From 83bf0e45174cb8b8d23a2322fcf63735fb7c7151 Mon Sep 17 00:00:00 2001 From: wang yan Date: Tue, 25 Jul 2023 14:34:52 +0800 Subject: [PATCH] fix signer name Append the signer name to the error message which will be returned by the client Signed-off-by: wang yan --- src/server/middleware/contenttrust/contentrust.go | 10 ++++------ .../python/test_project_level_policy_content_trust.py | 2 +- tests/robot-cases/Group1-Nightly/Common.robot | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/server/middleware/contenttrust/contentrust.go b/src/server/middleware/contenttrust/contentrust.go index 28003dbc9303..e1e19cc33a21 100644 --- a/src/server/middleware/contenttrust/contentrust.go +++ b/src/server/middleware/contenttrust/contentrust.go @@ -46,12 +46,12 @@ func ContentTrust() func(http.Handler) http.Handler { // If signature policy enabled, it has to at least have one signature. if pro.ContentTrustCosignEnabled() { if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeCosignSignature); err != nil { - return err + return errors.New(err).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by cosign.") } } if pro.ContentTrustEnabled() { if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeNotationSignature); err != nil { - return err + return errors.New(err).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by notation.") } } return nil @@ -78,8 +78,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo } if len(art.Accessories) == 0 { - pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.") - return pkgE + return errors.New("no signature") } var hasSignature bool @@ -90,8 +89,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo } } if !hasSignature { - pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.") - return pkgE + return errors.New("no signature") } return nil diff --git a/tests/apitests/python/test_project_level_policy_content_trust.py b/tests/apitests/python/test_project_level_policy_content_trust.py index 002741e04c00..5e174de5ba56 100644 --- a/tests/apitests/python/test_project_level_policy_content_trust.py +++ b/tests/apitests/python/test_project_level_policy_content_trust.py @@ -84,7 +84,7 @@ def testProjectLevelPolicyContentTrust(self): restart_process("containerd") restart_process("dockerd") time.sleep(30) - pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed") + pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed by cosign") if __name__ == '__main__': unittest.main() diff --git a/tests/robot-cases/Group1-Nightly/Common.robot b/tests/robot-cases/Group1-Nightly/Common.robot index 50de09214caf..e892b211e0b4 100644 --- a/tests/robot-cases/Group1-Nightly/Common.robot +++ b/tests/robot-cases/Group1-Nightly/Common.robot @@ -773,7 +773,7 @@ Test Case - Cosign And Cosign Deployment Security Policy Go Into Project project${d} Go Into Repo project${d} ${image} Should Not Be Signed By Cosign ${tag} - Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed. + Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed by cosign. Cosign Generate Key Pair Cosign Verify ${ip}/project${d}/${image}:${tag} ${false}