Skip to content

Commit

Permalink
fixes 19048
Browse files Browse the repository at this point in the history
fixes #19048
Skip the policy checking when to pull the notation signature

Signed-off-by: wang yan <[email protected]>
  • Loading branch information
wy65701436 committed Jul 28, 2023
1 parent 84a1317 commit f170866
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/server/middleware/util/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func SkipPolicyChecking(r *http.Request, projectID, artID int64) (bool, error) {

// 1, scanner pull access can bypass.
// 2, cosign/notation pull can bypass, it needs to pull the manifest before pushing the signature.
// 3, pull cosign signature can bypass.
// 3, pull cosign/notation signature can bypass.
if ok && secCtx.Name() == "v2token" {
if secCtx.Can(r.Context(), rbac.ActionScannerPull, project.NewNamespace(projectID).Resource(rbac.ResourceRepository)) ||
(secCtx.Can(r.Context(), rbac.ActionPush, project.NewNamespace(projectID).Resource(rbac.ResourceRepository)) &&
Expand All @@ -79,7 +79,7 @@ func SkipPolicyChecking(r *http.Request, projectID, artID int64) (bool, error) {
if err != nil {
return false, err
}
if len(accs) > 0 && accs[0].GetData().Type == model.TypeCosignSignature {
if len(accs) > 0 && (accs[0].GetData().Type == model.TypeCosignSignature || accs[0].GetData().Type == model.TypeNotationSignature) {
return true, nil
}

Expand Down

0 comments on commit f170866

Please sign in to comment.