upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor synced 2025-04-15 10:14:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixes 19043 (#19054)

Browse Source 
fixes #19043
Skip the policy checking when to pull the notation signature

Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
Wang Yan 2023-07-31 15:11:21 +08:00 committed by GitHub
parent 638c26c41a
commit bef4ccc782
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/server/middleware/util/util.go
View File

@ -64,7 +64,7 @@ func SkipPolicyChecking(r *http.Request, projectID, artID int64) (bool, error) {
// 1, scanner pull access can bypass.
// 2, cosign/notation pull can bypass, it needs to pull the manifest before pushing the signature.
// 3, pull cosign signature can bypass.
// 3, pull cosign/notation signature can bypass.
if ok && secCtx.Name() == "v2token" {
if secCtx.Can(r.Context(), rbac.ActionScannerPull, project.NewNamespace(projectID).Resource(rbac.ResourceRepository)) ||
(secCtx.Can(r.Context(), rbac.ActionPush, project.NewNamespace(projectID).Resource(rbac.ResourceRepository)) &&
@ -79,7 +79,7 @@ func SkipPolicyChecking(r *http.Request, projectID, artID int64) (bool, error) {
if err != nil {
return false, err
}
if len(accs) > 0 && accs[0].GetData().Type == model.TypeCosignSignature {
if len(accs) > 0 && (accs[0].GetData().Type == model.TypeCosignSignature || accs[0].GetData().Type == model.TypeNotationSignature) {
return true, nil
}