Merge pull request #5412 from steven-zou/supporting_prov_status

Provide digital signature info of the related chart version

src/chartserver/chart_operator.go

@@ -25,6 +25,19 @@ type ChartVersionDetails struct {
 	Dependencies []*chartutil.Dependency `json:"dependencies"`
 	Values       map[string]interface{}  `json:"values"`
 	Files        map[string]string       `json:"files"`
+	Security     *SecurityReport         `json:"security"`
+}
+
+//SecurityReport keeps the info related with security
+//e.g.: digital signature, vulnerability scanning etc.
+type SecurityReport struct {
+	Signature *DigitalSignature `json:"signature"`
+}
+
+//DigitalSignature used to indicate if the chart has been signed
+type DigitalSignature struct {
+	Signed     bool   `json:"signed"`
+	Provenance string `json:"prov_file"`
 }
 
 //ChartInfo keeps the information of the chart

src/chartserver/manipulation_handler.go

@@ -115,6 +115,26 @@ func (mh *ManipulationHandler) GetChartVersion(w http.ResponseWriter, req *http.
 		}
 		chartDetails.Metadata = chartV
 
+		//Generate the security report
+		//prov file share same endpoint with the chart version
+		//Just add .prov suffix to the chart version to form the path of prov file
+		//Anyway, there will be a report about the digital signature status
+		chartDetails.Security = &SecurityReport{
+			Signature: &DigitalSignature{
+				Signed: false,
+			},
+		}
+		//Try to get the prov file to confirm if it is exitsing
+		provFilePath := fmt.Sprintf("%s.prov", chartV.URLs[0])
+		provBytes, err := mh.getChartVersionContent(namespace, provFilePath)
+		if err == nil && len(provBytes) > 0 {
+			chartDetails.Security.Signature.Signed = true
+			chartDetails.Security.Signature.Provenance = provFilePath
+		} else {
+			//Just log it
+			hlog.Errorf("Failed to get prov file for chart %s with error: %s, got %d bytes", chartV.Name, err.Error(), len(provBytes))
+		}
+
 		//Put it into the cache for next access
 		mh.chartCache.PutChart(chartDetails)
 	} else {