Skip to content

Commit

Permalink
Feat/add SBOM option (#456)
Browse files Browse the repository at this point in the history
fixes #455

---------

Signed-off-by: flbla <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
flbla and github-actions[bot] authored Jul 11, 2024
1 parent 09b6bd6 commit 7312fa5
Show file tree
Hide file tree
Showing 6 changed files with 18 additions and 0 deletions.
1 change: 1 addition & 0 deletions client/project.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ func ProjectBody(d *schema.ResourceData) models.ProjectsBodyPost {

body.Metadata.EnableContentTrust = strconv.FormatBool(d.Get("enable_content_trust").(bool))
body.Metadata.EnableContentTrustCosign = strconv.FormatBool(d.Get("enable_content_trust_cosign").(bool))
body.Metadata.AutoSbomGeneration = strconv.FormatBool(d.Get("auto_sbom_generation").(bool))

cveAllowList := d.Get("cve_allowlist").([]interface{})
log.Printf("[DEBUG] %v ", cveAllowList)
Expand Down
2 changes: 2 additions & 0 deletions docs/resources/project.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ resource "harbor_project" "main" {
vulnerability_scanning = true # (Optional) Default value is true. Automatically scan images on push
enable_content_trust = true # (Optional) Default value is false. Deny unsigned images from being pulled (notary)
enable_content_trust_cosign = false # (Optional) Default value is false. Deny unsigned images from being pulled (cosign)
auto_sbom_generation = true # (Optional) Default value is false. Automatically generate SBOMs for images
}
```

Expand Down Expand Up @@ -56,6 +57,7 @@ resource "harbor_registry" "docker" {
- `registry_id` (Number) To enable project as Proxy Cache.
- `storage_quota` (Number) The storage quota of the project in GB's.
- `vulnerability_scanning` (Boolean) Images will be scanned for vulnerabilities when push to harbor. (Default: `true`)
- `auto_sbom_generation` (Boolean) Automatically generate SBOM for images pushed to this project. (Default: `false`) can only be used with Harbor version v2.11.0 and above

### Read-Only

Expand Down
1 change: 1 addition & 0 deletions examples/resources/harbor_project/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ resource "harbor_project" "main" {
vulnerability_scanning = true # (Optional) Default value is true. Automatically scan images on push
enable_content_trust = true # (Optional) Default value is false. Deny unsigned images from being pulled (notary)
enable_content_trust_cosign = false # (Optional) Default value is false. Deny unsigned images from being pulled (cosign)
auto_sbom_generation = true # (Optional) Default value is false. Automatically generate SBOMs for images
}
2 changes: 2 additions & 0 deletions models/projects.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ type ProjectsBodyPost struct {
ReuseSysCveAllowlist string `json:"reuse_sys_cve_allowlist,omitempty"`
Public string `json:"public,omitempty"`
PreventVul string `json:"prevent_vul,omitempty"`
AutoSbomGeneration string `json:"auto_sbom_generation,omitempty"`
} `json:"metadata,omitempty"`
}

Expand Down Expand Up @@ -58,6 +59,7 @@ type ProjectsBodyResponses struct {
Public string `json:"public"`
PreventVul string `json:"prevent_vul"`
RetentionId string `json:"retention_id"`
AutoSbomGeneration string `json:"auto_sbom_generation,omitempty"`
} `json:"metadata"`
}

Expand Down
11 changes: 11 additions & 0 deletions provider/resource_project.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,11 @@ func resourceProject() *schema.Resource {
Optional: true,
Default: false,
},
"auto_sbom_generation": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"deployment_security": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -169,13 +174,19 @@ func resourceProjectRead(d *schema.ResourceData, m interface{}) error {
d.Set("deployment_security", deployment_security)
}

autoSbomGeneration, err := client.ParseBoolOrDefault(jsonData.Metadata.AutoSbomGeneration, false)
if err != nil {
return err
}

d.Set("name", jsonData.Name)
d.Set("project_id", jsonData.ProjectID)
d.Set("registry_id", jsonData.RegistryID)
d.Set("public", public)
d.Set("vulnerability_scanning", vuln)
d.Set("enable_content_trust", trust)
d.Set("enable_content_trust_cosign", trustCosign)
d.Set("auto_sbom_generation", autoSbomGeneration)

cveAllowlist := make([]string, len(jsonData.CveAllowlist.Items))
for i, item := range jsonData.CveAllowlist.Items {
Expand Down
1 change: 1 addition & 0 deletions templates/resources/project.md.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ For example, the {{ .SchemaMarkdown }} template can be used to replace manual sc
- `registry_id` (Number) To enable project as Proxy Cache.
- `storage_quota` (Number) The storage quota of the project in GB's.
- `vulnerability_scanning` (Boolean) Images will be scanned for vulnerabilities when push to harbor. (Default: `true`)
- `auto_sbom_generation` (Boolean) Automatically generate SBOM for images pushed to this project. (Default: `false`) can only be used with Harbor version v2.11.0 and above

### Read-Only

Expand Down

0 comments on commit 7312fa5

Please sign in to comment.