Upstream
/
harbor
mirror of https://github.com/goharbor/harbor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Apply project level policies to standalone Harbor 

The following features are only enabled in integration mode, this commit moves
these to standalone Harbor:
 - Content trust policy: only signed images can be pulled
 - Vulnerability policy: only images whose severity is below the threshold can be pulled
 - Automatic scan policy: automatic scan pushed images
This commit is contained in:
Wenkai Yin 2017-09-29 16:37:43 +08:00
parent a1b8969793
commit 66b2d0d3f3
43 changed files with 690 additions and 953 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
docs/swagger.yaml
View File

@ -167,6 +167,38 @@ paths:
description: User need to log in first.
'500':
description: Internal errors.
put:
summary: Update properties for a selected project.
description: |
This endpoint is aimed to update the properties of a project.
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Selected project ID.
- name: project
in: body
required: true
schema:
$ref: '#/definitions/Project'
description: Updates of project.
tags:
- Products
responses:
'200':
description: Updated project properties successfully.
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User does not have permission to the project.
'404':
description: Project ID does not exist.
'500':
description: Unexpected internal errors.
delete:
summary: Delete project by projectID
description: |
@ -193,39 +225,6 @@ paths:
description: 'Project contains policies, can not be deleted.'
'500':
description: Internal errors.
'/projects/{project_id}/publicity':
put:
summary: Update properties for a selected project.
description: |
This endpoint is aimed to toggle a project publicity status.
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Selected project ID.
- name: project
in: body
required: true
schema:
$ref: '#/definitions/Project'
description: Updates of project.
tags:
- Products
responses:
'200':
description: Updated project publicity status successfully.
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User does not have permission to the project.
'404':
description: Project ID does not exist.
'500':
description: Unexpected internal errors.
'/projects/{project_id}/logs':
get:
summary: Get access logs accompany with a relevant project.
@ -2016,10 +2015,6 @@ definitions:
owner_name:
type: string
description: The owner name of the project.
public:
type: integer
format: int
description: The public status of the project.
Togglable:
type: boolean
description: >-
@ -2031,6 +2026,18 @@ definitions:
repo_count:
type: integer
description: The number of the repositories under this project.
metadata:
type: object
description: The metadata of the project.
items:
$ref: '#/definitions/ProjectMetadata'
ProjectMetadata:
type: object
properties:
public:
type: integer
format: int
description: The public status of the project.
enable_content_trust:
type: boolean
description: >-

5
make/common/db/registry.sql
View File

@ -73,14 +73,13 @@ create table project (
creation_time timestamp,
update_time timestamp,
deleted tinyint (1) DEFAULT 0 NOT NULL,
public tinyint (1) DEFAULT 0 NOT NULL,
primary key (project_id),
FOREIGN KEY (owner_id) REFERENCES user(user_id),
UNIQUE (name)
);
insert into project (owner_id, name, creation_time, update_time, public) values
(1, 'library', NOW(), NOW(), 1);
insert into project (owner_id, name, creation_time, update_time) values
(1, 'library', NOW(), NOW());
create table project_member (
project_id int NOT NULL,

5
make/common/db/registry_sqlite.sql
View File

@ -71,13 +71,12 @@ create table project (
creation_time timestamp,
update_time timestamp,
deleted tinyint (1) DEFAULT 0 NOT NULL,
public tinyint (1) DEFAULT 0 NOT NULL,
FOREIGN KEY (owner_id) REFERENCES user(user_id),
UNIQUE (name)
);
insert into project (owner_id, name, creation_time, update_time, public) values
(1, 'library', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 1);
insert into project (owner_id, name, creation_time, update_time) values
(1, 'library', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP);
create table project_member (
project_id int NOT NULL,

77
src/common/dao/dao_test.go
View File

@ -420,19 +420,6 @@ func TestChangeUserPasswordWithIncorrectOldPassword(t *testing.T) {
}
}
func TestQueryRelevantProjectsWhenNoProjectAdded(t *testing.T) {
projects, err := GetHasReadPermProjects(currentUser.Username)
if err != nil {
t.Errorf("Error occurred in QueryRelevantProjects: %v", err)
}
if len(projects) != 1 {
t.Errorf("Expected only one project in DB, but actual: %d", len(projects))
}
if projects[0].Name != "library" {
t.Errorf("There name of the project does not match, expected: %s, actual: %s", "library", projects[0].Name)
}
}
func TestAddProject(t *testing.T) {
project := models.Project{
@ -657,43 +644,6 @@ func TestGetUserByProject(t *testing.T) {
}
func TestToggleProjectPublicity(t *testing.T) {
err := ToggleProjectPublicity(currentProject.ProjectID, publicityOn)
if err != nil {
t.Errorf("Error occurred in ToggleProjectPublicity: %v", err)
}
currentProject, err = GetProjectByName(projectName)
if err != nil {
t.Errorf("Error occurred in GetProjectByName: %v", err)
}
if currentProject.Public != publicityOn {
t.Errorf("project, id: %d, its publicity is not on", currentProject.ProjectID)
}
err = ToggleProjectPublicity(currentProject.ProjectID, publicityOff)
if err != nil {
t.Errorf("Error occurred in ToggleProjectPublicity: %v", err)
}
currentProject, err = GetProjectByName(projectName)
if err != nil {
t.Errorf("Error occurred in GetProjectByName: %v", err)
}
if currentProject.Public != publicityOff {
t.Errorf("project, id: %d, its publicity is not off", currentProject.ProjectID)
}
}
/*
func TestIsProjectPublic(t *testing.T) {
if isPublic := IsProjectPublic(projectName); isPublic {
t.Errorf("project, id: %d, its publicity is not false after turning off", currentProject.ProjectID)
}
}
*/
func TestGetUserProjectRoles(t *testing.T) {
r, err := GetUserProjectRoles(currentUser.UserID, currentProject.ProjectID)
if err != nil {
@ -710,17 +660,6 @@ func TestGetUserProjectRoles(t *testing.T) {
}
}
/*
func TestProjectPermission(t *testing.T) {
roleCode, err := GetPermission(currentUser.Username, currentProject.Name)
if err != nil {
t.Errorf("Error occurred in GetPermission: %v", err)
}
if roleCode != "MDRWS" {
t.Errorf("The expected role code is MDRWS,but actual: %s", roleCode)
}
}
*/
func TestGetTotalOfProjects(t *testing.T) {
total, err := GetTotalOfProjects(nil)
if err != nil {
@ -745,22 +684,6 @@ func TestGetProjects(t *testing.T) {
}
}
func TestGetPublicProjects(t *testing.T) {
value := true
projects, err := GetProjects(&models.ProjectQueryParam{
Public: &value,
})
if err != nil {
t.Errorf("Error occurred in getProjects: %v", err)
}
if len(projects) != 1 {
t.Errorf("Expected length of projects is 1, but actual: %d, the projects: %+v", len(projects), projects)
}
if projects[0].Name != "library" {
t.Errorf("Expected project name in the list: %s, actual: %s", "library", projects[0].Name)
}
}
func TestAddProjectMember(t *testing.T) {
err := AddProjectMember(currentProject.ProjectID, 1, models.DEVELOPER)
if err != nil {

9
src/common/dao/pro_meta.go
View File

@ -91,3 +91,12 @@ func paramPlaceholder(n int) string {
}
return strings.Join(placeholders, ",")
}
// ListProjectMetadata ...
func ListProjectMetadata(name, value string) ([]*models.ProjectMetadata, error) {
sql := `select * from project_metadata
where name = ? and value = ? and deleted = 0`
metadatas := []*models.ProjectMetadata{}
_, err := GetOrmer().Raw(sql, name, value).QueryRows(&metadatas)
return metadatas, err
}

6
src/common/dao/pro_meta_test.go
View File

@ -64,6 +64,12 @@ func TestProMetaDaoMethods(t *testing.T) {
assert.Equal(t, value1, m[name1].Value)
assert.Equal(t, value2, m[name2].Value)
// test list
metas, err = ListProjectMetadata(name1, value1)
require.Nil(t, err)
assert.Equal(t, 1, len(metas))
assert.Equal(t, int64(1), metas[0].ProjectID)
// test update
newValue1 := "new_value1"
meta1.Value = newValue1

256
src/common/dao/project.go
View File

@ -30,13 +30,13 @@ import (
func AddProject(project models.Project) (int64, error) {
o := GetOrmer()
p, err := o.Raw("insert into project (owner_id, name, creation_time, update_time, deleted, public) values (?, ?, ?, ?, ?, ?)").Prepare()
p, err := o.Raw("insert into project (owner_id, name, creation_time, update_time, deleted) values (?, ?, ?, ?, ?)").Prepare()
if err != nil {
return 0, err
}
now := time.Now()
r, err := p.Exec(project.OwnerID, project.Name, now, now, project.Deleted, project.Public)
r, err := p.Exec(project.OwnerID, project.Name, now, now, project.Deleted)
if err != nil {
return 0, err
}
@ -50,49 +50,11 @@ func AddProject(project models.Project) (int64, error) {
return projectID, err
}
/*
// IsProjectPublic ...
func IsProjectPublic(projectName string) bool {
project, err := GetProjectByName(projectName)
if err != nil {
log.Errorf("Error occurred in GetProjectByName: %v", err)
return false
}
if project == nil {
return false
}
return project.Public == 1
}
//ProjectExists returns whether the project exists according to its name of ID.
func ProjectExists(nameOrID interface{}) (bool, error) {
o := GetOrmer()
type dummy struct{}
sql := `select project_id from project where deleted = 0 and `
switch nameOrID.(type) {
case int64:
sql += `project_id = ?`
case string:
sql += `name = ?`
default:
return false, fmt.Errorf("Invalid nameOrId: %v", nameOrID)
}
var d []dummy
num, err := o.Raw(sql, nameOrID).QueryRows(&d)
if err != nil {
return false, err
}
return num > 0, nil
}
*/
// GetProjectByID ...
func GetProjectByID(id int64) (*models.Project, error) {
o := GetOrmer()
sql := `select p.project_id, p.name, u.username as owner_name, p.owner_id, p.creation_time, p.update_time, p.public
sql := `select p.project_id, p.name, u.username as owner_name, p.owner_id, p.creation_time, p.update_time
from project p left join user u on p.owner_id = u.user_id where p.deleted = 0 and p.project_id = ?`
queryParam := make([]interface{}, 1)
queryParam = append(queryParam, id)
@ -127,94 +89,18 @@ func GetProjectByName(name string) (*models.Project, error) {
return &p[0], nil
}
/*
// GetPermission gets roles that the user has according to the project.
func GetPermission(username, projectName string) (string, error) {
o := GetOrmer()
sql := `select r.role_code from role as r
inner join project_member as pm on r.role_id = pm.role
inner join user as u on u.user_id = pm.user_id
inner join project p on p.project_id = pm.project_id
where u.username = ? and p.name = ? and u.deleted = 0 and p.deleted = 0`
var r []models.Role
n, err := o.Raw(sql, username, projectName).QueryRows(&r)
if err != nil {
return "", err
}
if n == 0 {
return "", nil
}
return r[0].RoleCode, nil
}
*/
// ToggleProjectPublicity toggles the publicity of the project.
func ToggleProjectPublicity(projectID int64, publicity int) error {
o := GetOrmer()
sql := "update project set public = ? where project_id = ?"
_, err := o.Raw(sql, publicity, projectID).Exec()
return err
}
// GetHasReadPermProjects returns a project list,
// which satisfies the following conditions:
// 1. the project is not deleted
// 2. the prject is public or the user is a member of the project
func GetHasReadPermProjects(username string) ([]*models.Project, error) {
user, err := GetUser(models.User{
Username: username,
})
if err != nil {
return nil, err
}
o := GetOrmer()
sql :=
`select distinct p.project_id, p.name, p.public,
p.owner_id, p.creation_time, p.update_time
from project p
left join project_member pm
on p.project_id = pm.project_id
where (pm.user_id = ? or p.public = 1)
and p.deleted = 0 `
var projects []*models.Project
if _, err := o.Raw(sql, user.UserID).QueryRows(&projects); err != nil {
return nil, err
}
return projects, nil
}
// GetTotalOfProjects returns the total count of projects
// according to the query conditions
func GetTotalOfProjects(query *models.ProjectQueryParam, base ...*models.BaseProjectCollection) (int64, error) {
var (
owner string
name string
public *bool
member string
role int
)
func GetTotalOfProjects(query *models.ProjectQueryParam) (int64, error) {
var pagination *models.Pagination
if query != nil {
owner = query.Owner
name = query.Name
public = query.Public
if query.Member != nil {
member = query.Member.Name
role = query.Member.Role
}
pagination = query.Pagination
query.Pagination = nil
}
sql, params := projectQueryConditions(query)
if query != nil {
query.Pagination = pagination
}
sql, params := projectQueryConditions(owner, name, public, member, role, base...)
sql = `select count(*) ` + sql
@ -224,86 +110,39 @@ func GetTotalOfProjects(query *models.ProjectQueryParam, base ...*models.BasePro
}
// GetProjects returns a project list according to the query conditions
func GetProjects(query *models.ProjectQueryParam, base ...*models.BaseProjectCollection) ([]*models.Project, error) {
func GetProjects(query *models.ProjectQueryParam) ([]*models.Project, error) {
sql, params := projectQueryConditions(query)
var (
owner string
name string
public *bool
member string
role int
page int64
size int64
)
if query != nil {
owner = query.Owner
name = query.Name
public = query.Public
if query.Member != nil {
member = query.Member.Name
role = query.Member.Role
}
if query.Pagination != nil {
page = query.Pagination.Page
size = query.Pagination.Size
}
}
sql, params := projectQueryConditions(owner, name, public, member, role, base...)
sql = `select distinct p.project_id, p.name, p.public, p.owner_id,
sql = `select distinct p.project_id, p.name, p.owner_id,
p.creation_time, p.update_time ` + sql
if size > 0 {
sql += ` limit ?`
params = append(params, size)
if page > 0 {
sql += ` offset ?`
params = append(params, (page-1)*size)
}
}
var projects []*models.Project
_, err := GetOrmer().Raw(sql, params).QueryRows(&projects)
return projects, err
}
func projectQueryConditions(owner, name string, public *bool, member string,
role int, base ...*models.BaseProjectCollection) (string, []interface{}) {
func projectQueryConditions(query *models.ProjectQueryParam) (string, []interface{}) {
params := []interface{}{}
// the base project collections:
// 1. all projects
// 2. public projects
// 3. public projects and projects which the user is a member of
collection := `project `
if len(base) != 0 && base[0] != nil {
if len(base[0].Member) == 0 && base[0].Public {
collection = `(select * from project pr
where pr.public=1) `
}
if len(base[0].Member) > 0 && base[0].Public {
collection = `(select pr.project_id, pr.owner_id, pr.name, pr.
creation_time, pr.update_time, pr.deleted, pr.public
from project pr
join project_member prm
on pr.project_id = prm.project_id
join user ur
on prm.user_id=ur.user_id
where ur.username=? or pr.public=1 )`
params = append(params, base[0].Member)
}
sql := ` from project as p`
if query == nil {
sql += ` where p.deleted=0 order by p.name`
return sql, params
}
sql := ` from ` + collection + ` as p`
// if query.ProjectIDs is not nil but has no element, the query will returns no rows
if query.ProjectIDs != nil && len(query.ProjectIDs) == 0 {
sql += ` where 1 = 0`
return sql, params
}
if len(owner) != 0 {
if len(query.Owner) != 0 {
sql += ` join user u1
on p.owner_id = u1.user_id`
}
if len(member) != 0 {
if query.Member != nil && len(query.Member.Name) != 0 {
sql += ` join project_member pm
on p.project_id = pm.project_id
join user u2
@ -311,33 +150,24 @@ func projectQueryConditions(owner, name string, public *bool, member string,
}
sql += ` where p.deleted=0`
if len(owner) != 0 {
if len(query.Owner) != 0 {
sql += ` and u1.username=?`
params = append(params, owner)
params = append(params, query.Owner)
}
if len(name) != 0 {
if len(query.Name) != 0 {
sql += ` and p.name like ?`
params = append(params, "%"+escape(name)+"%")
params = append(params, "%"+escape(query.Name)+"%")
}
if public != nil {
sql += ` and p.public = ?`
if *public {
params = append(params, 1)
} else {
params = append(params, 0)
}
}
if len(member) != 0 {
if query.Member != nil && len(query.Member.Name) != 0 {
sql += ` and u2.username=?`
params = append(params, member)
params = append(params, query.Member.Name)
if role > 0 {
if query.Member.Role > 0 {
sql += ` and pm.role = ?`
roleID := 0
switch role {
switch query.Member.Role {
case common.RoleProjectAdmin:
roleID = 1
case common.RoleDeveloper:
@ -350,8 +180,24 @@ func projectQueryConditions(owner, name string, public *bool, member string,
}
}
if len(query.ProjectIDs) > 0 {
sql += fmt.Sprintf(` and p.project_id in ( %s )`,
paramPlaceholder(len(query.ProjectIDs)))
params = append(params, query.ProjectIDs)
}
sql += ` order by p.name`
if query.Pagination != nil && query.Pagination.Size > 0 {
sql += ` limit ?`
params = append(params, query.Pagination.Size)
if query.Pagination.Page > 0 {
sql += ` offset ?`
params = append(params, (query.Pagination.Page-1)*query.Pagination.Size)
}
}
return sql, params
}

3
src/common/dao/repository_test.go
View File

@ -103,7 +103,6 @@ func TestGetTopRepos(t *testing.T) {
project1 := models.Project{
OwnerID: 1,
Name: "project1",
Public: 0,
}
project1.ProjectID, err = AddProject(project1)
require.NoError(err)
@ -112,7 +111,6 @@ func TestGetTopRepos(t *testing.T) {
project2 := models.Project{
OwnerID: 1,
Name: "project2",
Public: 0,
}
project2.ProjectID, err = AddProject(project2)
require.NoError(err)
@ -232,7 +230,6 @@ func TestGetAllRepositories(t *testing.T) {
project1 := models.Project{
OwnerID: 1,
Name: "projectRepo",
Public: 0,
}
var err2 error
project1.ProjectID, err2 = AddProject(project1)

8
src/common/models/pro_meta.go
View File

@ -18,13 +18,17 @@ import (
"time"
)
// keys of project metadata
// keys of project metadata and severity values
const (
ProMetaPublic = "public"
ProMetaEnableContentTrust = "enable_content_trust"
ProMetaPreventVul = "prevent_vul"
ProMetaPreventVul = "prevent_vul" //prevent vulnerable images from being pulled
ProMetaSeverity = "severity"
ProMetaAutoScan = "auto_scan"
SeverityNone = "negligible"
SeverityLow = "low"
SeverityMedium = "medium"
SeverityHigh = "high"
)
// ProjectMetadata holds the metadata of a project.

108
src/common/models/project.go
View File

@ -15,31 +15,91 @@
package models
import (
"strings"
"time"
)
// Project holds the details of a project.
// TODO remove useless attrs
type Project struct {
ProjectID int64 `orm:"pk;auto;column(project_id)" json:"project_id"`
OwnerID int `orm:"column(owner_id)" json:"owner_id"`
Name string `orm:"column(name)" json:"name"`
CreationTime time.Time `orm:"column(creation_time)" json:"creation_time"`
UpdateTime time.Time `orm:"update_time" json:"update_time"`
Deleted int `orm:"column(deleted)" json:"deleted"`
CreationTimeStr string `orm:"-" json:"creation_time_str"`
OwnerName string `orm:"-" json:"owner_name"`
Togglable bool `orm:"-"`
Role int `orm:"-" json:"current_user_role_id"`
RepoCount int `orm:"-" json:"repo_count"`
Metadata map[string]string `orm:"-" json:"metadata"`
ProjectID int64 `orm:"pk;auto;column(project_id)" json:"project_id"`
OwnerID int `orm:"column(owner_id)" json:"owner_id"`
Name string `orm:"column(name)" json:"name"`
CreationTime time.Time `orm:"column(creation_time)" json:"creation_time"`
UpdateTime time.Time `orm:"update_time" json:"update_time"`
Deleted int `orm:"column(deleted)" json:"deleted"`
OwnerName string `orm:"-" json:"owner_name"`
Togglable bool `orm:"-" json:"togglable"`
Role int `orm:"-" json:"current_user_role_id"`
RepoCount int `orm:"-" json:"repo_count"`
Metadata map[string]string `orm:"-" json:"metadata"`
}
// TODO remove
Public int `orm:"column(public)" json:"public"`
EnableContentTrust bool `orm:"-" json:"enable_content_trust"`
PreventVulnerableImagesFromRunning bool `orm:"-" json:"prevent_vulnerable_images_from_running"`
PreventVulnerableImagesFromRunningSeverity string `orm:"-" json:"prevent_vulnerable_images_from_running_severity"`
AutomaticallyScanImagesOnPush bool `orm:"-" json:"automatically_scan_images_on_push"`
// GetMetadata ...
func (p *Project) GetMetadata(key string) (string, bool) {
if len(p.Metadata) == 0 {
return "", false
}
value, exist := p.Metadata[key]
return value, exist
}
// SetMetadata ...
func (p *Project) SetMetadata(key, value string) {
if p.Metadata == nil {
p.Metadata = map[string]string{}
}
p.Metadata[key] = value
}
// IsPublic ...
func (p *Project) IsPublic() bool {
public, exist := p.GetMetadata(ProMetaPublic)
if !exist {
return false
}
return isTrue(public)
}
// ContentTrustEnabled ...
func (p *Project) ContentTrustEnabled() bool {
enabled, exist := p.GetMetadata(ProMetaEnableContentTrust)
if !exist {
return false
}
return isTrue(enabled)
}
// VulPrevented ...
func (p *Project) VulPrevented() bool {
prevent, exist := p.GetMetadata(ProMetaPreventVul)
if !exist {
return false
}
return isTrue(prevent)
}
// Severity ...
func (p *Project) Severity() string {
severity, exist := p.GetMetadata(ProMetaSeverity)
if !exist {
return ""
}
return severity
}
// AutoScan ...
func (p *Project) AutoScan() bool {
auto, exist := p.GetMetadata(ProMetaAutoScan)
if !exist {
return false
}
return isTrue(auto)
}
func isTrue(value string) bool {
return strings.ToLower(value) == "true" ||
strings.ToLower(value) == "1"
}
// ProjectSorter holds an array of projects
@ -79,6 +139,7 @@ type ProjectQueryParam struct {
Public *bool // the project is public or not, can be ture, false and nil
Member *MemberQuery // the member of project
Pagination *Pagination // pagination information
ProjectIDs []int64 // project ID list
}
// MemberQuery fitler by member's username and role
@ -103,12 +164,9 @@ type BaseProjectCollection struct {
// ProjectRequest holds informations that need for creating project API
type ProjectRequest struct {
Name string `json:"project_name"`
Public int `json:"public"`
EnableContentTrust bool `json:"enable_content_trust"`
PreventVulnerableImagesFromRunning bool `json:"prevent_vulnerable_images_from_running"`
PreventVulnerableImagesFromRunningSeverity string `json:"prevent_vulnerable_images_from_running_severity"`
AutomaticallyScanImagesOnPush bool `json:"automatically_scan_images_on_push"`
Name string `json:"project_name"`
Public *int `json:"public"` //deprecated, reserved for project creation in replication
Metadata map[string]string `json:"metadata"`
}
// ProjectQueryResult ...

8
src/common/utils/clair/utils.go
View File

@ -30,13 +30,13 @@ import (
func ParseClairSev(clairSev string) models.Severity {
sev := strings.ToLower(clairSev)
switch sev {
case "negligible":
case models.SeverityNone:
return models.SevNone
case "low":
case models.SeverityLow:
return models.SevLow
case "medium":
case models.SeverityMedium:
return models.SevMedium
case "high":
case models.SeverityHigh:
return models.SevHigh
default:
return models.SevUnknown

25
src/jobservice/replication/transfer.go
View File

@ -22,6 +22,7 @@ import (
"fmt"
"io/ioutil"
"net/http"
"strconv"
"strings"
"github.com/docker/distribution"
@ -258,13 +259,23 @@ func getProject(name string) (*models.Project, error) {
}
func (c *Checker) createProject(project *models.Project) error {
pro := &models.ProjectRequest{
Name: project.Name,
Public: project.Public,
EnableContentTrust: project.EnableContentTrust,
PreventVulnerableImagesFromRunning: project.PreventVulnerableImagesFromRunning,
PreventVulnerableImagesFromRunningSeverity: project.PreventVulnerableImagesFromRunningSeverity,
AutomaticallyScanImagesOnPush: project.AutomaticallyScanImagesOnPush,
// only replicate the public property of project
pro := struct {
models.ProjectRequest
Public int `json:"public"`
}{
ProjectRequest: models.ProjectRequest{
Name: project.Name,
Metadata: map[string]string{
models.ProMetaPublic: strconv.FormatBool(project.IsPublic()),
},
},
}
// put "public" property in both metadata and public field to keep compatibility
// with old version API(<=1.2.0)
if project.IsPublic() {
pro.Public = 1
}
data, err := json.Marshal(pro)

19
src/ui/api/harborapi_test.go
View File

@ -93,12 +93,11 @@ func init() {
beego.Router("/api/search/", &SearchAPI{})
beego.Router("/api/projects/", &ProjectAPI{}, "get:List;post:Post;head:Head")
beego.Router("/api/projects/:id", &ProjectAPI{}, "delete:Delete;get:Get")
beego.Router("/api/projects/:id", &ProjectAPI{}, "delete:Delete;get:Get;put:Put")
beego.Router("/api/users/:id", &UserAPI{}, "get:Get")
beego.Router("/api/users", &UserAPI{}, "get:List;post:Post;delete:Delete;put:Put")
beego.Router("/api/users/:id([0-9]+)/password", &UserAPI{}, "put:ChangePassword")
beego.Router("/api/users/:id/sysadmin", &UserAPI{}, "put:ToggleUserAdminRole")
beego.Router("/api/projects/:id/publicity", &ProjectAPI{}, "put:ToggleProjectPublic")
beego.Router("/api/projects/:id([0-9]+)/logs", &ProjectAPI{}, "get:Logs")
beego.Router("/api/projects/:id([0-9]+)/_deletable", &ProjectAPI{}, "get:Deletable")
beego.Router("/api/projects/:pid([0-9]+)/members/?:mid", &ProjectMemberAPI{}, "get:Get;post:Post;delete:Delete;put:Put")
@ -359,18 +358,10 @@ func (a testapi) ProjectsGet(query *apilib.ProjectQuery, authInfo ...usrInfo) (i
}
//Update properties for a selected project.
func (a testapi) ToggleProjectPublicity(prjUsr usrInfo, projectID string, ispublic int32) (int, error) {
// create path and map variables
path := "/api/projects/" + projectID + "/publicity/"
_sling := sling.New().Put(a.basePath)
_sling = _sling.Path(path)
type QueryParams struct {
Public int32 `json:"public,omitempty"`
}
_sling = _sling.BodyJSON(&QueryParams{Public: ispublic})
func (a testapi) ProjectsPut(prjUsr usrInfo, projectID string,
project *models.Project) (int, error) {
path := "/api/projects/" + projectID
_sling := sling.New().Put(a.basePath).Path(path).BodyJSON(project)
httpStatusCode, _, err := request(_sling, jsonAcceptHeader, prjUsr)
return httpStatusCode, err

3
src/ui/api/log_test.go
View File

@ -19,6 +19,7 @@ import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/tests/apitests/apilib"
)
@ -38,7 +39,7 @@ func TestLogGet(t *testing.T) {
fmt.Println("add the project first.")
project := apilib.ProjectReq{
ProjectName: "project_for_test_log",
Public: 1,
Metadata: map[string]string{models.ProMetaPublic: "true"},
}
reply, err := apiTest.ProjectsPost(*testUser, project)

127
src/ui/api/project.go
View File

@ -18,6 +18,7 @@ import (
"fmt"
"net/http"
"regexp"
"strings"
"github.com/vmware/harbor/src/common"
"github.com/vmware/harbor/src/common/dao"
@ -120,14 +121,23 @@ func (p *ProjectAPI) Post() {
return
}
if pro.Metadata == nil {
pro.Metadata = map[string]string{}
}
// accept the "public" property to make replication work well with old versions(<=1.2.0)
if pro.Public != nil && len(pro.Metadata[models.ProMetaPublic]) == 0 {
pro.Metadata[models.ProMetaPublic] = strconv.FormatBool(*pro.Public == 1)
}
// populate public metadata as false if it isn't set
if _, ok := pro.Metadata[models.ProMetaPublic]; !ok {
pro.Metadata[models.ProMetaPublic] = strconv.FormatBool(false)
}
projectID, err := p.ProjectMgr.Create(&models.Project{
Name: pro.Name,
Public: pro.Public,
OwnerName: p.SecurityCtx.GetUsername(),
EnableContentTrust: pro.EnableContentTrust,
PreventVulnerableImagesFromRunning: pro.PreventVulnerableImagesFromRunning,
PreventVulnerableImagesFromRunningSeverity: pro.PreventVulnerableImagesFromRunningSeverity,
AutomaticallyScanImagesOnPush: pro.AutomaticallyScanImagesOnPush,
Name: pro.Name,
OwnerName: p.SecurityCtx.GetUsername(),
Metadata: pro.Metadata,
})
if err != nil {
if err == errutil.ErrDupProject {
@ -178,7 +188,7 @@ func (p *ProjectAPI) Head() {
// Get ...
func (p *ProjectAPI) Get() {
if p.project.Public == 0 {
if !p.project.IsPublic() {
if !p.SecurityCtx.IsAuthenticated() {
p.HandleUnauthorized()
return
@ -311,21 +321,52 @@ func (p *ProjectAPI) List() {
query.Public = &pub
}
// base project collection from which filter is done
base := &models.BaseProjectCollection{}
if !p.SecurityCtx.IsAuthenticated() {
// not login, only get public projects
base.Public = true
} else {
if !(p.SecurityCtx.IsSysAdmin() || p.SecurityCtx.IsSolutionUser()) {
// login, but not system admin, get public projects and
// projects that the user is member of
base.Member = p.SecurityCtx.GetUsername()
base.Public = true
// standalone, filter projects according to the privilleges of the user first
if !config.WithAdmiral() {
var projects []*models.Project
if !p.SecurityCtx.IsAuthenticated() {
// not login, only get public projects
pros, err := p.ProjectMgr.GetPublic()
if err != nil {
p.HandleInternalServerError(fmt.Sprintf("failed to get public projects: %v", err))
return
}
projects = []*models.Project{}
projects = append(projects, pros...)
} else {
if !(p.SecurityCtx.IsSysAdmin() || p.SecurityCtx.IsSolutionUser()) {
projects = []*models.Project{}
// login, but not system admin or solution user, get public projects and
// projects that the user is member of
pros, err := p.ProjectMgr.GetPublic()
if err != nil {
p.HandleInternalServerError(fmt.Sprintf("failed to get public projects: %v", err))
return
}
projects = append(projects, pros...)
mps, err := p.ProjectMgr.List(&models.ProjectQueryParam{
Member: &models.MemberQuery{
Name: p.SecurityCtx.GetUsername(),
},
})
if err != nil {
p.HandleInternalServerError(fmt.Sprintf("failed to list projects: %v", err))
return
}
projects = append(projects, mps.Projects...)
}
}
if projects != nil {
projectIDs := []int64{}
for _, project := range projects {
projectIDs = append(projectIDs, project.ProjectID)
}
query.ProjectIDs = projectIDs
}
}
result, err := p.ProjectMgr.List(query, base)
result, err := p.ProjectMgr.List(query)
if err != nil {
p.ParseAndHandleError("failed to list projects", err)
return
@ -358,8 +399,8 @@ func (p *ProjectAPI) List() {
p.ServeJSON()
}
// ToggleProjectPublic ...
func (p *ProjectAPI) ToggleProjectPublic() {
// Put ...
func (p *ProjectAPI) Put() {
if !p.SecurityCtx.IsAuthenticated() {
p.HandleUnauthorized()
return
@ -372,16 +413,10 @@ func (p *ProjectAPI) ToggleProjectPublic() {
var req *models.ProjectRequest
p.DecodeJSONReq(&req)
if req.Public != 0 && req.Public != 1 {
p.HandleBadRequest("public should be 0 or 1")
return
}
if err := p.ProjectMgr.Update(p.project.ProjectID,
&models.Project{
Metadata: map[string]string{
models.ProMetaPublic: strconv.Itoa(req.Public),
},
Metadata: req.Metadata,
}); err != nil {
p.ParseAndHandleError(fmt.Sprintf("failed to update project %d",
p.project.ProjectID), err)
@ -464,5 +499,39 @@ func validateProjectReq(req *models.ProjectRequest) error {
if !legal {
return fmt.Errorf("project name is not in lower case or contains illegal characters")
}
if req.Metadata != nil {
metas := req.Metadata
req.Metadata = map[string]string{}
boolMetas := []string{
models.ProMetaPublic,
models.ProMetaEnableContentTrust,
models.ProMetaPreventVul,
models.ProMetaAutoScan}
for _, boolMeta := range boolMetas {
value, exist := metas[boolMeta]
if exist {
b, err := strconv.ParseBool(value)
if err != nil {
log.Errorf("failed to parse %s to bool: %v", value, err)
b = false
}
req.Metadata[boolMeta] = strconv.FormatBool(b)
}
}
value, exist := metas[models.ProMetaSeverity]
if exist {
switch strings.ToLower(value) {
case models.SeverityHigh, models.SeverityMedium, models.SeverityLow, models.SeverityNone:
req.Metadata[models.ProMetaSeverity] = strings.ToLower(value)
default:
return fmt.Errorf("invalid severity %s", value)
}
}
}
return nil
}

67
src/ui/api/project_test.go
View File

@ -31,7 +31,7 @@ var addProject *apilib.ProjectReq
var addPID int
func InitAddPro() {
addProject = &apilib.ProjectReq{"add_project", 1}
addProject = &apilib.ProjectReq{"add_project", map[string]string{models.ProMetaPublic: "true"}}
}
func TestAddProject(t *testing.T) {
@ -82,7 +82,7 @@ func TestAddProject(t *testing.T) {
//case 4: reponse code = 400 : Project name is illegal in length
fmt.Println("case 4 : reponse code = 400 : Project name is illegal in length ")
result, err = apiTest.ProjectsPost(*admin, apilib.ProjectReq{"t", 1})
result, err = apiTest.ProjectsPost(*admin, apilib.ProjectReq{"t", map[string]string{models.ProMetaPublic: "true"}})
if err != nil {
t.Error("Error while creat project", err.Error())
t.Log(err)
@ -112,7 +112,7 @@ func TestListProjects(t *testing.T) {
assert.Nil(err)
assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200")
assert.Equal(addProject.ProjectName, result[0].ProjectName, "Project name is wrong")
assert.Equal(int32(1), result[0].Public, "Public is wrong")
assert.Equal("true", result[0].Metadata[models.ProMetaPublic], "Public is wrong")
//find add projectID
addPID = int(result[0].ProjectId)
@ -130,7 +130,7 @@ func TestListProjects(t *testing.T) {
} else {
assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200")
assert.Equal(addProject.ProjectName, result[0].ProjectName, "Project name is wrong")
assert.Equal(int32(1), result[0].Public, "Public is wrong")
assert.Equal("true", result[0].Metadata[models.ProMetaPublic], "Public is wrong")
assert.Equal(int32(1), result[0].CurrentUserRoleId, "User project role is wrong")
}
@ -155,7 +155,7 @@ func TestListProjects(t *testing.T) {
} else {
assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200")
assert.Equal(addProject.ProjectName, result[0].ProjectName, "Project name is wrong")
assert.Equal(int32(1), result[0].Public, "Public is wrong")
assert.Equal("true", result[0].Metadata[models.ProMetaPublic], "Public is wrong")
assert.Equal(int32(2), result[0].CurrentUserRoleId, "User project role is wrong")
}
id := strconv.Itoa(CommonGetUserID())
@ -187,7 +187,7 @@ func TestProGetByID(t *testing.T) {
} else {
assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200")
assert.Equal(addProject.ProjectName, result.ProjectName, "ProjectName is wrong")
assert.Equal(int32(1), result.Public, "Public is wrong")
assert.Equal("true", result.Metadata[models.ProMetaPublic], "Public is wrong")
}
fmt.Printf("\n")
}
@ -273,48 +273,37 @@ func TestProHead(t *testing.T) {
fmt.Printf("\n")
}
func TestToggleProjectPublicity(t *testing.T) {
func TestPut(t *testing.T) {
fmt.Println("\nTest for Project PUT API: Update properties for a selected project")
assert := assert.New(t)
apiTest := newHarborAPI()
//-------------------case1: Response Code=200------------------------------//
project := &models.Project{
Metadata: map[string]string{
models.ProMetaPublic: "true",
},
}
fmt.Println("case 1: respose code:200")
httpStatusCode, err := apiTest.ToggleProjectPublicity(*admin, "1", 1)
if err != nil {
t.Error("Error while search project by proId", err.Error())
t.Log(err)
} else {
assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200")
}
//-------------------case2: Response Code=401 User need to log in first. ------------------------------//
code, err := apiTest.ProjectsPut(*admin, "1", project)
require.Nil(t, err)
assert.Equal(int(200), code)
fmt.Println("case 2: respose code:401, User need to log in first.")
httpStatusCode, err = apiTest.ToggleProjectPublicity(*unknownUsr, "1", 1)
if err != nil {
t.Error("Error while search project by proId", err.Error())
t.Log(err)
} else {
assert.Equal(int(401), httpStatusCode, "httpStatusCode should be 401")
}
//-------------------case3: Response Code=400 Invalid project id------------------------------//
code, err = apiTest.ProjectsPut(*unknownUsr, "1", project)
require.Nil(t, err)
assert.Equal(int(401), code)
fmt.Println("case 3: respose code:400, Invalid project id")
httpStatusCode, err = apiTest.ToggleProjectPublicity(*admin, "cc", 1)
if err != nil {
t.Error("Error while search project by proId", err.Error())
t.Log(err)
} else {
assert.Equal(int(400), httpStatusCode, "httpStatusCode should be 400")
}
//-------------------case4: Response Code=404 Not found the project------------------------------//
code, err = apiTest.ProjectsPut(*admin, "cc", project)
require.Nil(t, err)
assert.Equal(int(400), code)
fmt.Println("case 4: respose code:404, Not found the project")
httpStatusCode, err = apiTest.ToggleProjectPublicity(*admin, "1234", 1)
if err != nil {
t.Error("Error while search project by proId", err.Error())
t.Log(err)
} else {
assert.Equal(int(404), httpStatusCode, "httpStatusCode should be 404")
}
code, err = apiTest.ProjectsPut(*admin, "1234", project)
require.Nil(t, err)
assert.Equal(int(404), code)
fmt.Printf("\n")
}

2
src/ui/api/search.go
View File

@ -147,7 +147,7 @@ func filterRepositories(projects []*models.Project, keyword string) (
entry["repository_name"] = r.Name
entry["project_name"] = projects[j].Name
entry["project_id"] = projects[j].ProjectID
entry["project_public"] = projects[j].Public
entry["project_public"] = projects[j].IsPublic()
entry["pull_count"] = r.PullCount
tags, err := getTags(r.Name)

6
src/ui/api/search_test.go
View File

@ -37,7 +37,7 @@ func TestSearch(t *testing.T) {
assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200")
assert.Equal(int64(1), result.Projects[0].ProjectID, "Project id should be equal")
assert.Equal("library", result.Projects[0].Name, "Project name should be library")
assert.Equal(1, result.Projects[0].Public, "Project public status should be 1 (true)")
assert.True(result.Projects[0].IsPublic(), "Project public status should be 1 (true)")
}
//--------case 2 : Response Code = 200, sysAdmin and search repo--------//
@ -49,7 +49,7 @@ func TestSearch(t *testing.T) {
assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200")
assert.Equal("library", result.Repositories[0].ProjectName, "Project name should be library")
assert.Equal("library/docker", result.Repositories[0].RepositoryName, "Repository name should be library/docker")
assert.Equal(int32(1), result.Repositories[0].ProjectPublic, "Project public status should be 1 (true)")
assert.True(result.Repositories[0].ProjectPublic, "Project public status should be 1 (true)")
}
//--------case 3 : Response Code = 200, normal user and search repo--------//
@ -61,7 +61,7 @@ func TestSearch(t *testing.T) {
assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200")
assert.Equal("library", result.Repositories[0].ProjectName, "Project name should be library")
assert.Equal("library/docker", result.Repositories[0].RepositoryName, "Repository name should be library/docker")
assert.Equal(int32(1), result.Repositories[0].ProjectPublic, "Project public status should be 1 (true)")
assert.True(result.Repositories[0].ProjectPublic, "Project public status should be 1 (true)")
}
}

46
src/ui/config/config.go
View File

@ -15,7 +15,7 @@
package config
import (
//"crypto/tls"
"crypto/tls"
"encoding/json"
"fmt"
"net/http"
@ -108,38 +108,32 @@ func initSecretStore() {
func initProjectManager() {
var driver pmsdriver.PMSDriver
if WithAdmiral() {
// TODO add support for admiral
/*
// integration with admiral
log.Info("initializing the project manager based on PMS...")
// TODO read ca/cert file and pass it to the TLS config
AdmiralClient = &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
// integration with admiral
log.Info("initializing the project manager based on PMS...")
// TODO read ca/cert file and pass it to the TLS config
AdmiralClient = &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
},
}
path := os.Getenv("SERVICE_TOKEN_FILE_PATH")
if len(path) == 0 {
path = defaultTokenFilePath
}
log.Infof("service token file path: %s", path)
TokenReader = &admiral.FileTokenReader{
Path: path,
}
GlobalProjectMgr = admiral.NewProjectManager(AdmiralClient,
AdmiralEndpoint(), TokenReader)
*/
GlobalProjectMgr = nil
path := os.Getenv("SERVICE_TOKEN_FILE_PATH")
if len(path) == 0 {
path = defaultTokenFilePath
}
log.Infof("service token file path: %s", path)
TokenReader = &admiral.FileTokenReader{
Path: path,
}
driver = admiral.NewDriver(AdmiralClient, AdmiralEndpoint(), TokenReader)
} else {
// standalone
log.Info("initializing the project manager based on local database...")
driver = local.NewDriver()
// TODO move the statement out of the else block when admiral driver is completed
GlobalProjectMgr = promgr.NewDefaultProjectManager(driver, true)
}
GlobalProjectMgr = promgr.NewDefaultProjectManager(driver, true)
}

29
src/ui/filter/security.go
View File

@ -33,7 +33,7 @@ import (
"github.com/vmware/harbor/src/ui/auth"
"github.com/vmware/harbor/src/ui/config"
"github.com/vmware/harbor/src/ui/promgr"
//"github.com/vmware/harbor/src/ui/promgr/pmsdriver/admiral"
"github.com/vmware/harbor/src/ui/promgr/pmsdriver/admiral"
)
type key string
@ -264,15 +264,13 @@ func (t *tokenReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
return false
}
/*
log.Debug("creating PMS project manager...")
pm := admiral.NewProjectManager(config.AdmiralClient,
config.AdmiralEndpoint(), &admiral.RawTokenReader{
Token: token,
})
*/
// TODO create the DefaultProjectManager with the real admiral PMSDriver
pm := promgr.NewDefaultProjectManager(nil, false)
log.Debug("creating PMS project manager...")
driver := admiral.NewDriver(config.AdmiralClient,
config.AdmiralEndpoint(), &admiral.RawTokenReader{
Token: token,
})
pm := promgr.NewDefaultProjectManager(driver, false)
log.Debug("creating admiral security context...")
securCtx := admr.NewSecurityContext(authContext, pm)
@ -291,13 +289,10 @@ func (u *unauthorizedReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
var pm promgr.ProjectManager
if config.WithAdmiral() {
// integration with admiral
/*
log.Debug("creating PMS project manager...")
pm = admiral.NewProjectManager(config.AdmiralClient,
config.AdmiralEndpoint(), nil)
*/
// TODO create the DefaultProjectManager with the real admiral PMSDriver
pm = promgr.NewDefaultProjectManager(nil, false)
log.Debug("creating PMS project manager...")
driver := admiral.NewDriver(config.AdmiralClient,
config.AdmiralEndpoint(), nil)
pm = promgr.NewDefaultProjectManager(driver, false)
log.Debug("creating admiral security context...")
securCtx = admr.NewSecurityContext(nil, pm)
} else {

43
src/ui/promgr/metamgr/metamgr.go
View File

@ -15,15 +15,13 @@
package metamgr
import (
"strconv"
"github.com/vmware/harbor/src/common/dao"
"github.com/vmware/harbor/src/common/models"
)
// ProjectMetadataManaegr defines the operations that a project metadata manager should
// ProjectMetadataManager defines the operations that a project metadata manager should
// implement
type ProjectMetadataManaegr interface {
type ProjectMetadataManager interface {
// Add metadatas for project specified by projectID
Add(projectID int64, meta map[string]string) error
// Delete metadatas whose keys are specified in parameter meta, if it
@ -34,16 +32,18 @@ type ProjectMetadataManaegr interface {
// Get metadatas whose keys are specified in parameter meta, if it is
// absent, get all
Get(projectID int64, meta ...string) (map[string]string, error)
// List metadata according to the name and value
List(name, value string) ([]*models.ProjectMetadata, error)
}
type defaultProjectMetadataManaegr struct{}
type defaultProjectMetadataManager struct{}
// NewDefaultProjectMetadataManager ...
func NewDefaultProjectMetadataManager() ProjectMetadataManaegr {
return &defaultProjectMetadataManaegr{}
func NewDefaultProjectMetadataManager() ProjectMetadataManager {
return &defaultProjectMetadataManager{}
}
func (d *defaultProjectMetadataManaegr) Add(projectID int64, meta map[string]string) error {
func (d *defaultProjectMetadataManager) Add(projectID int64, meta map[string]string) error {
for k, v := range meta {
proMeta := &models.ProjectMetadata{
ProjectID: projectID,
@ -57,11 +57,11 @@ func (d *defaultProjectMetadataManaegr) Add(projectID int64, meta map[string]str
return nil
}
func (d *defaultProjectMetadataManaegr) Delete(projectID int64, meta ...string) error {
func (d *defaultProjectMetadataManager) Delete(projectID int64, meta ...string) error {
return dao.DeleteProjectMetadata(projectID, meta...)
}
func (d *defaultProjectMetadataManaegr) Update(projectID int64, meta map[string]string) error {
func (d *defaultProjectMetadataManager) Update(projectID int64, meta map[string]string) error {
for k, v := range meta {
if err := dao.UpdateProjectMetadata(&models.ProjectMetadata{
ProjectID: projectID,
@ -72,20 +72,10 @@ func (d *defaultProjectMetadataManaegr) Update(projectID int64, meta map[string]
}
}
// TODO remove the logic
public, ok := meta[models.ProMetaPublic]
if ok {
i, err := strconv.Atoi(public)
if err != nil {
return err
}
return dao.ToggleProjectPublicity(projectID, i)
}
return nil
}
func (d *defaultProjectMetadataManaegr) Get(projectID int64, meta ...string) (map[string]string, error) {
func (d *defaultProjectMetadataManager) Get(projectID int64, meta ...string) (map[string]string, error) {
proMetas, err := dao.GetProjectMetadata(projectID, meta...)
if err != nil {
return nil, nil
@ -98,3 +88,14 @@ func (d *defaultProjectMetadataManaegr) Get(projectID int64, meta ...string) (ma
return m, nil
}
func (d *defaultProjectMetadataManager) List(name, value string) ([]*models.ProjectMetadata, error) {
metas := []*models.ProjectMetadata{}
mds, err := dao.ListProjectMetadata(name, value)
if err != nil {
return nil, err
}
metas = append(metas, mds...)
return metas, nil
}

6
src/ui/promgr/metamgr/metamgr_test.go
View File

@ -54,6 +54,12 @@ func TestMetaMgrMethods(t *testing.T) {
assert.Equal(t, 1, len(m))
assert.Equal(t, value, m[key])
// test list
metas, err := mgr.List(key, value)
require.Nil(t, err)
assert.Equal(t, 1, len(metas))
assert.Equal(t, int64(1), metas[0].ProjectID)
// test update
require.Nil(t, mgr.Update(1, map[string]string{
key: newValue,

195
src/ui/promgr/pmsdriver/admiral/admiral.go
View File

@ -30,13 +30,12 @@ import (
"github.com/vmware/harbor/src/common/utils"
er "github.com/vmware/harbor/src/common/utils/error"
"github.com/vmware/harbor/src/common/utils/log"
"github.com/vmware/harbor/src/ui/promgr/pmsdriver"
)
const dupProjectPattern = `Project name '\w+' is already used`
// ProjectManager implements projectmanager.ProjecdtManager interface
// base on project management service
type ProjectManager struct {
type driver struct {
client *http.Client
endpoint string
tokenReader TokenReader
@ -57,10 +56,10 @@ type project struct {
Guests []*user `json:"viewers"`
}
// NewProjectManager returns an instance of ProjectManager
func NewProjectManager(client *http.Client, endpoint string,
tokenReader TokenReader) *ProjectManager {
return &ProjectManager{
// NewDriver returns an instance of driver
func NewDriver(client *http.Client, endpoint string,
tokenReader TokenReader) pmsdriver.PMSDriver {
return &driver{
client: client,
endpoint: strings.TrimRight(endpoint, "/"),
tokenReader: tokenReader,
@ -68,8 +67,8 @@ func NewProjectManager(client *http.Client, endpoint string,
}
// Get ...
func (p *ProjectManager) Get(projectIDOrName interface{}) (*models.Project, error) {
project, err := p.get(projectIDOrName)
func (d *driver) Get(projectIDOrName interface{}) (*models.Project, error) {
project, err := d.get(projectIDOrName)
if err != nil {
return nil, err
}
@ -77,10 +76,10 @@ func (p *ProjectManager) Get(projectIDOrName interface{}) (*models.Project, erro
}
// get Admiral project with Harbor project ID or name
func (p *ProjectManager) get(projectIDOrName interface{}) (*project, error) {
func (d *driver) get(projectIDOrName interface{}) (*project, error) {
// if token is provided, search project from my projects list first
if len(p.getToken()) != 0 {
project, err := p.getFromMy(projectIDOrName)
if len(d.getToken()) != 0 {
project, err := d.getFromMy(projectIDOrName)
if err != nil {
return nil, err
}
@ -90,18 +89,18 @@ func (p *ProjectManager) get(projectIDOrName interface{}) (*project, error) {
}
// try to get project from public projects list
return p.getFromPublic(projectIDOrName)
return d.getFromPublic(projectIDOrName)
}
// call GET /projects?$filter=xxx eq xxx, the API can only filter projects
// which the user is a member of
func (p *ProjectManager) getFromMy(projectIDOrName interface{}) (*project, error) {
return p.getAdmiralProject(projectIDOrName, false)
func (d *driver) getFromMy(projectIDOrName interface{}) (*project, error) {
return d.getAdmiralProject(projectIDOrName, false)
}
// call GET /projects?public=true&$filter=xxx eq xxx
func (p *ProjectManager) getFromPublic(projectIDOrName interface{}) (*project, error) {
project, err := p.getAdmiralProject(projectIDOrName, true)
func (d *driver) getFromPublic(projectIDOrName interface{}) (*project, error) {
project, err := d.getAdmiralProject(projectIDOrName, true)
if project != nil {
// the projects returned by GET /projects?public=true&xxx have no
// "public" property, populate it here
@ -110,7 +109,7 @@ func (p *ProjectManager) getFromPublic(projectIDOrName interface{}) (*project, e
return project, err
}
func (p *ProjectManager) getAdmiralProject(projectIDOrName interface{}, public bool) (*project, error) {
func (d *driver) getAdmiralProject(projectIDOrName interface{}, public bool) (*project, error) {
m := map[string]string{}
id, name, err := utils.ParseProjectIDOrName(projectIDOrName)
@ -126,7 +125,7 @@ func (p *ProjectManager) getAdmiralProject(projectIDOrName interface{}, public b
m["public"] = "true"
}
projects, err := p.filter(m)
projects, err := d.filter(m)
if err != nil {
return nil, err
}
@ -145,7 +144,7 @@ func (p *ProjectManager) getAdmiralProject(projectIDOrName interface{}, public b
return projects[0], nil
}
func (p *ProjectManager) filter(m map[string]string) ([]*project, error) {
func (d *driver) filter(m map[string]string) ([]*project, error) {
query := ""
for k, v := range m {
if len(query) == 0 {
@ -165,7 +164,7 @@ func (p *ProjectManager) filter(m map[string]string) ([]*project, error) {
}
path := "/projects" + query
data, err := p.send(http.MethodGet, path, nil)
data, err := d.send(http.MethodGet, path, nil)
if err != nil {
return nil, err
}
@ -201,7 +200,7 @@ func convert(p *project) (*models.Project, error) {
Name: p.Name,
}
if p.Public {
project.Public = 1
project.SetMetadata(models.ProMetaPublic, "true")
}
value := p.CustomProperties["__projectIndex"]
@ -221,7 +220,7 @@ func convert(p *project) (*models.Project, error) {
if err != nil {
return nil, fmt.Errorf("failed to parse __enableContentTrust %s to bool: %v", value, err)
}
project.EnableContentTrust = enable
project.SetMetadata(models.ProMetaEnableContentTrust, strconv.FormatBool(enable))
}
value = p.CustomProperties["__preventVulnerableImagesFromRunning"]
@ -230,12 +229,12 @@ func convert(p *project) (*models.Project, error) {
if err != nil {
return nil, fmt.Errorf("failed to parse __preventVulnerableImagesFromRunning %s to bool: %v", value, err)
}
project.PreventVulnerableImagesFromRunning = prevent
project.SetMetadata(models.ProMetaPreventVul, strconv.FormatBool(prevent))
}
value = p.CustomProperties["__preventVulnerableImagesFromRunningSeverity"]
if len(value) != 0 {
project.PreventVulnerableImagesFromRunningSeverity = value
project.SetMetadata(models.ProMetaSeverity, value)
}
value = p.CustomProperties["__automaticallyScanImagesOnPush"]
@ -244,93 +243,14 @@ func convert(p *project) (*models.Project, error) {
if err != nil {
return nil, fmt.Errorf("failed to parse __automaticallyScanImagesOnPush %s to bool: %v", value, err)
}
project.AutomaticallyScanImagesOnPush = scan
project.SetMetadata(models.ProMetaAutoScan, strconv.FormatBool(scan))
}
return project, nil
}
// IsPublic ...
func (p *ProjectManager) IsPublic(projectIDOrName interface{}) (bool, error) {
project, err := p.get(projectIDOrName)
if err != nil {
return false, err
}
if project == nil {
return false, nil
}
return project.Public, nil
}
// Exist ...
func (p *ProjectManager) Exist(projectIDOrName interface{}) (bool, error) {
project, err := p.get(projectIDOrName)
if err != nil {
return false, err
}
return project != nil, nil
}
/*
// GetRoles gets roles that the user has to the project
// This method is used in GET /projects API.
// Jobservice calls GET /projects API to get information of source
// project when trying to replicate the project. There is no auth
// context in this use case, so the method is needed.
func (p *ProjectManager) GetRoles(username string, projectIDOrName interface{}) ([]int, error) {
if len(username) == 0 || projectIDOrName == nil {
return nil, nil
}
id, err := p.getIDbyHarborIDOrName(projectIDOrName)
if err != nil {
return nil, err
}
// get expanded project which contains role info by GET /projects/id?expand=true
path := fmt.Sprintf("/projects/%s?expand=true", id)
data, err := p.send(http.MethodGet, path, nil)
if err != nil {
return nil, err
}
pro := &project{}
if err = json.Unmarshal(data, pro); err != nil {
return nil, err
}
roles := []int{}
for _, user := range pro.Administrators {
if user.Email == username {
roles = append(roles, common.RoleProjectAdmin)
break
}
}
for _, user := range pro.Developers {
if user.Email == username {
roles = append(roles, common.RoleDeveloper)
break
}
}
for _, user := range pro.Guests {
if user.Email == username {
roles = append(roles, common.RoleGuest)
break
}
}
return roles, nil
}
*/
func (p *ProjectManager) getIDbyHarborIDOrName(projectIDOrName interface{}) (string, error) {
pro, err := p.get(projectIDOrName)
func (d *driver) getIDbyHarborIDOrName(projectIDOrName interface{}) (string, error) {
pro, err := d.get(projectIDOrName)
if err != nil {
return "", err
}
@ -342,32 +262,24 @@ func (p *ProjectManager) getIDbyHarborIDOrName(projectIDOrName interface{}) (str
return pro.ID, nil
}
// GetPublic ...
func (p *ProjectManager) GetPublic() ([]*models.Project, error) {
t := true
return p.GetAll(&models.ProjectQueryParam{
Public: &t,
})
}
// Create ...
func (p *ProjectManager) Create(pro *models.Project) (int64, error) {
func (d *driver) Create(pro *models.Project) (int64, error) {
proj := &project{
CustomProperties: make(map[string]string),
}
proj.Name = pro.Name
proj.Public = pro.Public == 1
proj.CustomProperties["__enableContentTrust"] = strconv.FormatBool(pro.EnableContentTrust)
proj.CustomProperties["__preventVulnerableImagesFromRunning"] = strconv.FormatBool(pro.PreventVulnerableImagesFromRunning)
proj.CustomProperties["__preventVulnerableImagesFromRunningSeverity"] = pro.PreventVulnerableImagesFromRunningSeverity
proj.CustomProperties["__automaticallyScanImagesOnPush"] = strconv.FormatBool(pro.AutomaticallyScanImagesOnPush)
proj.Public = pro.IsPublic()
proj.CustomProperties["__enableContentTrust"] = strconv.FormatBool(pro.ContentTrustEnabled())
proj.CustomProperties["__preventVulnerableImagesFromRunning"] = strconv.FormatBool(pro.VulPrevented())
proj.CustomProperties["__preventVulnerableImagesFromRunningSeverity"] = pro.Severity()
proj.CustomProperties["__automaticallyScanImagesOnPush"] = strconv.FormatBool(pro.AutoScan())
data, err := json.Marshal(proj)
if err != nil {
return 0, err
}
b, err := p.send(http.MethodPost, "/projects", bytes.NewBuffer(data))
b, err := d.send(http.MethodPost, "/projects", bytes.NewBuffer(data))
if err != nil {
// when creating a project with a duplicate name in Admiral, a 500 error
// with a specific message will be returned for now.
@ -413,23 +325,23 @@ func (p *ProjectManager) Create(pro *models.Project) (int64, error) {
}
// Delete ...
func (p *ProjectManager) Delete(projectIDOrName interface{}) error {
id, err := p.getIDbyHarborIDOrName(projectIDOrName)
func (d *driver) Delete(projectIDOrName interface{}) error {
id, err := d.getIDbyHarborIDOrName(projectIDOrName)
if err != nil {
return err
}
_, err = p.send(http.MethodDelete, fmt.Sprintf("/projects/%s", id), nil)
_, err = d.send(http.MethodDelete, fmt.Sprintf("/projects/%s", id), nil)
return err
}
// Update ...
func (p *ProjectManager) Update(projectIDOrName interface{}, project *models.Project) error {
func (d *driver) Update(projectIDOrName interface{}, project *models.Project) error {
return errors.New("project update is unsupported")
}
// GetAll ...
func (p *ProjectManager) GetAll(query *models.ProjectQueryParam, base ...*models.BaseProjectCollection) ([]*models.Project, error) {
// List ...
func (d *driver) List(query *models.ProjectQueryParam) (*models.ProjectQueryResult, error) {
m := map[string]string{}
if query != nil {
if len(query.Name) > 0 {
@ -440,7 +352,7 @@ func (p *ProjectManager) GetAll(query *models.ProjectQueryParam, base ...*models
}
}
projects, err := p.filter(m)
projects, err := d.filter(m)
if err != nil {
return nil, err
}
@ -454,27 +366,24 @@ func (p *ProjectManager) GetAll(query *models.ProjectQueryParam, base ...*models
list = append(list, project)
}
return list, nil
return &models.ProjectQueryResult{
Total: int64(len(list)),
Projects: list,
}, nil
}
// GetTotal ...
func (p *ProjectManager) GetTotal(query *models.ProjectQueryParam, base ...*models.BaseProjectCollection) (int64, error) {
projects, err := p.GetAll(query)
return int64(len(projects)), err
}
func (p *ProjectManager) send(method, path string, body io.Reader) ([]byte, error) {
req, err := http.NewRequest(method, p.endpoint+path, body)
func (d *driver) send(method, path string, body io.Reader) ([]byte, error) {
req, err := http.NewRequest(method, d.endpoint+path, body)
if err != nil {
return nil, err
}
req.Header.Add("x-xenon-auth-token", p.getToken())
req.Header.Add("x-xenon-auth-token", d.getToken())
url := req.URL.String()
req.URL.RawQuery = req.URL.Query().Encode()
resp, err := p.client.Do(req)
resp, err := d.client.Do(req)
if err != nil {
log.Debugf("\"%s %s\" failed", req.Method, url)
return nil, err
@ -497,12 +406,12 @@ func (p *ProjectManager) send(method, path string, body io.Reader) ([]byte, erro
return b, nil
}
func (p *ProjectManager) getToken() string {
if p.tokenReader == nil {
func (d *driver) getToken() string {
if d.tokenReader == nil {
return ""
}
token, err := p.tokenReader.ReadToken()
token, err := d.tokenReader.ReadToken()
if err != nil {
token = ""
log.Errorf("failed to read token: %v", err)

227
src/ui/promgr/pmsdriver/admiral/admiral_test.go
View File

@ -101,12 +101,12 @@ func TestConvert(t *testing.T) {
assert.Nil(t, err)
assert.NotNil(t, pro)
assert.Equal(t, "test", pro.Name)
assert.Equal(t, 1, pro.Public)
assert.True(t, pro.IsPublic())
assert.Equal(t, int64(1), pro.ProjectID)
assert.True(t, pro.EnableContentTrust)
assert.True(t, pro.PreventVulnerableImagesFromRunning)
assert.Equal(t, "medium", pro.PreventVulnerableImagesFromRunningSeverity)
assert.True(t, pro.AutomaticallyScanImagesOnPush)
assert.True(t, pro.ContentTrustEnabled())
assert.True(t, pro.VulPrevented())
assert.Equal(t, "medium", pro.Severity())
assert.True(t, pro.AutoScan())
}
func TestParse(t *testing.T) {
@ -182,233 +182,130 @@ func TestParse(t *testing.T) {
}
func TestGet(t *testing.T) {
pm := NewProjectManager(client, endpoint, tokenReader)
d := NewDriver(client, endpoint, tokenReader)
name := "project_for_test_get"
id, err := pm.Create(&models.Project{
id, err := d.Create(&models.Project{
Name: name,
})
require.Nil(t, err)
defer delete(t, id)
// get by invalid input type
_, err = pm.Get([]string{})
_, err = d.Get([]string{})
assert.NotNil(t, err)
// get by invalid ID
project, err := pm.Get(int64(0))
project, err := d.Get(int64(0))
assert.Nil(t, err)
assert.Nil(t, project)
// get by invalid name
project, err = pm.Get("invalid_name")
project, err = d.Get("invalid_name")
assert.Nil(t, err)
assert.Nil(t, project)
// get by valid ID
project, err = pm.Get(id)
project, err = d.Get(id)
assert.Nil(t, err)
assert.Equal(t, id, project.ProjectID)
// get by valid name
project, err = pm.Get(name)
project, err = d.Get(name)
assert.Nil(t, err)
assert.Equal(t, id, project.ProjectID)
}
func TestIsPublic(t *testing.T) {
pm := NewProjectManager(client, endpoint, tokenReader)
// invalid input type
public, err := pm.IsPublic([]string{})
assert.NotNil(t, err)
assert.False(t, public)
// non-exist project
public, err = pm.IsPublic(int64(2))
assert.Nil(t, err)
assert.False(t, public)
// public project
name := "project_for_pm_based_on_pms_public"
id, err := pm.Create(&models.Project{
Name: name,
Public: 1,
})
require.Nil(t, err)
defer delete(t, id)
public, err = pm.IsPublic(id)
assert.Nil(t, err)
assert.True(t, public)
public, err = pm.IsPublic(name)
assert.Nil(t, err)
assert.True(t, public)
// private project
name = "project_for_pm_based_on_pms_private"
id, err = pm.Create(&models.Project{
Name: name,
Public: 0,
})
require.Nil(t, err)
defer delete(t, id)
public, err = pm.IsPublic(id)
assert.Nil(t, err)
assert.False(t, public)
public, err = pm.IsPublic(name)
assert.Nil(t, err)
assert.False(t, public)
}
func TestExist(t *testing.T) {
pm := NewProjectManager(client, endpoint, tokenReader)
// invalid input type
exist, err := pm.Exist([]string{})
assert.NotNil(t, err)
assert.False(t, exist)
// non-exist project
exist, err = pm.Exist(int64(2))
assert.Nil(t, err)
assert.False(t, exist)
// exist project
name := "project_for_test_exist"
id, err := pm.Create(&models.Project{
Name: name,
})
require.Nil(t, err)
defer delete(t, id)
exist, err = pm.Exist(id)
assert.Nil(t, err)
assert.True(t, exist)
exist, err = pm.Exist(name)
assert.Nil(t, err)
assert.True(t, exist)
}
func TestGetPublic(t *testing.T) {
pm := NewProjectManager(client, endpoint, tokenReader)
projects, err := pm.GetPublic()
assert.Nil(t, nil)
size := len(projects)
name := "project_for_test_get_public"
id, err := pm.Create(&models.Project{
Name: name,
Public: 1,
})
require.Nil(t, err)
defer delete(t, id)
projects, err = pm.GetPublic()
assert.Nil(t, nil)
assert.Equal(t, size+1, len(projects))
found := false
for _, project := range projects {
if project.ProjectID == id {
found = true
break
}
}
assert.True(t, found)
}
func TestCreate(t *testing.T) {
pm := NewProjectManager(client, endpoint, tokenReader)
d := NewDriver(client, endpoint, tokenReader)
name := "project_for_test_create"
id, err := pm.Create(&models.Project{
Name: name,
Public: 1,
EnableContentTrust: true,
PreventVulnerableImagesFromRunning: true,
PreventVulnerableImagesFromRunningSeverity: "medium",
AutomaticallyScanImagesOnPush: true,
id, err := d.Create(&models.Project{
Name: name,
Metadata: map[string]string{
models.ProMetaPublic: "true",
models.ProMetaEnableContentTrust: "true",
models.ProMetaPreventVul: "true",
models.ProMetaSeverity: "medium",
models.ProMetaAutoScan: "true",
},
})
require.Nil(t, err)
defer delete(t, id)
project, err := pm.Get(id)
project, err := d.Get(id)
assert.Nil(t, err)
assert.Equal(t, name, project.Name)
assert.Equal(t, 1, project.Public)
assert.True(t, project.EnableContentTrust)
assert.True(t, project.PreventVulnerableImagesFromRunning)
assert.Equal(t, "medium", project.PreventVulnerableImagesFromRunningSeverity)
assert.True(t, project.AutomaticallyScanImagesOnPush)
assert.True(t, project.IsPublic())
assert.True(t, project.ContentTrustEnabled())
assert.True(t, project.VulPrevented())
assert.Equal(t, "medium", project.Severity())
assert.True(t, project.AutoScan())
// duplicate project name
_, err = pm.Create(&models.Project{
_, err = d.Create(&models.Project{
Name: name,
})
assert.Equal(t, errutil.ErrDupProject, err)
}
func TestDelete(t *testing.T) {
pm := NewProjectManager(client, endpoint, tokenReader)
d := NewDriver(client, endpoint, tokenReader)
// non-exist project
err := pm.Delete(int64(0))
err := d.Delete(int64(0))
assert.NotNil(t, err)
// delete by ID
name := "project_for_pm_based_on_pms_id"
id, err := pm.Create(&models.Project{
id, err := d.Create(&models.Project{
Name: name,
})
require.Nil(t, err)
err = pm.Delete(id)
err = d.Delete(id)
assert.Nil(t, err)
// delete by name
name = "project_for_pm_based_on_pms_name"
id, err = pm.Create(&models.Project{
id, err = d.Create(&models.Project{
Name: name,
})
require.Nil(t, err)
err = pm.Delete(name)
err = d.Delete(name)
assert.Nil(t, err)
}
func TestUpdate(t *testing.T) {
pm := NewProjectManager(client, endpoint, tokenReader)
err := pm.Update(nil, nil)
d := NewDriver(client, endpoint, tokenReader)
err := d.Update(nil, nil)
assert.NotNil(t, err)
}
func TestGetAll(t *testing.T) {
pm := NewProjectManager(client, endpoint, tokenReader)
func TestList(t *testing.T) {
d := NewDriver(client, endpoint, tokenReader)
name1 := "project_for_test_get_all_01"
id1, err := pm.Create(&models.Project{
id1, err := d.Create(&models.Project{
Name: name1,
})
require.Nil(t, err)
defer delete(t, id1)
name2 := "project_for_test_get_all_02"
id2, err := pm.Create(&models.Project{
Name: name2,
Public: 1,
id2, err := d.Create(&models.Project{
Name: name2,
Metadata: map[string]string{
models.ProMetaPublic: "true",
},
})
require.Nil(t, err)
defer delete(t, id2)
// no filter
projects, err := pm.GetAll(nil)
result, err := d.List(nil)
require.Nil(t, err)
found1 := false
found2 := false
for _, project := range projects {
for _, project := range result.Projects {
if project.ProjectID == id1 {
found1 = true
}
@ -420,12 +317,12 @@ func TestGetAll(t *testing.T) {
assert.True(t, found2)
// filter by name
projects, err = pm.GetAll(&models.ProjectQueryParam{
result, err = d.List(&models.ProjectQueryParam{
Name: name1,
})
require.Nil(t, err)
found1 = false
for _, project := range projects {
for _, project := range result.Projects {
if project.ProjectID == id1 {
found1 = true
break
@ -435,12 +332,12 @@ func TestGetAll(t *testing.T) {
// filter by public
value := true
projects, err = pm.GetAll(&models.ProjectQueryParam{
result, err = d.List(&models.ProjectQueryParam{
Public: &value,
})
require.Nil(t, err)
found2 = false
for _, project := range projects {
for _, project := range result.Projects {
if project.ProjectID == id2 {
found2 = true
break
@ -449,27 +346,9 @@ func TestGetAll(t *testing.T) {
assert.True(t, found2)
}
func TestGetTotal(t *testing.T) {
pm := NewProjectManager(client, endpoint, tokenReader)
total1, err := pm.GetTotal(nil)
require.Nil(t, err)
name := "project_for_test_get_total"
id, err := pm.Create(&models.Project{
Name: name,
})
require.Nil(t, err)
defer delete(t, id)
total2, err := pm.GetTotal(nil)
require.Nil(t, err)
assert.Equal(t, total1+1, total2)
}
func delete(t *testing.T, id int64) {
pm := NewProjectManager(client, endpoint, tokenReader)
if err := pm.Delete(id); err != nil {
d := NewDriver(client, endpoint, tokenReader)
if err := d.Delete(id); err != nil {
t.Logf("failed to delete project %d: %v", id, err)
}
}

4
src/ui/promgr/pmsdriver/driver.go
View File

@ -30,7 +30,5 @@ type PMSDriver interface {
// Update the properties of a project
Update(projectIDOrName interface{}, project *models.Project) error
// List lists projects according to the query conditions
// TODO remove base
List(query *models.ProjectQueryParam,
base ...*models.BaseProjectCollection) (*models.ProjectQueryResult, error)
List(query *models.ProjectQueryParam) (*models.ProjectQueryResult, error)
}

10
src/ui/promgr/pmsdriver/local/local.go
View File

@ -82,7 +82,6 @@ func (d *driver) Create(project *models.Project) (int64, error) {
t := time.Now()
pro := &models.Project{
Name: project.Name,
Public: project.Public,
OwnerID: project.OwnerID,
CreationTime: t,
UpdateTime: t,
@ -129,16 +128,15 @@ func (d *driver) Update(projectIDOrName interface{},
return nil
}
// TODO remove base
// List returns a project list according to the query parameters
func (d *driver) List(query *models.ProjectQueryParam,
base ...*models.BaseProjectCollection) (
func (d *driver) List(query *models.ProjectQueryParam) (
*models.ProjectQueryResult, error) {
total, err := dao.GetTotalOfProjects(query, base...)
total, err := dao.GetTotalOfProjects(query)
if err != nil {
return nil, err
}
projects, err := dao.GetProjects(query, base...)
projects, err := dao.GetProjects(query)
if err != nil {
return nil, err
}

4
src/ui/promgr/pmsdriver/local/local_test.go
View File

@ -156,7 +156,9 @@ func TestList(t *testing.T) {
id, err := pm.Create(&models.Project{
Name: "get_all_test",
OwnerID: 1,
Public: 1,
Metadata: map[string]string{
models.ProMetaPublic: "true",
},
})
assert.Nil(t, err)
defer pm.Delete(id)

85
src/ui/promgr/promgr.go
View File

@ -16,6 +16,7 @@ package promgr
import (
"fmt"
"strconv"
"github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/src/common/utils/log"
@ -30,9 +31,7 @@ type ProjectManager interface {
Create(*models.Project) (int64, error)
Delete(projectIDOrName interface{}) error
Update(projectIDOrName interface{}, project *models.Project) error
// TODO remove base
List(query *models.ProjectQueryParam,
base ...*models.BaseProjectCollection) (*models.ProjectQueryResult, error)
List(query *models.ProjectQueryParam) (*models.ProjectQueryResult, error)
IsPublic(projectIDOrName interface{}) (bool, error)
Exists(projectIDOrName interface{}) (bool, error)
// get all public project
@ -42,7 +41,7 @@ type ProjectManager interface {
type defaultProjectManager struct {
pmsDriver pmsdriver.PMSDriver
metaMgrEnabled bool // if metaMgrEnabled is enabled, metaMgr will be used to CURD metadata
metaMgr metamgr.ProjectMetadataManaegr
metaMgr metamgr.ProjectMetadataManager
}
// NewDefaultProjectManager returns an instance of defaultProjectManager,
@ -117,7 +116,25 @@ func (d *defaultProjectManager) Update(projectIDOrName interface{}, project *mod
if pro == nil {
return fmt.Errorf("project %v not found", projectIDOrName)
}
if err = d.metaMgr.Update(pro.ProjectID, project.Metadata); err != nil {
// TODO transaction?
metaNeedUpdated := map[string]string{}
metaNeedCreated := map[string]string{}
if pro.Metadata == nil {
pro.Metadata = map[string]string{}
}
for key, value := range project.Metadata {
_, exist := pro.Metadata[key]
if exist {
metaNeedUpdated[key] = value
} else {
metaNeedCreated[key] = value
}
}
if err = d.metaMgr.Add(pro.ProjectID, metaNeedCreated); err != nil {
return err
}
if err = d.metaMgr.Update(pro.ProjectID, metaNeedUpdated); err != nil {
return err
}
}
@ -125,13 +142,32 @@ func (d *defaultProjectManager) Update(projectIDOrName interface{}, project *mod
return d.pmsDriver.Update(projectIDOrName, project)
}
// TODO remove base
func (d *defaultProjectManager) List(query *models.ProjectQueryParam,
base ...*models.BaseProjectCollection) (*models.ProjectQueryResult, error) {
result, err := d.pmsDriver.List(query, base...)
func (d *defaultProjectManager) List(query *models.ProjectQueryParam) (*models.ProjectQueryResult, error) {
// query by public/private property with ProjectMetadataManager first
if d.metaMgrEnabled && query != nil && query.Public != nil {
projectIDs, err := d.filterByPublic(*query.Public)
if err != nil {
return nil, err
}
if len(projectIDs) == 0 {
return &models.ProjectQueryResult{}, nil
}
if query.ProjectIDs == nil {
query.ProjectIDs = projectIDs
} else {
query.ProjectIDs = findInBoth(query.ProjectIDs, projectIDs)
}
}
// query by other properties
result, err := d.pmsDriver.List(query)
if err != nil {
return nil, err
}
// populate metadata
if d.metaMgrEnabled {
for _, project := range result.Projects {
meta, err := d.metaMgr.Get(project.ProjectID)
@ -144,6 +180,35 @@ func (d *defaultProjectManager) List(query *models.ProjectQueryParam,
return result, nil
}
func (d *defaultProjectManager) filterByPublic(public bool) ([]int64, error) {
metas, err := d.metaMgr.List(models.ProMetaPublic, strconv.FormatBool(public))
if err != nil {
return nil, err
}
projectIDs := []int64{}
for _, meta := range metas {
projectIDs = append(projectIDs, meta.ProjectID)
}
return projectIDs, nil
}
func findInBoth(ids1 []int64, ids2 []int64) []int64 {
m := map[int64]struct{}{}
for _, id := range ids1 {
m[id] = struct{}{}
}
ids := []int64{}
for _, id := range ids2 {
if _, exist := m[id]; exist {
ids = append(ids, id)
}
}
return ids
}
func (d *defaultProjectManager) IsPublic(projectIDOrName interface{}) (bool, error) {
project, err := d.Get(projectIDOrName)
if err != nil {
@ -152,7 +217,7 @@ func (d *defaultProjectManager) IsPublic(projectIDOrName interface{}) (bool, err
if project == nil {
return false, nil
}
return project.Public == 1, nil
return project.IsPublic(), nil
}
func (d *defaultProjectManager) Exists(projectIDOrName interface{}) (bool, error) {

9
src/ui/promgr/promgr_test.go
View File

@ -32,7 +32,9 @@ func newFakePMSDriver() pmsdriver.PMSDriver {
project: &models.Project{
ProjectID: 1,
Name: "library",
Public: 1,
Metadata: map[string]string{
models.ProMetaPublic: "true",
},
},
}
}
@ -53,8 +55,7 @@ func (f *fakePMSDriver) Update(projectIDOrName interface{}, project *models.Proj
return nil
}
func (f *fakePMSDriver) List(query *models.ProjectQueryParam,
base ...*models.BaseProjectCollection) (*models.ProjectQueryResult, error) {
func (f *fakePMSDriver) List(query *models.ProjectQueryParam) (*models.ProjectQueryResult, error) {
return &models.ProjectQueryResult{
Total: 1,
Projects: []*models.Project{f.project},
@ -116,5 +117,5 @@ func TestGetPublic(t *testing.T) {
projects, err := proMgr.GetPublic()
require.Nil(t, err)
assert.Equal(t, 1, len(projects))
assert.Equal(t, 1, projects[0].Public)
assert.True(t, projects[0].IsPublic())
}

66
src/ui/proxy/interceptor_test.go
View File

@ -2,14 +2,14 @@ package proxy
import (
"github.com/stretchr/testify/assert"
//"github.com/stretchr/testify/require"
"github.com/stretchr/testify/require"
"github.com/vmware/harbor/src/adminserver/client"
"github.com/vmware/harbor/src/common"
"github.com/vmware/harbor/src/common/dao"
"github.com/vmware/harbor/src/common/models"
notarytest "github.com/vmware/harbor/src/common/utils/notary/test"
utilstest "github.com/vmware/harbor/src/common/utils/test"
"github.com/vmware/harbor/src/ui/config"
//"github.com/vmware/harbor/src/ui/promgr/pmsdriver/admiral"
"net/http"
"net/http/httptest"
@ -110,33 +110,19 @@ func TestMatchListRepos(t *testing.T) {
}
func TestEnvPolicyChecker(t *testing.T) {
assert := assert.New(t)
if err := os.Setenv("PROJECT_CONTENT_TRUST", "1"); err != nil {
t.Fatalf("Failed to set env variable: %v", err)
}
if err2 := os.Setenv("PROJECT_VULNERABLE", "1"); err2 != nil {
t.Fatalf("Failed to set env variable: %v", err2)
}
if err3 := os.Setenv("PROJECT_SEVERITY", "negligible"); err3 != nil {
t.Fatalf("Failed to set env variable: %v", err3)
}
contentTrustFlag := getPolicyChecker().contentTrustEnabled("whatever")
vulFlag, sev := getPolicyChecker().vulnerablePolicy("whatever")
assert.True(contentTrustFlag)
assert.True(vulFlag)
assert.Equal(sev, models.SevNone)
}
// TODO uncheck after admiral pms driver is implemented
/*
func TestPMSPolicyChecker(t *testing.T) {
var defaultConfigAdmiral = map[string]interface{}{
common.ExtEndpoint: "https://" + endpoint,
common.WithNotary: true,
common.CfgExpiration: 5,
common.AdmiralEndpoint: admiralEndpoint,
common.TokenExpiration: 30,
common.DatabaseType: "mysql",
common.MySQLHost: "127.0.0.1",
common.MySQLPort: 3306,
common.MySQLUsername: "root",
common.MySQLPassword: "root123",
common.MySQLDatabase: "registry",
common.SQLiteFile: "/tmp/registry.db",
}
adminServer, err := utilstest.NewAdminserver(defaultConfigAdmiral)
if err != nil {
@ -149,34 +135,38 @@ func TestPMSPolicyChecker(t *testing.T) {
if err := config.Init(); err != nil {
panic(err)
}
pm := admiral.NewProjectManager(http.DefaultClient,
admiralEndpoint, &admiral.RawTokenReader{
Token: "token",
})
database, err := config.Database()
if err != nil {
panic(err)
}
if err := dao.InitDatabase(database); err != nil {
panic(err)
}
name := "project_for_test_get_sev_low"
id, err := pm.Create(&models.Project{
Name: name,
EnableContentTrust: true,
PreventVulnerableImagesFromRunning: false,
PreventVulnerableImagesFromRunningSeverity: "low",
id, err := config.GlobalProjectMgr.Create(&models.Project{
Name: name,
OwnerID: 1,
Metadata: map[string]string{
models.ProMetaEnableContentTrust: "true",
models.ProMetaPreventVul: "true",
models.ProMetaSeverity: "low",
},
})
require.Nil(t, err)
defer func(id int64) {
if err := pm.Delete(id); err != nil {
if err := config.GlobalProjectMgr.Delete(id); err != nil {
t.Logf("failed to delete project %d: %v", id, err)
}
}(id)
project, err := pm.Get(id)
assert.Nil(t, err)
assert.Equal(t, id, project.ProjectID)
contentTrustFlag := getPolicyChecker().contentTrustEnabled("project_for_test_get_sev_low")
assert.True(t, contentTrustFlag)
projectVulnerableEnabled, projectVulnerableSeverity := getPolicyChecker().vulnerablePolicy("project_for_test_get_sev_low")
assert.False(t, projectVulnerableEnabled)
assert.True(t, projectVulnerableEnabled)
assert.Equal(t, projectVulnerableSeverity, models.SevLow)
}
*/
func TestMatchNotaryDigest(t *testing.T) {
assert := assert.New(t)
//The data from common/utils/notary/helper_test.go

23
src/ui/proxy/interceptors.go
View File

@ -16,7 +16,6 @@ import (
"fmt"
"net/http"
"net/http/httptest"
"os"
"regexp"
"strconv"
"strings"
@ -38,9 +37,6 @@ var rec *httptest.ResponseRecorder
// NotaryEndpoint , exported for testing.
var NotaryEndpoint = config.InternalNotaryEndpoint()
// EnvChecker is the instance of envPolicyChecker
var EnvChecker = envPolicyChecker{}
// MatchPullManifest checks if the request looks like a request to pull manifest. If it is returns the image and tag/sha256 digest as 2nd and 3rd return values
func MatchPullManifest(req *http.Request) (bool, string, string) {
//TODO: add user agent check.
@ -77,16 +73,6 @@ type policyChecker interface {
vulnerablePolicy(name string) (bool, models.Severity)
}
//For testing
type envPolicyChecker struct{}
func (ec envPolicyChecker) contentTrustEnabled(name string) bool {
return os.Getenv("PROJECT_CONTENT_TRUST") == "1"
}
func (ec envPolicyChecker) vulnerablePolicy(name string) (bool, models.Severity) {
return os.Getenv("PROJECT_VULNERABLE") == "1", clair.ParseClairSev(os.Getenv("PROJECT_SEVERITY"))
}
type pmsPolicyChecker struct {
pm promgr.ProjectManager
}
@ -97,7 +83,7 @@ func (pc pmsPolicyChecker) contentTrustEnabled(name string) bool {
log.Errorf("Unexpected error when getting the project, error: %v", err)
return true
}
return project.EnableContentTrust
return project.ContentTrustEnabled()
}
func (pc pmsPolicyChecker) vulnerablePolicy(name string) (bool, models.Severity) {
project, err := pc.pm.Get(name)
@ -105,7 +91,7 @@ func (pc pmsPolicyChecker) vulnerablePolicy(name string) (bool, models.Severity)
log.Errorf("Unexpected error when getting the project, error: %v", err)
return true, models.SevUnknown
}
return project.PreventVulnerableImagesFromRunning, clair.ParseClairSev(project.PreventVulnerableImagesFromRunningSeverity)
return project.VulPrevented(), clair.ParseClairSev(project.Severity())
}
// newPMSPolicyChecker returns an instance of an pmsPolicyChecker
@ -116,10 +102,7 @@ func newPMSPolicyChecker(pm promgr.ProjectManager) policyChecker {
}
func getPolicyChecker() policyChecker {
if config.WithAdmiral() {
return newPMSPolicyChecker(config.GlobalProjectMgr)
}
return EnvChecker
return newPMSPolicyChecker(config.GlobalProjectMgr)
}
type imageInfo struct {

1
src/ui/router.go
View File

@ -70,7 +70,6 @@ func initRouters() {
beego.Router("/api/projects/:pid([0-9]+)/members/?:mid", &api.ProjectMemberAPI{})
beego.Router("/api/projects/", &api.ProjectAPI{}, "head:Head")
beego.Router("/api/projects/:id([0-9]+)", &api.ProjectAPI{})
beego.Router("/api/projects/:id([0-9]+)/publicity", &api.ProjectAPI{}, "put:ToggleProjectPublic")
beego.Router("/api/users/:id", &api.UserAPI{}, "get:Get;delete:Delete;put:Put")
beego.Router("/api/users", &api.UserAPI{}, "get:List;post:Post")

7
src/ui/service/notifications/registry/handler.go
View File

@ -16,7 +16,6 @@ package registry
import (
"encoding/json"
"os"
"regexp"
"strings"
"time"
@ -170,10 +169,8 @@ func autoScanEnabled(project *models.Project) bool {
log.Debugf("Auto Scan disabled because Harbor is not deployed with Clair")
return false
}
if config.WithAdmiral() {
return project.AutomaticallyScanImagesOnPush
}
return os.Getenv("ENABLE_HARBOR_SCAN_ON_PUSH") == "1"
return project.AutoScan()
}
// Render returns nil as it won't render any template.

2
src/ui_ng/src/app/project/create-project/create-project.component.html
View File

@ -23,7 +23,7 @@
<div class="form-group" style="padding-left: 135px;">
<label class="col-md-4 form-group-label-override">{{'PROJECT.ACCESS_LEVEL' | translate}}</label>
<div class="checkbox-inline">
<input type="checkbox" id="create_project_public" [(ngModel)]="project.public" name="public">
<input type="checkbox" id="create_project_public" [(ngModel)]="project.metadata.public" name="public">
<label for="create_project_public"></label>
<span class="access-level-label">{{ accessLevelDisplayText | translate}}</span>
<a href="javascript:void(0)" role="tooltip" aria-haspopup="true" class="tooltip tooltip-md tooltip-bottom-right" style="top:-8px; left:-8px;">

4
src/ui_ng/src/app/project/create-project/create-project.component.ts
View File

@ -73,7 +73,7 @@ export class CreateProjectComponent implements AfterViewChecked, OnInit, OnDestr
private messageHandlerService: MessageHandlerService) { }
public get accessLevelDisplayText(): string {
return this.project.public ? 'PROJECT.PUBLIC' : 'PROJECT.PRIVATE';
return this.project.metadata.public ? 'PROJECT.PUBLIC' : 'PROJECT.PRIVATE';
}
ngOnInit(): void {
@ -115,7 +115,7 @@ export class CreateProjectComponent implements AfterViewChecked, OnInit, OnDestr
this.isSubmitOnGoing=true;
this.projectService
.createProject(this.project.name, this.project.public ? 1 : 0)
.createProject(this.project.name, this.project.metadata)
.subscribe(
status => {
this.isSubmitOnGoing=false;

4
src/ui_ng/src/app/project/list-project/list-project.component.html
View File

@ -7,11 +7,11 @@
<clr-dg-row *ngFor="let p of projects">
<clr-dg-action-overflow [hidden]="!(p.current_user_role_id === 1 || isSystemAdmin)">
<button class="action-item" (click)="newReplicationRule(p)" [hidden]="!isSystemAdmin">{{'PROJECT.REPLICATION_RULE' | translate}}</button>
<button class="action-item" (click)="toggleProject(p)">{{'PROJECT.MAKE' | translate}} {{(p.public === 0 ? 'PROJECT.PUBLIC' : 'PROJECT.PRIVATE') | translate}} </button>
<button class="action-item" (click)="toggleProject(p)">{{'PROJECT.MAKE' | translate}} {{(p.metadata.public === 'false' ? 'PROJECT.PUBLIC' : 'PROJECT.PRIVATE') | translate}} </button>
<button class="action-item" (click)="deleteProject(p)">{{'PROJECT.DELETE' | translate}}</button>
</clr-dg-action-overflow>
<clr-dg-cell><a href="javascript:void(0)" (click)="goToLink(p.project_id)">{{p.name}}</a></clr-dg-cell>
<clr-dg-cell>{{ (p.public === 1 ? 'PROJECT.PUBLIC' : 'PROJECT.PRIVATE') | translate}}</clr-dg-cell>
<clr-dg-cell>{{ (p.metadata.public === 'true' ? 'PROJECT.PUBLIC' : 'PROJECT.PRIVATE') | translate}}</clr-dg-cell>
<clr-dg-cell *ngIf="showRoleInfo">{{roleInfo[p.current_user_role_id] | translate}}</clr-dg-cell>
<clr-dg-cell>{{p.repo_count}}</clr-dg-cell>
<clr-dg-cell>{{p.creation_time | date: 'short'}}</clr-dg-cell>

8
src/ui_ng/src/app/project/list-project/list-project.component.ts
View File

@ -173,15 +173,15 @@ export class ListProjectComponent implements OnDestroy {
toggleProject(p: Project) {
if (p) {
p.public === 0 ? p.public = 1 : p.public = 0;
p.metadata.public === 'true' ? p.metadata.public = 'false' : p.metadata.public = 'true';
this.proService
.toggleProjectPublic(p.project_id, p.public)
.toggleProjectPublic(p.project_id, p.metadata.public)
.subscribe(
response => {
this.msgHandler.showSuccess('PROJECT.TOGGLED_SUCCESS');
let pp: Project = this.projects.find((item: Project) => item.project_id === p.project_id);
if (pp) {
pp.public = p.public;
pp.metadata.public = p.metadata.public;
this.statisticHandler.refresh();
}
},
@ -263,4 +263,4 @@ export class ListProjectComponent implements OnDestroy {
return st;
}
}
}

16
src/ui_ng/src/app/project/project.service.ts
View File

@ -58,20 +58,22 @@ export class ProjectService {
.catch(error=>Observable.throw(error));
}
createProject(name: string, isPublic: number): Observable<any> {
createProject(name: string, metadata: any): Observable<any> {
return this.http
.post(`/api/projects`,
JSON.stringify({'project_name': name, 'public': isPublic})
JSON.stringify({'project_name': name, 'metadata': {
public: metadata.public ? 'true' : 'false',
}})
, this.options)
.map(response=>response.status)
.catch(error=>Observable.throw(error));
}
toggleProjectPublic(projectId: number, isPublic: number): Observable<any> {
return this.http
.put(`/api/projects/${projectId}/publicity`, { 'public': isPublic }, this.options)
.map(response=>response.status)
.catch(error=>Observable.throw(error));
toggleProjectPublic(projectId: number, isPublic: string): Observable<any> {
return this.http
.put(`/api/projects/${projectId}`, { 'metadata': {'public': isPublic} }, this.options)
.map(response => response.status)
.catch(error => Observable.throw(error));
}
deleteProject(projectId: number): Observable<any> {

20
src/ui_ng/src/app/project/project.ts
View File

@ -22,14 +22,14 @@
"deleted": 0,
"owner_name": "",
"public": 1,
"Togglable": true,
"togglable": true,
"update_time": "2017-02-10T07:57:56Z",
"current_user_role_id": 1,
"repo_count": 0
}
]
*/
export class Project {
export class Project {
project_id: number;
owner_id: number;
name: string;
@ -37,12 +37,22 @@ export class Project {
creation_time_str: string;
deleted: number;
owner_name: string;
public: number;
Togglable: boolean;
togglable: boolean;
update_time: Date;
current_user_role_id: number;
repo_count: number;
has_project_admin_role: boolean;
is_member: boolean;
role_name: string;
}
metadata: {
public: string | boolean;
enable_content_trust: string | boolean;
prevent_vul: string | boolean;
severity: string;
auto_scan: string | boolean;
};
constructor () {
this.metadata = <any>{};
this.metadata.public = false;
}
}

6
tests/apitests/apilib/project.go
View File

@ -45,11 +45,11 @@ type Project struct {
// The owner name of the project.
OwnerName string `json:"owner_name,omitempty"`
// The public status of the project.
Public int32 `json:"public,omitempty"`
// The metadata of the project.
Metadata map[string]string `json:"metadata,omitempty"`
// Correspond to the UI about whether the project's publicity is updatable (for UI)
Togglable bool `json:"Togglable,omitempty"`
Togglable bool `json:"togglable,omitempty"`
// The role ID of the current user who triggered the API (for UI)
CurrentUserRoleId int32 `json:"current_user_role_id,omitempty"`

6
tests/apitests/apilib/project_req.go
View File

@ -23,10 +23,8 @@
package apilib
type ProjectReq struct {
// The name of the project.
ProjectName string `json:"project_name,omitempty"`
// The public status of the project.
Public int32 `json:"public,omitempty"`
// The metadata of the project.
Metadata map[string]string `json:"metadata,omitempty"`
}

4
tests/apitests/apilib/search_repository.go
View File

@ -30,8 +30,8 @@ type SearchRepository struct {
// The name of the project that the repository belongs to
ProjectName string `json:"project_name,omitempty"`
// The flag to indicate the publicity of the project that the repository belongs to (1 is public, 0 is not)
ProjectPublic int32 `json:"project_public,omitempty"`
// The flag to indicate the publicity of the project that the repository belongs to
ProjectPublic bool `json:"project_public,omitempty"`
// The name of the repository
RepositoryName string `json:"repository_name,omitempty"`

3
tools/migration/changelog.md
View File

@ -53,4 +53,5 @@ Changelog for harbor database schema
## 1.3.0
- create table `project_metadata`
- insert data into table `project_metadata`
- insert data into table `project_metadata`
- delete column `public` from table `project`