mirror of
https://github.com/goharbor/harbor
synced 2024-09-20 21:44:15 +00:00
fixes 19043 (#19054)
fixes #19043 Skip the policy checking when to pull the notation signature Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
parent
638c26c41a
commit
bef4ccc782
|
@ -64,7 +64,7 @@ func SkipPolicyChecking(r *http.Request, projectID, artID int64) (bool, error) {
|
||||||
|
|
||||||
// 1, scanner pull access can bypass.
|
// 1, scanner pull access can bypass.
|
||||||
// 2, cosign/notation pull can bypass, it needs to pull the manifest before pushing the signature.
|
// 2, cosign/notation pull can bypass, it needs to pull the manifest before pushing the signature.
|
||||||
// 3, pull cosign signature can bypass.
|
// 3, pull cosign/notation signature can bypass.
|
||||||
if ok && secCtx.Name() == "v2token" {
|
if ok && secCtx.Name() == "v2token" {
|
||||||
if secCtx.Can(r.Context(), rbac.ActionScannerPull, project.NewNamespace(projectID).Resource(rbac.ResourceRepository)) ||
|
if secCtx.Can(r.Context(), rbac.ActionScannerPull, project.NewNamespace(projectID).Resource(rbac.ResourceRepository)) ||
|
||||||
(secCtx.Can(r.Context(), rbac.ActionPush, project.NewNamespace(projectID).Resource(rbac.ResourceRepository)) &&
|
(secCtx.Can(r.Context(), rbac.ActionPush, project.NewNamespace(projectID).Resource(rbac.ResourceRepository)) &&
|
||||||
|
@ -79,7 +79,7 @@ func SkipPolicyChecking(r *http.Request, projectID, artID int64) (bool, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
if len(accs) > 0 && accs[0].GetData().Type == model.TypeCosignSignature {
|
if len(accs) > 0 && (accs[0].GetData().Type == model.TypeCosignSignature || accs[0].GetData().Type == model.TypeNotationSignature) {
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user