add notation support (#18909)

Accept and recognize the signature of notation client

Signed-off-by: wang yan <wangyan@vmware.com>

src/controller/icon/controller.go

@@ -57,6 +57,10 @@ var (
 			path:   "./icons/cosign.png",
 			resize: false,
 		},
+		icon.DigestOfIconAccNotation: {
+			path:   "./icons/notation.png",
+			resize: false,
+		},
 		icon.DigestOfIconAccNydus: {
 			path:   "./icons/nydus.png",
 			resize: false,

src/core/main.go

@@ -58,6 +58,7 @@ import (
 	"github.com/goharbor/harbor/src/migration"
 	_ "github.com/goharbor/harbor/src/pkg/accessory/model/base"
 	_ "github.com/goharbor/harbor/src/pkg/accessory/model/cosign"
+	_ "github.com/goharbor/harbor/src/pkg/accessory/model/notation"
 	_ "github.com/goharbor/harbor/src/pkg/accessory/model/subject"
 	"github.com/goharbor/harbor/src/pkg/audit"
 	dbCfg "github.com/goharbor/harbor/src/pkg/config/db"

src/lib/icon/const.go

@@ -25,5 +25,6 @@ const (
 	// ToDo add the accessories images
 	DigestOfIconAccDefault  = ""
 	DigestOfIconAccCosign   = "sha256:20401d5b3a0f6dbc607c8d732eb08471af4ae6b19811a4efce8c6a724aed2882"
+	DigestOfIconAccNotation = "sha256:3ac706e102bbe9362b400aa162df58135d35e66b9c3bee2165de92022d25fe34"
 	DigestOfIconAccNydus    = "sha256:dfcb6617cd9c144358dc1b305b87bbe34f0b619f1e329116e6aee2e41f2e34cf"
 )

src/pkg/accessory/manager.go

@@ -31,6 +31,7 @@ var (
 	// icon digests for each known type
 	defaultIcons = map[string]string{
 		model.TypeCosignSignature:   icon.DigestOfIconAccCosign,
+		model.TypeNotationSignature: icon.DigestOfIconAccNotation,
 		model.TypeNydusAccelerator:  icon.DigestOfIconAccNydus,
 	}
 )

src/pkg/accessory/model/accessory.go

@@ -68,6 +68,9 @@ const (
 	// TypeCosignSignature ...
 	TypeCosignSignature = "signature.cosign"
 
+	// TypeNotationSignature ...
+	TypeNotationSignature = "signature.notation"
+
 	// TypeNydusAccelerator ...
 	TypeNydusAccelerator = "accelerator.nydus"
 

src/pkg/accessory/model/notation/notation.go

@@ -0,0 +1,46 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notation
+
+import (
+	"github.com/goharbor/harbor/src/pkg/accessory/model"
+	"github.com/goharbor/harbor/src/pkg/accessory/model/base"
+)
+
+// Signature signature model
+type Signature struct {
+	base.Default
+}
+
+// Kind gives the reference type of notation signature.
+func (c *Signature) Kind() string {
+	return model.RefHard
+}
+
+// IsHard ...
+func (c *Signature) IsHard() bool {
+	return true
+}
+
+// New returns notation signature
+func New(data model.AccessoryData) model.Accessory {
+	return &Signature{base.Default{
+		Data: data,
+	}}
+}
+
+func init() {
+	model.Register(model.TypeNotationSignature, New)
+}

src/pkg/accessory/model/notation/notation_test.go

@@ -0,0 +1,73 @@
+package notation
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+
+	"github.com/goharbor/harbor/src/pkg/accessory/model"
+	htesting "github.com/goharbor/harbor/src/testing"
+)
+
+type NotationTestSuite struct {
+	htesting.Suite
+	accessory model.Accessory
+	digest    string
+	subDigest string
+}
+
+func (suite *NotationTestSuite) SetupSuite() {
+	suite.digest = suite.DigestString()
+	suite.subDigest = suite.DigestString()
+	suite.accessory, _ = model.New(model.TypeNotationSignature,
+		model.AccessoryData{
+			ArtifactID:        1,
+			SubArtifactDigest: suite.subDigest,
+			Size:              4321,
+			Digest:            suite.digest,
+		})
+}
+
+func (suite *NotationTestSuite) TestGetID() {
+	suite.Equal(int64(0), suite.accessory.GetData().ID)
+}
+
+func (suite *NotationTestSuite) TestGetArtID() {
+	suite.Equal(int64(1), suite.accessory.GetData().ArtifactID)
+}
+
+func (suite *NotationTestSuite) TestSubGetArtID() {
+	suite.Equal(suite.subDigest, suite.accessory.GetData().SubArtifactDigest)
+}
+
+func (suite *NotationTestSuite) TestSubGetSize() {
+	suite.Equal(int64(4321), suite.accessory.GetData().Size)
+}
+
+func (suite *NotationTestSuite) TestSubGetDigest() {
+	suite.Equal(suite.digest, suite.accessory.GetData().Digest)
+}
+
+func (suite *NotationTestSuite) TestSubGetType() {
+	suite.Equal(model.TypeNotationSignature, suite.accessory.GetData().Type)
+}
+
+func (suite *NotationTestSuite) TestSubGetRefType() {
+	suite.Equal(model.RefHard, suite.accessory.Kind())
+}
+
+func (suite *NotationTestSuite) TestIsSoft() {
+	suite.False(suite.accessory.IsSoft())
+}
+
+func (suite *NotationTestSuite) TestIsHard() {
+	suite.True(suite.accessory.IsHard())
+}
+
+func (suite *NotationTestSuite) TestDisplay() {
+	suite.False(suite.accessory.Display())
+}
+
+func TestCacheTestSuite(t *testing.T) {
+	suite.Run(t, new(NotationTestSuite))
+}

src/server/middleware/subject/subject.go

@@ -32,6 +32,11 @@ import (
 	"github.com/goharbor/harbor/src/server/middleware"
 )
 
+var (
+	// the media type of notation signature layer
+	mediaTypeNotationLayer = "application/vnd.cncf.notary.signature"
+)
+
 /*
 	{
 	  "schemaVersion": 2,
@@ -115,7 +120,12 @@ func Middleware() func(http.Handler) http.Handler {
 				SubArtifactDigest: mf.Subject.Digest.String(),
 				Size:              art.Size,
 				Digest:            art.Digest,
-				Type:              model.TypeSubject,
+			}
+			switch mf.Config.MediaType {
+			case mediaTypeNotationLayer:
+				accData.Type = model.TypeNotationSignature
+			default:
+				accData.Type = model.TypeSubject
 			}
 			if subjectArt != nil {
 				accData.SubArtifactID = subjectArt.ID