Skip to content

Commit

Permalink
fix signer name
Browse files Browse the repository at this point in the history
Append the signer name to the error message which will be returned by the client

Signed-off-by: wang yan <wangyan@vmware.com>
  • Loading branch information
wy65701436 committed Jul 25, 2023
1 parent d92aca9 commit 83bf0e4
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 8 deletions.
10 changes: 4 additions & 6 deletions src/server/middleware/contenttrust/contentrust.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ func ContentTrust() func(http.Handler) http.Handler {
// If signature policy enabled, it has to at least have one signature.
if pro.ContentTrustCosignEnabled() {
if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeCosignSignature); err != nil {
return err
return errors.New(err).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by cosign.")
}
}
if pro.ContentTrustEnabled() {
if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeNotationSignature); err != nil {
return err
return errors.New(err).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by notation.")
}
}
return nil
Expand All @@ -78,8 +78,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
}

if len(art.Accessories) == 0 {
pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
return pkgE
return errors.New("no signature")
}

var hasSignature bool
Expand All @@ -90,8 +89,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
}
}
if !hasSignature {
pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
return pkgE
return errors.New("no signature")
}

return nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ def testProjectLevelPolicyContentTrust(self):
restart_process("containerd")
restart_process("dockerd")
time.sleep(30)
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed")
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed by cosign")

if __name__ == '__main__':
unittest.main()
Expand Down
2 changes: 1 addition & 1 deletion tests/robot-cases/Group1-Nightly/Common.robot
Original file line number Diff line number Diff line change
Expand Up @@ -773,7 +773,7 @@ Test Case - Cosign And Cosign Deployment Security Policy
Go Into Project project${d}
Go Into Repo project${d} ${image}
Should Not Be Signed By Cosign ${tag}
Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed.
Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed by cosign.
Cosign Generate Key Pair
Cosign Verify ${ip}/project${d}/${image}:${tag} ${false}

Expand Down

0 comments on commit 83bf0e4

Please sign in to comment.