Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix signer name #19001

Merged
merged 1 commit into from
Jul 25, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions src/server/middleware/contenttrust/contentrust.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,17 @@ func ContentTrust() func(http.Handler) http.Handler {
// If signature policy enabled, it has to at least have one signature.
if pro.ContentTrustCosignEnabled() {
if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeCosignSignature); err != nil {
if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by cosign.")
}
return err
}
}
if pro.ContentTrustEnabled() {
if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeNotationSignature); err != nil {
if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by notation.")
}
return err
}
}
Expand Down Expand Up @@ -78,8 +84,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
}

if len(art.Accessories) == 0 {
pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
return pkgE
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
}

var hasSignature bool
Expand All @@ -90,8 +95,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
}
}
if !hasSignature {
pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
return pkgE
return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
}

return nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ def testProjectLevelPolicyContentTrust(self):
restart_process("containerd")
restart_process("dockerd")
time.sleep(30)
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed")
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed by cosign")

if __name__ == '__main__':
unittest.main()
Expand Down
2 changes: 1 addition & 1 deletion tests/robot-cases/Group1-Nightly/Common.robot
Original file line number Diff line number Diff line change
Expand Up @@ -773,7 +773,7 @@ Test Case - Cosign And Cosign Deployment Security Policy
Go Into Project project${d}
Go Into Repo project${d} ${image}
Should Not Be Signed By Cosign ${tag}
Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed.
Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed by cosign.
Cosign Generate Key Pair
Cosign Verify ${ip}/project${d}/${image}:${tag} ${false}

Expand Down