 +84,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
} }
if len(art.Accessories) == 0 { if len(art.Accessories) == 0 {
pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.") return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
return pkgE
} }
var hasSignature bool var hasSignature bool
@ -90,8 +95,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
} }
} }
if !hasSignature { if !hasSignature {
pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.") return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
return pkgE
} }
return nil return nil

2
tests/apitests/python/test_project_level_policy_content_trust.py
View File

@ -84,7 +84,7 @@ class TestProjects(unittest.TestCase):
restart_process("containerd") restart_process("containerd")
restart_process("dockerd") restart_process("dockerd")
time.sleep(30) time.sleep(30)
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed") pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed by cosign")
if __name__ == '__main__': if __name__ == '__main__':
unittest.main() unittest.main()

2
tests/robot-cases/Group1-Nightly/Common.robot
View File

@ -773,7 +773,7 @@ Test Case - Cosign And Cosign Deployment Security Policy
Go Into Project project${d} Go Into Project project${d}
Go Into Repo project${d} ${image} Go Into Repo project${d} ${image}
Should Not Be Signed By Cosign ${tag} Should Not Be Signed By Cosign ${tag}
Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed. Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed by cosign.
Cosign Generate Key Pair Cosign Generate Key Pair
Cosign Verify ${ip}/project${d}/${image}:${tag} ${false} Cosign Verify ${ip}/project${d}/${image}:${tag} ${false}