Merge f10b060eef into fba4c40c65

Signed-off-by: stonezdj <stone.zhang@broadcom.com>

src/controller/event/handler/internal/artifact.go

@@ -24,6 +24,7 @@ import (
 	"time"
 
 	"github.com/goharbor/harbor/src/controller/artifact"
+	"github.com/goharbor/harbor/src/controller/artifact/processor/sbom"
 	"github.com/goharbor/harbor/src/controller/event"
 	"github.com/goharbor/harbor/src/controller/event/operator"
 	"github.com/goharbor/harbor/src/controller/repository"
@@ -36,6 +37,7 @@ import (
 	"github.com/goharbor/harbor/src/pkg"
 	pkgArt "github.com/goharbor/harbor/src/pkg/artifact"
 	"github.com/goharbor/harbor/src/pkg/scan/report"
+	v1 "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
 	"github.com/goharbor/harbor/src/pkg/task"
 )
 
@@ -319,6 +321,11 @@ func (a *ArtifactEventHandler) onDelete(ctx context.Context, event *event.Artifa
 		log.Errorf("failed to delete scan reports of artifact %v, error: %v", unrefDigests, err)
 	}
 
+	if event.Artifact.Type == sbom.ArtifactTypeSBOM && len(event.Artifact.Digest) > 0 {
+		if err := reportMgr.DeleteByExtraAttr(ctx, v1.MimeTypeSBOMReport, "sbom_digest", event.Artifact.Digest); err != nil {
+			log.Errorf("failed to delete scan reports of with sbom digest %v, error: %v", event.Artifact.Digest, err)
+		}
+	}
 	return nil
 }
 

src/controller/event/handler/webhook/scan/scan.go

@@ -104,6 +104,7 @@ func constructScanImagePayload(ctx context.Context, event *event.ScanImageEvent,
 				RepoFullName: event.Artifact.Repository,
 				RepoType:     repoType,
 			},
+			ScanType: event.ScanType,
 		},
 		Operator: event.Operator,
 	}
@@ -138,17 +139,29 @@ func constructScanImagePayload(ctx context.Context, event *event.ScanImageEvent,
 		time.Sleep(500 * time.Millisecond)
 	}
 
-	// Add scan overview
-	summaries, err := scan.DefaultController.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport, v1.MimeTypeGenericVulnerabilityReport})
-	if err != nil {
-		return nil, errors.Wrap(err, "construct scan payload")
+	scanSummaries := map[string]interface{}{}
+	if event.ScanType == v1.ScanTypeVulnerability {
+		scanSummaries, err = scan.DefaultController.GetSummary(ctx, art, []string{v1.MimeTypeNativeReport, v1.MimeTypeGenericVulnerabilityReport})
+		if err != nil {
+			return nil, errors.Wrap(err, "construct scan payload")
+		}
 	}
 
+	sbomOverview := map[string]interface{}{}
+	if event.ScanType == v1.ScanTypeSbom {
+		sbomOverview, err = scan.DefaultController.GetSummary(ctx, art, []string{v1.MimeTypeSBOMReport})
+		if err != nil {
+			return nil, errors.Wrap(err, "construct scan payload")
+		}
+	}
+
+	// Add scan overview and sbom overview
 	resource := &model.Resource{
 		Tag:          event.Artifact.Tag,
 		Digest:       event.Artifact.Digest,
 		ResourceURL:  resURL,
-		ScanOverview: summaries,
+		ScanOverview: scanSummaries,
+		SBOMOverview: sbomOverview,
 	}
 	payload.EventData.Resources = append(payload.EventData.Resources, resource)
 

src/controller/event/metadata/scan.go

@@ -27,6 +27,7 @@ import (
 // ScanImageMetaData defines meta data of image scanning event
 type ScanImageMetaData struct {
 	Artifact *v1.Artifact
+	ScanType string
 	Status   string
 	Operator string
 }
@@ -55,6 +56,7 @@ func (si *ScanImageMetaData) Resolve(evt *event.Event) error {
 		Artifact:  si.Artifact,
 		OccurAt:   time.Now(),
 		Operator:  si.Operator,
+		ScanType:  si.ScanType,
 	}
 
 	evt.Topic = topic

src/controller/event/topic.go

@@ -289,6 +289,7 @@ func (d *DeleteTagEvent) String() string {
 // ScanImageEvent is scanning image related event data to publish
 type ScanImageEvent struct {
 	EventType string
+	ScanType  string
 	Artifact  *v1.Artifact
 	OccurAt   time.Time
 	Operator  string

src/controller/scan/callback.go

@@ -120,6 +120,13 @@ func scanTaskStatusChange(ctx context.Context, taskID int64, status string) (err
 				if operator, ok := exec.ExtraAttrs["operator"].(string); ok {
 					e.Operator = operator
 				}
+
+				// extract ScanType if exist in ExtraAttrs
+				if c, ok := exec.ExtraAttrs["enabled_capabilities"].(map[string]interface{}); ok {
+					if Type, ok := c["type"].(string); ok {
+						e.ScanType = Type
+					}
+				}
 				// fire event
 				notification.AddEvent(ctx, e)
 			}

src/pkg/notifier/model/event.go

@@ -42,6 +42,7 @@ type EventData struct {
 	Repository  *Repository        `json:"repository,omitempty"`
 	Replication *model.Replication `json:"replication,omitempty"`
 	Retention   *model.Retention   `json:"retention,omitempty"`
+	ScanType    string             `json:"scan_type,omitempty"`
 	Custom      map[string]string  `json:"custom_attributes,omitempty"`
 }
 
@@ -51,6 +52,7 @@ type Resource struct {
 	Tag          string                 `json:"tag,omitempty"`
 	ResourceURL  string                 `json:"resource_url,omitempty"`
 	ScanOverview map[string]interface{} `json:"scan_overview,omitempty"`
+	SBOMOverview map[string]interface{} `json:"sbom_overview,omitempty"`
 }
 
 // Repository info of notification event

src/pkg/scan/dao/scan/report.go

@@ -16,6 +16,7 @@ package scan
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/goharbor/harbor/src/lib/errors"
 	"github.com/goharbor/harbor/src/lib/orm"
@@ -38,6 +39,8 @@ type DAO interface {
 	UpdateReportData(ctx context.Context, uuid string, report string) error
 	// Update update report
 	Update(ctx context.Context, r *Report, cols ...string) error
+	// DeleteByExtraAttr delete the scan_report by mimeType and extra attribute
+	DeleteByExtraAttr(ctx context.Context, mimeType, attrName, attrValue string) error
 }
 
 // New returns an instance of the default DAO
@@ -110,3 +113,14 @@ func (d *dao) Update(ctx context.Context, r *Report, cols ...string) error {
 	}
 	return nil
 }
+
+func (d *dao) DeleteByExtraAttr(ctx context.Context, mimeType, attrName, attrValue string) error {
+	o, err := orm.FromContext(ctx)
+	if err != nil {
+		return err
+	}
+	delReportSQL := "delete from scan_report where mime_type = ? and report::jsonb @> ?"
+	dgstJSONStr := fmt.Sprintf(`{"%s":"%s"}`, attrName, attrValue)
+	_, err = o.Raw(delReportSQL, mimeType, dgstJSONStr).Exec()
+	return err
+}

src/pkg/scan/dao/scan/report_test.go

@@ -53,14 +53,23 @@ func (suite *ReportTestSuite) SetupTest() {
 		RegistrationUUID: "ruuid",
 		MimeType:         v1.MimeTypeNativeReport,
 	}
-
 	suite.create(r)
+	sbomReport := &Report{
+		UUID:             "uuid3",
+		Digest:           "digest1003",
+		RegistrationUUID: "ruuid",
+		MimeType:         v1.MimeTypeSBOMReport,
+		Report:           `{"sbom_digest": "sha256:abc"}`,
+	}
+	suite.create(sbomReport)
 }
 
 // TearDownTest clears enf for test case.
 func (suite *ReportTestSuite) TearDownTest() {
 	_, err := suite.dao.DeleteMany(orm.Context(), q.Query{Keywords: q.KeyWords{"uuid": "uuid"}})
 	require.NoError(suite.T(), err)
+	_, err = suite.dao.DeleteMany(orm.Context(), q.Query{Keywords: q.KeyWords{"uuid": "uuid3"}})
+	require.NoError(suite.T(), err)
 }
 
 // TestReportList tests list reports with query parameters.
@@ -95,7 +104,7 @@ func (suite *ReportTestSuite) TestReportUpdateReportData() {
 	err := suite.dao.UpdateReportData(orm.Context(), "uuid", "{}")
 	suite.Require().NoError(err)
 
-	l, err := suite.dao.List(orm.Context(), nil)
+	l, err := suite.dao.List(orm.Context(), q.New(q.KeyWords{"uuid": "uuid"}))
 	suite.Require().NoError(err)
 	suite.Require().Equal(1, len(l))
 	suite.Equal("{}", l[0].Report)
@@ -104,6 +113,17 @@ func (suite *ReportTestSuite) TestReportUpdateReportData() {
 	suite.Require().NoError(err)
 }
 
+func (suite *ReportTestSuite) TestDeleteReportBySBOMDigest() {
+	l, err := suite.dao.List(orm.Context(), nil)
+	suite.Require().NoError(err)
+	suite.Equal(2, len(l))
+	err = suite.dao.DeleteByExtraAttr(orm.Context(), v1.MimeTypeSBOMReport, "sbom_digest", "sha256:abc")
+	suite.Require().NoError(err)
+	l2, err := suite.dao.List(orm.Context(), nil)
+	suite.Require().NoError(err)
+	suite.Equal(1, len(l2))
+}
+
 func (suite *ReportTestSuite) create(r *Report) {
 	id, err := suite.dao.Create(orm.Context(), r)
 	suite.Require().NoError(err)

src/pkg/scan/report/manager.go

@@ -104,6 +104,8 @@ type Manager interface {
 
 	// Update update report information
 	Update(ctx context.Context, r *scan.Report, cols ...string) error
+	// DeleteByExtraAttr delete scan_report by sbom_digest
+	DeleteByExtraAttr(ctx context.Context, mimeType, attrName, attrValue string) error
 }
 
 // basicManager is a default implementation of report manager.
@@ -226,3 +228,7 @@ func (bm *basicManager) List(ctx context.Context, query *q.Query) ([]*scan.Repor
 func (bm *basicManager) Update(ctx context.Context, r *scan.Report, cols ...string) error {
 	return bm.dao.Update(ctx, r, cols...)
 }
+
+func (bm *basicManager) DeleteByExtraAttr(ctx context.Context, mimeType, attrName, attrValue string) error {
+	return bm.dao.DeleteByExtraAttr(ctx, mimeType, attrName, attrValue)
+}

src/testing/pkg/scan/report/manager.go

@@ -87,6 +87,24 @@ func (_m *Manager) DeleteByDigests(ctx context.Context, digests ...string) error
 	return r0
 }
 
+// DeleteByExtraAttr provides a mock function with given fields: ctx, mimeType, attrName, attrValue
+func (_m *Manager) DeleteByExtraAttr(ctx context.Context, mimeType string, attrName string, attrValue string) error {
+	ret := _m.Called(ctx, mimeType, attrName, attrValue)
+
+	if len(ret) == 0 {
+		panic("no return value specified for DeleteByExtraAttr")
+	}
+
+	var r0 error
+	if rf, ok := ret.Get(0).(func(context.Context, string, string, string) error); ok {
+		r0 = rf(ctx, mimeType, attrName, attrValue)
+	} else {
+		r0 = ret.Error(0)
+	}
+
+	return r0
+}
+
 // GetBy provides a mock function with given fields: ctx, digest, registrationUUID, mimeTypes
 func (_m *Manager) GetBy(ctx context.Context, digest string, registrationUUID string, mimeTypes []string) ([]*scan.Report, error) {
 	ret := _m.Called(ctx, digest, registrationUUID, mimeTypes)