Skip to content

Commit

Permalink
fix signer name (#19001)
Browse files Browse the repository at this point in the history
Append the signer name to the error message which will be returned by the client

Signed-off-by: wang yan <wangyan@vmware.com>
  • Loading branch information
wy65701436 authored Jul 25, 2023
1 parent c25a7ca commit db82d6e
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 6 deletions.
12 changes: 8 additions & 4 deletions src/server/middleware/contenttrust/contentrust.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,17 @@ func ContentTrust() func(http.Handler) http.Handler {
// If signature policy enabled, it has to at least have one signature.
if pro.ContentTrustCosignEnabled() {
if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeCosignSignature); err != nil {
if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by cosign.")
}
return err
}
}
if pro.ContentTrustEnabled() {
if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeNotationSignature); err != nil {
if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by notation.")
}
return err
}
}
Expand Down Expand Up @@ -78,8 +84,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
}

if len(art.Accessories) == 0 {
pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
return pkgE
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
}

var hasSignature bool
Expand All @@ -90,8 +95,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
}
}
if !hasSignature {
pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
return pkgE
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
}

return nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ def testProjectLevelPolicyContentTrust(self):
restart_process("containerd")
restart_process("dockerd")
time.sleep(30)
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed")
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed by cosign")

if __name__ == '__main__':
unittest.main()
Expand Down
2 changes: 1 addition & 1 deletion tests/robot-cases/Group1-Nightly/Common.robot
Original file line number Diff line number Diff line change
Expand Up @@ -773,7 +773,7 @@ Test Case - Cosign And Cosign Deployment Security Policy
Go Into Project project${d}
Go Into Repo project${d} ${image}
Should Not Be Signed By Cosign ${tag}
Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed.
Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed by cosign.
Cosign Generate Key Pair
Cosign Verify ${ip}/project${d}/${image}:${tag} ${false}

Expand Down

0 comments on commit db82d6e

Please sign in to comment.