Merge branch 'main' into 24apr19_set_default_capabilities

2024-04-19 16:46:10 +08:00 · 2024-04-19 16:46:10 +08:00 · d365a02b8d
parent ed811f3a85 0d9dc4b4a4
commit d365a02b8d
4 changed files with 46 additions and 12 deletions
--- a/src/controller/scan/base_controller.go
+++ b/src/controller/scan/base_controller.go
@ -70,10 +70,11 @@ const (
 	artfiactKey     = "artifact"
 	registrationKey = "registration"

-	artifactIDKey  = "artifact_id"
-	artifactTagKey = "artifact_tag"
-	reportUUIDsKey = "report_uuids"
-	robotIDKey     = "robot_id"
+	artifactIDKey       = "artifact_id"
+	artifactTagKey      = "artifact_tag"
+	reportUUIDsKey      = "report_uuids"
+	robotIDKey          = "robot_id"
+	enabledCapabilities = "enabled_capabilities"
 )

 // uuidGenerator is a func template which is for generating UUID.
@ -317,6 +318,9 @@ func (bc *basicController) Scan(ctx context.Context, artifact *ar.Artifact, opti
 				"id":   r.ID,
 				"name": r.Name,
 			},
+			enabledCapabilities: map[string]interface{}{
+				"type": opts.GetScanType(),
+			},
 		}
 		if op := operator.FromContext(ctx); op != "" {
 			extraAttrs["operator"] = op
--- a/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.ts
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.ts
@ -907,7 +907,7 @@ export class ArtifactListTabComponent implements OnInit, OnDestroy {
        this.scanStoppedArtifactLength += 1;
        // all selected scan action has stopped
        if (this.scanStoppedArtifactLength === this.onStopScanArtifactsLength) {
-            this.onSendingScanCommand = e;
+            this.onSendingStopScanCommand = e;
        }
    }

@ -923,7 +923,7 @@ export class ArtifactListTabComponent implements OnInit, OnDestroy {
        this.sbomStoppedArtifactLength += 1;
        // all selected scan action has stopped
        if (this.sbomStoppedArtifactLength === this.onStopSbomArtifactsLength) {
-            this.onSendingSbomCommand = e;
+            this.onSendingStopSbomCommand = e;
        }
    }

--- a/src/server/middleware/repoproxy/proxy.go
+++ b/src/server/middleware/repoproxy/proxy.go
@ -28,6 +28,7 @@ import (
 	"github.com/goharbor/harbor/src/controller/proxy"
 	"github.com/goharbor/harbor/src/controller/registry"
 	"github.com/goharbor/harbor/src/lib"
+	"github.com/goharbor/harbor/src/lib/config"
 	"github.com/goharbor/harbor/src/lib/errors"
 	httpLib "github.com/goharbor/harbor/src/lib/http"
 	"github.com/goharbor/harbor/src/lib/log"
@ -259,16 +260,21 @@ func setHeaders(w http.ResponseWriter, size int64, mediaType string, dig string)
 }

 // isProxySession check if current security context is proxy session
-func isProxySession(ctx context.Context) bool {
+func isProxySession(ctx context.Context, projectName string) bool {
 	sc, ok := security.FromContext(ctx)
 	if !ok {
 		log.Error("Failed to get security context")
 		return false
 	}
-	if sc.GetUsername() == proxycachesecret.ProxyCacheService {
+	username := sc.GetUsername()
+	if username == proxycachesecret.ProxyCacheService {
 		return true
 	}
-	return false
+	// it should include the auto generate SBOM session, so that it could generate SBOM accessory in proxy cache project
+	robotPrefix := config.RobotPrefix(ctx)
+	scannerPrefix := config.ScannerRobotPrefix(ctx)
+	prefix := fmt.Sprintf("%s%s+%s", robotPrefix, projectName, scannerPrefix)
+	return strings.HasPrefix(username, prefix)
 }

 // DisableBlobAndManifestUploadMiddleware disable push artifact to a proxy project with a non-proxy session
@ -281,7 +287,7 @@ func DisableBlobAndManifestUploadMiddleware() func(http.Handler) http.Handler {
 			httpLib.SendError(w, err)
 			return
 		}
-		if p.IsProxy() && !isProxySession(ctx) {
+		if p.IsProxy() && !isProxySession(ctx, art.ProjectName) {
 			httpLib.SendError(w,
 				errors.DeniedError(
 					errors.Errorf("can not push artifact to a proxy project: %v", p.Name)))
--- a/src/server/middleware/repoproxy/proxy_test.go
+++ b/src/server/middleware/repoproxy/proxy_test.go
@ -18,7 +18,9 @@ import (
 	"context"
 	"testing"

+	"github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/common/security"
+	"github.com/goharbor/harbor/src/common/security/local"
 	"github.com/goharbor/harbor/src/common/security/proxycachesecret"
 	securitySecret "github.com/goharbor/harbor/src/common/security/secret"
 )
@ -29,6 +31,19 @@ func TestIsProxySession(t *testing.T) {

 	sc2 := proxycachesecret.NewSecurityContext("library/hello-world")
 	proxyCtx := security.NewContext(context.Background(), sc2)
+
+	user := &models.User{
+		Username: "robot$library+scanner-8ec3b47a-fd29-11ee-9681-0242c0a87009",
+	}
+	userSc := local.NewSecurityContext(user)
+	scannerCtx := security.NewContext(context.Background(), userSc)
+
+	otherRobot := &models.User{
+		Username: "robot$library+test-8ec3b47a-fd29-11ee-9681-0242c0a87009",
+	}
+	userSc2 := local.NewSecurityContext(otherRobot)
+	nonScannerCtx := security.NewContext(context.Background(), userSc2)
+
 	cases := []struct {
 		name string
 		in   context.Context
@ -44,15 +59,24 @@ func TestIsProxySession(t *testing.T) {
 			in:   proxyCtx,
 			want: true,
 		},
+		{
+			name: `robot account`,
+			in:   scannerCtx,
+			want: true,
+		},
+		{
+			name: `non scanner robot`,
+			in:   nonScannerCtx,
+			want: false,
+		},
 	}

 	for _, tt := range cases {
 		t.Run(tt.name, func(t *testing.T) {
-			got := isProxySession(tt.in)
+			got := isProxySession(tt.in, "library")
 			if got != tt.want {
 				t.Errorf(`(%v) = %v; want "%v"`, tt.in, got, tt.want)
 			}
-
 		})
 	}
 }