From 590212b4852c6266c0c16372ece2d78c93cdfdeb Mon Sep 17 00:00:00 2001 From: DQ Date: Thu, 26 Nov 2020 17:13:37 +0800 Subject: [PATCH] Remove clair related code - clair code in harbor core - clair code in frontend - clair code in robotcase Signed-off-by: DQ --- .github/workflows/build-package.yml | 4 +-- CONTRIBUTING.md | 2 +- SECURITY.md | 2 +- make/harbor.yml.tmpl | 1 - make/photon/prepare/templates/core/env.jinja | 2 -- src/common/config/metadata/metadatalist.go | 6 ++-- src/common/const.go | 2 -- src/common/utils/ldap/ldap_test.go | 1 - src/common/utils/test/config.go | 2 +- src/common/utils/test/test.go | 2 +- src/controller/scan/base_controller_test.go | 4 +-- src/controller/scanner/base_controller.go | 2 +- .../scanner/base_controller_test.go | 2 +- src/core/api/scan_all_test.go | 8 +++--- src/core/config/config.go | 10 ------- src/core/config/config_test.go | 6 ++-- src/core/main.go | 18 ------------ src/pkg/scan/init_test.go | 15 ++-------- src/pkg/scan/job_test.go | 4 +-- src/pkg/scan/report/summary_test.go | 4 +-- src/pkg/scan/report/supported_mime_test.go | 2 +- src/pkg/scan/rest/v1/client_test.go | 4 +-- .../harbor-shell.component.spec.ts | 2 +- .../scanner/config-scanner.component.spec.ts | 2 +- .../scanner-metadata.component.spec.ts | 2 +- .../artifact-list-page.component.spec.ts | 2 +- .../artifact-list-tab.component.spec.ts | 2 +- .../summary/summary.component.spec.ts | 12 ++++---- .../artifact-tag.component.spec.ts | 2 +- src/portal/src/app/services/app-config.ts | 4 +-- .../config/registry-config.component.spec.ts | 2 +- .../vulnerability-config.component.spec.ts | 2 +- .../project-policy-config.component.spec.ts | 4 +-- src/portal/src/lib/services/interface.ts | 2 +- tests/ci/api_common_install.sh | 2 +- tests/ci/distro_installer.sh | 4 +-- tests/resources/Harbor-Pages/Verify.robot | 7 ----- .../Harbor-Pages/Vulnerability.robot | 11 +------- .../Harbor-Pages/Vulnerability_Elements.robot | 1 - tests/resources/Harbor-Util.robot | 28 +++++++++---------- tests/resources/Nightly-Util.robot | 1 - tests/resources/OVA-Util.robot | 2 +- tests/robot-cases/Group0-BAT/BAT.robot | 12 -------- tests/robot-cases/Group1-Nightly/Clair.robot | 7 ----- .../robot-cases/Group1-Nightly/Nightly.robot | 6 ---- .../robot-cases/Group1-Nightly/Upgrade.robot | 4 --- .../Group1-Nightly/multi_scanners.robot | 3 -- tests/robot-cases/Group3-Upgrade/verify.robot | 1 - .../10-01-Cliar-can-not-scan-some-images.md | 9 +++--- ...2-Clair-scan-a-image-with-vulnerability.md | 8 +++--- .../10-03-Clair-scan-0-package-image.md | 8 +++--- .../10-04-Clair-data-not-ready-hint.md | 4 +-- .../10-05-Schedule-daily-scan.md | 4 +-- .../10-06-Change-scan-configuration.md | 2 +- .../10-07-Non-admin-can-not-scan.md | 2 +- ...e-exceed-vulnerability-severity-setting.md | 4 +-- .../10-09-User-can-pull-scaned-images.md | 4 +-- .../10-10-Manual-scan-all.md | 4 +-- .../10-11-User-fix-vulnerability.md | 6 ++-- .../Test-10-12-Scan-image-on-push.md | 6 ++-- 60 files changed, 96 insertions(+), 195 deletions(-) diff --git a/.github/workflows/build-package.yml b/.github/workflows/build-package.yml index 241689ff8..fa152e8bb 100644 --- a/.github/workflows/build-package.yml +++ b/.github/workflows/build-package.yml @@ -75,8 +75,8 @@ jobs: fi cd src/github.com/goharbor/harbor - sudo make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} NOTARYFLAG=true CLAIRFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= - sudo make package_online GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} NOTARYFLAG=true CLAIRFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= + sudo make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= + sudo make package_online GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= harbor_offline_build_bundle=$(basename harbor-offline-installer-*.tgz) harbor_online_build_bundle=$(basename harbor-online-installer-*.tgz) echo "Package name is: $harbor_offline_build_bundle" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 74c42e93a..80c78300a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -317,7 +317,7 @@ Once your pull request has been opened, harbor will run two CI pipelines against * If the coverage dramatic decline, you need to commit unit test to coverage your code. 2. In the drone CI, the E2E test will be triggered against the pull request. Also, the source code will be checked via `gosec`, and the result is stored in google storage for later analysis. The pipeline is about to build and install harbor from source code, then to run four very basic E2E tests to validate the basic functionalities of harbor, like: * Registry Basic Verification, to validate the image can be pulled and pushed successful. -* Clair Basic Verification, to validate the image can be scanned successful. +* Trivy Basic Verification, to validate the image can be scanned successful. * Notary Basic Verification, to validate the image can be signed successful. * Ldap Basic Verification, to validate harbor can work in LDAP environment. diff --git a/SECURITY.md b/SECURITY.md index 173759838..d810018ba 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -24,7 +24,7 @@ Provide a descriptive subject line and in the body of the email include the foll ## When to report a vulnerability * When you think Harbor has a potential security vulnerability. * When you suspect a potential vulnerability but you are unsure that it impacts Harbor. -* When you know of or suspect a potential vulnerability on another project that is used by Harbor. For example Harbor has a dependency on Docker, PGSql, Redis, Notary, Clair, etc. +* When you know of or suspect a potential vulnerability on another project that is used by Harbor. For example Harbor has a dependency on Docker, PGSql, Redis, Notary, Trivy, etc. ## Patch, Release, and Disclosure The Harbor Security Team will respond to vulnerability reports as follows: diff --git a/make/harbor.yml.tmpl b/make/harbor.yml.tmpl index 3ac666dd1..d47ce4a51 100644 --- a/make/harbor.yml.tmpl +++ b/make/harbor.yml.tmpl @@ -171,7 +171,6 @@ _version: 2.0.0 # registry_db_index: 1 # jobservice_db_index: 2 # chartmuseum_db_index: 3 -# clair_db_index: 4 # trivy_db_index: 5 # idle_timeout_seconds: 30 diff --git a/make/photon/prepare/templates/core/env.jinja b/make/photon/prepare/templates/core/env.jinja index 2408d8b4c..19a7743ac 100644 --- a/make/photon/prepare/templates/core/env.jinja +++ b/make/photon/prepare/templates/core/env.jinja @@ -24,12 +24,10 @@ MAX_JOB_WORKERS={{max_job_workers}} CORE_SECRET={{core_secret}} JOBSERVICE_SECRET={{jobservice_secret}} WITH_NOTARY={{with_notary}} -WITH_CLAIR={{with_clair}} WITH_TRIVY={{with_trivy}} CORE_URL={{core_url}} CORE_LOCAL_URL={{core_local_url}} JOBSERVICE_URL={{jobservice_url}} -CLAIR_ADAPTER_URL={{clair_adapter_url}} TRIVY_ADAPTER_URL={{trivy_adapter_url}} NOTARY_URL={{notary_url}} REGISTRY_STORAGE_PROVIDER_NAME={{storage_provider_name}} diff --git a/src/common/config/metadata/metadatalist.go b/src/common/config/metadata/metadatalist.go index 3e4c0505d..845bc8f80 100644 --- a/src/common/config/metadata/metadatalist.go +++ b/src/common/config/metadata/metadatalist.go @@ -50,7 +50,7 @@ const ( QuotaGroup = "quota" // Put all config items do not belong a existing group into basic BasicGroup = "basic" - ClairGroup = "clair" + TrivyGroup = "trivy" ) var ( @@ -65,8 +65,7 @@ var ( {Name: common.AUTHMode, Scope: UserScope, Group: BasicGroup, EnvKey: "AUTH_MODE", DefaultValue: "db_auth", ItemType: &AuthModeType{}, Editable: false}, {Name: common.ChartRepoURL, Scope: SystemScope, Group: BasicGroup, EnvKey: "CHART_REPOSITORY_URL", DefaultValue: "http://chartmuseum:9999", ItemType: &StringType{}, Editable: false}, - {Name: common.ClairAdapterURL, Scope: SystemScope, Group: ClairGroup, EnvKey: "CLAIR_ADAPTER_URL", DefaultValue: "http://clair-adapter:8080", ItemType: &StringType{}, Editable: false}, - {Name: common.TrivyAdapterURL, Scope: SystemScope, Group: ClairGroup, EnvKey: "TRIVY_ADAPTER_URL", DefaultValue: "http://trivy-adapter:8080", ItemType: &StringType{}, Editable: false}, + {Name: common.TrivyAdapterURL, Scope: SystemScope, Group: TrivyGroup, EnvKey: "TRIVY_ADAPTER_URL", DefaultValue: "http://trivy-adapter:8080", ItemType: &StringType{}, Editable: false}, {Name: common.CoreURL, Scope: SystemScope, Group: BasicGroup, EnvKey: "CORE_URL", DefaultValue: "http://core:8080", ItemType: &StringType{}, Editable: false}, {Name: common.CoreLocalURL, Scope: SystemScope, Group: BasicGroup, EnvKey: "CORE_LOCAL_URL", DefaultValue: "http://127.0.0.1:8080", ItemType: &StringType{}, Editable: false}, @@ -146,7 +145,6 @@ var ( {Name: common.OIDCAutoOnboard, Scope: UserScope, Group: OIDCGroup, DefaultValue: "false", ItemType: &BoolType{}}, {Name: common.WithChartMuseum, Scope: SystemScope, Group: BasicGroup, EnvKey: "WITH_CHARTMUSEUM", DefaultValue: "false", ItemType: &BoolType{}, Editable: true}, - {Name: common.WithClair, Scope: SystemScope, Group: BasicGroup, EnvKey: "WITH_CLAIR", DefaultValue: "false", ItemType: &BoolType{}, Editable: true}, {Name: common.WithTrivy, Scope: SystemScope, Group: BasicGroup, EnvKey: "WITH_TRIVY", DefaultValue: "false", ItemType: &BoolType{}, Editable: true}, {Name: common.WithNotary, Scope: SystemScope, Group: BasicGroup, EnvKey: "WITH_NOTARY", DefaultValue: "false", ItemType: &BoolType{}, Editable: true}, // the unit of expiration is minute, 43200 minutes = 30 days diff --git a/src/common/const.go b/src/common/const.go index 18e539cfc..cc9819e72 100755 --- a/src/common/const.go +++ b/src/common/const.go @@ -88,7 +88,6 @@ const ( TokenExpiration = "token_expiration" AdminInitialPassword = "admin_initial_password" WithNotary = "with_notary" - WithClair = "with_clair" WithTrivy = "with_trivy" ScanAllPolicy = "scan_all_policy" UAAEndpoint = "uaa_endpoint" @@ -118,7 +117,6 @@ const ( UserMember = "u" GroupMember = "g" ReadOnly = "read_only" - ClairAdapterURL = "clair_adapter_url" TrivyAdapterURL = "trivy_adapter_url" NotaryURL = "notary_url" DefaultCoreEndpoint = "http://core:8080" diff --git a/src/common/utils/ldap/ldap_test.go b/src/common/utils/ldap/ldap_test.go index 032f06c84..b52e0710e 100644 --- a/src/common/utils/ldap/ldap_test.go +++ b/src/common/utils/ldap/ldap_test.go @@ -67,7 +67,6 @@ var defaultConfigWithVerifyCert = map[string]interface{}{ common.TokenExpiration: 30, common.AdminInitialPassword: "password", common.WithNotary: false, - common.WithClair: false, } func TestMain(m *testing.M) { diff --git a/src/common/utils/test/config.go b/src/common/utils/test/config.go index 42f9bd207..c9637a077 100644 --- a/src/common/utils/test/config.go +++ b/src/common/utils/test/config.go @@ -55,7 +55,7 @@ var defaultConfig = map[string]interface{}{ common.TokenExpiration: 30, common.AdminInitialPassword: "password", common.WithNotary: false, - common.WithClair: false, + common.WithTrivy: false, common.UAAClientID: "testid", common.UAAClientSecret: "testsecret", common.UAAEndpoint: "10.192.168.5", diff --git a/src/common/utils/test/test.go b/src/common/utils/test/test.go index 4519235d9..17cdbfed9 100644 --- a/src/common/utils/test/test.go +++ b/src/common/utils/test/test.go @@ -124,7 +124,7 @@ func GetUnitTestConfig() map[string]interface{} { common.WithNotary: "false", common.WithChartMuseum: "false", common.SelfRegistration: "true", - common.WithClair: "true", + common.WithTrivy: "true", common.TokenServiceURL: "http://core:8080/service/token", common.RegistryURL: fmt.Sprintf("http://%s:5000", ipAddress), common.ReadOnly: false, diff --git a/src/controller/scan/base_controller_test.go b/src/controller/scan/base_controller_test.go index 229b9a363..7b33e2992 100644 --- a/src/controller/scan/base_controller_test.go +++ b/src/controller/scan/base_controller_test.go @@ -77,7 +77,7 @@ func (suite *ControllerTestSuite) SetupSuite() { m := &v1.ScannerAdapterMetadata{ Scanner: &v1.Scanner{ - Name: "Clair", + Name: "Trivy", Vendor: "Harbor", Version: "0.1.0", }, @@ -123,7 +123,7 @@ func (suite *ControllerTestSuite) SetupSuite() { rp := vuln.Report{ GeneratedAt: time.Now().UTC().String(), Scanner: &v1.Scanner{ - Name: "Clair", + Name: "Trivy", Vendor: "Harbor", Version: "0.1.0", }, diff --git a/src/controller/scanner/base_controller.go b/src/controller/scanner/base_controller.go index 46781b9e5..dd08d791d 100644 --- a/src/controller/scanner/base_controller.go +++ b/src/controller/scanner/base_controller.go @@ -328,7 +328,7 @@ func (bc *basicController) GetMetadata(registrationUUID string) (*v1.ScannerAdap } var ( - reservedNames = []string{"Clair", "Trivy"} + reservedNames = []string{"Trivy"} ) func isReservedName(name string) bool { diff --git a/src/controller/scanner/base_controller_test.go b/src/controller/scanner/base_controller_test.go index 1d0bd6e73..118d64e99 100644 --- a/src/controller/scanner/base_controller_test.go +++ b/src/controller/scanner/base_controller_test.go @@ -54,7 +54,7 @@ func (suite *ControllerTestSuite) SetupTest() { m := &v1.ScannerAdapterMetadata{ Scanner: &v1.Scanner{ - Name: "Clair", + Name: "Trivy", Vendor: "Harbor", Version: "0.1.0", }, diff --git a/src/core/api/scan_all_test.go b/src/core/api/scan_all_test.go index 71f498376..b0eaff5f9 100644 --- a/src/core/api/scan_all_test.go +++ b/src/core/api/scan_all_test.go @@ -46,16 +46,16 @@ func TestScanAllAPI(t *testing.T) { func (suite *ScanAllAPITestSuite) SetupSuite() { // Ensure scanner is there reg := &scanner.Registration{ - Name: "Clair", - Description: "The clair scanner adapter", - URL: "https://clair.com:8080", + Name: "Trivy", + Description: "The trivy scanner adapter", + URL: "https://trivy.com:8080", Disabled: false, IsDefault: true, } scMgr := sc.New() uuid, err := scMgr.Create(reg) - require.NoError(suite.T(), err, "failed to initialize clair scanner") + require.NoError(suite.T(), err, "failed to initialize trivy scanner") suite.uuid = uuid suite.m = scMgr diff --git a/src/core/config/config.go b/src/core/config/config.go index 8059f17f8..0596e1923 100755 --- a/src/core/config/config.go +++ b/src/core/config/config.go @@ -314,16 +314,6 @@ func WithNotary() bool { return cfgMgr.Get(common.WithNotary).GetBool() } -// WithClair returns a bool value to indicate if Harbor's deployed with Clair -func WithClair() bool { - return cfgMgr.Get(common.WithClair).GetBool() -} - -// ClairAdapterEndpoint returns the endpoint of clair adapter instance, by default it's the one deployed within Harbor. -func ClairAdapterEndpoint() string { - return cfgMgr.Get(common.ClairAdapterURL).GetString() -} - // WithTrivy returns a bool value to indicate if Harbor's deployed with Trivy. func WithTrivy() bool { return cfgMgr.Get(common.WithTrivy).GetBool() diff --git a/src/core/config/config_test.go b/src/core/config/config_test.go index e3f138cf2..6e130ef63 100644 --- a/src/core/config/config_test.go +++ b/src/core/config/config_test.go @@ -32,7 +32,7 @@ func TestConfig(t *testing.T) { dao.PrepareTestData([]string{"delete from properties where k='scan_all_policy'"}, []string{}) defaultCACertPath = path.Join(currPath(), "test", "ca.crt") c := map[string]interface{}{ - common.WithClair: false, + common.WithTrivy: false, common.WithChartMuseum: false, common.WithNotary: false, } @@ -147,8 +147,8 @@ func TestConfig(t *testing.T) { if WithNotary() { t.Errorf("Withnotary should be false") } - if WithClair() { - t.Errorf("WithClair should be false") + if WithTrivy() { + t.Errorf("WithTrivy should be false") } if ReadOnly() { t.Errorf("ReadOnly should be false") diff --git a/src/core/main.go b/src/core/main.go index bccae7221..0f2d7c47a 100755 --- a/src/core/main.go +++ b/src/core/main.go @@ -229,7 +229,6 @@ func main() { } const ( - clairScanner = "Clair" trivyScanner = "Trivy" ) @@ -251,20 +250,6 @@ func registerScanners() { uninstallScannerNames = append(uninstallScannerNames, trivyScanner) } - if config.WithClair() { - log.Info("Registering Clair scanner") - wantedScanners = append(wantedScanners, scanner.Registration{ - Name: clairScanner, - Description: "The Clair scanner adapter", - URL: config.ClairAdapterEndpoint(), - UseInternalAddr: true, - Immutable: true, - }) - } else { - log.Info("Removing Clair scanner") - uninstallScannerNames = append(uninstallScannerNames, clairScanner) - } - if err := scan.RemoveImmutableScanners(uninstallScannerNames); err != nil { log.Warningf("failed to remove scanners: %v", err) } @@ -285,8 +270,5 @@ func getDefaultScannerName() string { if config.WithTrivy() { return trivyScanner } - if config.WithClair() { - return clairScanner - } return "" } diff --git a/src/pkg/scan/init_test.go b/src/pkg/scan/init_test.go index 3711ff09d..182926341 100644 --- a/src/pkg/scan/init_test.go +++ b/src/pkg/scan/init_test.go @@ -57,12 +57,9 @@ func TestEnsureScanners(t *testing.T) { Keywords: map[string]interface{}{ "ex_name__in": []string{ "trivy", - "clair", }, }, - }).Return([]*scanner.Registration{ - {Name: "clair", URL: "http://clair:8080"}, - }, nil) + }).Return([]*scanner.Registration{}, nil) mgr.On("Create", &scanner.Registration{ Name: "trivy", URL: "http://trivy:8080", @@ -70,7 +67,6 @@ func TestEnsureScanners(t *testing.T) { err := EnsureScanners([]scanner.Registration{ {Name: "trivy", URL: "http://trivy:8080"}, - {Name: "clair", URL: "http://clair:8080"}, }) assert.NoError(t, err) @@ -85,25 +81,18 @@ func TestEnsureScanners(t *testing.T) { Keywords: map[string]interface{}{ "ex_name__in": []string{ "trivy", - "clair", }, }, }).Return([]*scanner.Registration{ {Name: "trivy", URL: "http://trivy:8080"}, - {Name: "clair", URL: "http://clair:8080"}, }, nil) mgr.On("Update", &scanner.Registration{ Name: "trivy", URL: "http://trivy:8443", }).Return(nil) - mgr.On("Update", &scanner.Registration{ - Name: "clair", - URL: "http://clair:8443", - }).Return(nil) err := EnsureScanners([]scanner.Registration{ {Name: "trivy", URL: "http://trivy:8443"}, - {Name: "clair", URL: "http://clair:8443"}, }) assert.NoError(t, err) @@ -130,7 +119,7 @@ func TestEnsureDefaultScanner(t *testing.T) { scannerManager = mgr mgr.On("GetDefault").Return(&scanner.Registration{ - Name: "clair", + Name: "trivy", }, nil) err := EnsureDefaultScanner("trivy") diff --git a/src/pkg/scan/job_test.go b/src/pkg/scan/job_test.go index 6d965c2d8..f746c2a57 100644 --- a/src/pkg/scan/job_test.go +++ b/src/pkg/scan/job_test.go @@ -70,7 +70,7 @@ func (suite *JobTestSuite) TestJob() { ID: 0, UUID: "uuid", Name: "TestJob", - URL: "https://clair.com:8080", + URL: "https://trivy.com:8080", } rData, err := r.ToJSON() @@ -121,7 +121,7 @@ func (suite *JobTestSuite) TestJob() { rp := vuln.Report{ GeneratedAt: time.Now().UTC().String(), Scanner: &v1.Scanner{ - Name: "Clair", + Name: "Trivy", Vendor: "Harbor", Version: "0.1.0", }, diff --git a/src/pkg/scan/report/summary_test.go b/src/pkg/scan/report/summary_test.go index 0f8489f4f..4257a520b 100644 --- a/src/pkg/scan/report/summary_test.go +++ b/src/pkg/scan/report/summary_test.go @@ -44,7 +44,7 @@ func (suite *SummaryTestSuite) SetupSuite() { rp := vuln.Report{ GeneratedAt: time.Now().UTC().String(), Scanner: &v1.Scanner{ - Name: "Clair", + Name: "Trivy", Vendor: "Harbor", Version: "0.1.0", }, @@ -102,7 +102,7 @@ func (suite *SummaryTestSuite) TestSummaryGenerateSummaryNoOptions() { suite.Nil(nativeSummary.CVEBypassed) suite.Equal(2, nativeSummary.Summary.Total) - suite.Equal("Clair", nativeSummary.Scanner.Name) + suite.Equal("Trivy", nativeSummary.Scanner.Name) suite.Equal("Harbor", nativeSummary.Scanner.Vendor) suite.Equal("0.1.0", nativeSummary.Scanner.Version) } diff --git a/src/pkg/scan/report/supported_mime_test.go b/src/pkg/scan/report/supported_mime_test.go index c4c167e0a..7b4602515 100644 --- a/src/pkg/scan/report/supported_mime_test.go +++ b/src/pkg/scan/report/supported_mime_test.go @@ -42,7 +42,7 @@ func (suite *SupportedMimesSuite) SetupSuite() { rp := vuln.Report{ GeneratedAt: time.Now().UTC().String(), Scanner: &v1.Scanner{ - Name: "Clair", + Name: "Trivy", Vendor: "Harbor", Version: "0.1.0", }, diff --git a/src/pkg/scan/rest/v1/client_test.go b/src/pkg/scan/rest/v1/client_test.go index 77495d8ed..2a521e30a 100644 --- a/src/pkg/scan/rest/v1/client_test.go +++ b/src/pkg/scan/rest/v1/client_test.go @@ -57,7 +57,7 @@ func (suite *ClientTestSuite) TestClientMetadata() { require.NoError(suite.T(), err) require.NotNil(suite.T(), m) - assert.Equal(suite.T(), m.Scanner.Name, "Clair") + assert.Equal(suite.T(), m.Scanner.Name, "Trivy") } // TestClientSubmitScan tests the scan submission of client @@ -114,7 +114,7 @@ func (mh *mockHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } m := &ScannerAdapterMetadata{ Scanner: &Scanner{ - Name: "Clair", + Name: "Trivy", Vendor: "Harbor", Version: "0.1.0", }, diff --git a/src/portal/src/app/base/harbor-shell/harbor-shell.component.spec.ts b/src/portal/src/app/base/harbor-shell/harbor-shell.component.spec.ts index 808ef82ec..f1d61f3af 100644 --- a/src/portal/src/app/base/harbor-shell/harbor-shell.component.spec.ts +++ b/src/portal/src/app/base/harbor-shell/harbor-shell.component.spec.ts @@ -57,7 +57,7 @@ describe('HarborShellComponent', () => { }, getConfig: function () { return { - with_clair: true + with_trivy: true }; } }; diff --git a/src/portal/src/app/config/scanner/config-scanner.component.spec.ts b/src/portal/src/app/config/scanner/config-scanner.component.spec.ts index 9214b69cb..36200f1d8 100644 --- a/src/portal/src/app/config/scanner/config-scanner.component.spec.ts +++ b/src/portal/src/app/config/scanner/config-scanner.component.spec.ts @@ -17,7 +17,7 @@ describe('ConfigurationScannerComponent', () => { let mockScannerMetadata = { scanner: { name: 'test1', - vendor: 'clair', + vendor: 'trivy', version: '1.0.1', }, capabilities: [{ diff --git a/src/portal/src/app/config/scanner/scanner-metadata/scanner-metadata.component.spec.ts b/src/portal/src/app/config/scanner/scanner-metadata/scanner-metadata.component.spec.ts index bd41a70a4..ee9130904 100644 --- a/src/portal/src/app/config/scanner/scanner-metadata/scanner-metadata.component.spec.ts +++ b/src/portal/src/app/config/scanner/scanner-metadata/scanner-metadata.component.spec.ts @@ -11,7 +11,7 @@ describe('ScannerMetadataComponent', () => { let mockScannerMetadata = { scanner: { name: 'test1', - vendor: 'clair', + vendor: 'trivy', version: '1.0.1', }, capabilities: [{ diff --git a/src/portal/src/app/project/repository/artifact-list-page/artifact-list-page.component.spec.ts b/src/portal/src/app/project/repository/artifact-list-page/artifact-list-page.component.spec.ts index e0ad126fa..fecfb9f6b 100644 --- a/src/portal/src/app/project/repository/artifact-list-page/artifact-list-page.component.spec.ts +++ b/src/portal/src/app/project/repository/artifact-list-page/artifact-list-page.component.spec.ts @@ -27,7 +27,7 @@ describe('ArtifactListPageComponent', () => { project_creation_restriction: "", with_chartmuseum: "", with_notary: "", - with_clair: "", + with_trivy: "", with_admiral: "", registry_url: "", }; diff --git a/src/portal/src/app/project/repository/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.spec.ts b/src/portal/src/app/project/repository/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.spec.ts index ff09370f0..e609e396b 100644 --- a/src/portal/src/app/project/repository/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.spec.ts +++ b/src/portal/src/app/project/repository/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.spec.ts @@ -43,7 +43,7 @@ describe("ArtifactListTabComponent (inline template)", () => { let spyScanner: jasmine.Spy; let scannerMock = { disabled: false, - name: "Clair" + name: "Trivy" }; let mockActivatedRoute = { snapshot: { diff --git a/src/portal/src/app/project/repository/artifact/artifact-additions/summary/summary.component.spec.ts b/src/portal/src/app/project/repository/artifact/artifact-additions/summary/summary.component.spec.ts index 68b942cac..056937f71 100644 --- a/src/portal/src/app/project/repository/artifact/artifact-additions/summary/summary.component.spec.ts +++ b/src/portal/src/app/project/repository/artifact/artifact-additions/summary/summary.component.spec.ts @@ -128,12 +128,12 @@ describe('SummaryComponent', () => { " for container | undefined |\n| `registry.volumes` | used to create PVCs if persistence is enabled (see " + "instructions in values.yaml) | see values.yaml |\n| `registry.nodeSelector` | Node labels for pod assignment " + "| `{}` |\n| `registry.tolerations` | Tolerations for pod assignment | `[]` |\n| `registry.affinity` | " + - "Node/Pod affinities | `{}` |\n| **Clair** |\n| `clair.enabled` | Enable Clair? | `true` |\n| " + - "`clair.image.repository` | Repository for clair image | `vmware/clair-photon` |\n| `clair.image.tag` |" + - " Tag for clair image | `v2.0.1-v1.4.0`\n| `clair.resources` | [resources](https://kubernetes.io/docs/concepts/" + - "configuration/manage-compute-resources-container/) to allocate for container | undefined\n| `clair.nodeSelector" + - "` | Node labels for pod assignment | `{}` |\n| `clair.tolerations` | Tolerations for pod assignment | `[]` |\n| " + - "`clair.affinity` | Node/Pod affinities | `{}` |\n| `postgresql` | Overrides for postgresql chart [values.yaml](https" + + "Node/Pod affinities | `{}` |\n| **Trivy** |\n| `trivy.enabled` | Enable Trivy? | `true` |\n| " + + "`trivy.image.repository` | Repository for trivy image | `goharbor/trivy-photon` |\n| `trivy.image.tag` |" + + " Tag for trivy image | `v2.0.1-v1.4.0`\n| `trivy.resources` | [resources](https://kubernetes.io/docs/concepts/" + + "configuration/manage-compute-resources-container/) to allocate for container | undefined\n| `trivy.nodeSelector" + + "` | Node labels for pod assignment | `{}` |\n| `trivy.tolerations` | Tolerations for pod assignment | `[]` |\n| " + + "`trivy.affinity` | Node/Pod affinities | `{}` |\n| `postgresql` | Overrides for postgresql chart [values.yaml](https" + "://github.com/kubernetes/charts/blob/f2938a46e3ae8e2512ede1142465004094c3c333/stable/postgresql/values.yaml) | " + "see values.yaml\n| **Notary** |\n| `notary.enabled` | Enable Notary? | `true` |\n| `notary.server.image.repository`" + " | Repository for notary server image | `vmware/notary-server-photon` |\n| `notary.server.image.tag` | Tag for " + diff --git a/src/portal/src/app/project/repository/artifact/artifact-tag/artifact-tag.component.spec.ts b/src/portal/src/app/project/repository/artifact/artifact-tag/artifact-tag.component.spec.ts index 15f9b1257..bc27eebcf 100644 --- a/src/portal/src/app/project/repository/artifact/artifact-tag/artifact-tag.component.spec.ts +++ b/src/portal/src/app/project/repository/artifact/artifact-tag/artifact-tag.component.spec.ts @@ -38,7 +38,7 @@ describe('ArtifactTagComponent', () => { project_creation_restriction: "", with_chartmuseum: "", with_notary: "", - with_clair: "", + with_trivy: "", with_admiral: "", registry_url: "", }; diff --git a/src/portal/src/app/services/app-config.ts b/src/portal/src/app/services/app-config.ts index ce46e60a8..1a1fc3021 100644 --- a/src/portal/src/app/services/app-config.ts +++ b/src/portal/src/app/services/app-config.ts @@ -18,7 +18,7 @@ import { ClairDBStatus } from "../../lib/services"; export class AppConfig { with_notary: boolean; with_admiral: boolean; - with_clair: boolean; + with_trivy: boolean; admiral_endpoint: string; auth_mode: string; registry_url: string; @@ -37,7 +37,7 @@ export class AppConfig { // Set default value this.with_notary = false; this.with_admiral = false; - this.with_clair = false; + this.with_trivy = false; this.admiral_endpoint = ""; this.auth_mode = "db_auth"; this.registry_url = ""; diff --git a/src/portal/src/lib/components/config/registry-config.component.spec.ts b/src/portal/src/lib/components/config/registry-config.component.spec.ts index 3be394fe5..48761c394 100644 --- a/src/portal/src/lib/components/config/registry-config.component.spec.ts +++ b/src/portal/src/lib/components/config/registry-config.component.spec.ts @@ -47,7 +47,7 @@ describe('RegistryConfigComponent (inline template)', () => { let mockSystemInfo: SystemInfo = { "with_notary": true, "with_admiral": false, - "with_clair": true, + "with_trivy": true, "admiral_endpoint": "NA", "auth_mode": "db_auth", "registry_url": "10.112.122.56", diff --git a/src/portal/src/lib/components/config/vulnerability/vulnerability-config.component.spec.ts b/src/portal/src/lib/components/config/vulnerability/vulnerability-config.component.spec.ts index 6741b2917..e3fb7c489 100644 --- a/src/portal/src/lib/components/config/vulnerability/vulnerability-config.component.spec.ts +++ b/src/portal/src/lib/components/config/vulnerability/vulnerability-config.component.spec.ts @@ -37,7 +37,7 @@ let mockedManualMetrics: ScanningMetrics = { }; const mockedScanner: Scanner = { "uuid": "ca3c27f3-72f3-11ea-9e46-0242ac170004", - "name": "clair", + "name": "trivy", "description": "", "url": "http://10.92.161.247:8080", "disabled": false, diff --git a/src/portal/src/lib/components/project-policy-config/project-policy-config.component.spec.ts b/src/portal/src/lib/components/project-policy-config/project-policy-config.component.spec.ts index f523470d3..5b0696953 100644 --- a/src/portal/src/lib/components/project-policy-config/project-policy-config.component.spec.ts +++ b/src/portal/src/lib/components/project-policy-config/project-policy-config.component.spec.ts @@ -14,7 +14,7 @@ import { CURRENT_BASE_HREF } from "../../utils/utils"; const mockSystemInfo: SystemInfo[] = [ { - 'with_clair': true, + 'with_trivy': true, 'with_notary': true, 'with_admiral': false, 'admiral_endpoint': 'NA', @@ -26,7 +26,7 @@ const mockSystemInfo: SystemInfo[] = [ 'harbor_version': 'v1.1.1-rc1-160-g565110d' }, { - 'with_clair': false, + 'with_trivy': false, 'with_notary': false, 'with_admiral': false, 'admiral_endpoint': 'NA', diff --git a/src/portal/src/lib/services/interface.ts b/src/portal/src/lib/services/interface.ts index b74de9a35..54fbef429 100644 --- a/src/portal/src/lib/services/interface.ts +++ b/src/portal/src/lib/services/interface.ts @@ -194,7 +194,7 @@ export interface AccessLogItem { * */ export interface SystemInfo { - with_clair?: boolean; + with_trivy?: boolean; with_notary?: boolean; with_admiral?: boolean; with_chartmuseum?: boolean; diff --git a/tests/ci/api_common_install.sh b/tests/ci/api_common_install.sh index a894949ca..1d2d8a544 100755 --- a/tests/ci/api_common_install.sh +++ b/tests/ci/api_common_install.sh @@ -22,7 +22,7 @@ then sed "s/# github_token: xxx/github_token: $GITHUB_TOKEN/" -i make/harbor.yml fi -sudo make build_base_docker compile build prepare COMPILETAG=compile_golangimage GOBUILDTAGS="include_oss include_gcs" NOTARYFLAG=true CLAIRFLAG=true TRIVYFLAG=true CHARTFLAG=true GEN_TLS=true +sudo make build_base_docker compile build prepare COMPILETAG=compile_golangimage GOBUILDTAGS="include_oss include_gcs" NOTARYFLAG=true TRIVYFLAG=true CHARTFLAG=true GEN_TLS=true # set the debugging env echo "GC_TIME_WINDOW_HOURS=0" | sudo tee -a ./make/common/config/core/env diff --git a/tests/ci/distro_installer.sh b/tests/ci/distro_installer.sh index e2e293519..8ae8c63fa 100755 --- a/tests/ci/distro_installer.sh +++ b/tests/ci/distro_installer.sh @@ -3,5 +3,5 @@ set -x set -e -sudo make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-travis PKGVERSIONTAG=dev-travis UIVERSIONTAG=dev-travis GOBUILDIMAGE=golang:1.14.7 COMPILETAG=compile_golangimage NOTARYFLAG=true CLAIRFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= -sudo make package_offline GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-travis PKGVERSIONTAG=dev-travis UIVERSIONTAG=dev-travis GOBUILDIMAGE=golang:1.14.7 COMPILETAG=compile_golangimage NOTARYFLAG=true CLAIRFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= +sudo make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-travis PKGVERSIONTAG=dev-travis UIVERSIONTAG=dev-travis GOBUILDIMAGE=golang:1.14.7 COMPILETAG=compile_golangimage NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= +sudo make package_offline GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-travis PKGVERSIONTAG=dev-travis UIVERSIONTAG=dev-travis GOBUILDIMAGE=golang:1.14.7 COMPILETAG=compile_golangimage NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= diff --git a/tests/resources/Harbor-Pages/Verify.robot b/tests/resources/Harbor-Pages/Verify.robot index 836bd1123..e7882be6b 100644 --- a/tests/resources/Harbor-Pages/Verify.robot +++ b/tests/resources/Harbor-Pages/Verify.robot @@ -451,13 +451,6 @@ Verify System Setting Allowlist Loop Verifiy CVE_IDs @{cve_ids} Close Browser -Verify Clair Is Default Scanner - Init Chrome Driver - Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} - Switch To Scanners Page - Should Display The Default Clair Scanner - Close Browser - Verify Trivy Is Default Scanner Init Chrome Driver Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} diff --git a/tests/resources/Harbor-Pages/Vulnerability.robot b/tests/resources/Harbor-Pages/Vulnerability.robot index c99aa224b..11e82aba8 100644 --- a/tests/resources/Harbor-Pages/Vulnerability.robot +++ b/tests/resources/Harbor-Pages/Vulnerability.robot @@ -52,7 +52,7 @@ Move To Summary Chart Sleep 1 Scan Repo -#use fail for image clair can not scan, otherwise use success +#use fail for image can not scan, otherwise use success [Arguments] ${tagname} ${status} #select one tag Retry Element Click //clr-dg-row[contains(.,'${tagname}')]//label @@ -81,18 +81,9 @@ Switch To Scanners Page Retry Element Click xpath=//clr-main-container//clr-vertical-nav//a[contains(.,'Interrogation')] Retry Wait Until Page Contains Element ${set_default_scanner} -Should Display The Default Clair Scanner - Retry Wait Until Page Contains Element //clr-datagrid//clr-dg-row//clr-dg-cell[contains(.,'Clair')]//span[contains(.,'Default')] - Should Display The Default Trivy Scanner Retry Wait Until Page Contains Element //clr-datagrid//clr-dg-row//clr-dg-cell[contains(.,'Trivy')]//span[contains(.,'Default')] -Clair Is Immutable Scanner - Retry Element Click //clr-dg-row[contains(.,'Clair')]//clr-radio-wrapper/label - Retry Double Keywords When Error Retry Element Click ${scanner_action_xpath} Retry Wait Until Page Contains Element ${delete_scanner_action_xpath} - Retry Double Keywords When Error Retry Element Click ${delete_scanner_action_xpath} Retry Wait Until Page Contains Element ${delete_scanner_confirm_btn} - Retry Double Keywords When Error Retry Element Click ${delete_scanner_confirm_btn} Retry Wait Until Page Contains Element ${immutable_msg_xpath} - Trivy Is Immutable Scanner Retry Element Click //clr-dg-row[contains(.,'Trivy')]//clr-radio-wrapper/label Retry Double Keywords When Error Retry Element Click ${scanner_action_xpath} Retry Wait Until Page Contains Element ${delete_scanner_action_xpath} diff --git a/tests/resources/Harbor-Pages/Vulnerability_Elements.robot b/tests/resources/Harbor-Pages/Vulnerability_Elements.robot index 597b630b0..2ee97bfc3 100644 --- a/tests/resources/Harbor-Pages/Vulnerability_Elements.robot +++ b/tests/resources/Harbor-Pages/Vulnerability_Elements.robot @@ -26,7 +26,6 @@ ${vulnerability_page} //clr-vertical-nav-group-children/a[contains(.,'Vulnerabi ${set_default_scanner} //button[@id='set-default'] ${scanner_action_xpath} //span[@id='action-scanner'] ${delete_scanner_action_xpath} //span[@id='delete-scanner-action'] -${immutable_msg_xpath} //span[contains(.,'registration Clair is not allowed to delete as it is immutable: scanner API: delete')] ${immutable_trivy_msg_xpath} //span[contains(.,'registration Trivy is not allowed to delete as it is immutable: scanner API: delete')] ${delete_scanner_confirm_btn} xpath=//clr-modal//button[contains(.,'DELETE')] ${scan_now_result} xpath=//div[@id="scan-result-container"] diff --git a/tests/resources/Harbor-Util.robot b/tests/resources/Harbor-Util.robot index 0937a5b97..da3779cb4 100644 --- a/tests/resources/Harbor-Util.robot +++ b/tests/resources/Harbor-Util.robot @@ -38,35 +38,35 @@ Install Harbor to Test Server Generate Certificate Authority For Chrome Up Harbor - [Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true - ${rc} ${output}= Run And Return Rc And Output make start -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} + [Arguments] ${with_notary}=true ${with_chartmuseum}=true + ${rc} ${output}= Run And Return Rc And Output make start -e NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} Log ${rc} Log ${output} Should Be Equal As Integers ${rc} 0 Down Harbor - [Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true - ${rc} ${output}= Run And Return Rc And Output echo "Y" | make down -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} + [Arguments] ${with_notary}=true ${with_chartmuseum}=true + ${rc} ${output}= Run And Return Rc And Output echo "Y" | make down -e NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} Log ${rc} Log ${output} Should Be Equal As Integers ${rc} 0 Package Harbor Offline - [Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true ${with_trivy}=true + [Arguments] ${with_notary}=true ${with_chartmuseum}=true ${with_trivy}=true Log To Console \nStart Docker Daemon Start Docker Daemon Locally - Log To Console make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY= - ${rc} ${output}= Run And Return Rc And Output make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY= + Log To Console make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY= + ${rc} ${output}= Run And Return Rc And Output make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY= Log To Console ${rc} Log To Console ${output} Should Be Equal As Integers ${rc} 0 Package Harbor Online - [Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true ${with_trivy}=true + [Arguments] ${with_notary}=true ${with_chartmuseum}=true ${with_trivy}=true Log To Console \nStart Docker Daemon Start Docker Daemon Locally - Log To Console \nmake package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY= - ${rc} ${output}= Run And Return Rc And Output make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY= + Log To Console \nmake package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY= + ${rc} ${output}= Run And Return Rc And Output make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY= Log ${rc} Log ${output} Should Be Equal As Integers ${rc} 0 @@ -105,8 +105,8 @@ Remove Notary Signature Should Be Equal As Integers ${rc} 0 Prepare - [Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true - ${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} + [Arguments] ${with_notary}=true ${with_chartmuseum}=true + ${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} Log ${rc} Log ${output} Should Be Equal As Integers ${rc} 0 @@ -139,8 +139,8 @@ Prepare Cert Should Be Equal As Integers ${rc} 0 Compile and Up Harbor With Source Code - [Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true - ${rc} ${output}= Run And Return Rc And Output make install swagger_client NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} HTTPPROXY= + [Arguments] ${with_notary}=true ${with_chartmuseum}=true + ${rc} ${output}= Run And Return Rc And Output make install swagger_client NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} HTTPPROXY= Log ${output} Should Be Equal As Integers ${rc} 0 Sleep 20 diff --git a/tests/resources/Nightly-Util.robot b/tests/resources/Nightly-Util.robot index 852e5597e..9cb467d92 100644 --- a/tests/resources/Nightly-Util.robot +++ b/tests/resources/Nightly-Util.robot @@ -75,7 +75,6 @@ Collect Logs SSHLibrary.Get File /var/log/harbor/registry.log SSHLibrary.Get File /var/log/harbor/proxy.log SSHLibrary.Get File /var/log/harbor/adminserver.log - SSHLibrary.Get File /var/log/harbor/clair.log SSHLibrary.Get File /var/log/harbor/jobservice.log SSHLibrary.Get File /var/log/harbor/postgresql.log SSHLibrary.Get File /var/log/harbor/notary-server.log diff --git a/tests/resources/OVA-Util.robot b/tests/resources/OVA-Util.robot index 5638512c2..b0ef798e0 100644 --- a/tests/resources/OVA-Util.robot +++ b/tests/resources/OVA-Util.robot @@ -32,7 +32,7 @@ ${ova_network_options} --prop:network.ip0=${ova_network_ip0} --prop:network.net ${ova_harbor_admin_password} harbor-admin-passwd ${ova_harbor_db_password} harbor-db-passwd -#${ova_service_options} --prop:auth_mode="%{AUTH_MODE}" --prop:clair_db_password="%{CLAIR_DB_PASSWORD}" --prop:max_job_workers="%{MAX_JOB_WORKERS}" --prop:harbor_admin_password="%{HARBOR_ADMIN_PASSWORD}" --prop:db_password="%{DB_PASSWORD}" +#${ova_service_options} --prop:auth_mode="%{AUTH_MODE}" --prop:max_job_workers="%{MAX_JOB_WORKERS}" --prop:harbor_admin_password="%{HARBOR_ADMIN_PASSWORD}" --prop:db_password="%{DB_PASSWORD}" #${ova_options} ${ovftool_options} ${ova_appliance_options} ${ova_service_options} #${ova_options_with_network} ${ova_options} ${ova_network_options} diff --git a/tests/robot-cases/Group0-BAT/BAT.robot b/tests/robot-cases/Group0-BAT/BAT.robot index 2a4ecf838..0c25d6b77 100644 --- a/tests/robot-cases/Group0-BAT/BAT.robot +++ b/tests/robot-cases/Group0-BAT/BAT.robot @@ -35,18 +35,6 @@ Test Case - Registry Basic Verfication Close Browser -Test Case - Clair Basic Verfication - Init Chrome Driver - ${d}= get current date result_format=%m%s - Create An New Project With New User url=${HARBOR_URL} username=tester${d} email=tester${d}@vmware.com realname=tester${d} newPassword=Test1@34 comment=harbor projectname=project${d} public=false - Push Image ${ip} tester${d} Test1@34 project${d} hello-world - Go Into Project project${d} - Go Into Repo project${d}/hello-world - Scan Repo latest Succeed - Summary Chart Should Display latest - #Edit Repo Info - Close Browser - Test Case - Notary Basic Verfication Enable Notary Client diff --git a/tests/robot-cases/Group1-Nightly/Clair.robot b/tests/robot-cases/Group1-Nightly/Clair.robot index 0a598efc7..38dbaf66e 100644 --- a/tests/robot-cases/Group1-Nightly/Clair.robot +++ b/tests/robot-cases/Group1-Nightly/Clair.robot @@ -24,13 +24,6 @@ ${SSH_USER} root ${HARBOR_ADMIN} admin *** Test Cases *** -Test Case - Clair Is Default Scanner And It Is Immutable - Init Chrome Driver - Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} - Switch To Scanners Page - Should Display The Default Clair Scanner - Clair Is Immutable Scanner - Test Case - Disable Scan Schedule Init Chrome Driver Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} diff --git a/tests/robot-cases/Group1-Nightly/Nightly.robot b/tests/robot-cases/Group1-Nightly/Nightly.robot index ac6d28473..92b3ac438 100644 --- a/tests/robot-cases/Group1-Nightly/Nightly.robot +++ b/tests/robot-cases/Group1-Nightly/Nightly.robot @@ -28,12 +28,6 @@ ${HARBOR_ADMIN} admin Test Case - Get Harbor Version #Just get harbor version and log it Get Harbor Version -Test Case - Clair Is Default Scanner And It Is immutable - Init Chrome Driver - Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} - Switch To Scanners Page - Should Display The Default Clair Scanner - Clair Is Immutable Scanner Test Case - Read Only Mode Init Chrome Driver diff --git a/tests/robot-cases/Group1-Nightly/Upgrade.robot b/tests/robot-cases/Group1-Nightly/Upgrade.robot index f8b6593d0..c1013be45 100644 --- a/tests/robot-cases/Group1-Nightly/Upgrade.robot +++ b/tests/robot-cases/Group1-Nightly/Upgrade.robot @@ -26,10 +26,6 @@ ${HARBOR_ADMIN} admin Test Case - Manage project publicity Body Of Manage project publicity -Test Case - Scan A Tag In The Repo - [Tags] clair - Body Of Scan A Tag In The Repo hello-world latest is_no_vulerabilty=${true} - Test Case - Scan A Tag In The Repo [Tags] trivy Body Of Scan A Tag In The Repo vmware/photon 1.0 diff --git a/tests/robot-cases/Group1-Nightly/multi_scanners.robot b/tests/robot-cases/Group1-Nightly/multi_scanners.robot index b8f0a2a40..a66c6b05c 100644 --- a/tests/robot-cases/Group1-Nightly/multi_scanners.robot +++ b/tests/robot-cases/Group1-Nightly/multi_scanners.robot @@ -47,9 +47,6 @@ Test Case - Switch Scanner Switch To Scanners Page - Set Default Scanner Clair - Should Display The Default Clair Scanner - Go Into Project project${d} Go Into Repo project${d}/hello-world Retry Wait Until Page Contains Element ${not_scanned_icon} diff --git a/tests/robot-cases/Group3-Upgrade/verify.robot b/tests/robot-cases/Group3-Upgrade/verify.robot index b09253df2..fa28db9cb 100644 --- a/tests/robot-cases/Group3-Upgrade/verify.robot +++ b/tests/robot-cases/Group3-Upgrade/verify.robot @@ -64,7 +64,6 @@ Test Case - Upgrade Verify Run Keyword Verify System Setting ${data} Run Keyword Verify System Setting Allowlist ${data} Run Keyword Verify Image Tag ${data} - Run Keyword Verify Clair Is Default Scanner Test Case - Upgrade Verify [Tags] 2.0-latest diff --git a/tests/testcases/Group10-Vulnerability/10-01-Cliar-can-not-scan-some-images.md b/tests/testcases/Group10-Vulnerability/10-01-Cliar-can-not-scan-some-images.md index f9625371a..d9f1b4d0d 100644 --- a/tests/testcases/Group10-Vulnerability/10-01-Cliar-can-not-scan-some-images.md +++ b/tests/testcases/Group10-Vulnerability/10-01-Cliar-can-not-scan-some-images.md @@ -1,21 +1,20 @@ -Test 10-01 Clair can not scan some images +Test 10-01 Trivy can not scan some images ======= # Purpose: -To verify that clair can not scan some image. +To verify that trivy can not scan some image. # References: User guide # Environment: * This test requires that a Harbor instance is running and available. -* Harbor is installed with clair enable. * A linux host with Docker CLI installed. -* Clair has been updated to the latest. +* Trivy has been updated to the latest. # Test Steps: 1. Login Harbor as admin. -2. Create a project and push an image clair does not recognize(for example: photon). +2. Create a project and push an image trivy does not recognize(for example: photon). 3. Scan the pushed image. 4. View the scan result. 5. Rescan it. diff --git a/tests/testcases/Group10-Vulnerability/10-02-Clair-scan-a-image-with-vulnerability.md b/tests/testcases/Group10-Vulnerability/10-02-Clair-scan-a-image-with-vulnerability.md index cd645d8a5..62c91faae 100644 --- a/tests/testcases/Group10-Vulnerability/10-02-Clair-scan-a-image-with-vulnerability.md +++ b/tests/testcases/Group10-Vulnerability/10-02-Clair-scan-a-image-with-vulnerability.md @@ -1,17 +1,17 @@ -Test 10-02 Clair scan a image with vulnerability +Test 10-02 Trivy scan a image with vulnerability ======= # Purpose: -To verify that clair can scan a image with vulnerability. +To verify that trivy can scan a image with vulnerability. # References: User guide # Environment: * This test requires that a Harbor instance is running and available. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A linux host with Docker CLI installed. -* Clair has been updated to the latest. +* Trivy has been updated to the latest. # Test Step 1. Login Harbor as admin. diff --git a/tests/testcases/Group10-Vulnerability/10-03-Clair-scan-0-package-image.md b/tests/testcases/Group10-Vulnerability/10-03-Clair-scan-0-package-image.md index 7d633e155..f7fa27e83 100644 --- a/tests/testcases/Group10-Vulnerability/10-03-Clair-scan-0-package-image.md +++ b/tests/testcases/Group10-Vulnerability/10-03-Clair-scan-0-package-image.md @@ -1,17 +1,17 @@ -Test 10-03 Clair scan 0 package image +Test 10-03 Trivy scan 0 package image ======= # Purpose: -To verify clair scan result of a 0 package image. +To verify trivy scan result of a 0 package image. # References: User guide # Environment: * This test requires that a Harbor instance is running and available. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A linux host with Docker CLI installed. -* Clair has been updated to the latest. +* Trivy has been updated to the latest. # Test Step 1. Login Harbor as admin. diff --git a/tests/testcases/Group10-Vulnerability/10-04-Clair-data-not-ready-hint.md b/tests/testcases/Group10-Vulnerability/10-04-Clair-data-not-ready-hint.md index 2ef7d060e..a8a12ed47 100644 --- a/tests/testcases/Group10-Vulnerability/10-04-Clair-data-not-ready-hint.md +++ b/tests/testcases/Group10-Vulnerability/10-04-Clair-data-not-ready-hint.md @@ -1,4 +1,4 @@ -Test 10-04 Clair data not ready hint +Test 10-04 Trivy data not ready hint ======= # Purpose: @@ -9,7 +9,7 @@ User guide # Environment: * This test requires that a Harbor instance is running and available. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A linux host with Docker CLI installed. * Limit the Harbor's bandwith to less than 1Mbps after Harbor is installed. diff --git a/tests/testcases/Group10-Vulnerability/10-05-Schedule-daily-scan.md b/tests/testcases/Group10-Vulnerability/10-05-Schedule-daily-scan.md index 72ed11e3f..b0e288503 100644 --- a/tests/testcases/Group10-Vulnerability/10-05-Schedule-daily-scan.md +++ b/tests/testcases/Group10-Vulnerability/10-05-Schedule-daily-scan.md @@ -8,9 +8,9 @@ User guide # Environment: * This test requires that a Harbor instance is running and available. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A linux host with Docker CLI installed. -* Clair has been updated to the latest. +* Trivy has been updated to the latest. # Test Step 1. Login Harbor as admin. diff --git a/tests/testcases/Group10-Vulnerability/10-06-Change-scan-configuration.md b/tests/testcases/Group10-Vulnerability/10-06-Change-scan-configuration.md index dbcf42c08..69c8b94e4 100644 --- a/tests/testcases/Group10-Vulnerability/10-06-Change-scan-configuration.md +++ b/tests/testcases/Group10-Vulnerability/10-06-Change-scan-configuration.md @@ -9,7 +9,7 @@ User guide # Environment: * This test requires that a Harbor instance is running and available. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A linux host with Docker CLI installed. # Test Step diff --git a/tests/testcases/Group10-Vulnerability/10-07-Non-admin-can-not-scan.md b/tests/testcases/Group10-Vulnerability/10-07-Non-admin-can-not-scan.md index e0fd85f44..0774fba96 100644 --- a/tests/testcases/Group10-Vulnerability/10-07-Non-admin-can-not-scan.md +++ b/tests/testcases/Group10-Vulnerability/10-07-Non-admin-can-not-scan.md @@ -8,7 +8,7 @@ User guide # Environment: * This test requires that a Harbor instance is running and available. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A linux host with Docker CLI installed. # Test Step diff --git a/tests/testcases/Group10-Vulnerability/10-08-User-can-not-pull-image-exceed-vulnerability-severity-setting.md b/tests/testcases/Group10-Vulnerability/10-08-User-can-not-pull-image-exceed-vulnerability-severity-setting.md index d404b2c29..20bf50e4c 100644 --- a/tests/testcases/Group10-Vulnerability/10-08-User-can-not-pull-image-exceed-vulnerability-severity-setting.md +++ b/tests/testcases/Group10-Vulnerability/10-08-User-can-not-pull-image-exceed-vulnerability-severity-setting.md @@ -8,9 +8,9 @@ User guide. # Environment: * This test requires that one Harbor instance is running and availiable. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A Linux host with Docker client installed. -* Clair has been updated to the latest. +* Trivy has been updated to the latest. # Test Step: 1. Login harbor as admin. diff --git a/tests/testcases/Group10-Vulnerability/10-09-User-can-pull-scaned-images.md b/tests/testcases/Group10-Vulnerability/10-09-User-can-pull-scaned-images.md index a59d4b275..acff0c704 100644 --- a/tests/testcases/Group10-Vulnerability/10-09-User-can-pull-scaned-images.md +++ b/tests/testcases/Group10-Vulnerability/10-09-User-can-pull-scaned-images.md @@ -8,9 +8,9 @@ User guide. # Environment: * This test requires that one Harbor instance is running and availiable. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A Linux host with Docker client installed. -* Clair has been updated to the latest. +* Trivy has been updated to the latest. * Vulnerability severity limit is disabled. # Test Step: diff --git a/tests/testcases/Group10-Vulnerability/10-10-Manual-scan-all.md b/tests/testcases/Group10-Vulnerability/10-10-Manual-scan-all.md index 099c5359e..254048c95 100644 --- a/tests/testcases/Group10-Vulnerability/10-10-Manual-scan-all.md +++ b/tests/testcases/Group10-Vulnerability/10-10-Manual-scan-all.md @@ -8,9 +8,9 @@ User guide. # Environment: * This test requires that one Harbor instance is running and availiable. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A Linux host with Docker client installed. -* Clair has been updated to the latest. +* Trivy has been updated to the latest. # Test Step: 1. Login Harbor as admin. diff --git a/tests/testcases/Group10-Vulnerability/10-11-User-fix-vulnerability.md b/tests/testcases/Group10-Vulnerability/10-11-User-fix-vulnerability.md index 75d4c79b6..c1f10c146 100644 --- a/tests/testcases/Group10-Vulnerability/10-11-User-fix-vulnerability.md +++ b/tests/testcases/Group10-Vulnerability/10-11-User-fix-vulnerability.md @@ -1,16 +1,16 @@ 10-07 user fix vulnerability ======= # Purpose: -To test clair scan image vulnerablity correct after user fix it. +To test trivy scan image vulnerablity correct after user fix it. # Reference: User guide. # Environment: * This test requires that one Harbor instance is running and availiable. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A Linux host with Docker client installed. -* Clair has been updated to the latest. +* Trivy has been updated to the latest. # Test Steps: 1. Login Harbor as admin. diff --git a/tests/testcases/Group10-Vulnerability/Test-10-12-Scan-image-on-push.md b/tests/testcases/Group10-Vulnerability/Test-10-12-Scan-image-on-push.md index eb9b22442..4ce96c384 100644 --- a/tests/testcases/Group10-Vulnerability/Test-10-12-Scan-image-on-push.md +++ b/tests/testcases/Group10-Vulnerability/Test-10-12-Scan-image-on-push.md @@ -2,16 +2,16 @@ Test 10-12 Scan Image on Push ======= # Purpose: -To verify that clair can automatic scan image when image is pushed. +To verify that trivy can automatic scan image when image is pushed. # References: User guide # Environment: * This test requires that a Harbor instance is running and available. -* Harbor is installed with clair enable. +* Harbor is installed with trivy enable. * A linux host with Docker CLI installed. -* Clair has been updated to the latest. +* Trivy has been updated to the latest. # Test Steps: 1. Login Harbor as admin.