fix signer name (#19001)

Append the signer name to the error message which will be returned by the client Signed-off-by: wang yan <wangyan@vmware.com>
goharbor · Jul 25, 2023 · db82d6e · db82d6e
1 parent c25a7ca
commit db82d6e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 6 deletions.
diff --git a/src/server/middleware/contenttrust/contentrust.go b/src/server/middleware/contenttrust/contentrust.go
@@ -46,11 +46,17 @@ func ContentTrust() func(http.Handler) http.Handler {
 		// If signature policy enabled, it has to at least have one signature.
 		if pro.ContentTrustCosignEnabled() {
 			if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeCosignSignature); err != nil {
+				if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
+					return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by cosign.")
+				}
 				return err
 			}
 		}
 		if pro.ContentTrustEnabled() {
 			if err := signatureChecking(ctx, r, af, pro.ProjectID, model.TypeNotationSignature); err != nil {
+				if errors.IsErr(err, errors.PROJECTPOLICYVIOLATION) {
+					return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed by notation.")
+				}
 				return err
 			}
 		}
@@ -78,8 +84,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
 	}
 
 	if len(art.Accessories) == 0 {
-		pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
-		return pkgE
+		return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
 	}
 
 	var hasSignature bool
@@ -90,8 +95,7 @@ func signatureChecking(ctx context.Context, r *http.Request, af lib.ArtifactInfo
 		}
 	}
 	if !hasSignature {
-		pkgE := errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION).WithMessage("The image is not signed.")
-		return pkgE
+		return errors.New(nil).WithCode(errors.PROJECTPOLICYVIOLATION)
 	}
 
 	return nil

diff --git a/tests/apitests/python/test_project_level_policy_content_trust.py b/tests/apitests/python/test_project_level_policy_content_trust.py
@@ -84,7 +84,7 @@ def testProjectLevelPolicyContentTrust(self):
         restart_process("containerd")
         restart_process("dockerd")
         time.sleep(30)
-        pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed")
+        pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed by cosign")
 
 if __name__ == '__main__':
     unittest.main()

diff --git a/tests/robot-cases/Group1-Nightly/Common.robot b/tests/robot-cases/Group1-Nightly/Common.robot
@@ -773,7 +773,7 @@ Test Case - Cosign And Cosign Deployment Security Policy
     Go Into Project  project${d}
     Go Into Repo  project${d}  ${image}
     Should Not Be Signed By Cosign  ${tag}
-    Cannot Pull Image  ${ip}  ${user}  ${pwd}  project${d}  ${image}:${tag}  err_msg=The image is not signed.
+    Cannot Pull Image  ${ip}  ${user}  ${pwd}  project${d}  ${image}:${tag}  err_msg=The image is not signed by cosign.
     Cosign Generate Key Pair
     Cosign Verify  ${ip}/project${d}/${image}:${tag}  ${false}