Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable notary v2 policy checker #18927

Merged
merged 1 commit into from
Jul 14, 2023
Merged

enable notary v2 policy checker #18927

merged 1 commit into from
Jul 14, 2023

Conversation

wy65701436
Copy link
Contributor

@wy65701436 wy65701436 commented Jul 13, 2023
edited
Loading

add notary v2 pull policy, when it enables, the artifact cannot be pull without the notation signature.

Thank you for contributing to Harbor!

Comprehensive Summary of your change

Issue being fixed

Fixes #(issue)

Please indicate you've done the following:

  • Well Written Title and Summary of the PR
  • Label the PR as needed. "release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation"
  • Accepted the DCO. Commits without the DCO will delay acceptance.
  • Made sure tests are passing and test coverage is added if needed.
  • Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

@wy65701436 wy65701436 requested a review from a team as a code owner July 13, 2023 07:16
@codecov
Copy link

codecov bot commented Jul 13, 2023
edited
Loading

Codecov Report

Merging #18927 (ac6f07f) into main (5cce621) will increase coverage by 3.16%.
The diff coverage is 75.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #18927      +/-   ##
==========================================
+ Coverage   67.40%   70.57%   +3.16%     
==========================================
  Files         986      750     -236     
  Lines      107983    94816   -13167     
  Branches     2698        0    -2698     
==========================================
- Hits        72786    66912    -5874     
+ Misses      31300    24299    -7001     
+ Partials     3897     3605     -292
Flag Coverage Δ
unittests 70.57% <75.00%> (+3.16%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/server/registry/route.go 0.00% <0.00%> (ø)
src/server/middleware/contenttrust/contentrust.go 81.13% <76.47%> (ø)
src/server/middleware/util/util.go 92.85% <100.00%> (+0.35%) ⬆️

... and 239 files with indirect coverage changes

@wy65701436 wy65701436 force-pushed the notaryv2 branch 3 times, most recently from 958b985 to 7567e68 Compare July 13, 2023 09:17
zyyw
zyyw reviewed Jul 14, 2023
View reviewed changes
src/server/middleware/contenttrust/contentrust.go Outdated
@@ -44,42 +43,56 @@ func Cosign() func(http.Handler) http.Handler {
return err
}

// If cosign policy enabled, it has to at least have one cosign signature.
// If signature policy enabled, it has to at least have one cosign signature.
Copy link
Contributor

@zyyw zyyw Jul 14, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"If signature policy enabled, it has to at least have one cosign signature. "

The cosign signature statement here in the comment seems to be not correct/accurate.

@wy65701436
enable notary v2 policy checker
ac6f07f 
add notary v2 pull policy, when it enables, the artifact cannot be pull without the notation signature.

Signed-off-by: wang yan <wangyan@vmware.com>
zyyw
zyyw approved these changes Jul 14, 2023
View reviewed changes
Copy link
Contributor

@zyyw zyyw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

chlins
chlins approved these changes Jul 14, 2023
View reviewed changes
Copy link
Member

@chlins chlins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@wy65701436 wy65701436 merged commit ff2b99d into goharbor:main Jul 14, 2023
18 checks passed
AllForNothing pushed a commit to AllForNothing/harbor that referenced this pull request Jul 19, 2023
Add Notation UI for deployment security
9b2b4ad 
1. for goharbor#18927

Signed-off-by: AllForNothing <sshijun@vmware.com>
AllForNothing pushed a commit to AllForNothing/harbor that referenced this pull request Jul 19, 2023
Add Notation UI for deployment security
4defd2e 
1. for goharbor#18927

Signed-off-by: AllForNothing <sshijun@vmware.com>
@AllForNothing AllForNothing mentioned this pull request Jul 19, 2023
Merged
5 tasks
AllForNothing pushed a commit to AllForNothing/harbor that referenced this pull request Jul 19, 2023
Add Notation UI for deployment security
92b7cc6 
1. for goharbor#18927

Signed-off-by: AllForNothing <sshijun@vmware.com>
AllForNothing added a commit that referenced this pull request Jul 19, 2023
@AllForNothing
Add Notation UI for deployment security (#18952)
79e8c39 
1. for #18927

Signed-off-by: AllForNothing <sshijun@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zyyw zyyw zyyw approved these changes

@chlins chlins chlins approved these changes

Assignees

@Vad1mo Vad1mo

@chlins chlins

@MinerYang MinerYang

Labels
release-note/new-feature New Harbor Feature target/2.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@wy65701436 @zyyw @chlins @Vad1mo @MinerYang