Merge branch 'main' into Support-relativeurls-in-harbor-config

goharbor · May 5, 2024 · e791c14 · e791c14
2 parents a9a6d5c + 8431c9c
commit e791c14
Show file tree

Hide file tree

Showing 52 changed files with 404 additions and 331 deletions.
diff --git a/api/v2.0/swagger.yaml b/api/v2.0/swagger.yaml
@@ -1192,6 +1192,8 @@ paths:
           $ref: '#/responses/403'
         '404':
           $ref: '#/responses/404'
+        '422':
+          $ref: '#/responses/422'  
         '500':
           $ref: '#/responses/500'
   /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan/stop:
@@ -1223,6 +1225,8 @@ paths:
           $ref: '#/responses/403'
         '404':
           $ref: '#/responses/404'
+        '422':
+          $ref: '#/responses/422'  
         '500':
           $ref: '#/responses/500'
   /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan/{report_id}/log:
@@ -1476,6 +1480,8 @@ paths:
           $ref: '#/responses/403'
         '404':
           $ref: '#/responses/404'
+        '422':
+          $ref: '#/responses/422'
         '500':
           $ref: '#/responses/500'
   /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/labels:
@@ -4823,6 +4829,8 @@ paths:
           $ref: '#/responses/403'
         '404':
           $ref: '#/responses/404'
+        '422':
+          $ref: '#/responses/422'
         '500':
           $ref: '#/responses/500'
   /schedules:
@@ -6456,6 +6464,14 @@ responses:
         type: string
     schema:
       $ref: '#/definitions/Errors'
+  '422':
+    description: Unsupported Type
+    headers:
+      X-Request-Id:
+        description: The ID of the corresponding request for the response
+        type: string
+    schema:
+      $ref: '#/definitions/Errors'    
   '500':
     description: Internal server error
     headers:
@@ -6800,6 +6816,8 @@ definitions:
         format: int64
         description: 'Time in seconds required to create the report'
         example: 300
+      scanner:
+        $ref: '#/definitions/Scanner'
   NativeReportSummary:
     type: object
     description: 'The summary for the native report'

diff --git a/src/controller/artifact/controller.go b/src/controller/artifact/controller.go
@@ -326,12 +326,6 @@ func (c *controller) deleteDeeply(ctx context.Context, id int64, isRoot, isAcces
 		return err
 	}
 
-	if isAccessory {
-		if err := c.accessoryMgr.DeleteAccessories(ctx, q.New(q.KeyWords{"ArtifactID": art.ID, "Digest": art.Digest})); err != nil && !errors.IsErr(err, errors.NotFoundCode) {
-			return err
-		}
-	}
-
 	// the child artifact is referenced by some tags, skip
 	if !isRoot && len(art.Tags) > 0 {
 		return nil
@@ -354,6 +348,12 @@ func (c *controller) deleteDeeply(ctx context.Context, id int64, isRoot, isAcces
 		return nil
 	}
 
+	if isAccessory {
+		if err := c.accessoryMgr.DeleteAccessories(ctx, q.New(q.KeyWords{"ArtifactID": art.ID, "Digest": art.Digest})); err != nil && !errors.IsErr(err, errors.NotFoundCode) {
+			return err
+		}
+	}
+
 	// delete accessories if contains any
 	for _, acc := range art.Accessories {
 		// only hard ref accessory should be removed

diff --git a/src/controller/event/handler/internal/artifact.go b/src/controller/event/handler/internal/artifact.go
@@ -24,6 +24,7 @@ import (
 	"time"
 
 	"github.com/goharbor/harbor/src/controller/artifact"
+	"github.com/goharbor/harbor/src/controller/artifact/processor/sbom"
 	"github.com/goharbor/harbor/src/controller/event"
 	"github.com/goharbor/harbor/src/controller/event/operator"
 	"github.com/goharbor/harbor/src/controller/repository"
@@ -36,6 +37,7 @@ import (
 	"github.com/goharbor/harbor/src/pkg"
 	pkgArt "github.com/goharbor/harbor/src/pkg/artifact"
 	"github.com/goharbor/harbor/src/pkg/scan/report"
+	v1 "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
 	"github.com/goharbor/harbor/src/pkg/task"
 )
 
@@ -319,6 +321,11 @@ func (a *ArtifactEventHandler) onDelete(ctx context.Context, event *event.Artifa
 		log.Errorf("failed to delete scan reports of artifact %v, error: %v", unrefDigests, err)
 	}
 
+	if event.Artifact.Type == sbom.ArtifactTypeSBOM && len(event.Artifact.Digest) > 0 {
+		if err := reportMgr.DeleteByExtraAttr(ctx, v1.MimeTypeSBOMReport, "sbom_digest", event.Artifact.Digest); err != nil {
+			log.Errorf("failed to delete scan reports of with sbom digest %v, error: %v", event.Artifact.Digest, err)
+		}
+	}
 	return nil
 }
 

diff --git a/src/controller/event/handler/webhook/scan/scan.go b/src/controller/event/handler/webhook/scan/scan.go
@@ -21,6 +21,7 @@ import (
 	"github.com/goharbor/harbor/src/controller/artifact"
 	"github.com/goharbor/harbor/src/controller/event"
 	"github.com/goharbor/harbor/src/controller/event/handler/util"
+	eventModel "github.com/goharbor/harbor/src/controller/event/model"
 	"github.com/goharbor/harbor/src/controller/project"
 	"github.com/goharbor/harbor/src/controller/scan"
 	"github.com/goharbor/harbor/src/lib/errors"
@@ -104,6 +105,9 @@ func constructScanImagePayload(ctx context.Context, event *event.ScanImageEvent,
 				RepoFullName: event.Artifact.Repository,
 				RepoType:     repoType,
 			},
+			Scan: &eventModel.Scan{
+				ScanType: event.ScanType,
+			},
 		},
 		Operator: event.Operator,
 	}
@@ -138,17 +142,29 @@ func constructScanImagePayload(ctx context.Context, event *event.ScanImageEvent,
 		time.Sleep(500 * time.Millisecond)
 	}
 
-	// Add scan overview
-	summaries, err := scan.DefaultController.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport, v1.MimeTypeGenericVulnerabilityReport})
-	if err != nil {
-		return nil, errors.Wrap(err, "construct scan payload")
+	scanSummaries := map[string]interface{}{}
+	if event.ScanType == v1.ScanTypeVulnerability {
+		scanSummaries, err = scan.DefaultController.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport, v1.MimeTypeGenericVulnerabilityReport})
+		if err != nil {
+			return nil, errors.Wrap(err, "construct scan payload")
+		}
+	}
+
+	sbomOverview := map[string]interface{}{}
+	if event.ScanType == v1.ScanTypeSbom {
+		sbomOverview, err = scan.DefaultController.GetSummary(ctx, art, []string{v1.MimeTypeSBOMReport})
+		if err != nil {
+			return nil, errors.Wrap(err, "construct scan payload")
+		}
 	}
 
+	// Add scan overview and sbom overview
 	resource := &model.Resource{
 		Tag:          event.Artifact.Tag,
 		Digest:       event.Artifact.Digest,
 		ResourceURL:  resURL,
-		ScanOverview: summaries,
+		ScanOverview: scanSummaries,
+		SBOMOverview: sbomOverview,
 	}
 	payload.EventData.Resources = append(payload.EventData.Resources, resource)
 

diff --git a/src/controller/event/metadata/scan.go b/src/controller/event/metadata/scan.go
@@ -27,6 +27,7 @@ import (
 // ScanImageMetaData defines meta data of image scanning event
 type ScanImageMetaData struct {
 	Artifact *v1.Artifact
+	ScanType string
 	Status   string
 	Operator string
 }
@@ -55,6 +56,7 @@ func (si *ScanImageMetaData) Resolve(evt *event.Event) error {
 		Artifact:  si.Artifact,
 		OccurAt:   time.Now(),
 		Operator:  si.Operator,
+		ScanType:  si.ScanType,
 	}
 
 	evt.Topic = topic

diff --git a/src/controller/event/model/event.go b/src/controller/event/model/event.go
@@ -74,3 +74,9 @@ type RetentionRule struct {
 	// Selector attached to the rule for filtering scope (e.g: repositories or namespaces)
 	ScopeSelectors map[string][]*rule.Selector `json:"scope_selectors,omitempty"`
 }
+
+// Scan describes scan infos
+type Scan struct {
+	// ScanType the scan type
+	ScanType string `json:"scan_type,omitempty"`
+}
diff --git a/src/controller/event/topic.go b/src/controller/event/topic.go
@@ -159,7 +159,7 @@ func (p *PushArtifactEvent) ResolveToAuditLog() (*model.AuditLog, error) {
 		ResourceType: "artifact"}
 
 	if len(p.Tags) == 0 {
-		auditLog.Resource = fmt.Sprintf("%s:%s",
+		auditLog.Resource = fmt.Sprintf("%s@%s",
 			p.Artifact.RepositoryName, p.Artifact.Digest)
 	} else {
 		auditLog.Resource = fmt.Sprintf("%s:%s",
@@ -222,7 +222,7 @@ func (d *DeleteArtifactEvent) ResolveToAuditLog() (*model.AuditLog, error) {
 		Operation:    rbac.ActionDelete.String(),
 		Username:     d.Operator,
 		ResourceType: "artifact",
-		Resource:     fmt.Sprintf("%s:%s", d.Artifact.RepositoryName, d.Artifact.Digest)}
+		Resource:     fmt.Sprintf("%s@%s", d.Artifact.RepositoryName, d.Artifact.Digest)}
 	return auditLog, nil
 }
 
@@ -289,6 +289,7 @@ func (d *DeleteTagEvent) String() string {
 // ScanImageEvent is scanning image related event data to publish
 type ScanImageEvent struct {
 	EventType string
+	ScanType  string
 	Artifact  *v1.Artifact
 	OccurAt   time.Time
 	Operator  string

diff --git a/src/controller/scan/base_controller.go b/src/controller/scan/base_controller.go
@@ -751,13 +751,34 @@ func (bc *basicController) GetSBOMSummary(ctx context.Context, art *ar.Artifact,
 	reportContent := reports[0].Report
 	result := map[string]interface{}{}
 	if len(reportContent) == 0 {
-		log.Warning("no content for current report")
+		status := bc.retrieveStatusFromTask(ctx, reports[0].UUID)
+		if len(status) > 0 {
+			result[sbomModel.ReportID] = reports[0].UUID
+			result[sbomModel.ScanStatus] = status
+		}
+		log.Debug("no content for current report")
 		return result, nil
 	}
 	err = json.Unmarshal([]byte(reportContent), &result)
 	return result, err
 }
 
+// retrieve the status from task
+func (bc *basicController) retrieveStatusFromTask(ctx context.Context, reportID string) string {
+	if len(reportID) == 0 {
+		return ""
+	}
+	tasks, err := bc.taskMgr.ListScanTasksByReportUUID(ctx, reportID)
+	if err != nil {
+		log.Warningf("can not find the task with report UUID %v, error %v", reportID, err)
+		return ""
+	}
+	if len(tasks) > 0 {
+		return tasks[0].Status
+	}
+	return ""
+}
+
 // GetScanLog ...
 func (bc *basicController) GetScanLog(ctx context.Context, artifact *ar.Artifact, uuid string) ([]byte, error) {
 	if len(uuid) == 0 {

diff --git a/src/controller/scan/base_controller_test.go b/src/controller/scan/base_controller_test.go
@@ -70,9 +70,10 @@ type ControllerTestSuite struct {
 
 	tagCtl *tagtesting.FakeController
 
-	registration *scanner.Registration
-	artifact     *artifact.Artifact
-	rawReport    string
+	registration  *scanner.Registration
+	artifact      *artifact.Artifact
+	wrongArtifact *artifact.Artifact
+	rawReport     string
 
 	execMgr         *tasktesting.ExecutionManager
 	taskMgr         *tasktesting.Manager
@@ -101,6 +102,9 @@ func (suite *ControllerTestSuite) SetupSuite() {
 	suite.artifact.Digest = "digest-code"
 	suite.artifact.ManifestMediaType = v1.MimeTypeDockerArtifact
 
+	suite.wrongArtifact = &artifact.Artifact{Artifact: art.Artifact{ID: 2, ProjectID: 1}}
+	suite.wrongArtifact.Digest = "digest-wrong"
+
 	m := &v1.ScannerAdapterMetadata{
 		Scanner: &v1.Scanner{
 			Name:    "Trivy",
@@ -202,8 +206,11 @@ func (suite *ControllerTestSuite) SetupSuite() {
 			Report:           `{"sbom_digest": "sha256:1234567890", "scan_status": "Success", "duration": 3, "start_time": "2021-09-01T00:00:00Z", "end_time": "2021-09-01T00:00:03Z"}`,
 		},
 	}
+
+	emptySBOMReport := []*scan.Report{{Report: ``, UUID: "rp-uuid-004"}}
 	mgr.On("GetBy", mock.Anything, suite.artifact.Digest, suite.registration.UUID, []string{v1.MimeTypeNativeReport}).Return(reports, nil)
 	mgr.On("GetBy", mock.Anything, suite.artifact.Digest, suite.registration.UUID, []string{v1.MimeTypeSBOMReport}).Return(sbomReport, nil)
+	mgr.On("GetBy", mock.Anything, suite.wrongArtifact.Digest, suite.registration.UUID, []string{v1.MimeTypeSBOMReport}).Return(emptySBOMReport, nil)
 	mgr.On("Get", mock.Anything, "rp-uuid-001").Return(reports[0], nil)
 	mgr.On("UpdateReportData", "rp-uuid-001", suite.rawReport, (int64)(10000)).Return(nil)
 	mgr.On("UpdateStatus", "the-uuid-123", "Success", (int64)(10000)).Return(nil)
@@ -654,6 +661,12 @@ func (suite *ControllerTestSuite) TestGenerateSBOMSummary() {
 	suite.NotNil(dgst)
 	suite.Equal("Success", status)
 	suite.Equal("sha256:1234567890", dgst)
+	tasks := []*task.Task{{Status: "Error"}}
+	suite.taskMgr.On("ListScanTasksByReportUUID", mock.Anything, "rp-uuid-004").Return(tasks, nil).Once()
+	sum2, err := suite.c.GetSummary(context.TODO(), suite.wrongArtifact, []string{v1.MimeTypeSBOMReport})
+	suite.Nil(err)
+	suite.NotNil(sum2)
+
 }
 
 func TestIsSBOMMimeTypes(t *testing.T) {
@@ -683,5 +696,11 @@ func (suite *ControllerTestSuite) TestDeleteArtifactAccessories() {
 	}
 	ctx := orm.NewContext(nil, &ormtesting.FakeOrmer{})
 	suite.NoError(suite.c.deleteArtifactAccessories(ctx, reports))
+}
 
+func (suite *ControllerTestSuite) TestRetrieveStatusFromTask() {
+	tasks := []*task.Task{{Status: "Error"}}
+	suite.taskMgr.On("ListScanTasksByReportUUID", mock.Anything, "rp-uuid-004").Return(tasks, nil).Once()
+	status := suite.c.retrieveStatusFromTask(nil, "rp-uuid-004")
+	suite.Equal("Error", status)
 }
diff --git a/src/controller/scan/callback.go b/src/controller/scan/callback.go
@@ -120,6 +120,13 @@ func scanTaskStatusChange(ctx context.Context, taskID int64, status string) (err
 				if operator, ok := exec.ExtraAttrs["operator"].(string); ok {
 					e.Operator = operator
 				}
+
+				// extract ScanType if exist in ExtraAttrs
+				if c, ok := exec.ExtraAttrs["enabled_capabilities"].(map[string]interface{}); ok {
+					if Type, ok := c["type"].(string); ok {
+						e.ScanType = Type
+					}
+				}
 				// fire event
 				notification.AddEvent(ctx, e)
 			}