Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

artifact_type in metrics are not relevant #20183

Open
gaglimax opened this issue Mar 28, 2024 · 4 comments
Open

artifact_type in metrics are not relevant #20183

gaglimax opened this issue Mar 28, 2024 · 4 comments
Assignees
@MinerYang
Labels
area/metrics candidate/2.12.0 kind/requirement New feature or idea on top of harbor

Comments

@gaglimax
Copy link

Hi,

For reporting needs, I want a metric that reveal the number of images in a project.
The metric I use is "harbor_project_artifact_total". This metric comes with a label named "artifact_type" to differenciate images and charts.

My issue is when we sign an image with cosign, an artifact is created with the label "artifact_type=image". So it is impossible to get the exact number of images in a project when we use cosign.

Is it possible the add a value to the label "artifact_type" to differenciate images artifacts and cosign artifacts ?
@MinerYang
Copy link
Contributor

MinerYang commented Mar 29, 2024
edited

Which harbor and cosign version/build you are using?
Current behavior is collecting artifact.type AS artifact_type from db, we do add artifact.artifact_type column in the next release(v2.11) to collect image.Manifest.ArtifactType. So if cosign is using ArtifactType for their signature manifest (adopt oci-spec 1.1), we possibly could do so to differenciate as you expected.

@gaglimax
Copy link
Author

My Harbor version is 2.10.0.
I don't know about the cosign version because my only exemple comes from a replication rule importing image and signature from a remote Harbor registry (I don't have any information about it).

Currently, in database, I have those rows :

 type  |                   media_type                   |                 manifest_media_type                  
-------+------------------------------------------------+------------------------------------------------------
 IMAGE | application/vnd.docker.container.image.v1+json | application/vnd.docker.distribution.manifest.v2+json
 IMAGE | application/vnd.oci.image.config.v1+json       | application/vnd.oci.image.manifest.v1+json

The first rows is about image artifact, the second is about the signature artifact. So if you implement a type based either on media_type or manifest_media_type, it will work indeed.

@MinerYang
Copy link
Contributor

MinerYang commented Mar 29, 2024
edited

In fact given to the above info indicates that this signature is signer by legacy cosign version that haven't support oci-spec 1.1 yet, means can not simply collecting either media_type or manifest_media_type to do differentiation. It actual type is concealed in layers for legacy cosign behavior. It needs query two tables rather than just artifact.
However, In next harbor release it can be easily achieved by using cosign --registry-referrers-mode oci-1-1signing image

@MinerYang MinerYang added the kind/requirement New feature or idea on top of harbor label Mar 29, 2024
@gaglimax
Copy link
Author

Ok thanks.
When Harbor 2.11 will be released, I will tell the editor to sign image with the oci-spec 1.1.
I will close the issue after the release if that's ok for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MinerYang MinerYang

Labels
area/metrics candidate/2.12.0 kind/requirement New feature or idea on top of harbor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wy65701436 @gaglimax @MinerYang