fix: clean up scan executions and reports after deleting artifact

Cleanup the associated resources(scan executions and scan reports) after deletion of artifact. Fixes: goharbor#18634 Signed-off-by: chlins <chenyuzh@vmware.com>
chlins · May 17, 2023 · 95cf575 · 95cf575
1 parent 44faccf
commit 95cf575
Showing 1 changed file with 40 additions and 11 deletions.
diff --git a/src/controller/artifact/controller.go b/src/controller/artifact/controller.go
@@ -32,6 +32,7 @@ import (
 	"github.com/goharbor/harbor/src/controller/artifact/processor/wasm"
 	"github.com/goharbor/harbor/src/controller/event/metadata"
 	"github.com/goharbor/harbor/src/controller/tag"
+	"github.com/goharbor/harbor/src/jobservice/job"
 	"github.com/goharbor/harbor/src/lib"
 	"github.com/goharbor/harbor/src/lib/errors"
 	"github.com/goharbor/harbor/src/lib/icon"
@@ -52,8 +53,10 @@ import (
 	"github.com/goharbor/harbor/src/pkg/notifier/event"
 	"github.com/goharbor/harbor/src/pkg/registry"
 	"github.com/goharbor/harbor/src/pkg/repository"
+	"github.com/goharbor/harbor/src/pkg/scan/report"
 	"github.com/goharbor/harbor/src/pkg/signature"
 	model_tag "github.com/goharbor/harbor/src/pkg/tag/model/tag"
+	"github.com/goharbor/harbor/src/pkg/task"
 )
 
 var (
@@ -77,6 +80,9 @@ var (
 	}
 )
 
+// OnDeleteFunc is the function for running after deleting artifact
+type OnDeleteFunc func(ctx context.Context, art *Artifact) error
+
 // Controller defines the operations related with artifacts and tags
 type Controller interface {
 	// Ensure the artifact specified by the digest exists under the repository,
@@ -128,28 +134,43 @@ func NewController() Controller {
 		regCli:       registry.Cli,
 		abstractor:   NewAbstractor(),
 		accessoryMgr: accessory.Mgr,
+		onDeleteFuncs: map[string]OnDeleteFunc{
+			"CleanScanExecutions": deleteScanExecutions,
+			"CleanScanReports":    deleteScanReports,
+		},
 	}
 }
 
 type controller struct {
-	tagCtl       tag.Controller
-	repoMgr      repository.Manager
-	artMgr       artifact.Manager
-	artrashMgr   artifactrash.Manager
-	blobMgr      blob.Manager
-	sigMgr       signature.Manager
-	labelMgr     label.Manager
-	immutableMtr match.ImmutableTagMatcher
-	regCli       registry.Client
-	abstractor   Abstractor
-	accessoryMgr accessory.Manager
+	tagCtl        tag.Controller
+	repoMgr       repository.Manager
+	artMgr        artifact.Manager
+	artrashMgr    artifactrash.Manager
+	blobMgr       blob.Manager
+	sigMgr        signature.Manager
+	labelMgr      label.Manager
+	immutableMtr  match.ImmutableTagMatcher
+	regCli        registry.Client
+	abstractor    Abstractor
+	accessoryMgr  accessory.Manager
+	onDeleteFuncs map[string]OnDeleteFunc
 }
 
 type ArtOption struct {
 	Tags []string
 	Accs []*accessorymodel.AccessoryData
 }
 
+// deleteScanExecutions clean up the scan executions and tasks associated with the artifact
+func deleteScanExecutions(ctx context.Context, art *Artifact) error {
+	return task.ExecMgr.DeleteByVendor(ctx, job.ImageScanJobVendorType, art.ID)
+}
+
+// deleteScanReports clean up the scan reports by the artifact
+func deleteScanReports(ctx context.Context, art *Artifact) error {
+	return report.Mgr.DeleteByDigests(ctx, art.Digest)
+}
+
 func (c *controller) Ensure(ctx context.Context, repository, digest string, option *ArtOption) (bool, int64, error) {
 	created, artifact, err := c.ensureArtifact(ctx, repository, digest)
 	if err != nil {
@@ -438,6 +459,14 @@ func (c *controller) deleteDeeply(ctx context.Context, id int64, isRoot, isAcces
 		})
 	}
 
+	// run the post functions after deleting artifact, only log message if error occurred
+	// because it not block the artifact deletion.
+	for action, onDelete := range c.onDeleteFuncs {
+		if err = onDelete(ctx, art); err != nil {
+			log.Errorf("failed to enforce action %s after deleting artifact %d, error: %v", action, art.ID, err)
+		}
+	}
+
 	return nil
 }