From 7312fa5d4df56d3d80f50d76e641a49016bb12b8 Mon Sep 17 00:00:00 2001 From: Florian Blampey Date: Thu, 11 Jul 2024 15:05:48 +0200 Subject: [PATCH] Feat/add SBOM option (#456) fixes #455 --------- Signed-off-by: flbla Co-authored-by: github-actions[bot] --- client/project.go | 1 + docs/resources/project.md | 2 ++ examples/resources/harbor_project/resource.tf | 1 + models/projects.go | 2 ++ provider/resource_project.go | 11 +++++++++++ templates/resources/project.md.tmpl | 1 + 6 files changed, 18 insertions(+) diff --git a/client/project.go b/client/project.go index f64ba20..7d610ae 100644 --- a/client/project.go +++ b/client/project.go @@ -39,6 +39,7 @@ func ProjectBody(d *schema.ResourceData) models.ProjectsBodyPost { body.Metadata.EnableContentTrust = strconv.FormatBool(d.Get("enable_content_trust").(bool)) body.Metadata.EnableContentTrustCosign = strconv.FormatBool(d.Get("enable_content_trust_cosign").(bool)) + body.Metadata.AutoSbomGeneration = strconv.FormatBool(d.Get("auto_sbom_generation").(bool)) cveAllowList := d.Get("cve_allowlist").([]interface{}) log.Printf("[DEBUG] %v ", cveAllowList) diff --git a/docs/resources/project.md b/docs/resources/project.md index 035fbfd..2f42fd2 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -21,6 +21,7 @@ resource "harbor_project" "main" { vulnerability_scanning = true # (Optional) Default value is true. Automatically scan images on push enable_content_trust = true # (Optional) Default value is false. Deny unsigned images from being pulled (notary) enable_content_trust_cosign = false # (Optional) Default value is false. Deny unsigned images from being pulled (cosign) + auto_sbom_generation = true # (Optional) Default value is false. Automatically generate SBOMs for images } ``` @@ -56,6 +57,7 @@ resource "harbor_registry" "docker" { - `registry_id` (Number) To enable project as Proxy Cache. - `storage_quota` (Number) The storage quota of the project in GB's. - `vulnerability_scanning` (Boolean) Images will be scanned for vulnerabilities when push to harbor. (Default: `true`) +- `auto_sbom_generation` (Boolean) Automatically generate SBOM for images pushed to this project. (Default: `false`) can only be used with Harbor version v2.11.0 and above ### Read-Only diff --git a/examples/resources/harbor_project/resource.tf b/examples/resources/harbor_project/resource.tf index a5f4013..8444148 100644 --- a/examples/resources/harbor_project/resource.tf +++ b/examples/resources/harbor_project/resource.tf @@ -4,4 +4,5 @@ resource "harbor_project" "main" { vulnerability_scanning = true # (Optional) Default value is true. Automatically scan images on push enable_content_trust = true # (Optional) Default value is false. Deny unsigned images from being pulled (notary) enable_content_trust_cosign = false # (Optional) Default value is false. Deny unsigned images from being pulled (cosign) + auto_sbom_generation = true # (Optional) Default value is false. Automatically generate SBOMs for images } diff --git a/models/projects.go b/models/projects.go index 01be7fa..fbff0a2 100644 --- a/models/projects.go +++ b/models/projects.go @@ -24,6 +24,7 @@ type ProjectsBodyPost struct { ReuseSysCveAllowlist string `json:"reuse_sys_cve_allowlist,omitempty"` Public string `json:"public,omitempty"` PreventVul string `json:"prevent_vul,omitempty"` + AutoSbomGeneration string `json:"auto_sbom_generation,omitempty"` } `json:"metadata,omitempty"` } @@ -58,6 +59,7 @@ type ProjectsBodyResponses struct { Public string `json:"public"` PreventVul string `json:"prevent_vul"` RetentionId string `json:"retention_id"` + AutoSbomGeneration string `json:"auto_sbom_generation,omitempty"` } `json:"metadata"` } diff --git a/provider/resource_project.go b/provider/resource_project.go index 7717441..4616606 100644 --- a/provider/resource_project.go +++ b/provider/resource_project.go @@ -65,6 +65,11 @@ func resourceProject() *schema.Resource { Optional: true, Default: false, }, + "auto_sbom_generation": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, "deployment_security": { Type: schema.TypeString, Optional: true, @@ -169,6 +174,11 @@ func resourceProjectRead(d *schema.ResourceData, m interface{}) error { d.Set("deployment_security", deployment_security) } + autoSbomGeneration, err := client.ParseBoolOrDefault(jsonData.Metadata.AutoSbomGeneration, false) + if err != nil { + return err + } + d.Set("name", jsonData.Name) d.Set("project_id", jsonData.ProjectID) d.Set("registry_id", jsonData.RegistryID) @@ -176,6 +186,7 @@ func resourceProjectRead(d *schema.ResourceData, m interface{}) error { d.Set("vulnerability_scanning", vuln) d.Set("enable_content_trust", trust) d.Set("enable_content_trust_cosign", trustCosign) + d.Set("auto_sbom_generation", autoSbomGeneration) cveAllowlist := make([]string, len(jsonData.CveAllowlist.Items)) for i, item := range jsonData.CveAllowlist.Items { diff --git a/templates/resources/project.md.tmpl b/templates/resources/project.md.tmpl index ce52676..53bff9b 100644 --- a/templates/resources/project.md.tmpl +++ b/templates/resources/project.md.tmpl @@ -41,6 +41,7 @@ For example, the {{ .SchemaMarkdown }} template can be used to replace manual sc - `registry_id` (Number) To enable project as Proxy Cache. - `storage_quota` (Number) The storage quota of the project in GB's. - `vulnerability_scanning` (Boolean) Images will be scanned for vulnerabilities when push to harbor. (Default: `true`) +- `auto_sbom_generation` (Boolean) Automatically generate SBOM for images pushed to this project. (Default: `false`) can only be used with Harbor version v2.11.0 and above ### Read-Only