Feat/add SBOM option (#456)

fixes #455

---------

Signed-off-by: flbla <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

client/project.go

@@ -39,6 +39,7 @@ func ProjectBody(d *schema.ResourceData) models.ProjectsBodyPost {
 
 	body.Metadata.EnableContentTrust = strconv.FormatBool(d.Get("enable_content_trust").(bool))
 	body.Metadata.EnableContentTrustCosign = strconv.FormatBool(d.Get("enable_content_trust_cosign").(bool))
+	body.Metadata.AutoSbomGeneration = strconv.FormatBool(d.Get("auto_sbom_generation").(bool))
 
 	cveAllowList := d.Get("cve_allowlist").([]interface{})
 	log.Printf("[DEBUG] %v ", cveAllowList)

docs/resources/project.md

@@ -21,6 +21,7 @@ resource "harbor_project" "main" {
   vulnerability_scanning      = true                # (Optional) Default value is true. Automatically scan images on push
   enable_content_trust        = true                # (Optional) Default value is false. Deny unsigned images from being pulled (notary)
   enable_content_trust_cosign = false               # (Optional) Default value is false. Deny unsigned images from being pulled (cosign)
+  auto_sbom_generation        = true                # (Optional) Default value is false. Automatically generate SBOMs for images
 }
 ```
 
@@ -56,6 +57,7 @@ resource "harbor_registry" "docker" {
 - `registry_id` (Number) To enable project as Proxy Cache.
 - `storage_quota` (Number) The storage quota of the project in GB's.
 - `vulnerability_scanning` (Boolean) Images will be scanned for vulnerabilities when push to harbor. (Default: `true`)
+- `auto_sbom_generation` (Boolean) Automatically generate SBOM for images pushed to this project. (Default: `false`) can only be used with Harbor version v2.11.0 and above
 
 ### Read-Only
 

examples/resources/harbor_project/resource.tf

@@ -4,4 +4,5 @@ resource "harbor_project" "main" {
   vulnerability_scanning      = true                # (Optional) Default value is true. Automatically scan images on push
   enable_content_trust        = true                # (Optional) Default value is false. Deny unsigned images from being pulled (notary)
   enable_content_trust_cosign = false               # (Optional) Default value is false. Deny unsigned images from being pulled (cosign)
+  auto_sbom_generation        = true                # (Optional) Default value is false. Automatically generate SBOMs for images
 }

models/projects.go

@@ -24,6 +24,7 @@ type ProjectsBodyPost struct {
 		ReuseSysCveAllowlist     string `json:"reuse_sys_cve_allowlist,omitempty"`
 		Public                   string `json:"public,omitempty"`
 		PreventVul               string `json:"prevent_vul,omitempty"`
+		AutoSbomGeneration       string `json:"auto_sbom_generation,omitempty"`
 	} `json:"metadata,omitempty"`
 }
 
@@ -58,6 +59,7 @@ type ProjectsBodyResponses struct {
 		Public                   string `json:"public"`
 		PreventVul               string `json:"prevent_vul"`
 		RetentionId              string `json:"retention_id"`
+		AutoSbomGeneration       string `json:"auto_sbom_generation,omitempty"`
 	} `json:"metadata"`
 }
 

provider/resource_project.go

@@ -65,6 +65,11 @@ func resourceProject() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			"auto_sbom_generation": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
 			"deployment_security": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -169,13 +174,19 @@ func resourceProjectRead(d *schema.ResourceData, m interface{}) error {
 		d.Set("deployment_security", deployment_security)
 	}
 
+	autoSbomGeneration, err := client.ParseBoolOrDefault(jsonData.Metadata.AutoSbomGeneration, false)
+	if err != nil {
+		return err
+	}
+
 	d.Set("name", jsonData.Name)
 	d.Set("project_id", jsonData.ProjectID)
 	d.Set("registry_id", jsonData.RegistryID)
 	d.Set("public", public)
 	d.Set("vulnerability_scanning", vuln)
 	d.Set("enable_content_trust", trust)
 	d.Set("enable_content_trust_cosign", trustCosign)
+	d.Set("auto_sbom_generation", autoSbomGeneration)
 
 	cveAllowlist := make([]string, len(jsonData.CveAllowlist.Items))
 	for i, item := range jsonData.CveAllowlist.Items {

templates/resources/project.md.tmpl

@@ -41,6 +41,7 @@ For example, the {{ .SchemaMarkdown }} template can be used to replace manual sc
 - `registry_id` (Number) To enable project as Proxy Cache.
 - `storage_quota` (Number) The storage quota of the project in GB's.
 - `vulnerability_scanning` (Boolean) Images will be scanned for vulnerabilities when push to harbor. (Default: `true`)
+- `auto_sbom_generation` (Boolean) Automatically generate SBOM for images pushed to this project. (Default: `false`) can only be used with Harbor version v2.11.0 and above
 
 ### Read-Only