Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-06-19 19:42:42 +02:00
Code Issues Projects Releases Wiki Activity

Allow the Identity Provider to be the primary auth method in Harbor. (#17627)

Browse Source 
Allow the Identity Provider to be the primary auth method in Harbor

Signed-off-by: Maksym Trofimenko <maksym@container-registry.com>
This commit is contained in:
Maksym Trofimenko 2023-02-08 17:11:08 +00:00 committed by GitHub
parent ff9dcd5483
commit 68fb01813e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 101 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
api/v2.0/swagger.yaml
View File

@ -4269,7 +4269,7 @@ paths:
'404':
$ref: '#/responses/404'
'500':
$ref: '#/responses/500'
$ref: '#/responses/500'
/system/purgeaudit/{purge_id}/log:
get:
summary: Get purge job log.
@ -7666,6 +7666,11 @@ definitions:
x-nullable: true
x-omitempty: true
description: The auth mode of current Harbor instance.
primary_auth_mode:
type: boolean
x-nullable: true
x-omitempty: true
description: The flag to indicate whether the current auth mode should consider as a primary one.
project_creation_restriction:
type: string
x-nullable: true
@ -7793,7 +7798,7 @@ definitions:
update_time:
type: string
format: date-time
description: the update time of purge job.
description: the update time of purge job.
Schedule:
type: object
properties:
@ -8593,6 +8598,9 @@ definitions:
auth_mode:
$ref: '#/definitions/StringConfigItem'
description: The auth mode of current system, such as "db_auth", "ldap_auth", "oidc_auth"
primary_auth_mode:
$ref: '#/definitions/BoolConfigItem'
description: The flag to indicate whether the current auth mode should consider as a primary one.
ldap_base_dn:
$ref: '#/definitions/StringConfigItem'
description: The Base DN for LDAP binding.
@ -8697,7 +8705,7 @@ definitions:
description: The OIDC group which has the harbor admin privileges
oidc_group_filter:
$ref: '#/definitions/StringConfigItem'
description: The OIDC group filter which filters out the group doesn't match the regular expression
description: The OIDC group filter which filters out the group doesn't match the regular expression
oidc_scope:
$ref: '#/definitions/StringConfigItem'
description: The scope of the OIDC provider
@ -8758,6 +8766,11 @@ definitions:
description: The auth mode of current system, such as "db_auth", "ldap_auth", "oidc_auth"
x-omitempty: true
x-isnullable: true
primary_auth_mode:
type: boolean
x-nullable: true
x-omitempty: true
description: The flag to indicate whether the current auth mode should consider as a primary one.
ldap_base_dn:
type: string
description: The Base DN for LDAP binding.
@ -8942,7 +8955,7 @@ definitions:
type: string
description: The OIDC group filter which filters out the group name doesn't match the regular expression
x-omitempty: true
x-isnullable: true
x-isnullable: true
oidc_scope:
type: string
description: The scope of the OIDC provider
@ -8997,7 +9010,7 @@ definitions:
type: string
description: The audit log forward endpoint
x-omitempty: true
x-isnullable: true
x-isnullable: true
skip_audit_log_database:
type: boolean
description: Skip audit log database
@ -9401,10 +9414,11 @@ definitions:
items:
$ref: '#/definitions/ScanDataExportExecution'
description: The list of scan data export executions
WorkerPool:
type: object
description: the worker pool of job service
properties:
properties:
pid:
type: integer
description: the process id of jobservice
@ -9422,13 +9436,13 @@ definitions:
concurrency:
type: integer
description: The concurrency of the work pool
host:
host:
type: string
description: The host of the work pool
description: The host of the work pool
Worker:
type: object
description: worker in the pool
properties:
properties:
id:
type: string
description: the id of the worker
@ -9463,7 +9477,7 @@ definitions:
action:
type: string
description: The action of the request, should be stop, pause or resume
enum:
enum:
- stop
- pause
- resume
@ -9511,4 +9525,4 @@ definitions:
paused:
type: boolean
description: if the scheduler is paused
x-omitempty: false
x-omitempty: false

1
src/common/const.go
View File

@ -50,6 +50,7 @@ const (
ExtEndpoint = "ext_endpoint"
AUTHMode = "auth_mode"
PrimaryAuthMode = "primary_auth_mode"
DatabaseType = "database_type"
PostGreSQLHOST = "postgresql_host"
PostGreSQLPort = "postgresql_port"

2
src/controller/systeminfo/controller.go
View File

@ -44,6 +44,7 @@ var Ctl = NewController()
// Data wraps common systeminfo data
type Data struct {
AuthMode string
PrimaryAuthMode bool
SelfRegistration bool
HarborVersion string
AuthProxySettings *models.HTTPAuthProxy
@ -93,6 +94,7 @@ func (c *controller) GetInfo(ctx context.Context, opt Options) (*Data, error) {
}
res := &Data{
AuthMode: utils.SafeCastString(cfg[common.AUTHMode]),
PrimaryAuthMode: utils.SafeCastBool(cfg[common.PrimaryAuthMode]),
SelfRegistration: utils.SafeCastBool(cfg[common.SelfRegistration]),
HarborVersion: fmt.Sprintf("%s-%s", version.ReleaseVersion, version.GitCommit),
}

1
src/lib/config/metadata/metadatalist.go
View File

@ -65,6 +65,7 @@ var (
{Name: common.AdminInitialPassword, Scope: SystemScope, Group: BasicGroup, EnvKey: "HARBOR_ADMIN_PASSWORD", DefaultValue: "", ItemType: &PasswordType{}, Editable: true},
{Name: common.AUTHMode, Scope: UserScope, Group: BasicGroup, EnvKey: "AUTH_MODE", DefaultValue: "db_auth", ItemType: &AuthModeType{}, Editable: false, Description: `The auth mode of current system, such as "db_auth", "ldap_auth", "oidc_auth"`},
{Name: common.PrimaryAuthMode, Scope: UserScope, Group: BasicGroup, EnvKey: "PRIMARY_AUTH_MODE", DefaultValue: "false", ItemType: &BoolType{}, Description: `Use current auth mode as a primary one`},
{Name: common.ChartRepoURL, Scope: SystemScope, Group: BasicGroup, EnvKey: "CHART_REPOSITORY_URL", DefaultValue: "http://chartmuseum:9999", ItemType: &StringType{}, Editable: false},
{Name: common.TrivyAdapterURL, Scope: SystemScope, Group: TrivyGroup, EnvKey: "TRIVY_ADAPTER_URL", DefaultValue: "http://trivy-adapter:8080", ItemType: &StringType{}, Editable: false},

30
src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.html
View File

@ -51,6 +51,36 @@
>
</div>
</div>
<section *ngIf="currentConfig?.auth_mode?.value !== 'db_auth'">
<clr-checkbox-container>
<label for="primaryAuthMode"
>{{ 'CONFIG.PRIMARY_AUTH_MODE' | translate }}
<clr-tooltip>
<clr-icon
clrTooltipTrigger
shape="info-circle"
size="24"></clr-icon>
<clr-tooltip-content
clrPosition="top-right"
clrSize="lg"
*clrIfOpen>
<span>{{
'CONFIG.TOOLTIP.PRIMARY_AUTH_MODE' | translate
}}</span>
</clr-tooltip-content>
</clr-tooltip>
</label>
<clr-checkbox-wrapper>
<input
type="checkbox"
clrCheckbox
name="primaryAuthMode"
id="primaryAuthMode"
[(ngModel)]="currentConfig.primary_auth_mode.value"
[disabled]="!currentConfig.primary_auth_mode.editable" />
</clr-checkbox-wrapper>
</clr-checkbox-container>
</section>
<section *ngIf="showUAA">
<clr-input-container>

1
src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.ts
View File

@ -236,6 +236,7 @@ export class ConfigurationAuthComponent implements OnInit {
prop.startsWith('oidc_') ||
prop === 'auth_mode' ||
prop === 'project_creattion_restriction' ||
prop === 'primary_auth_mode' ||
prop === 'self_registration' ||
prop.startsWith('http_')
) {

2
src/portal/src/app/base/left-side-nav/config/config.ts
View File

@ -54,6 +54,7 @@ export class ComplexValueItem {
export class Configuration {
[key: string]: any | any[];
auth_mode: StringValueItem;
primary_auth_mode: BoolValueItem;
project_creation_restriction: StringValueItem;
self_registration: BoolValueItem;
ldap_base_dn: StringValueItem;
@ -114,6 +115,7 @@ export class Configuration {
session_timeout: NumberValueItem;
public constructor() {
this.auth_mode = new StringValueItem('db_auth', true);
this.primary_auth_mode = new BoolValueItem(false, true);
this.project_creation_restriction = new StringValueItem(
'everyone',
true

4
src/portal/src/app/base/left-side-nav/projects/projects.component.spec.ts
View File

@ -26,6 +26,10 @@ describe('ProjectComponent', () => {
value: 'oidc_auth',
editable: false,
},
primary_auth_mode: {
value: false,
editable: true,
},
count_per_project: {
value: -1,
editable: true,

2
src/portal/src/app/services/app-config.ts
View File

@ -19,6 +19,7 @@ export class AppConfig {
with_trivy: boolean;
admiral_endpoint: string;
auth_mode: string;
primary_auth_mode: boolean;
registry_url: string;
project_creation_restriction: string;
self_registration: boolean;
@ -36,6 +37,7 @@ export class AppConfig {
this.with_trivy = false;
this.admiral_endpoint = '';
this.auth_mode = 'db_auth';
this.primary_auth_mode = false;
this.registry_url = '';
this.project_creation_restriction = 'everyone';
this.self_registration = true;

14
src/portal/src/app/shared/router-guard/auth-user-activate.service.ts
View File

@ -25,8 +25,8 @@ import { AppConfigService } from '../../services/app-config.service';
import { MessageHandlerService } from '../services/message-handler.service';
import { SearchTriggerService } from '../components/global-search/search-trigger.service';
import { Observable } from 'rxjs';
import { CommonRoutes } from '../entities/shared.const';
import { UN_LOGGED_PARAM, YES } from '../../account/sign-in/sign-in.service';
import { CommonRoutes, CONFIG_AUTH_MODE } from '../entities/shared.const';
@Injectable({
providedIn: 'root',
@ -76,6 +76,18 @@ export class AuthCheckGuard implements CanActivate, CanActivateChild {
let navigatorExtra: NavigationExtras = {
queryParams: { redirect_url: state.url },
};
// if primary auth mode enabled, skip the first step
if (
this.appConfigService.getConfig().auth_mode ==
CONFIG_AUTH_MODE.OIDC_AUTH &&
this.appConfigService.getConfig()
.primary_auth_mode
) {
window.location.href =
'/c/oidc/login?redirect_url=' +
encodeURI(state.url);
return observer.next(false);
}
this.router.navigate(
[CommonRoutes.EMBEDDED_SIGN_IN],
navigatorExtra

1
src/portal/src/app/shared/services/interface.ts
View File

@ -176,6 +176,7 @@ export interface SystemInfo {
with_chartmuseum?: boolean;
admiral_endpoint?: string;
auth_mode?: string;
primary_auth_mode?: boolean;
registry_url?: string;
project_creation_restriction?: string;
self_registration?: boolean;

2
src/portal/src/i18n/lang/de-de-lang.json
View File

@ -813,6 +813,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Auth Mode",
"PRIMARY_AUTH_MODE": "Primärer Anmeldemodus",
"PRO_CREATION_RESTRICTION": "Projekt Erzeugung",
"SELF_REGISTRATION": "Selbst-Registrierung",
"AUTH_MODE_DB": "Datenbank",
@ -834,6 +835,7 @@
"SELF_REGISTRATION_DISABLE": "Registrierung verboten. Haken setzen um Selbst-Registrierung zu erlauben.",
"VERIFY_REMOTE_CERT": "Festlegen, ob die Image-Replikation das Zertifikat der Gegenstelle überprüfen soll. Deaktiviere die Box, wenn der E-Mail-Server ein selbstsigniertes oder nicht-vertrauenswürdiges Zertifikat verwendet.",
"AUTH_MODE": "Der Standard Authentifizierungsmodus ist Datenbank, die Zugriffsdaten werden hierbei in einer lokalen Datenbank gespeichert. Wähle einen alternativen Authentifizierungsmodus, um die Nutzer gegen den konfigurierten Dienst zu verifizieren.",
"PRIMARY_AUTH_MODE": "Dieser Anmeldemodus wird zur Standardmethode für die Benutzeranmeldung. Der Anmeldebildschirm, in dem der Benutzer auswählt, ob er sich über den Identitätsanbieter oder über die lokale DB anmelden möchte, leitet den Benutzer automatisch an diesen Identitätsanbieter weiter. Die Anmeldung über die DB ist möglich, wenn die URL '/account/sign-in' explizit aufgerufen wird.",
"LDAP_SEARCH_DN": "DN eines Nutzers, der die Berechtigungen auf dem LDAP/AD Server hat. Falls der LDAP/AD server anonyme Suche nicht unterstützt, muss der DN und das ldap_search_pwd konfiguriert werden.",
"LDAP_BASE_DN": "Der Base DN unterhalb dem nach Nutzern im LDAP/AD gesucht wird.",
"LDAP_UID": "Das Attribut, dass in der Suche für die Zuordnung eines Nutzers verwendet wird. Kann uid, cn, email, sAMAccountName oder ein anderes Attribut abhängig vom LDAP/AD sein.",

4
src/portal/src/i18n/lang/en-us-lang.json
View File

@ -813,6 +813,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Auth Mode",
"PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Project Creation",
"SELF_REGISTRATION": "Allow Self-Registration",
"AUTH_MODE_DB": "Database",
@ -834,6 +835,7 @@
"SELF_REGISTRATION_DISABLE": "Deactivate sign up.",
"VERIFY_REMOTE_CERT": "Determine whether the image replication should verify the certificate of a remote Harbor registry. Uncheck this box when the remote registry uses a self-signed or untrusted certificate.",
"AUTH_MODE": "By default the authentication mode is database, i.e. the credentials are stored in a local database. Set it to LDAP if you want to verify a user's credential against an LDAP server.",
"PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "A user's DN who has the permission to search the LDAP/AD server. If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.",
"LDAP_BASE_DN": "The base DN from which to look up a user in LDAP/AD.",
"LDAP_UID": "The attribute used in a search to match a user. It could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD.",
@ -896,7 +898,7 @@
"SCOPE": "OIDC Scope",
"OIDC_VERIFYCERT": "Verify Certificate",
"OIDC_AUTOONBOARD": "Automatic onboarding",
"USER_CLAIM": "Username Claim",
"USER_CLAIM": "Username Claim",
"OIDC_SETNAME": "Set OIDC Username",
"OIDC_SETNAMECONTENT": "You must create a Harbor username the first time when authenticating via a third party(OIDC).This will be used within Harbor to be associated with projects, roles, etc.",
"OIDC_USERNAME": "Username",

2
src/portal/src/i18n/lang/es-es-lang.json
View File

@ -814,6 +814,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Modo de autentificación",
"PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Creación de Proyecto",
"SELF_REGISTRATION": "Permitir auto-registro",
"AUTH_MODE_DB": "Base de datos",
@ -835,6 +836,7 @@
"SELF_REGISTRATION_DISABLE": "Disable sign up.",
"VERIFY_REMOTE_CERT": "Determina si la replicación de la imagen debería verificar el certificado de un registro Harbor remoto. Desmarque esta opción cuando el registro remoto use un certificado de confianza o autofirmado.",
"AUTH_MODE": "Por defecto el modo de autentificación es base de datos, es decir, las credenciales se almacenan en una base de datos local. Seleccione LDAP si quiere verificar las credenciales de usuarios a través del servidor LDAP.",
"PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "Un DN de usuario que tenga permisos para buscar el servidor LDAP/AD. Si el servidor LDAP/AD no soporta búsquedas anónimas, debería configurar este DN y ldap_search_pwd.",
"LDAP_BASE_DN": "La base DN para buscar un usuario en el LDAP/AD.",
"LDAP_UID": "El atributo usado en una búsqueda para encontrar un usuario. Debe ser el uid, cn, email, sAMAccountName u otro atributo dependiendo del LDAP/AD.",

2
src/portal/src/i18n/lang/fr-fr-lang.json
View File

@ -795,6 +795,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Mode d'Identification",
"PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Création du Projet",
"SELF_REGISTRATION": "Autoriser l'Auto-Inscription",
"AUTH_MODE_DB": "Base de données",
@ -816,6 +817,7 @@
"SELF_REGISTRATION_DISABLE": "Désactiver l'inscription.",
"VERIFY_REMOTE_CERT": "Déterminez si la réplication de l'image doit vérifier le certificat d'un dépôt Harbor distant. Décochez cette case lorsque le registre distant utilise un certificat auto-signé ou non approuvé.",
"AUTH_MODE": "Par défaut, le mode d'authentification est la base de données, c-a-d que les informations d'identification sont stockées dans une base de données locale. Définissez-le sur LDAP si vous voulez vérifier l'identité d'un utilisateur par rapport à un serveur LDAP.",
"PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "Le DN d'un utilisateur qui a la permission de rechercher sur le serveur LDAP/AD. Si votre serveur LDAP/AD ne prend pas en charge la recherche anonyme, vous devez configurer ce DN et ldap_search_pwd.",
"LDAP_BASE_DN": "La base DN à partir de laquelle rechercher un utilisateur dans LDAP/AD.",
"LDAP_UID": "Attribut utilisé dans une recherche pour trouver un utilisateur. Cela peut être uid, cn, email, sAMAccountName ou d'autres attributs selon votre LDAP/AD.",

4
src/portal/src/i18n/lang/pt-br-lang.json
View File

@ -26,7 +26,7 @@
"CANCEL": "CANCELAR",
"OK": "OK",
"DELETE": "REMOVER",
"LOG_IN": "ENTRAR",
"LOG_IN": "ENTRAR",
"LOG_IN_OIDC": "Entrar com provedor OIDC",
"SIGN_UP_LINK": "Criar uma nova conta",
"SIGN_UP": "CADASTRO",
@ -811,6 +811,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Modo de autenticação",
"PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Criação de Projeto",
"SELF_REGISTRATION": "Permitir cadastro de usuários.",
"AUTH_MODE_DB": "Banco de Dados",
@ -832,6 +833,7 @@
"SELF_REGISTRATION_DISABLE": "Desabilitar cadastro de usuários.",
"VERIFY_REMOTE_CERT": "Determina se a replicação da imagem deve verificar o certificado do Harbor remoto. Desmarque se o servidor remoto utilizar um certificado auto-assinado ou não confiável.",
"AUTH_MODE": "Por padrão, o modo de autenticação é via banco de dados, ex. As credenciais são armazenadas em um Banco de Dados local. Altere para LDAP se você deseja verificar as credenciais de um usuário utilizando um servidor LDAP.",
"PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "A DN de um usuário que possui permissão para buscar no servidor LDAP/AD. Se o seu servidor LDAP/AD não suportar buscas anônimas, você deve configurar esse DN e ldap_search_pwd.",
"LDAP_BASE_DN": "O DN base de onde deve ser buscado um usuário no LDAP/AD.",
"LDAP_UID": "O atributo utilizado na busca de um uusário. Pode ser uid, cn, e-mail, sAMAccountName ou outro atributo dependendo LDAP/AD.",

2
src/portal/src/i18n/lang/tr-tr-lang.json
View File

@ -813,6 +813,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Yetkilendirme Modu",
"PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Proje oluşturma",
"SELF_REGISTRATION": "Kendi Kendine Kayıt Yapmaya İzin Ver",
"AUTH_MODE_DB": "Veritabanı",
@ -834,6 +835,7 @@
"SELF_REGISTRATION_DISABLE": "Kaydolmayı devre dışı bırak.",
"VERIFY_REMOTE_CERT": "İmaj çoğaltmanın uzak Harbor kayıt defterinin sertifikasını doğrulaması gerekip gerekmediğini belirleyin. Uzak kayıt defteri kendinden imzalı veya güvenilmeyen bir sertifika kullandığında bu kutunun işaretini kaldırın.",
"AUTH_MODE": "Varsayılan olarak kimlik doğrulama modu veritabanıdır, yani kimlik bilgileri yerel bir veritabanında saklanır. Bir LDAP sunucusunda bir kullanıcının kimlik bilgilerini doğrulamak istiyorsanız, LDAP olarak ayarlayın.",
"PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "LDAP / AD sunucusunu arama iznine sahip bir kullanıcının DN'si. LDAP / AD sunucunuz anonim aramayı desteklemiyorsa, bu DN ve ldap_search_pwd'yi yapılandırmanız gerekir.",
"LDAP_BASE_DN": "LDAP / AD'de bir kullanıcı aranacak temel DN.",
"LDAP_UID": "Bir kullanıcıyla eşleşmek için aramada kullanılan özellik. LDAP / AD'nize bağlı olarak, kullanıcı kimliği, cn, e-posta, sAMAccountName veya diğer özellikler olabilir.",

2
src/portal/src/i18n/lang/zh-cn-lang.json
View File

@ -815,6 +815,7 @@
"SESSION_TIMEOUT": "会话过期时间(分钟)",
"SESSION_TIMEOUT_INFO": "设置 Harbor UI 的会话过期时间。默认值为60分钟。",
"AUTH_MODE": "认证模式",
"PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "项目创建",
"SELF_REGISTRATION": "允许自注册",
"AUTH_MODE_DB": "数据库",
@ -836,6 +837,7 @@
"SELF_REGISTRATION_DISABLE": "禁用注册功能。",
"VERIFY_REMOTE_CERT": "确定镜像复制是否要验证远程Harbor实例的证书。如果远程实例使用的是自签或者非信任证书不要勾选此项。",
"AUTH_MODE": "默认认证模式为数据库认证即用户凭证存储在本地数据库。如果使用LDAP来认证用户则设置为LDAP。",
"PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "有搜索权限的LDAP用户DN。如果LDAP服务器不支持匿名搜索则需要配置此DN及其密码。",
"LDAP_BASE_DN": "用来在LDAP和AD中搜寻用户的基础DN。",
"LDAP_UID": "在搜索中用来匹配用户的属性可以是uid,cn,email,sAMAccountName或者其它LDAP/AD服务器支持的属性。",

2
src/portal/src/i18n/lang/zh-tw-lang.json
View File

@ -810,6 +810,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "認證模式",
"PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "項目創建",
"SELF_REGISTRATION": "允許自註冊",
"AUTH_MODE_DB": "數據庫",
@ -831,6 +832,7 @@
"SELF_REGISTRATION_DISABLE": "禁用註冊功能。",
"VERIFY_REMOTE_CERT": "確定鏡像複製是否要驗證遠程Harbor實例的證書。如果遠程實例使用的是自籤或者非信任證書,不要勾選此項。",
"AUTH_MODE": "默認認證模式為數據庫認證,即用戶憑證存儲在本地數據庫。如果使用LDAP來認證用戶,則設置為LDAP。",
"PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "有搜索權限的LDAP用戶DN。如果LDAP服務器不支持匿名搜索,則需要配置此DN及其密碼。",
"LDAP_BASE_DN": "用來在LDAP和AD中搜尋用戶的基礎DN。",
"LDAP_UID": "在搜索中用來匹配用戶的屬性,可以是uid,cn,email,sAMAccountName或者其它LDAP/AD服務器支持的屬性。",

1
src/server/v2.0/handler/systeminfo.go
View File

@ -69,6 +69,7 @@ func (s *sysInfoAPI) convertInfo(d *si.Data) *models.GeneralInfo {
}
res := &models.GeneralInfo{
AuthMode: &d.AuthMode,
PrimaryAuthMode: &d.PrimaryAuthMode,
SelfRegistration: &d.SelfRegistration,
HarborVersion: &d.HarborVersion,
}