2018-09-19 18:57:15 +02:00
|
|
|
// Copyright Project Harbor Authors
|
2017-04-13 12:54:58 +02:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
2017-03-20 10:20:31 +01:00
|
|
|
|
|
|
|
package common
|
|
|
|
|
2019-04-15 04:44:56 +02:00
|
|
|
type contextKey string
|
|
|
|
|
2017-03-20 10:20:31 +01:00
|
|
|
// const variables
|
|
|
|
const (
|
|
|
|
DBAuth = "db_auth"
|
|
|
|
LDAPAuth = "ldap_auth"
|
2017-12-21 13:07:23 +01:00
|
|
|
UAAAuth = "uaa_auth"
|
2019-01-11 11:16:50 +01:00
|
|
|
HTTPAuth = "http_auth"
|
2019-03-25 05:24:39 +01:00
|
|
|
OIDCAuth = "oidc_auth"
|
2021-03-11 13:25:51 +01:00
|
|
|
DBCfgManager = "db_cfg_manager"
|
|
|
|
InMemoryCfgManager = "in_memory_manager"
|
|
|
|
RestCfgManager = "rest_config_manager"
|
2017-03-20 10:20:31 +01:00
|
|
|
ProCrtRestrEveryone = "everyone"
|
|
|
|
ProCrtRestrAdmOnly = "adminonly"
|
2018-01-09 04:19:15 +01:00
|
|
|
LDAPScopeBase = 0
|
|
|
|
LDAPScopeOnelevel = 1
|
|
|
|
LDAPScopeSubtree = 2
|
2017-03-20 10:20:31 +01:00
|
|
|
|
2017-05-16 07:59:40 +02:00
|
|
|
RoleProjectAdmin = 1
|
|
|
|
RoleDeveloper = 2
|
|
|
|
RoleGuest = 3
|
2020-07-07 04:16:37 +02:00
|
|
|
RoleMaintainer = 4
|
2019-10-20 08:21:28 +02:00
|
|
|
RoleLimitedGuest = 5
|
2017-05-03 11:21:38 +02:00
|
|
|
|
2018-03-07 06:20:28 +01:00
|
|
|
LabelLevelSystem = "s"
|
|
|
|
LabelLevelUser = "u"
|
|
|
|
LabelScopeGlobal = "g"
|
|
|
|
LabelScopeProject = "p"
|
|
|
|
|
|
|
|
ResourceTypeProject = "p"
|
|
|
|
ResourceTypeRepository = "r"
|
|
|
|
ResourceTypeImage = "i"
|
2018-09-13 09:06:15 +02:00
|
|
|
ResourceTypeChart = "c"
|
2018-03-07 06:20:28 +01:00
|
|
|
|
2019-03-27 05:37:54 +01:00
|
|
|
ExtEndpoint = "ext_endpoint"
|
|
|
|
AUTHMode = "auth_mode"
|
|
|
|
DatabaseType = "database_type"
|
|
|
|
PostGreSQLHOST = "postgresql_host"
|
|
|
|
PostGreSQLPort = "postgresql_port"
|
|
|
|
PostGreSQLUsername = "postgresql_username"
|
|
|
|
PostGreSQLPassword = "postgresql_password"
|
|
|
|
PostGreSQLDatabase = "postgresql_database"
|
|
|
|
PostGreSQLSSLMode = "postgresql_sslmode"
|
2019-08-12 11:14:57 +02:00
|
|
|
PostGreSQLMaxIdleConns = "postgresql_max_idle_conns"
|
|
|
|
PostGreSQLMaxOpenConns = "postgresql_max_open_conns"
|
2019-03-27 05:37:54 +01:00
|
|
|
SelfRegistration = "self_registration"
|
|
|
|
CoreURL = "core_url"
|
2019-07-30 08:05:57 +02:00
|
|
|
CoreLocalURL = "core_local_url"
|
2019-03-27 05:37:54 +01:00
|
|
|
JobServiceURL = "jobservice_url"
|
|
|
|
LDAPURL = "ldap_url"
|
|
|
|
LDAPSearchDN = "ldap_search_dn"
|
|
|
|
LDAPSearchPwd = "ldap_search_password"
|
|
|
|
LDAPBaseDN = "ldap_base_dn"
|
|
|
|
LDAPUID = "ldap_uid"
|
|
|
|
LDAPFilter = "ldap_filter"
|
|
|
|
LDAPScope = "ldap_scope"
|
|
|
|
LDAPTimeout = "ldap_timeout"
|
|
|
|
LDAPVerifyCert = "ldap_verify_cert"
|
|
|
|
LDAPGroupBaseDN = "ldap_group_base_dn"
|
|
|
|
LDAPGroupSearchFilter = "ldap_group_search_filter"
|
|
|
|
LDAPGroupAttributeName = "ldap_group_attribute_name"
|
|
|
|
LDAPGroupSearchScope = "ldap_group_search_scope"
|
|
|
|
TokenServiceURL = "token_service_url"
|
|
|
|
RegistryURL = "registry_url"
|
|
|
|
EmailHost = "email_host"
|
|
|
|
EmailPort = "email_port"
|
|
|
|
EmailUsername = "email_username"
|
|
|
|
EmailPassword = "email_password"
|
|
|
|
EmailFrom = "email_from"
|
|
|
|
EmailSSL = "email_ssl"
|
|
|
|
EmailIdentity = "email_identity"
|
|
|
|
EmailInsecure = "email_insecure"
|
|
|
|
ProjectCreationRestriction = "project_creation_restriction"
|
|
|
|
MaxJobWorkers = "max_job_workers"
|
|
|
|
TokenExpiration = "token_expiration"
|
|
|
|
AdminInitialPassword = "admin_initial_password"
|
|
|
|
WithNotary = "with_notary"
|
2020-02-10 16:46:26 +01:00
|
|
|
WithTrivy = "with_trivy"
|
2019-03-27 05:37:54 +01:00
|
|
|
ScanAllPolicy = "scan_all_policy"
|
|
|
|
UAAEndpoint = "uaa_endpoint"
|
|
|
|
UAAClientID = "uaa_client_id"
|
|
|
|
UAAClientSecret = "uaa_client_secret"
|
|
|
|
UAAVerifyCert = "uaa_verify_cert"
|
|
|
|
HTTPAuthProxyEndpoint = "http_authproxy_endpoint"
|
|
|
|
HTTPAuthProxyTokenReviewEndpoint = "http_authproxy_tokenreview_endpoint"
|
2020-12-09 13:25:58 +01:00
|
|
|
HTTPAuthProxyAdminGroups = "http_authproxy_admin_groups"
|
2021-04-07 08:11:39 +02:00
|
|
|
HTTPAuthProxyAdminUsernames = "http_authproxy_admin_usernames"
|
2019-04-12 16:58:49 +02:00
|
|
|
HTTPAuthProxyVerifyCert = "http_authproxy_verify_cert"
|
2019-07-16 09:38:44 +02:00
|
|
|
HTTPAuthProxySkipSearch = "http_authproxy_skip_search"
|
2019-12-02 12:45:07 +01:00
|
|
|
HTTPAuthProxyServerCertificate = "http_authproxy_server_certificate"
|
2019-03-27 05:37:54 +01:00
|
|
|
OIDCName = "oidc_name"
|
|
|
|
OIDCEndpoint = "oidc_endpoint"
|
|
|
|
OIDCCLientID = "oidc_client_id"
|
|
|
|
OIDCClientSecret = "oidc_client_secret"
|
2019-04-12 16:58:49 +02:00
|
|
|
OIDCVerifyCert = "oidc_verify_cert"
|
2020-10-20 09:19:11 +02:00
|
|
|
OIDCAdminGroup = "oidc_admin_group"
|
2019-09-16 08:32:34 +02:00
|
|
|
OIDCGroupsClaim = "oidc_groups_claim"
|
2022-11-11 02:55:11 +01:00
|
|
|
OIDCGroupFilter = "oidc_group_filter"
|
2020-05-05 23:13:51 +02:00
|
|
|
OIDCAutoOnboard = "oidc_auto_onboard"
|
2020-12-16 12:41:13 +01:00
|
|
|
OIDCExtraRedirectParms = "oidc_extra_redirect_parms"
|
2019-03-27 05:37:54 +01:00
|
|
|
OIDCScope = "oidc_scope"
|
2020-05-05 23:13:51 +02:00
|
|
|
OIDCUserClaim = "oidc_user_claim"
|
2019-03-01 07:11:14 +01:00
|
|
|
|
2018-07-16 10:50:28 +02:00
|
|
|
CfgDriverDB = "db"
|
|
|
|
NewHarborAdminName = "admin@harbor.local"
|
|
|
|
RegistryStorageProviderName = "registry_storage_provider_name"
|
2019-04-23 09:42:58 +02:00
|
|
|
RegistryControllerURL = "registry_controller_url"
|
2018-07-16 10:50:28 +02:00
|
|
|
UserMember = "u"
|
|
|
|
GroupMember = "g"
|
|
|
|
ReadOnly = "read_only"
|
2020-02-10 16:46:26 +01:00
|
|
|
TrivyAdapterURL = "trivy_adapter_url"
|
2018-07-16 10:50:28 +02:00
|
|
|
NotaryURL = "notary_url"
|
2018-09-12 08:38:29 +02:00
|
|
|
DefaultCoreEndpoint = "http://core:8080"
|
2018-07-16 10:50:28 +02:00
|
|
|
DefaultNotaryEndpoint = "http://notary-server:4443"
|
2019-07-16 09:38:44 +02:00
|
|
|
LDAPGroupType = 1
|
|
|
|
HTTPGroupType = 2
|
2019-09-17 03:52:34 +02:00
|
|
|
OIDCGroupType = 3
|
2019-07-16 09:38:44 +02:00
|
|
|
LDAPGroupAdminDn = "ldap_group_admin_dn"
|
2019-02-21 11:31:42 +01:00
|
|
|
LDAPGroupMembershipAttribute = "ldap_group_membership_attribute"
|
2018-07-16 10:50:28 +02:00
|
|
|
DefaultRegistryControllerEndpoint = "http://registryctl:8080"
|
2018-07-19 17:50:25 +02:00
|
|
|
WithChartMuseum = "with_chartmuseum"
|
|
|
|
ChartRepoURL = "chart_repository_url"
|
|
|
|
DefaultChartRepoURL = "http://chartmuseum:9999"
|
2019-09-11 04:45:55 +02:00
|
|
|
DefaultPortalURL = "http://portal:8080"
|
2019-01-11 05:53:34 +01:00
|
|
|
DefaultRegistryCtlURL = "http://registryctl:8080"
|
2019-01-24 12:11:45 +01:00
|
|
|
// Use this prefix to distinguish harbor user, the prefix contains a special character($), so it cannot be registered as a harbor user.
|
2019-03-27 05:37:54 +01:00
|
|
|
RobotPrefix = "robot$"
|
2020-11-03 07:09:06 +01:00
|
|
|
// System admin defined the robot name prefix.
|
|
|
|
RobotNamePrefix = "robot_name_prefix"
|
2019-03-27 05:37:54 +01:00
|
|
|
// Use this prefix to index user who tries to login with web hook token.
|
|
|
|
AuthProxyUserNamePrefix = "tokenreview$"
|
2021-03-11 13:25:51 +01:00
|
|
|
CoreConfigPath = "/api/v2.0/internalconfig"
|
2019-03-27 05:37:54 +01:00
|
|
|
RobotTokenDuration = "robot_token_duration"
|
2019-03-25 05:24:39 +01:00
|
|
|
|
2019-03-28 10:35:13 +01:00
|
|
|
OIDCCallbackPath = "/c/oidc/callback"
|
2019-05-09 04:53:40 +02:00
|
|
|
OIDCLoginPath = "/c/oidc/login"
|
2019-04-15 04:44:56 +02:00
|
|
|
|
2020-12-15 10:08:01 +01:00
|
|
|
AuthProxyRediretPath = "/c/authproxy/redirect"
|
|
|
|
|
2019-08-10 18:27:07 +02:00
|
|
|
ChartUploadCtxKey = contextKey("chart_upload_event")
|
|
|
|
ChartDownloadCtxKey = contextKey("chart_download_event")
|
2019-07-23 17:38:32 +02:00
|
|
|
|
2019-08-07 14:30:26 +02:00
|
|
|
// Global notification enable configuration
|
|
|
|
NotificationEnable = "notification_enable"
|
2019-08-12 02:02:26 +02:00
|
|
|
|
2019-07-23 17:38:32 +02:00
|
|
|
// Quota setting items for project
|
2019-08-12 02:02:26 +02:00
|
|
|
QuotaPerProjectEnable = "quota_per_project_enable"
|
|
|
|
StoragePerProject = "storage_per_project"
|
2019-08-29 11:29:38 +02:00
|
|
|
|
2020-07-22 05:09:01 +02:00
|
|
|
// DefaultGCTimeWindowHours is the reserve blob time window used by GC, default is 2 hours
|
|
|
|
DefaultGCTimeWindowHours = int64(2)
|
2020-10-18 18:16:02 +02:00
|
|
|
|
|
|
|
// Metric setting items
|
|
|
|
MetricEnable = "metric_enable"
|
|
|
|
MetricPort = "metric_port"
|
|
|
|
MetricPath = "metric_path"
|
2021-09-17 00:47:01 +02:00
|
|
|
|
|
|
|
// Trace setting items
|
|
|
|
TraceEnabled = "trace_enabled"
|
|
|
|
TraceServiceName = "trace_service_name"
|
|
|
|
TraceSampleRate = "trace_sample_rate"
|
|
|
|
TraceNamespace = "trace_namespace"
|
|
|
|
TraceAttributes = "trace_attribute"
|
|
|
|
TraceJaegerEndpoint = "trace_jaeger_endpoint"
|
|
|
|
TraceJaegerUsername = "trace_jaeger_username"
|
|
|
|
TraceJaegerPassword = "trace_jaeger_password"
|
|
|
|
TraceJaegerAgentHost = "trace_jaeger_agent_host"
|
|
|
|
TraceJaegerAgentPort = "trace_jaeger_agent_port"
|
|
|
|
TraceOtelEndpoint = "trace_otel_endpoint"
|
|
|
|
TraceOtelURLPath = "trace_otel_url_path"
|
|
|
|
TraceOtelCompression = "trace_otel_compression"
|
|
|
|
TraceOtelInsecure = "trace_otel_insecure"
|
|
|
|
TraceOtelTimeout = "trace_otel_timeout"
|
2021-11-26 11:13:23 +01:00
|
|
|
|
2022-06-16 14:28:15 +02:00
|
|
|
GDPRDeleteUser = "gdpr_delete_user"
|
|
|
|
|
2021-11-26 11:13:23 +01:00
|
|
|
// These variables are temporary solution for issue: https://github.com/goharbor/harbor/issues/16039
|
|
|
|
// When user disable the pull count/time/audit log, it will decrease the database access, especially in large concurrency pull scenarios.
|
|
|
|
// TODO: Once we have a complete solution, delete these variables.
|
|
|
|
// PullCountUpdateDisable indicate if pull count is disable for pull request.
|
|
|
|
PullCountUpdateDisable = "pull_count_update_disable"
|
|
|
|
// PullTimeUpdateDisable indicate if pull time is disable for pull request.
|
|
|
|
PullTimeUpdateDisable = "pull_time_update_disable"
|
|
|
|
// PullAuditLogDisable indicate if pull audit log is disable for pull request.
|
|
|
|
PullAuditLogDisable = "pull_audit_log_disable"
|
2022-03-25 10:59:37 +01:00
|
|
|
|
|
|
|
// Cache layer settings
|
|
|
|
// CacheEnabled indicate whether enable cache layer.
|
|
|
|
CacheEnabled = "cache_enabled"
|
|
|
|
// CacheExpireHours is the cache expiration time, unit is hour.
|
|
|
|
CacheExpireHours = "cache_expire_hours"
|
|
|
|
// DefaultCacheExpireHours is the default cache expire hours, default is
|
|
|
|
// 24h.
|
|
|
|
DefaultCacheExpireHours = 24
|
2022-05-10 14:06:14 +02:00
|
|
|
|
|
|
|
PurgeAuditIncludeOperations = "include_operations"
|
|
|
|
PurgeAuditDryRun = "dry_run"
|
|
|
|
PurgeAuditRetentionHour = "audit_retention_hour"
|
2022-06-10 04:59:40 +02:00
|
|
|
// AuditLogForwardEndpoint indicate to forward the audit log to an endpoint
|
|
|
|
AuditLogForwardEndpoint = "audit_log_forward_endpoint"
|
|
|
|
// SkipAuditLogDatabase skip to log audit log in database
|
|
|
|
SkipAuditLogDatabase = "skip_audit_log_database"
|
2022-07-22 09:14:10 +02:00
|
|
|
// MaxAuditRetentionHour allowed in audit log purge
|
|
|
|
MaxAuditRetentionHour = 240000
|
2022-11-15 04:30:01 +01:00
|
|
|
|
|
|
|
// SessionTimeout defines the web session timeout
|
|
|
|
SessionTimeout = "session_timeout"
|
2017-03-20 10:20:31 +01:00
|
|
|
)
|