add notation support (#18909)

Accept and recognize the signature of notation client

Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
Wang Yan 2023-07-13 11:18:34 +08:00 committed by GitHub
parent 06c4c1c076
commit 5cce621471
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 145 additions and 6 deletions

BIN
icons/notation.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 35 KiB

View File

@ -57,6 +57,10 @@ var (
path: "./icons/cosign.png", path: "./icons/cosign.png",
resize: false, resize: false,
}, },
icon.DigestOfIconAccNotation: {
path: "./icons/notation.png",
resize: false,
},
icon.DigestOfIconAccNydus: { icon.DigestOfIconAccNydus: {
path: "./icons/nydus.png", path: "./icons/nydus.png",
resize: false, resize: false,

View File

@ -58,6 +58,7 @@ import (
"github.com/goharbor/harbor/src/migration" "github.com/goharbor/harbor/src/migration"
_ "github.com/goharbor/harbor/src/pkg/accessory/model/base" _ "github.com/goharbor/harbor/src/pkg/accessory/model/base"
_ "github.com/goharbor/harbor/src/pkg/accessory/model/cosign" _ "github.com/goharbor/harbor/src/pkg/accessory/model/cosign"
_ "github.com/goharbor/harbor/src/pkg/accessory/model/notation"
_ "github.com/goharbor/harbor/src/pkg/accessory/model/subject" _ "github.com/goharbor/harbor/src/pkg/accessory/model/subject"
"github.com/goharbor/harbor/src/pkg/audit" "github.com/goharbor/harbor/src/pkg/audit"
dbCfg "github.com/goharbor/harbor/src/pkg/config/db" dbCfg "github.com/goharbor/harbor/src/pkg/config/db"

View File

@ -25,5 +25,6 @@ const (
// ToDo add the accessories images // ToDo add the accessories images
DigestOfIconAccDefault = "" DigestOfIconAccDefault = ""
DigestOfIconAccCosign = "sha256:20401d5b3a0f6dbc607c8d732eb08471af4ae6b19811a4efce8c6a724aed2882" DigestOfIconAccCosign = "sha256:20401d5b3a0f6dbc607c8d732eb08471af4ae6b19811a4efce8c6a724aed2882"
DigestOfIconAccNotation = "sha256:3ac706e102bbe9362b400aa162df58135d35e66b9c3bee2165de92022d25fe34"
DigestOfIconAccNydus = "sha256:dfcb6617cd9c144358dc1b305b87bbe34f0b619f1e329116e6aee2e41f2e34cf" DigestOfIconAccNydus = "sha256:dfcb6617cd9c144358dc1b305b87bbe34f0b619f1e329116e6aee2e41f2e34cf"
) )

View File

@ -31,6 +31,7 @@ var (
// icon digests for each known type // icon digests for each known type
defaultIcons = map[string]string{ defaultIcons = map[string]string{
model.TypeCosignSignature: icon.DigestOfIconAccCosign, model.TypeCosignSignature: icon.DigestOfIconAccCosign,
model.TypeNotationSignature: icon.DigestOfIconAccNotation,
model.TypeNydusAccelerator: icon.DigestOfIconAccNydus, model.TypeNydusAccelerator: icon.DigestOfIconAccNydus,
} }
) )

View File

@ -68,6 +68,9 @@ const (
// TypeCosignSignature ... // TypeCosignSignature ...
TypeCosignSignature = "signature.cosign" TypeCosignSignature = "signature.cosign"
// TypeNotationSignature ...
TypeNotationSignature = "signature.notation"
// TypeNydusAccelerator ... // TypeNydusAccelerator ...
TypeNydusAccelerator = "accelerator.nydus" TypeNydusAccelerator = "accelerator.nydus"

View File

@ -0,0 +1,46 @@
// Copyright Project Harbor Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package notation
import (
"github.com/goharbor/harbor/src/pkg/accessory/model"
"github.com/goharbor/harbor/src/pkg/accessory/model/base"
)
// Signature signature model
type Signature struct {
base.Default
}
// Kind gives the reference type of notation signature.
func (c *Signature) Kind() string {
return model.RefHard
}
// IsHard ...
func (c *Signature) IsHard() bool {
return true
}
// New returns notation signature
func New(data model.AccessoryData) model.Accessory {
return &Signature{base.Default{
Data: data,
}}
}
func init() {
model.Register(model.TypeNotationSignature, New)
}

View File

@ -0,0 +1,73 @@
package notation
import (
"testing"
"github.com/stretchr/testify/suite"
"github.com/goharbor/harbor/src/pkg/accessory/model"
htesting "github.com/goharbor/harbor/src/testing"
)
type NotationTestSuite struct {
htesting.Suite
accessory model.Accessory
digest string
subDigest string
}
func (suite *NotationTestSuite) SetupSuite() {
suite.digest = suite.DigestString()
suite.subDigest = suite.DigestString()
suite.accessory, _ = model.New(model.TypeNotationSignature,
model.AccessoryData{
ArtifactID: 1,
SubArtifactDigest: suite.subDigest,
Size: 4321,
Digest: suite.digest,
})
}
func (suite *NotationTestSuite) TestGetID() {
suite.Equal(int64(0), suite.accessory.GetData().ID)
}
func (suite *NotationTestSuite) TestGetArtID() {
suite.Equal(int64(1), suite.accessory.GetData().ArtifactID)
}
func (suite *NotationTestSuite) TestSubGetArtID() {
suite.Equal(suite.subDigest, suite.accessory.GetData().SubArtifactDigest)
}
func (suite *NotationTestSuite) TestSubGetSize() {
suite.Equal(int64(4321), suite.accessory.GetData().Size)
}
func (suite *NotationTestSuite) TestSubGetDigest() {
suite.Equal(suite.digest, suite.accessory.GetData().Digest)
}
func (suite *NotationTestSuite) TestSubGetType() {
suite.Equal(model.TypeNotationSignature, suite.accessory.GetData().Type)
}
func (suite *NotationTestSuite) TestSubGetRefType() {
suite.Equal(model.RefHard, suite.accessory.Kind())
}
func (suite *NotationTestSuite) TestIsSoft() {
suite.False(suite.accessory.IsSoft())
}
func (suite *NotationTestSuite) TestIsHard() {
suite.True(suite.accessory.IsHard())
}
func (suite *NotationTestSuite) TestDisplay() {
suite.False(suite.accessory.Display())
}
func TestCacheTestSuite(t *testing.T) {
suite.Run(t, new(NotationTestSuite))
}

View File

@ -32,6 +32,11 @@ import (
"github.com/goharbor/harbor/src/server/middleware" "github.com/goharbor/harbor/src/server/middleware"
) )
var (
// the media type of notation signature layer
mediaTypeNotationLayer = "application/vnd.cncf.notary.signature"
)
/* /*
{ {
"schemaVersion": 2, "schemaVersion": 2,
@ -115,7 +120,12 @@ func Middleware() func(http.Handler) http.Handler {
SubArtifactDigest: mf.Subject.Digest.String(), SubArtifactDigest: mf.Subject.Digest.String(),
Size: art.Size, Size: art.Size,
Digest: art.Digest, Digest: art.Digest,
Type: model.TypeSubject, }
switch mf.Config.MediaType {
case mediaTypeNotationLayer:
accData.Type = model.TypeNotationSignature
default:
accData.Type = model.TypeSubject
} }
if subjectArt != nil { if subjectArt != nil {
accData.SubArtifactID = subjectArt.ID accData.SubArtifactID = subjectArt.ID