add notation support

Accept and recognize the signature of notation client Signed-off-by: wang yan <[email protected]>
goharbor · Jul 11, 2023 · c550ca0 · c550ca0
1 parent adf80e9
commit c550ca0
Show file tree

Hide file tree

Showing 9 changed files with 145 additions and 6 deletions.
diff --git a/icons/notation.png b/icons/notation.png
diff --git a/src/controller/icon/controller.go b/src/controller/icon/controller.go
@@ -57,6 +57,10 @@ var (
 			path:   "./icons/cosign.png",
 			resize: false,
 		},
+		icon.DigestOfIconAccNotation: {
+			path:   "./icons/notation.png",
+			resize: false,
+		},
 		icon.DigestOfIconAccNydus: {
 			path:   "./icons/nydus.png",
 			resize: false,

diff --git a/src/core/main.go b/src/core/main.go
@@ -58,6 +58,7 @@ import (
 	"github.com/goharbor/harbor/src/migration"
 	_ "github.com/goharbor/harbor/src/pkg/accessory/model/base"
 	_ "github.com/goharbor/harbor/src/pkg/accessory/model/cosign"
+	_ "github.com/goharbor/harbor/src/pkg/accessory/model/notation"
 	_ "github.com/goharbor/harbor/src/pkg/accessory/model/subject"
 	"github.com/goharbor/harbor/src/pkg/audit"
 	dbCfg "github.com/goharbor/harbor/src/pkg/config/db"

diff --git a/src/lib/icon/const.go b/src/lib/icon/const.go
@@ -23,7 +23,8 @@ const (
 	DigestOfIconWASM    = "sha256:badd7693bcaf115be202748241dd0ea6ee3b0524bfab9ac22d1e1c43721afec6"
 
 	// ToDo add the accessories images
-	DigestOfIconAccDefault = ""
-	DigestOfIconAccCosign  = "sha256:20401d5b3a0f6dbc607c8d732eb08471af4ae6b19811a4efce8c6a724aed2882"
-	DigestOfIconAccNydus   = "sha256:dfcb6617cd9c144358dc1b305b87bbe34f0b619f1e329116e6aee2e41f2e34cf"
+	DigestOfIconAccDefault  = ""
+	DigestOfIconAccCosign   = "sha256:20401d5b3a0f6dbc607c8d732eb08471af4ae6b19811a4efce8c6a724aed2882"
+	DigestOfIconAccNotation = "sha256:fedd64815b9d5c709b97ae8890477f3f782554c296f3b06546f3e4e4f1409653"
+	DigestOfIconAccNydus    = "sha256:dfcb6617cd9c144358dc1b305b87bbe34f0b619f1e329116e6aee2e41f2e34cf"
 )
diff --git a/src/pkg/accessory/manager.go b/src/pkg/accessory/manager.go
@@ -30,8 +30,9 @@ var (
 
 	// icon digests for each known type
 	defaultIcons = map[string]string{
-		model.TypeCosignSignature:  icon.DigestOfIconAccCosign,
-		model.TypeNydusAccelerator: icon.DigestOfIconAccNydus,
+		model.TypeCosignSignature:   icon.DigestOfIconAccCosign,
+		model.TypeNotationSignature: icon.DigestOfIconAccNotation,
+		model.TypeNydusAccelerator:  icon.DigestOfIconAccNydus,
 	}
 )
 

diff --git a/src/pkg/accessory/model/accessory.go b/src/pkg/accessory/model/accessory.go
@@ -68,6 +68,9 @@ const (
 	// TypeCosignSignature ...
 	TypeCosignSignature = "signature.cosign"
 
+	// TypeNotationSignature ...
+	TypeNotationSignature = "signature.notation"
+
 	// TypeNydusAccelerator ...
 	TypeNydusAccelerator = "accelerator.nydus"
 

diff --git a/src/pkg/accessory/model/notation/notation.go b/src/pkg/accessory/model/notation/notation.go
@@ -0,0 +1,46 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notation
+
+import (
+	"github.com/goharbor/harbor/src/pkg/accessory/model"
+	"github.com/goharbor/harbor/src/pkg/accessory/model/base"
+)
+
+// Signature signature model
+type Signature struct {
+	base.Default
+}
+
+// Kind gives the reference type of notation signature.
+func (c *Signature) Kind() string {
+	return model.RefHard
+}
+
+// IsHard ...
+func (c *Signature) IsHard() bool {
+	return true
+}
+
+// New returns notation signature
+func New(data model.AccessoryData) model.Accessory {
+	return &Signature{base.Default{
+		Data: data,
+	}}
+}
+
+func init() {
+	model.Register(model.TypeNotationSignature, New)
+}
diff --git a/src/pkg/accessory/model/notation/notation_test.go b/src/pkg/accessory/model/notation/notation_test.go
@@ -0,0 +1,73 @@
+package notation
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+
+	"github.com/goharbor/harbor/src/pkg/accessory/model"
+	htesting "github.com/goharbor/harbor/src/testing"
+)
+
+type NotationTestSuite struct {
+	htesting.Suite
+	accessory model.Accessory
+	digest    string
+	subDigest string
+}
+
+func (suite *NotationTestSuite) SetupSuite() {
+	suite.digest = suite.DigestString()
+	suite.subDigest = suite.DigestString()
+	suite.accessory, _ = model.New(model.TypeNotationSignature,
+		model.AccessoryData{
+			ArtifactID:        1,
+			SubArtifactDigest: suite.subDigest,
+			Size:              4321,
+			Digest:            suite.digest,
+		})
+}
+
+func (suite *NotationTestSuite) TestGetID() {
+	suite.Equal(int64(0), suite.accessory.GetData().ID)
+}
+
+func (suite *NotationTestSuite) TestGetArtID() {
+	suite.Equal(int64(1), suite.accessory.GetData().ArtifactID)
+}
+
+func (suite *NotationTestSuite) TestSubGetArtID() {
+	suite.Equal(suite.subDigest, suite.accessory.GetData().SubArtifactDigest)
+}
+
+func (suite *NotationTestSuite) TestSubGetSize() {
+	suite.Equal(int64(4321), suite.accessory.GetData().Size)
+}
+
+func (suite *NotationTestSuite) TestSubGetDigest() {
+	suite.Equal(suite.digest, suite.accessory.GetData().Digest)
+}
+
+func (suite *NotationTestSuite) TestSubGetType() {
+	suite.Equal(model.TypeNotationSignature, suite.accessory.GetData().Type)
+}
+
+func (suite *NotationTestSuite) TestSubGetRefType() {
+	suite.Equal(model.RefHard, suite.accessory.Kind())
+}
+
+func (suite *NotationTestSuite) TestIsSoft() {
+	suite.False(suite.accessory.IsSoft())
+}
+
+func (suite *NotationTestSuite) TestIsHard() {
+	suite.True(suite.accessory.IsHard())
+}
+
+func (suite *NotationTestSuite) TestDisplay() {
+	suite.False(suite.accessory.Display())
+}
+
+func TestCacheTestSuite(t *testing.T) {
+	suite.Run(t, new(NotationTestSuite))
+}
diff --git a/src/server/middleware/subject/subject.go b/src/server/middleware/subject/subject.go
@@ -32,6 +32,11 @@ import (
 	"github.com/goharbor/harbor/src/server/middleware"
 )
 
+var (
+	// the media type of notation signature layer
+	mediaTypeNotationLayer = "application/vnd.cncf.notary.signature"
+)
+
 /*
 	{
 	  "schemaVersion": 2,
@@ -115,7 +120,12 @@ func Middleware() func(http.Handler) http.Handler {
 				SubArtifactDigest: mf.Subject.Digest.String(),
 				Size:              art.Size,
 				Digest:            art.Digest,
-				Type:              model.TypeSubject,
+			}
+			switch mf.Config.MediaType {
+			case mediaTypeNotationLayer:
+				accData.Type = model.TypeNotationSignature
+			default:
+				accData.Type = model.TypeSubject
 			}
 			if subjectArt != nil {
 				accData.SubArtifactID = subjectArt.ID