Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-22 18:25:56 +01:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into repEnhance

Browse Source
This commit is contained in:
pfh 2018-01-05 14:09:03 +08:00
commit 13308ce9d8
59 changed files with 623 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -306,6 +306,8 @@ modify_composefile_clair:
@cp $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRTPLFILENAME) $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
@$(SEDCMD) -i 's/__postgresql_version__/$(CLAIRDBVERSION)/g' $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
@$(SEDCMD) -i 's/__clair_version__/$(CLAIRVERSION)-$(VERSIONTAG)/g' $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
@cp $(DOCKERCOMPOSEFILEPATH)/ha/$(DOCKERCOMPOSECLAIRTPLFILENAME) $(DOCKERCOMPOSEFILEPATH)/ha/$(DOCKERCOMPOSECLAIRFILENAME)
@$(SEDCMD) -i 's/__clair_version__/$(CLAIRVERSION)-$(VERSIONTAG)/g' $(DOCKERCOMPOSEFILEPATH)/ha/$(DOCKERCOMPOSECLAIRFILENAME)
modify_sourcefiles:
@echo "change mode of source files."

39
make/common/templates/registry/config.yml
View File

@ -4,32 +4,31 @@ log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /storage
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /storage
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
http:
addr: :5000
secret: placeholder
debug:
addr: localhost:5001
addr: :5000
secret: placeholder
debug:
addr: localhost:5001
auth:
token:
issuer: harbor-token-issuer
realm: $ui_url/service/token
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
notifications:
endpoints:
- name: harbor
disabled: false
url: http://ui:8080/service/notifications
timeout: 3000ms
threshold: 5
backoff: 1s
- name: harbor
disabled: false
url: http://ui:8080/service/notifications
timeout: 3000ms
threshold: 5
backoff: 1s

36
make/common/templates/registry/config_ha.yml
View File

@ -4,14 +4,14 @@ log:
fields:
service: registry
storage:
cache:
layerinfo: redis
Place_holder_for_Storage_configureation
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
cache:
layerinfo: redis
Place_holder_for_Storage_configureation
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
redis:
addr: $redis_url
db: 0
@ -24,10 +24,10 @@ redis:
idletimeout: 300s
http:
addr: :5000
secret: placeholder
debug:
addr: localhost:5001
addr: :5000
secret: placeholder
debug:
addr: localhost:5001
auth:
token:
issuer: harbor-token-issuer
@ -37,9 +37,9 @@ auth:
notifications:
endpoints:
- name: harbor
disabled: false
url: http://ui:8080/service/notifications
timeout: 3000ms
threshold: 5
backoff: 1s
- name: harbor
disabled: false
url: http://ui:8080/service/notifications
timeout: 3000ms
threshold: 5
backoff: 1s

2
make/docker-compose.tpl
View File

@ -76,7 +76,7 @@ services:
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- ./common/config/ui/certificates/:/etc/ui/certifates/
- ./common/config/ui/certificates/:/etc/ui/certificates/
- /data/secretkey:/etc/ui/key:z
- /data/ca_download/:/etc/ui/ca/:z
- /data/psc/:/etc/ui/token/:z

32
make/ha/docker-compose.clair.tpl Normal file
View File

@ -0,0 +1,32 @@
version: '2'
services:
ui:
networks:
harbor-clair:
aliases:
- harbor-ui
jobservice:
networks:
- harbor-clair
registry:
networks:
- harbor-clair
clair:
networks:
- harbor-clair
container_name: clair
image: vmware/clair-photon:__clair_version__
restart: always
cpu_quota: 150000
depends_on:
- log
volumes:
- ./common/config/clair:/config
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "clair"
networks:
harbor-clair:
external: false

1
make/harbor.cfg
View File

@ -142,4 +142,5 @@ uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem
#############

6
make/install.sh
View File

@ -165,7 +165,7 @@ if [ $with_notary ] && [ ! $harbor_ha ]
then
prepare_para="${prepare_para} --with-notary"
fi
if [ $with_clair ] && [ ! $harbor_ha ]
if [ $with_clair ]
then
prepare_para="${prepare_para} --with-clair"
fi
@ -182,7 +182,7 @@ if [ $with_notary ] && [ ! $harbor_ha ]
then
docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"
fi
if [ $with_clair ] && [ ! $harbor_ha ]
if [ $with_clair ]
then
docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"
fi
@ -199,6 +199,8 @@ if [ $harbor_ha ]
then
mv docker-compose.yml docker-compose.yml.bak
cp ha/docker-compose.yml docker-compose.yml
mv docker-compose.clair.yml docker-compose.clair.yml.bak
cp ha/docker-compose.clair.yml docker-compose.clair.yml
fi
docker-compose $docker_compose_list up -d

21
make/prepare
View File

@ -30,8 +30,13 @@ def validate(conf, args):
redis_url = rcp.get("configuration", "redis_url")
if redis_url is None or len(redis_url) < 1:
raise Exception("Error: In HA mode redis is required redis_url need to point to an redis cluster")
if args.notary_mode or args.clair_mode:
raise Exception("Error: HA mode doesn't support clair and notary currently")
if args.notary_mode:
raise Exception("Error: HA mode doesn't support Notary currently")
if args.clair_mode:
clair_db_host = rcp.get("configuration", "clair_db_host")
if "postgres" == clair_db_host:
raise Exception("Error: In HA mode, clair_db_host in harbor.cfg needs to point to an external Postgres DB address.")
cert_path = rcp.get("configuration", "ssl_cert")
cert_key_path = rcp.get("configuration", "ssl_cert_key")
shared_cert_key = os.path.join(base_dir, "ha", os.path.basename(cert_key_path))
@ -245,6 +250,7 @@ uaa_endpoint = rcp.get("configuration", "uaa_endpoint")
uaa_clientid = rcp.get("configuration", "uaa_clientid")
uaa_clientsecret = rcp.get("configuration", "uaa_clientsecret")
uaa_verify_cert = rcp.get("configuration", "uaa_verify_cert")
uaa_ca_cert = rcp.get("configuration", "uaa_ca_cert")
secret_key = get_secret_key(secretkey_path)
log_rotate_count = rcp.get("configuration", "log_rotate_count")
@ -275,6 +281,7 @@ log_config_dir = prep_conf_dir (config_dir, "log")
adminserver_conf_env = os.path.join(config_dir, "adminserver", "env")
ui_conf_env = os.path.join(config_dir, "ui", "env")
ui_conf = os.path.join(config_dir, "ui", "app.conf")
ui_cert_dir = os.path.join(config_dir, "ui", "certificates")
jobservice_conf = os.path.join(config_dir, "jobservice", "app.conf")
registry_conf = os.path.join(config_dir, "registry", "config.yml")
db_conf_env = os.path.join(config_dir, "db", "env")
@ -382,6 +389,16 @@ shutil.copyfile(os.path.join(templates_dir, "jobservice", "app.conf"), jobservic
print("Generated configuration file: %s" % ui_conf)
shutil.copyfile(os.path.join(templates_dir, "ui", "app.conf"), ui_conf)
if auth_mode == "uaa_auth":
if os.path.isfile(uaa_ca_cert):
if not os.path.isdir(ui_cert_dir):
os.makedirs(ui_cert_dir, mode=0o600)
ui_uaa_ca = os.path.join(ui_cert_dir, "uaa_ca.pem")
print("Copying UAA CA cert to %s" % ui_uaa_ca)
shutil.copyfile(uaa_ca_cert, ui_uaa_ca)
else:
print("Can not find UAA CA cert: %s, skip" % uaa_ca_cert)
def validate_crt_subj(dirty_subj):
subj_list = [item for item in dirty_subj.strip().split("/") \

4
src/common/dao/config_test.go
View File

@ -46,7 +46,7 @@ func TestAuthModeCanBeModified(t *testing.T) {
t.Fatalf("failed to register user: %v", err)
}
defer func(id int64) {
if err := deleteUser(id); err != nil {
if err := CleanUser(id); err != nil {
t.Fatalf("failed to delete user %d: %v", id, err)
}
}(id)
@ -68,4 +68,4 @@ func TestAuthModeCanBeModified(t *testing.T) {
t.Errorf("unexpected result: %t != %t", flag, false)
}
}
}
}

16
src/common/dao/user.go
View File

@ -258,9 +258,12 @@ func DeleteUser(userID int) error {
}
// ChangeUserProfile ...
func ChangeUserProfile(user models.User) error {
func ChangeUserProfile(user models.User, cols ...string) error {
o := GetOrmer()
if _, err := o.Update(&user, "Email", "Realname", "Comment"); err != nil {
if len(cols) == 0 {
cols = []string{"Email", "Realname", "Comment"}
}
if _, err := o.Update(&user, cols...); err != nil {
log.Errorf("update user failed, error: %v", err)
return err
}
@ -290,3 +293,12 @@ func OnBoardUser(u *models.User) error {
}
return nil
}
//CleanUser - Clean this user information from DB
func CleanUser(id int64) error {
if _, err := GetOrmer().QueryTable(&models.User{}).
Filter("UserID", id).Delete(); err != nil {
return err
}
return nil
}

12
src/common/dao/user_test.go
View File

@ -39,7 +39,7 @@ func TestDeleteUser(t *testing.T) {
t.Fatalf("failed to register user: %v", err)
}
defer func(id int64) {
if err := deleteUser(id); err != nil {
if err := CleanUser(id); err != nil {
t.Fatalf("failed to delete user %d: %v", id, err)
}
}(id)
@ -88,13 +88,5 @@ func TestOnBoardUser(t *testing.T) {
err = OnBoardUser(u)
assert.Nil(err)
assert.True(u.UserID == id)
deleteUser(int64(id))
}
func deleteUser(id int64) error {
if _, err := GetOrmer().QueryTable(&models.User{}).
Filter("UserID", id).Delete(); err != nil {
return err
}
return nil
CleanUser(int64(id))
}

21
src/common/models/models_test.go
View File

@ -1,21 +0,0 @@
// Copyright (c) 2017 VMware, Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package models
import (
"testing"
)
func TestMain(m *testing.M) {
}

17
src/common/models/replication_job.go
View File

@ -89,14 +89,15 @@ func (r *RepTarget) Valid(v *validation.Validation) {
v.SetError("name", "max length is 64")
}
if len(r.URL) == 0 {
v.SetError("endpoint", "can not be empty")
}
r.URL = utils.FormatEndpoint(r.URL)
if len(r.URL) > 64 {
v.SetError("endpoint", "max length is 64")
url, err := utils.ParseEndpoint(r.URL)
if err != nil {
v.SetError("endpoint", err.Error())
} else {
// Prevent SSRF security issue #3755
r.URL = url.Scheme + "://" + url.Host + url.Path
if len(r.URL) > 64 {
v.SetError("endpoint", "max length is 64")
}
}
// password is encoded using base64, the length of this field

131
src/common/models/target_test.go Normal file
View File

@ -0,0 +1,131 @@
// Copyright (c) 2017 VMware, Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package models
import (
"testing"
"github.com/astaxie/beego/validation"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestValidOfTarget(t *testing.T) {
cases := []struct {
target RepTarget
err bool
expected RepTarget
}{
// name is null
{
RepTarget{
Name: "",
},
true,
RepTarget{}},
// url is null
{
RepTarget{
Name: "endpoint01",
URL: "",
},
true,
RepTarget{},
},
// invalid url
{
RepTarget{
Name: "endpoint01",
URL: "ftp://example.com",
},
true,
RepTarget{},
},
// invalid url
{
RepTarget{
Name: "endpoint01",
URL: "ftp://example.com",
},
true,
RepTarget{},
},
// valid url
{
RepTarget{
Name: "endpoint01",
URL: "example.com",
},
false,
RepTarget{
Name: "endpoint01",
URL: "http://example.com",
},
},
// valid url
{
RepTarget{
Name: "endpoint01",
URL: "http://example.com",
},
false,
RepTarget{
Name: "endpoint01",
URL: "http://example.com",
},
},
// valid url
{
RepTarget{
Name: "endpoint01",
URL: "https://example.com",
},
false,
RepTarget{
Name: "endpoint01",
URL: "https://example.com",
},
},
// valid url
{
RepTarget{
Name: "endpoint01",
URL: "http://example.com/redirect?key=value",
},
false,
RepTarget{
Name: "endpoint01",
URL: "http://example.com/redirect",
}},
}
for _, c := range cases {
v := &validation.Validation{}
c.target.Valid(v)
if c.err {
require.True(t, v.HasErrors())
continue
}
require.False(t, v.HasErrors())
assert.Equal(t, c.expected, c.target)
}
}

2
src/common/utils/registry/registry.go
View File

@ -129,7 +129,7 @@ func (r *Registry) Catalog() ([]string, error) {
// Ping ...
func (r *Registry) Ping() error {
req, err := http.NewRequest("GET", buildPingURL(r.Endpoint.String()), nil)
req, err := http.NewRequest(http.MethodHead, buildPingURL(r.Endpoint.String()), nil)
if err != nil {
return err
}

2
src/common/utils/registry/registry_test.go
View File

@ -28,7 +28,7 @@ import (
func TestPing(t *testing.T) {
server := test.NewServer(
&test.RequestHandlerMapping{
Method: "GET",
Method: http.MethodHead,
Pattern: "/v2/",
Handler: test.Handler(nil),
})

23
src/common/utils/uaa/client.go
View File

@ -22,6 +22,7 @@ import (
"fmt"
"io/ioutil"
"net/http"
"os"
"strings"
"github.com/vmware/harbor/src/common/utils/log"
@ -179,16 +180,20 @@ func NewDefaultClient(cfg *ClientConfig) (Client, error) {
InsecureSkipVerify: cfg.SkipTLSVerify,
}
if !cfg.SkipTLSVerify && len(cfg.CARootPath) > 0 {
content, err := ioutil.ReadFile(cfg.CARootPath)
if err != nil {
return nil, err
}
pool := x509.NewCertPool()
//Do not throw error if the certificate is malformed, so we can put a place holder.
if ok := pool.AppendCertsFromPEM(content); !ok {
log.Warningf("Failed to append certificate to cert pool, cert path: %s", cfg.CARootPath)
if _, err := os.Stat(cfg.CARootPath); !os.IsNotExist(err) {
content, err := ioutil.ReadFile(cfg.CARootPath)
if err != nil {
return nil, err
}
pool := x509.NewCertPool()
//Do not throw error if the certificate is malformed, so we can put a place holder.
if ok := pool.AppendCertsFromPEM(content); !ok {
log.Warningf("Failed to append certificate to cert pool, cert path: %s", cfg.CARootPath)
} else {
tc.RootCAs = pool
}
} else {
tc.RootCAs = pool
log.Warningf("The root certificate file %s is not found, skip configuring root cert in UAA client.", cfg.CARootPath)
}
}
hc := &http.Client{

2
src/common/utils/uaa/client_test.go
View File

@ -98,7 +98,7 @@ func TestNewClientWithCACert(t *testing.T) {
CARootPath: "/notexist",
}
_, err := NewDefaultClient(cfg)
assert.NotNil(err)
assert.Nil(err)
//Skip if it's malformed.
cfg.CARootPath = path.Join(currPath(), "test", "non-ca.pem")
_, err = NewDefaultClient(cfg)

31
src/common/utils/utils.go
View File

@ -29,27 +29,24 @@ import (
"github.com/vmware/harbor/src/common/utils/log"
)
// FormatEndpoint formats endpoint
func FormatEndpoint(endpoint string) string {
endpoint = strings.TrimSpace(endpoint)
// ParseEndpoint parses endpoint to a URL
func ParseEndpoint(endpoint string) (*url.URL, error) {
endpoint = strings.Trim(endpoint, " ")
endpoint = strings.TrimRight(endpoint, "/")
if !strings.HasPrefix(endpoint, "http://") &&
!strings.HasPrefix(endpoint, "https://") {
if len(endpoint) == 0 {
return nil, fmt.Errorf("empty URL")
}
i := strings.Index(endpoint, "://")
if i >= 0 {
scheme := endpoint[:i]
if scheme != "http" && scheme != "https" {
return nil, fmt.Errorf("invalid scheme: %s", scheme)
}
} else {
endpoint = "http://" + endpoint
}
return endpoint
}
// ParseEndpoint parses endpoint to a URL
func ParseEndpoint(endpoint string) (*url.URL, error) {
endpoint = FormatEndpoint(endpoint)
u, err := url.Parse(endpoint)
if err != nil {
return nil, err
}
return u, nil
return url.ParseRequestURI(endpoint)
}
// ParseRepository splits a repository into two parts: project and rest

45
src/common/utils/utils_test.go
View File

@ -23,37 +23,30 @@ import (
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestParseEndpoint(t *testing.T) {
endpoint := "example.com"
u, err := ParseEndpoint(endpoint)
if err != nil {
t.Fatalf("failed to parse endpoint %s: %v", endpoint, err)
cases := []struct {
input string
err bool
expected string
}{
{" example.com/ ", false, "http://example.com"},
{"ftp://example.com", true, ""},
{"http://example.com", false, "http://example.com"},
{"https://example.com", false, "https://example.com"},
{"http://example!@#!?//#", true, ""},
}
if u.String() != "http://example.com" {
t.Errorf("unexpected endpoint: %s != %s", endpoint, "http://example.com")
}
endpoint = "https://example.com"
u, err = ParseEndpoint(endpoint)
if err != nil {
t.Fatalf("failed to parse endpoint %s: %v", endpoint, err)
}
if u.String() != "https://example.com" {
t.Errorf("unexpected endpoint: %s != %s", endpoint, "https://example.com")
}
endpoint = " example.com/ "
u, err = ParseEndpoint(endpoint)
if err != nil {
t.Fatalf("failed to parse endpoint %s: %v", endpoint, err)
}
if u.String() != "http://example.com" {
t.Errorf("unexpected endpoint: %s != %s", endpoint, "http://example.com")
for _, c := range cases {
u, err := ParseEndpoint(c.input)
if c.err {
require.NotNil(t, err)
continue
}
require.Nil(t, err)
assert.Equal(t, c.expected, u.String())
}
}

6
src/ui/api/email.go
View File

@ -106,7 +106,9 @@ func (e *EmailAPI) Ping() {
addr := net.JoinHostPort(host, strconv.Itoa(port))
if err := email.Ping(addr, identity, username,
password, pingEmailTimeout, ssl, insecure); err != nil {
log.Debugf("ping %s failed: %v", addr, err)
e.CustomAbort(http.StatusBadRequest, err.Error())
log.Errorf("failed to ping email server: %v", err)
// do not return any detail information of the error, or may cause SSRF security issue #3755
e.RenderError(http.StatusBadRequest, "failed to ping email server")
return
}
}

16
src/ui/api/email_test.go
View File

@ -16,7 +16,6 @@ package api
import (
"fmt"
"strings"
"testing"
"github.com/stretchr/testify/assert"
@ -36,7 +35,7 @@ func TestPingEmail(t *testing.T) {
assert.Equal(401, code, "the status code of ping email server with non-admin user should be 401")
//case 2: bad request
//case 2: empty email host
settings := `{
"email_host": ""
}`
@ -47,7 +46,7 @@ func TestPingEmail(t *testing.T) {
return
}
assert.Equal(400, code, "the status code of ping email server should be 400")
assert.Equal(400, code)
//case 3: secure connection with admin role
settings = `{
@ -58,18 +57,13 @@ func TestPingEmail(t *testing.T) {
"email_ssl": true
}`
code, body, err := apiTest.PingEmail(*admin, []byte(settings))
code, _, err = apiTest.PingEmail(*admin, []byte(settings))
if err != nil {
t.Errorf("failed to test ping email server: %v", err)
return
}
assert.Equal(400, code, "the status code of ping email server should be 400")
if !strings.Contains(body, "535") {
t.Errorf("unexpected error: %s does not contains 535", body)
return
}
assert.Equal(400, code)
//case 4: ping email server whose settings are read from config
code, _, err = apiTest.PingEmail(*admin, nil)
@ -78,5 +72,5 @@ func TestPingEmail(t *testing.T) {
return
}
assert.Equal(400, code, "the status code of ping email server should be 400")
assert.Equal(400, code)
}

3
src/ui/api/ldap.go
View File

@ -29,7 +29,7 @@ type LdapAPI struct {
}
const (
pingErrorMessage = "LDAP connection test failed!"
pingErrorMessage = "LDAP connection test failed"
loadSystemErrorMessage = "Can't load system configuration!"
canNotOpenLdapSession = "Can't open LDAP session!"
searchLdapFailMessage = "LDAP search failed!"
@ -72,6 +72,7 @@ func (l *LdapAPI) Ping() {
if err != nil {
log.Errorf("ldap connect fail, error: %v", err)
// do not return any detail information of the error, or may cause SSRF security issue #3755
l.RenderError(http.StatusBadRequest, pingErrorMessage)
return
}

43
src/ui/api/target.go
View File

@ -16,15 +16,12 @@ package api
import (
"fmt"
"net"
"net/http"
"net/url"
"strconv"
"github.com/vmware/harbor/src/common/dao"
"github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/src/common/utils"
registry_error "github.com/vmware/harbor/src/common/utils/error"
"github.com/vmware/harbor/src/common/utils/log"
"github.com/vmware/harbor/src/common/utils/registry"
"github.com/vmware/harbor/src/common/utils/registry/auth"
@ -60,27 +57,15 @@ func (t *TargetAPI) Prepare() {
func (t *TargetAPI) ping(endpoint, username, password string, insecure bool) {
registry, err := newRegistryClient(endpoint, insecure, username, password)
if err != nil {
// timeout, dns resolve error, connection refused, etc.
if urlErr, ok := err.(*url.Error); ok {
if netErr, ok := urlErr.Err.(net.Error); ok {
t.CustomAbort(http.StatusBadRequest, netErr.Error())
}
t.CustomAbort(http.StatusBadRequest, urlErr.Error())
}
log.Errorf("failed to create registry client: %#v", err)
t.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
if err == nil {
err = registry.Ping()
}
if err = registry.Ping(); err != nil {
if regErr, ok := err.(*registry_error.HTTPError); ok {
t.CustomAbort(regErr.StatusCode, regErr.Detail)
}
log.Errorf("failed to ping registry %s: %v", registry.Endpoint.String(), err)
t.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
if err != nil {
log.Errorf("failed to ping target: %v", err)
// do not return any detail information of the error, or may cause SSRF security issue #3755
t.RenderError(http.StatusBadRequest, "failed to ping target")
return
}
}
@ -117,7 +102,14 @@ func (t *TargetAPI) Ping() {
}
if req.Endpoint != nil {
target.URL = *req.Endpoint
url, err := utils.ParseEndpoint(*req.Endpoint)
if err != nil {
t.HandleBadRequest(err.Error())
return
}
// Prevent SSRF security issue #3755
target.URL = url.Scheme + "://" + url.Host + url.Path
}
if req.Username != nil {
target.Username = *req.Username
@ -129,11 +121,6 @@ func (t *TargetAPI) Ping() {
target.Insecure = *req.Insecure
}
if len(target.URL) == 0 {
t.HandleBadRequest("empty endpoint")
return
}
t.ping(target.URL, target.Username, target.Password, target.Insecure)
}

40
src/ui/auth/authenticator.go
View File

@ -39,6 +39,34 @@ type AuthenticateHelper interface {
OnBoardUser(u *models.User) error
// Get user information from account repository
SearchUser(username string) (*models.User, error)
// Update user information after authenticate, such as Onboard or sync info etc
PostAuthenticate(u *models.User) error
}
// DefaultAuthenticateHelper - default AuthenticateHelper implementation
type DefaultAuthenticateHelper struct {
}
// Authenticate ...
func (d *DefaultAuthenticateHelper) Authenticate(m models.AuthModel) (*models.User, error) {
return nil, nil
}
// OnBoardUser will check if a user exists in user table, if not insert the user and
// put the id in the pointer of user model, if it does exist, fill in the user model based
// on the data record of the user
func (d *DefaultAuthenticateHelper) OnBoardUser(u *models.User) error {
return nil
}
//SearchUser - Get user information from account repository
func (d *DefaultAuthenticateHelper) SearchUser(username string) (*models.User, error) {
return nil, nil
}
//PostAuthenticate - Update user information after authenticate, such as Onboard or sync info etc
func (d *DefaultAuthenticateHelper) PostAuthenticate(u *models.User) error {
return nil
}
var registry = make(map[string]AuthenticateHelper)
@ -79,6 +107,9 @@ func Login(m models.AuthModel) (*models.User, error) {
lock.Lock(m.Principal)
time.Sleep(frozenTime)
}
authenticator.PostAuthenticate(user)
return user, err
}
@ -112,3 +143,12 @@ func SearchUser(username string) (*models.User, error) {
}
return helper.SearchUser(username)
}
// PostAuthenticate -
func PostAuthenticate(u *models.User) error {
helper, err := getHelper()
if err != nil {
return err
}
return helper.PostAuthenticate(u)
}

10
src/ui/auth/db/db.go
View File

@ -21,7 +21,9 @@ import (
)
// Auth implements Authenticator interface to authenticate user against DB.
type Auth struct{}
type Auth struct {
auth.DefaultAuthenticateHelper
}
// Authenticate calls dao to authenticate user.
func (d *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
@ -32,12 +34,6 @@ func (d *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
return u, nil
}
// OnBoardUser - Dummy implementation when auth_mod is db_auth
func (d *Auth) OnBoardUser(user *models.User) error {
//No need to create user in local database
return nil
}
// SearchUser - Check if user exist in local db
func (d *Auth) SearchUser(username string) (*models.User, error) {
var queryCondition = models.User{

80
src/ui/auth/ldap/ldap.go
View File

@ -16,6 +16,7 @@ package ldap
import (
"fmt"
"regexp"
"strings"
"github.com/vmware/harbor/src/common/dao"
@ -26,7 +27,9 @@ import (
)
// Auth implements AuthenticateHelper interface to authenticate against LDAP
type Auth struct{}
type Auth struct {
auth.DefaultAuthenticateHelper
}
// Authenticate checks user's credential against LDAP based on basedn template and LDAP URL,
// if the check is successful a dummy record will be inserted into DB, such that this user can
@ -68,7 +71,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
u := models.User{}
u.Username = ldapUsers[0].Username
u.Email = ldapUsers[0].Email
u.Email = strings.TrimSpace(ldapUsers[0].Email)
u.Realname = ldapUsers[0].Realname
dn := ldapUsers[0].DN
@ -78,34 +81,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
log.Warningf("Failed to bind user, username: %s, dn: %s, error: %v", u.Username, dn, err)
return nil, nil
}
exist, err := dao.UserExists(u, "username")
if err != nil {
return nil, err
}
if exist {
currentUser, err := dao.GetUser(u)
if err != nil {
return nil, err
}
u.UserID = currentUser.UserID
u.HasAdminRole = currentUser.HasAdminRole
} else {
var user models.User
user.Username = ldapUsers[0].Username
user.Email = ldapUsers[0].Email
user.Realname = ldapUsers[0].Realname
err = auth.OnBoardUser(&user)
if err != nil || user.UserID <= 0 {
log.Errorf("Can't import user %s, error: %v", ldapUsers[0].Username, err)
return nil, fmt.Errorf("can't import user %s, error: %v", ldapUsers[0].Username, err)
}
u.UserID = user.UserID
}
return &u, nil
}
// OnBoardUser will check if a user exists in user table, if not insert the user and
@ -153,6 +129,52 @@ func (l *Auth) SearchUser(username string) (*models.User, error) {
return &user, nil
}
//PostAuthenticate -- If user exist in harbor DB, sync email address, if not exist, call OnBoardUser
func (l *Auth) PostAuthenticate(u *models.User) error {
exist, err := dao.UserExists(*u, "username")
if err != nil {
return err
}
if exist {
queryCondition := models.User{
Username: u.Username,
}
dbUser, err := dao.GetUser(queryCondition)
if err != nil {
return err
}
if dbUser == nil {
fmt.Printf("User not found in DB %+v", u)
return nil
}
u.UserID = dbUser.UserID
u.HasAdminRole = dbUser.HasAdminRole
if dbUser.Email != u.Email {
Re := regexp.MustCompile(`^[a-z0-9._%+\-]+@[a-z0-9.\-]+\.[a-z]{2,4}$`)
if !Re.MatchString(u.Email) {
log.Debugf("Not a valid email address: %v, skip to sync", u.Email)
} else {
dao.ChangeUserProfile(*u, "Email")
}
u.Email = dbUser.Email
}
return nil
}
err = auth.OnBoardUser(u)
if err != nil {
return err
}
if u.UserID <= 0 {
return fmt.Errorf("Can not OnBoardUser %v", u)
}
return nil
}
func init() {
auth.Register("ldap_auth", &Auth{})
}

57
src/ui/auth/ldap/ldap_test.go
View File

@ -19,6 +19,7 @@ import (
"os"
"testing"
"github.com/stretchr/testify/assert"
"github.com/vmware/harbor/src/common"
"github.com/vmware/harbor/src/common/dao"
"github.com/vmware/harbor/src/common/models"
@ -204,3 +205,59 @@ func TestAuthenticateHelperSearchUser(t *testing.T) {
t.Error("Failed to search user test")
}
}
func TestPostAuthentication(t *testing.T) {
assert := assert.New(t)
user1 := &models.User{
Username: "test003",
Email: "test003@vmware.com",
Realname: "test003",
}
queryCondition := models.User{
Username: "test003",
Realname: "test003",
}
err := auth.OnBoardUser(user1)
assert.Nil(err)
user2 := &models.User{
Username: "test003",
Email: "234invalidmail@@@@@",
}
auth.PostAuthenticate(user2)
dbUser, err := dao.GetUser(queryCondition)
if err != nil {
t.Fatalf("Failed to get user, error %v", err)
}
assert.EqualValues("test003@vmware.com", dbUser.Email)
user3 := &models.User{
Username: "test003",
}
auth.PostAuthenticate(user3)
dbUser, err = dao.GetUser(queryCondition)
if err != nil {
t.Fatalf("Failed to get user, error %v", err)
}
assert.EqualValues("test003@vmware.com", dbUser.Email)
user4 := &models.User{
Username: "test003",
Email: "test003@example.com",
}
auth.PostAuthenticate(user4)
dbUser, err = dao.GetUser(queryCondition)
if err != nil {
t.Fatalf("Failed to get user, error %v", err)
}
assert.EqualValues("test003@example.com", dbUser.Email)
dao.CleanUser(int64(dbUser.UserID))
}

3
src/ui/auth/uaa/uaa.go
View File

@ -16,6 +16,7 @@ package uaa
import (
"fmt"
"os"
"strings"
"sync"
@ -38,6 +39,7 @@ func CreateClient() (uaa.Client, error) {
ClientSecret: UAASettings.ClientSecret,
Endpoint: UAASettings.Endpoint,
SkipTLSVerify: !UAASettings.VerifyCert,
CARootPath: os.Getenv("UAA_CA_ROOT"),
}
return uaa.NewDefaultClient(cfg)
}
@ -46,6 +48,7 @@ func CreateClient() (uaa.Client, error) {
type Auth struct {
sync.Mutex
client uaa.Client
auth.DefaultAuthenticateHelper
}
//Authenticate ...

2
src/ui_ng/lib/package.json
View File

@ -1,6 +1,6 @@
{
"name": "harbor-ui",
"version": "0.6.2",
"version": "0.6.6",
"description": "Harbor shared UI components based on Clarity and Angular4",
"scripts": {
"start": "ng serve --host 0.0.0.0 --port 4500 --proxy-config proxy.config.json",

2
src/ui_ng/lib/pkg/package.json
View File

@ -1,6 +1,6 @@
{
"name": "harbor-ui",
"version": "0.6.2",
"version": "0.6.6",
"description": "Harbor shared UI components based on Clarity and Angular4",
"author": "VMware",
"module": "index.js",

2
src/ui_ng/lib/src/harbor-library.module.ts
View File

@ -214,7 +214,7 @@ export class HarborLibraryModule {
config.configService || { provide: ConfigurationService, useClass: ConfigurationDefaultService },
config.jobLogService || { provide: JobLogService, useClass: JobLogDefaultService },
config.projectPolicyService || { provide: ProjectService, useClass: ProjectDefaultService },
//Do initializing
// Do initializing
TranslateServiceInitializer,
{
provide: APP_INITIALIZER,

21
src/ui_ng/lib/src/repository/repository.component.css.ts
View File

@ -26,8 +26,25 @@ export const REPOSITORY_STYLE = `.option-right {
font-size: 32px;
}
pre {
white-space: pre-wrap;
.no-info-div {
background: white;
border: 1px;
border-style: solid;
border-color: #CCCCCC;
padding: 12px 12px 12px 12px;
}
.info-div {
background: white;
border: 1px;
border-style: solid;
border-color: #CCCCCC;
padding: 0px 12px 24px 12px;
}
.info-pre {
border: 0px;
max-height: fit-content;
}
#info-edit-button {

16
src/ui_ng/lib/src/repository/repository.component.html.ts
View File

@ -24,12 +24,18 @@ export const REPOSITORY_TEMPLATE = `
<section id="info" role="tabpanel" aria-labelledby="repo-info" [hidden]='!isCurrentTabContent("info")'>
<form #repoInfoForm="ngForm">
<div id="info-edit-button">
<button class="btn btn-sm" [disabled]="editing" (click)="editInfo()" >{{'BUTTON.EDIT' | translate}}</button>
<button class="btn btn-sm" [disabled]="editing || !hasProjectAdminRole " (click)="editInfo()" >{{'BUTTON.EDIT' | translate}}</button>
</div>
<div>
<h3 *ngIf="!editing && !hasInfo()" >{{'REPOSITORY.NO_INFO' | translate }}</h3>
<pre *ngIf="!editing && hasInfo()" ><code>{{ imageInfo }}</code></pre>
<textarea *ngIf="editing" name="info-edit-textarea" [(ngModel)]="imageInfo"></textarea>
<div *ngIf="!editing">
<div *ngIf="!hasInfo()" class="no-info-div">
<p>{{'REPOSITORY.NO_INFO' | translate }}<p>
</div>
<div *ngIf="hasInfo()" class="info-div">
<pre class="info-pre">{{ imageInfo }}</pre>
</div>
</div>
<div *ngIf="editing">
<textarea rows="5" name="info-edit-textarea" [(ngModel)]="imageInfo"></textarea>
</div>
<div class="btn-sm" *ngIf="editing">
<button class="btn btn-primary" [disabled]="!hasChanges()" (click)="saveInfo()" >{{'BUTTON.SAVE' | translate}}</button>

8
src/ui_ng/lib/src/shared/shared.module.ts
View File

@ -3,7 +3,7 @@ import { CommonModule } from '@angular/common';
import { HttpModule, Http } from '@angular/http';
import { ClarityModule } from 'clarity-angular';
import { FormsModule } from '@angular/forms';
import { TranslateModule, TranslateLoader, TranslateService, MissingTranslationHandler } from "@ngx-translate/core";
import { TranslateModule, TranslateLoader, TranslateService, MissingTranslationHandler } from '@ngx-translate/core';
import { MyMissingTranslationHandler } from '../i18n/missing-trans.handler';
import { TranslateHttpLoader } from '@ngx-translate/http-loader';
import { TranslatorJsonLoader } from '../i18n/local-json.loader';
@ -30,9 +30,9 @@ export function GeneralTranslatorLoader(http: Http, config: IServiceConfig) {
}
/**
*
*
* Module for sharing common modules
*
*
* @export
* @class SharedModule
*/
@ -68,4 +68,4 @@ export function GeneralTranslatorLoader(http: Http, config: IServiceConfig) {
providers: [CookieService]
})
export class SharedModule { }
export class SharedModule { }

4
src/ui_ng/package.json
View File

@ -1,6 +1,6 @@
{
"name": "harbor",
"version": "1.2.0",
"version": "1.3.0",
"description": "Harbor UI with Clarity",
"angular-cli": {},
"scripts": {
@ -31,7 +31,7 @@
"clarity-icons": "^0.10.17",
"clarity-ui": "^0.10.17",
"core-js": "^2.4.1",
"harbor-ui": "^0.6.0-test-5",
"harbor-ui": "0.6.6",
"intl": "^1.2.5",
"mutationobserver-shim": "^0.3.2",
"ngx-cookie": "^1.0.0",

2
src/ui_ng/rollup-config.js
View File

@ -21,7 +21,7 @@ export default {
plugins: [
nodeResolve({jsnext: true, module: true, browser: true}),
commonjs({
include: ['node_modules/**']
include: ['node_modules/**'],
}),
uglify()
]

3
src/ui_ng/src/app/account/sign-in/sign-in.component.css
View File

@ -47,4 +47,5 @@
font-size: 14px !important;
position: relative;
top: -9px;
}
}
.bg{position: absolute;top: 60px; right: 0px;width: 100%; height: 100%; background-size: cover;}

3
src/ui_ng/src/app/account/sign-in/sign-in.component.html
View File

@ -1,4 +1,5 @@
<div class="login-wrapper login-wrapper-override" [ngStyle]="{'background-image': 'url(' + customLoginBgImg + ')'}">
<div class="login-wrapper login-wrapper-override">
<div class="bg" *ngIf="customLoginBgImg" [ngStyle]="{'background-image': 'url(static/images/' + customLoginBgImg + ')'}"></div>
<form #signInForm="ngForm" class="login">
<label class="title"> {{customAppTitle? customAppTitle:(appTitle | translate)}}<span class="trademark tm-font">&#8482;</span>
</label>

2
src/ui_ng/src/app/base/global-search/global-search.component.ts
View File

@ -57,7 +57,7 @@ export class GlobalSearchComponent implements OnInit, OnDestroy {
ngOnInit(): void {
//custom skin
let customSkinObj = this.skinableConfig.getProjects();
let customSkinObj = this.skinableConfig.getProject();
if (customSkinObj && customSkinObj.projectName) {
this.translate.get('GLOBAL_SEARCH.PLACEHOLDER', {'param': customSkinObj.projectName}).subscribe(res => {
//Placeholder text

57
src/ui_ng/src/app/base/harbor-shell/harbor-shell.component.html
View File

@ -8,22 +8,47 @@
<search-result></search-result>
<router-outlet></router-outlet>
</div>
<nav class="sidenav" style="padding: 12px 36px;" *ngIf="isUserExisting">
<section class="sidenav-content" style="padding-top: 20px;">
<a routerLink="/harbor/projects" routerLinkActive="active" class="nav-link nav-link-override">{{'SIDE_NAV.PROJECTS' | translate}}</a>
<a routerLink="/harbor/logs" routerLinkActive="active" class="nav-link nav-link-override" style="margin-top: 4px;">{{'SIDE_NAV.LOGS' | translate}}</a>
<section class="nav-group collapsible" *ngIf="isSystemAdmin" style="margin-top: 4px;">
<input id="tabsystem" type="checkbox">
<label for="tabsystem">{{'SIDE_NAV.SYSTEM_MGMT.NAME' | translate}}</label>
<ul class="nav-list">
<li><a class="nav-link nav-link-override" routerLink="/harbor/users" routerLinkActive="active">{{'SIDE_NAV.SYSTEM_MGMT.USER' | translate}}</a></li>
<li><a class="nav-link nav-link-override" routerLink="/harbor/replications" routerLinkActive="active">{{'SIDE_NAV.SYSTEM_MGMT.REPLICATION' | translate}}</a></li>
<li><a class="nav-link nav-link-override" routerLink="/harbor/registry" routerLinkActive="active">{{'APP_TITLE.REG' | translate}}</a></li>
<li><a class="nav-link nav-link-override" routerLink="/harbor/configs" routerLinkActive="active">{{'SIDE_NAV.SYSTEM_MGMT.CONFIG' | translate}}</a></li>
</ul>
</section>
</section>
</nav>
<clr-vertical-nav [clrVerticalNavCollapsible]="true" *ngIf="isUserExisting">
<a clrVerticalNavLink routerLinkActive="active" routerLink="/harbor/projects">
<clr-icon shape="organization" clrVerticalNavIcon></clr-icon>
{{'SIDE_NAV.PROJECTS' | translate}}
</a>
<a clrVerticalNavLink routerLinkActive="active" routerLink="/harbor/logs">
<clr-icon shape="list" clrVerticalNavIcon></clr-icon>
{{'SIDE_NAV.LOGS' | translate}}
</a>
<clr-vertical-nav-group *ngIf="isSystemAdmin" routerLinkActive="active">
<clr-icon shape="administrator" clrVerticalNavIcon></clr-icon>
{{'SIDE_NAV.SYSTEM_MGMT.NAME' | translate}}
<a routerLink="#" hidden aria-hidden="true"></a>
<clr-vertical-nav-group-children *clrIfExpanded="true">
<a clrVerticalNavLink
routerLink="/harbor/users"
routerLinkActive="active">
<clr-icon shape="users" clrVerticalNavIcon></clr-icon>
{{'SIDE_NAV.SYSTEM_MGMT.USER' | translate}}
</a>
<a clrVerticalNavLink
routerLink="/harbor/registries"
routerLinkActive="active">
<clr-icon shape="block" clrVerticalNavIcon></clr-icon>
{{'SIDE_NAV.SYSTEM_MGMT.REGISTRY' | translate}}
</a>
<a clrVerticalNavLink
routerLink="/harbor/replications"
routerLinkActive="active">
<clr-icon shape="cloud-traffic" clrVerticalNavIcon></clr-icon>
{{'SIDE_NAV.SYSTEM_MGMT.REPLICATION' | translate}}
</a>
<a clrVerticalNavLink
routerLink="/harbor/configs"
routerLinkActive="active">
<clr-icon shape="cog" clrVerticalNavIcon></clr-icon>
{{'SIDE_NAV.SYSTEM_MGMT.CONFIG' | translate}}
</a>
</clr-vertical-nav-group-children>
</clr-vertical-nav-group>
</clr-vertical-nav>
</div>
</clr-main-container>
<account-settings-modal></account-settings-modal>

2
src/ui_ng/src/app/base/navigator/navigator.component.html
View File

@ -2,7 +2,7 @@
<div class="branding">
<a href="javascript:void(0)" class="nav-link" (click)="homeAction()">
<clr-icon shape="vm-bug" *ngIf="!customStyle?.headerLogo"></clr-icon>
<img [attr.src]="customStyle?.headerLogo" *ngIf="customStyle?.headerLogo" style="width: 36px;height: 36px; object-fit: fill;">
<img [attr.src]="'static/images/'+customStyle?.headerLogo" *ngIf="customStyle?.headerLogo" style="width: 36px;height: 36px; object-fit: fill;">
<span class="title">{{customProjectName?.projectName? customProjectName?.projectName:(appTitle | translate)}}</span>
</a>
</div>

6
src/ui_ng/src/app/harbor-routing.module.ts
View File

@ -80,11 +80,15 @@ const harborRoutes: Routes = [
component: UserComponent,
canActivate: [SystemAdminGuard]
},
{
path: 'registries',
component: DestinationPageComponent,
canActivate: [SystemAdminGuard]
},
{
path: 'replications',
component: TotalReplicationPageComponent,
canActivate: [SystemAdminGuard],
canActivateChild: [SystemAdminGuard],
},
{
path: 'replications/:id/rule',

2
src/ui_ng/src/app/replication/destination/destination-page.component.html
View File

@ -1,4 +1,4 @@
<h2 class="custom-h2">{{'REPLICATION.ENDPOINTS' | translate}}</h2>
<h2 class="custom-h2">{{'SIDE_NAV.SYSTEM_MGMT.REGISTRY' | translate}}</h2>
<div style="margin-top: 24px;">
<hbr-endpoint></hbr-endpoint>
</div>

4
src/ui_ng/src/app/replication/replication-management/replication-management.component.ts
View File

@ -11,6 +11,10 @@
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// This Module is used as Container For Endpoint and Replication Rules
// Will deprecated on Harbor 1.4.0
import { Component } from '@angular/core';
@Component({

2
src/ui_ng/src/app/replication/total-replication/total-replication-page.component.html
View File

@ -1,4 +1,4 @@
<h2 class="custom-h2">{{'REPLICATION.REPLICATION_RULE' | translate}}</h2>
<h2 class="custom-h2">{{'SIDE_NAV.SYSTEM_MGMT.REPLICATION' | translate}}</h2>
<div style="margin-top: 24px;">
<hbr-replication [readonly]="false" [withReplicationJob]='true' (openCreateRule)="openCreatePage()" (openEdit)="openEditPage($event)" (redirect)="customRedirect($event)"></hbr-replication>
</div>

2
src/ui_ng/src/app/shared/about-dialog/about-dialog.component.ts
View File

@ -35,7 +35,7 @@ export class AboutDialogComponent implements OnInit{
ngOnInit(): void {
// custom skin
let customSkinObj = this.skinableConfig.getProjects();
let customSkinObj = this.skinableConfig.getProject();
if (customSkinObj) {
let selectedLang = this.translate.currentLang;
this.customName = customSkinObj;

6
src/ui_ng/src/app/skinable-config.service.ts
View File

@ -12,7 +12,7 @@ export class SkinableConfig {
constructor(private http: Http) {}
public getCustomFile(): Promise<any> {
return this.http.get('../setting.json')
return this.http.get('../static/setting.json')
.toPromise()
.then(response => { this.customSkinData = response.json(); return this.customSkinData; })
.catch(error => {
@ -24,9 +24,9 @@ export class SkinableConfig {
return this.customSkinData;
}
public getProjects() {
public getProject() {
if (this.customSkinData) {
return this.customSkinData.projects;
return this.customSkinData.project;
}else {
return null;
}

3
src/ui_ng/src/i18n/lang/en-us-lang.json
View File

@ -102,7 +102,8 @@
"SYSTEM_MGMT": {
"NAME": "Administration",
"USER": "Users",
"REPLICATION": "Replication",
"REGISTRY": "Registries",
"REPLICATION": "Replications",
"CONFIG": "Configuration"
},
"LOGS": "Logs"

3
src/ui_ng/src/i18n/lang/es-es-lang.json
View File

@ -98,7 +98,8 @@
"SYSTEM_MGMT": {
"NAME": "Administración",
"USER": "Usuarios",
"REPLICATION": "Replicación",
"REGISTRY": "Registries",
"REPLICATION": "Replicacións",
"CONFIG": "Configuración"
},
"LOGS": "Logs"

1
src/ui_ng/src/i18n/lang/zh-cn-lang.json
View File

@ -98,6 +98,7 @@
"SYSTEM_MGMT": {
"NAME": "系统管理",
"USER": "用户管理",
"REGISTRY": "仓库管理",
"REPLICATION": "复制管理",
"CONFIG": "配置管理"
},

10
src/ui_ng/src/setting.json
View File

@ -1,11 +1,11 @@
{
"headerBgColor": "#004a70",
"headerBgColor": "",
"headerLogo": "",
"loginBgImg": "",
"appTitle": "VMware Harbor",
"projects": {
"companyName": "vmware",
"projectName": "Harbor",
"appTitle": "",
"project": {
"companyName": "",
"projectName": "",
"introduction": {
"zh-cn": "",
"es-es": "",

4
tests/resources/Harbor-Pages/Administration-Users_Elements.robot
View File

@ -16,5 +16,5 @@
Documentation This resource provides any keywords related to the Harbor private registry appliance
*** Variables ***
${administration_user_tag_xpath} /html/body/harbor-app/harbor-shell/clr-main-container/div/nav/section/section/ul/li[1]/a
${administration_tag_xpath} /html/body/harbor-app/harbor-shell/clr-main-container/div/nav/section/section/label
${administration_user_tag_xpath} //clr-vertical-nav-group-children/a[contains(.,'Users')]
${administration_tag_xpath} //clr-vertical-nav-group[contains(.,'Admin')]

34
tests/resources/Harbor-Pages/Configuration.robot
View File

@ -38,14 +38,14 @@ Init LDAP
Sleep 1
Capture Page Screenshot
Disable Ldap Verify Cert Checkbox
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[1]
Click Element xpath=${config_save_button_xpath}
Sleep 2
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[3]
Sleep 1
Capture Page Screenshot
Switch To Configure
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/nav/section/section/ul/li[4]/a
Click Element xpath=${configuration_xpath}
Sleep 2
Test Ldap Connection
@ -89,32 +89,32 @@ Ldap Verify Cert Checkbox Should Be Disabled
Set Pro Create Admin Only
#set limit to admin only
Sleep 2
Click Element xpath=//clr-main-container//nav//ul/li[4]
Click Element xpath=${configuration_xpath}
Sleep 1
Click Element xpath=//select[@id="proCreation"]
Click Element xpath=//select[@id="proCreation"]//option[@value="adminonly"]
Sleep 1
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[1]
Click Element xpath=${config_save_button_xpath}
Capture Page Screenshot AdminCreateOnly.png
Set Pro Create Every One
#set limit to Every One
Click Element xpath=//clr-main-container//nav//ul/li[4]
#set limit to Every One
Click Element xpath=${configuration_xpath}
Sleep 1
Click Element xpath=//select[@id="proCreation"]
Click Element xpath=//select[@id="proCreation"]//option[@value="everyone"]
Sleep 1
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[1]
Click Element xpath=${config_save_button_xpath}
Sleep 2
Capture Page Screenshot EveryoneCreate.png
Disable Self Reg
Click Element xpath=//clr-main-container//nav//ul/li[4]
Disable Self Reg
Click Element xpath=${configuration_xpath}
Mouse Down xpath=${self_reg_xpath}
Mouse Up xpath=${self_reg_xpath}
Sleep 1
Self Reg Should Be Disabled
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[1]
Click Element xpath=${config_save_button_xpath}
Capture Page Screenshot DisableSelfReg.png
Sleep 1
@ -123,7 +123,7 @@ Enable Self Reg
Mouse Up xpath=${self_reg_xpath}
Sleep 1
Self Reg Should Be Enabled
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[1]
Click Element xpath=${config_save_button_xpath}
Capture Page Screenshot EnableSelfReg.png
Sleep 1
@ -142,13 +142,13 @@ Project Creation Should Not Display
## System settings
Switch To System Settings
Sleep 1
Click Element xpath=//clr-main-container//nav//ul/li[4]
Click Element xpath=${configuration_xpath}
Click Element xpath=//*[@id="config-system"]
Modify Token Expiration
[Arguments] ${minutes}
Input Text xpath=//*[@id="tokenExpiration"] ${minutes}
Click Button xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[1]
Click Button xpath=${config_save_button_xpath}
Sleep 1
Token Must Be Match
@ -159,7 +159,7 @@ Token Must Be Match
Check Verify Remote Cert
Mouse Down xpath=//*[@id="clr-checkbox-verifyRemoteCert"]
Mouse Up xpath=//*[@id="clr-checkbox-verifyRemoteCert"]
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[1]
Click Element xpath=${config_save_button_xpath}
Capture Page Screenshot RemoteCert.png
Sleep 1
@ -191,7 +191,7 @@ Config Email
Mouse Down xpath=//*[@id="clr-checkbox-emailInsecure"]
Mouse Up xpath=//*[@id="clr-checkbox-emailInsecure"]
Sleep 1
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[1]
Click Element xpath=${config_save_button_xpath}
Sleep 6
Verify Email
@ -206,11 +206,11 @@ Set Scan All To None
click element //vulnerability-config//select
click element //vulnerability-config//select/option[@value='none']
sleep 1
click element //config//div/button[contains(.,'SAVE')]
click element ${config_save_button_xpath}
Set Scan All To Daily
click element //vulnerability-config//select
click element //vulnerability-config//select/option[@value='daily']
sleep 1
click element //config//div/button[contains(.,'SAVE')]
click element ${config_save_button_xpath}
Click Scan Now
click element //vulnerability-config//button[contains(.,'SCAN')]

2
tests/resources/Harbor-Pages/Configuration_Elements.robot
View File

@ -19,3 +19,5 @@ Documentation This resource provides any keywords related to the Harbor private
${project_create_xpath} //clr-dg-action-bar//button[contains(.,'New')]
${self_reg_xpath} //input[@id="clr-checkbox-selfReg"]
${test_ldap_xpath} /html/body/harbor-app/harbor-shell/clr-main-container/div/div/config/div/div/div/button[3]
${config_save_button_xpath} //config//div/button[contains(.,'SAVE')]
${configuration_xpath} //clr-vertical-nav-group-children/a[contains(.,'Configuration')]

2
tests/resources/Harbor-Pages/Project.robot
View File

@ -56,7 +56,7 @@ Switch To Log
Sleep 1
Switch To Replication
Click Element xpath=${replication_xpath}
Click Element xpath=${project_replication_xpath}
Sleep 1
Back To projects

6
tests/resources/Harbor-Pages/Project_Elements.robot
View File

@ -20,6 +20,6 @@ ${create_project_button_css} .btn
${project_name_xpath} //*[@id="create_project_name"]
${project_public_xpath} //input[@name='public']/..//label
${project_save_css} html body.no-scrolling harbor-app harbor-shell clr-main-container.main-container div.content-container div.content-area.content-area-override project div.row div.col-lg-12.col-md-12.col-sm-12.col-xs-12 div.row.flex-items-xs-between div.option-left create-project clr-modal div.modal div.modal-dialog div.modal-content div.modal-footer button.btn.btn-primary
${log_xpath} /html/body/harbor-app/harbor-shell/clr-main-container/div/nav/section/a[2]
${projects_xpath} /html/body/harbor-app/harbor-shell/clr-main-container/div/nav/section/a[1]
${replication_xpath} /html/body/harbor-app/harbor-shell/clr-main-container/div/div/project-detail/nav/ul/li[4]/a
${log_xpath} //clr-main-container/div/clr-vertical-nav/div/a[contains(.,'Logs')]
${projects_xpath} //clr-main-container/div/clr-vertical-nav/div/a[contains(.,'Projects')]
${project_replication_xpath} //project-detail//a[contains(.,'Replication')]

1
tests/resources/Harbor-Pages/Replication_Elements.robot
View File

@ -26,3 +26,4 @@ ${destination_url_xpath} //*[@id='destination_url']
${destination_username_xpath} //*[@id='destination_username']
${destination_password_xpath} //*[@id='destination_password']
${replicaton_save_xpath} //button[contains(.,'OK')]
${replication_xpath} //clr-vertical-nav-group-children/a[contains(.,'Replication')]

2
tests/resources/Harbor-Pages/UserProfile.robot
View File

@ -31,7 +31,7 @@ Change Password
Sleep 1
Click Element xpath=//password-setting/clr-modal//button[2]
Sleep 2
Click Element xpath=/html/body/harbor-app/harbor-shell/clr-main-container/div/nav/section/a[2]
Click Element xpath=${log_xpath}
Sleep 1
Update User Comment