Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-06-26 06:45:12 +02:00
Code Issues Projects Releases Wiki Activity

Add OIDC group filter input (#17752)

Browse Source 
Signed-off-by: AllForNothing <sshijun@vmware.com>

Signed-off-by: AllForNothing <sshijun@vmware.com>
This commit is contained in:
Shijun Sun 2022-11-11 09:50:02 +08:00 committed by GitHub
parent 77df4d92fd
commit a21ef51ce4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 66 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.html
View File

@ -735,6 +735,34 @@
'TOOLTIP.ITEM_REQUIRED' | translate
}}</clr-control-error>
</clr-input-container>
<clr-input-container>
<label for="OIDCGroupFilter"
>{{ 'CONFIG.OIDC.OIDC_GROUP_FILTER' | translate }}
<clr-tooltip>
<clr-icon
clrTooltipTrigger
shape="info-circle"
size="24"></clr-icon>
<clr-tooltip-content
clrPosition="top-right"
clrSize="lg"
*clrIfOpen>
<span>{{
'CONFIG.OIDC.OIDC_GROUP_FILTER_INFO' | translate
}}</span>
</clr-tooltip-content>
</clr-tooltip>
</label>
<input
clrInput
name="OIDCGroupFilter"
type="text"
#ngOIDCGroupFilter="ngModel"
[(ngModel)]="currentConfig.oidc_group_filter.value"
id="OIDCGroupFilter"
size="40"
[disabled]="disabled(currentConfig.oidc_group_filter)" />
</clr-input-container>
<clr-input-container>
<label for="oidcGroupClaim"
>{{ 'CONFIG.OIDC.GROUP_CLAIM_NAME' | translate }}
@ -748,7 +776,7 @@
clrSize="lg"
*clrIfOpen>
<span>{{
'TOOLTIP.OIDC_GROUP_CLAIM' | translate
'CONFIG.OIDC.GROUP_CLAIM_NAME_INFO' | translate
}}</span>
</clr-tooltip-content>
</clr-tooltip>
@ -757,7 +785,7 @@
clrInput
name="oidcGroupClaim"
type="text"
#oidcClientSecretInput="ngModel"
#ngOIDCGroupClaim="ngModel"
[(ngModel)]="currentConfig.oidc_groups_claim.value"
id="oidcGroupClaim"
size="40"

2
src/portal/src/app/base/left-side-nav/config/config.ts
View File

@ -108,6 +108,7 @@ export class Configuration {
cfg_expiration: NumberValueItem;
oidc_groups_claim: StringValueItem;
oidc_admin_group: StringValueItem;
oidc_group_filter: StringValueItem;
audit_log_forward_endpoint: StringValueItem;
skip_audit_log_database: BoolValueItem;
public constructor() {
@ -177,6 +178,7 @@ export class Configuration {
this.oidc_scope = new StringValueItem('', true);
this.oidc_groups_claim = new StringValueItem('', true);
this.oidc_admin_group = new StringValueItem('', true);
this.oidc_group_filter = new StringValueItem('', true);
this.oidc_user_claim = new StringValueItem('', true);
this.count_per_project = new NumberValueItem(-1, true);
this.storage_per_project = new NumberValueItem(-1, true);

9
src/portal/src/i18n/lang/de-de-lang.json
View File

@ -103,8 +103,6 @@
"OIDC_ENDPOINT": "Die URL eines OIDC-kompatiblen Servers.",
"OIDC_SCOPE": "Der Scope, der während der Authentifizierung zum OIDC-Server gesendet wird. Es muss “openid”, und “offline_access” enthalten. Wenn Google verwendet wird, entfällt “offline_access”.",
"OIDC_VERIFYCERT": "Box deaktivieren, falls der OIDC Server mit selbstsignierten Zertifikaten betrieben wird.",
"OIDC_GROUP_CLAIM": "Der Name des Claim im ID Token, dessen Wert die Liste der Gruppennamen enthält.",
"OIDC_GROUP_CLAIM_WARNING": "Es darf ausschließlich Buchstaben, Ziffern und Unterstriche enthalten. Die Länge muss kürzer als 256 Zeichen sein.",
"OIDC_AUTOONBOARD": "Überspringe die Startseite, hierdurch können Nutzer ihren Nutzernamen nicht ändern. Der Nutzername wird aus dem ID Token übernommen.",
"OIDC_USER_CLAIM": "Der Name des Claims im ID Token, aus dem der Nutzername stammt. Falls das Feld leer ist, wird 'name' verwendet.",
"NEW_SECRET": "Das Secret muss länger als 8 Zeichen sein, mit jeweils einem Groß-, einem Kleinbuchstaben und einer Ziffer."
@ -959,8 +957,11 @@
"OIDC_SETNAMECONTENT": "Es muss ein Harbor Nutzername bei der ersten Anmeldung über thirdParty (OIDC) gesetzt werden. Dieser wird in Harbor für die assoziation mit Projekten, Rollen, etc. verwendet.",
"OIDC_USERNAME": "Nutzername",
"GROUP_CLAIM_NAME": "Group Claim Name",
"OIDC_ADMIN_GROUP": "OIDC Administratorengruppe",
"OIDC_ADMIN_GROUP_INFO": "Spezifiziere den Namen einer OIDC Administratorengruppe. Alle Mitglieder dieser Gruppe haben in Harbor administrative Berechtigungen. Falls dies nicht gewünscht ist, kann das Feld leer gelassen werden."
"GROUP_CLAIM_NAME_INFO": "The name of a custom group claim that you have configured in your OIDC provider",
"OIDC_ADMIN_GROUP": "OIDC Administratorengruppe",
"OIDC_ADMIN_GROUP_INFO": "Spezifiziere den Namen einer OIDC Administratorengruppe. Alle Mitglieder dieser Gruppe haben in Harbor administrative Berechtigungen. Falls dies nicht gewünscht ist, kann das Feld leer gelassen werden.",
"OIDC_GROUP_FILTER": "OIDC Group Filter",
"OIDC_GROUP_FILTER_INFO": "Exclude OIDC groups who match the provided regular expression."
},
"SCANNING": {
"STOP_SCAN_ALL_SUCCESS": "Alle Scans erfolgreich zum Anhalten aufgefordert!",

7
src/portal/src/i18n/lang/en-us-lang.json
View File

@ -103,8 +103,6 @@
"OIDC_ENDPOINT": "The URL of an OIDC-complaint server.",
"OIDC_SCOPE": "The scope sent to OIDC server during authentication. It has to contain “openid”, and “offline_access”. If you are using google, please remove “offline_access” from this field.",
"OIDC_VERIFYCERT": "Uncheck this box if your OIDC server is hosted via self-signed certificate.",
"OIDC_GROUP_CLAIM": "The name of Claim in the ID token whose value is the list of group names.",
"OIDC_GROUP_CLAIM_WARNING": "It can only contain letters, numbers, underscores, and the input length is no more than 256 characters.",
"OIDC_AUTOONBOARD": "Skip the onboarding screen, so user cannot change its username. Username is provided from ID Token",
"OIDC_USER_CLAIM": "The name of the claim in the ID Token where the username is retrieved from. If not specified, it will default to 'name'",
"NEW_SECRET": "The secret must longer than 8 chars with at least 1 uppercase letter, 1 lowercase letter and 1 number"
@ -959,8 +957,11 @@
"OIDC_SETNAMECONTENT": "You must create a Harbor username the first time when authenticating via a third party(OIDC).This will be used within Harbor to be associated with projects, roles, etc.",
"OIDC_USERNAME": "Username",
"GROUP_CLAIM_NAME": "Group Claim Name",
"GROUP_CLAIM_NAME_INFO": "The name of a custom group claim that you have configured in your OIDC provider",
"OIDC_ADMIN_GROUP": "OIDC Admin Group",
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to."
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to.",
"OIDC_GROUP_FILTER": "OIDC Group Filter",
"OIDC_GROUP_FILTER_INFO": "Exclude OIDC groups who match the provided regular expression."
},
"SCANNING": {
"STOP_SCAN_ALL_SUCCESS": "Trigger stopping scan all successfully!",

7
src/portal/src/i18n/lang/es-es-lang.json
View File

@ -103,8 +103,6 @@
"OIDC_ENDPOINT": "La dirección URL de un servidor OIDC denuncia.",
"OIDC_SCOPE": "El ámbito de aplicación enviada a OIDC Server durante la autenticación.Tiene que contener 'Openid', y 'offline_access'.Si usted esta usando Google, por favor quitar 'offline_access' de este campo",
"OIDC_VERIFYCERT": "Desmarque esta casilla si tu OIDC servidor está alojado a través de certificado autofirmado.",
"OIDC_GROUP_CLAIM": "The name of Claim in the ID token whose value is the list of group names.",
"OIDC_GROUP_CLAIM_WARNING": "It can only contain letters, numbers, underscores, and the input length is no more than 256 characters.",
"OIDC_AUTOONBOARD": "Skip the onboarding screen, so user cannot change its username. Username is provided from ID Token",
"OIDC_USER_CLAIM": "The name of the claim in the ID Token where the username is retrieved from. If not specified, it will default to 'name'",
"NEW_SECRET": "The secret must longer than 8 chars with at least 1 uppercase letter, 1 lowercase letter and 1 number."
@ -960,8 +958,11 @@
"OIDC_SETNAMECONTENT": "Usted debe crear un Harbor nombre de usuario la primera vez cuando la autenticación a través de un tercero (OIDC). Esta será usada en Harbor para ser asociados con proyectos, funciones, etc.",
"OIDC_USERNAME": "Usuario",
"GROUP_CLAIM_NAME": "Group Claim Name",
"GROUP_CLAIM_NAME_INFO": "The name of a custom group claim that you have configured in your OIDC provider",
"OIDC_ADMIN_GROUP": "OIDC Admin Group",
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to."
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to.",
"OIDC_GROUP_FILTER": "OIDC Group Filter",
"OIDC_GROUP_FILTER_INFO": "Exclude OIDC groups who match the provided regular expression."
},
"SCANNING": {
"STOP_SCAN_ALL_SUCCESS": "Trigger stopping scan all successfully!",

7
src/portal/src/i18n/lang/fr-fr-lang.json
View File

@ -98,8 +98,6 @@
"OIDC_ENDPOINT": "L'url d'un serveur de plainte oidc.",
"OIDC_SCOPE": "Le champ envoyé au serveur au cours de l'authentification oidc. Il doit contenir 'openid', et 'offline_access'. Si vous utilisez google, veuillez supprimer 'offline_access' de ce champ",
"OIDC_VERIFYCERT": "Décocher cette case si votre serveur oidc est hébergé avec un certificat auto-signé.",
"OIDC_GROUP_CLAIM": "The name of Claim in the ID token whose value is the list of group names.",
"OIDC_GROUP_CLAIM_WARNING": "It can only contain letters, numbers, underscores, and the input length is no more than 256 characters.",
"OIDC_AUTOONBOARD": "Ignorer l'écran d'accueil afin que l'utilisateur ne puisse pas modifier son nom d'utilisateur. Le nom d'utilisateur est fourni à partir du ID Token",
"OIDC_USER_CLAIM": "Le nom de la réclamation dans le ID Token à partir duquel le nom d'utilisateur est récupéré. S'il n'est pas spécifié, la valeur par défaut sera 'name'",
"NEW_SECRET": "Le secret doit être composé de 8 à 20 caractères avec au moins 1 majuscule, 1 minuscule et 1 chiffre."
@ -932,8 +930,11 @@
"OIDC_SETNAMECONTENT": "Vous devez créer un identifiant Harbor la première fois lors de la vérification par une tierce partie (OIDC). Il sera utilisé au sein de Harbor pour être associé aux projets, rôles, etc.",
"OIDC_USERNAME": "Nom d'utilisateur",
"GROUP_CLAIM_NAME": "Nom de groupe Claim",
"GROUP_CLAIM_NAME_INFO": "The name of a custom group claim that you have configured in your OIDC provider",
"OIDC_ADMIN_GROUP": "OIDC Admin Group",
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to."
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to.",
"OIDC_GROUP_FILTER": "OIDC Group Filter",
"OIDC_GROUP_FILTER_INFO": "Exclude OIDC groups who match the provided regular expression."
},
"SCANNING": {
"STOP_SCAN_ALL_SUCCESS": "Déclenchement avec succès de l'arrêt de l'analyse globale !",

7
src/portal/src/i18n/lang/pt-br-lang.json
View File

@ -102,8 +102,6 @@
"OIDC_ENDPOINT": "Endereço do provedor. Deve ser compatível com o protocolo OIDC",
"OIDC_SCOPE": "O âmbito (scope) de aplicação enviada ao provedor OIDC durante a autenticação. Deve incluir 'openid' e 'offline_access'. Se estiver usando Google, remova o valor 'offline_access'.",
"OIDC_VERIFYCERT": "Desmarque para ignorar certificados inválidos ou auto-assinados no provedor ODIC.",
"OIDC_GROUP_CLAIM": "Nome da propriedade (claim) cujo valor representa a lista de grupos do usuário.",
"OIDC_GROUP_CLAIM_WARNING": "Deve conter apenas letras, números e traço-baixo (underscores). Tamanho máximo de 256 caracteres.",
"OIDC_AUTOONBOARD": "Pular tela de alteração durante o cadastro automático. Informações, como nome e e-mail, virão do provedor externo.",
"OIDC_USER_CLAIM": "Nome da propriedade (claim) cujo valor representa o nome de usuário (login). Se não informado, 'name' será usado.",
"NEW_SECRET": "Deve ter mais de 8 caracteres e pelo menos 1 letra maiúscula, 1 minúscula e 1 número."
@ -955,8 +953,11 @@
"OIDC_SETNAMECONTENT": "Um nome de usuário deve ser criado na base local do Harbor para ser associado a projetos, perfís e permissões. Marque esta opção para que o nome de usuário seja obtido do provedor OIDC através do atributo (claim) informado.",
"OIDC_USERNAME": "Nome de usuário",
"GROUP_CLAIM_NAME": "Atributo com nome do grupo (claim)",
"GROUP_CLAIM_NAME_INFO": "The name of a custom group claim that you have configured in your OIDC provider",
"OIDC_ADMIN_GROUP": "Grupo Administrativo",
"OIDC_ADMIN_GROUP_INFO": "Informe o nome do grupo OIDC que será considerado administrativo. Todos os usuários deste grupo obterão privilégios de adiministração no Harbor. Deixe vazio para ser ignorado."
"OIDC_ADMIN_GROUP_INFO": "Informe o nome do grupo OIDC que será considerado administrativo. Todos os usuários deste grupo obterão privilégios de adiministração no Harbor. Deixe vazio para ser ignorado.",
"OIDC_GROUP_FILTER": "OIDC Group Filter",
"OIDC_GROUP_FILTER_INFO": "Exclude OIDC groups who match the provided regular expression."
},
"SCANNING": {
"STOP_SCAN_ALL_SUCCESS": "Todos os exames foram interrompidos!",

7
src/portal/src/i18n/lang/tr-tr-lang.json
View File

@ -103,8 +103,6 @@
"OIDC_ENDPOINT": "Bir OIDC şikayet sunucusunun URL'si.",
"OIDC_SCOPE": "Kapsam, kimlik doğrulama sırasında OIDC sunucusuna gönderildi. “Openid” ve “offline_access” içermelidir. Google kullanıyorsanız, lütfen “offline_access“'i bu alandan kaldırın.",
"OIDC_VERIFYCERT": "OIDC sunucunuz kendinden imzalı sertifika ile barındırılıyorsa bu kutunun işaretini kaldırın.",
"OIDC_GROUP_CLAIM": "The name of Claim in the ID token whose value is the list of group names.",
"OIDC_GROUP_CLAIM_WARNING": "It can only contain letters, numbers, underscores, and the input length is no more than 256 characters.",
"OIDC_AUTOONBOARD": "Skip the onboarding screen, so user cannot change its username. Username is provided from ID Token",
"OIDC_USER_CLAIM": "The name of the claim in the ID Token where the username is retrieved from. If not specified, it will default to 'name'",
"NEW_SECRET": "The secret must longer than 8 chars with at least 1 uppercase letter, 1 lowercase letter and 1 number."
@ -959,8 +957,11 @@
"OIDC_SETNAMECONTENT": "Üçüncü tarafla (OIDC) kimlik doğrulaması yaparken ilk kez bir Harbor kullanıcı adı oluşturmalısınız. Bu, harbor projeler, roller vb. ile ilişkilendirilmek üzere kullanılacaktır.",
"OIDC_USERNAME": "Kullanıcı Adı",
"GROUP_CLAIM_NAME": "Group Claim Name",
"GROUP_CLAIM_NAME_INFO": "The name of a custom group claim that you have configured in your OIDC provider",
"OIDC_ADMIN_GROUP": "OIDC Admin Group",
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to."
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to.",
"OIDC_GROUP_FILTER": "OIDC Group Filter",
"OIDC_GROUP_FILTER_INFO": "Exclude OIDC groups who match the provided regular expression."
},
"SCANNING": {
"STOP_SCAN_ALL_SUCCESS": "Trigger stopping scan all successfully!",

9
src/portal/src/i18n/lang/zh-cn-lang.json
View File

@ -102,8 +102,6 @@
"OIDC_ENDPOINT": "OIDC服务器的地址。",
"OIDC_SCOPE": "在身份验证期间发送到OIDC服务器的scope。它必须包含“openid”和“offline_access”。如果您使用Google请从此字段中删除“脱机访问”。",
"OIDC_VERIFYCERT": "如果您的OIDC服务器是通过自签名证书托管的请取消选中此框。",
"OIDC_GROUP_CLAIM": "ID和token中的Claim名称在组的名称列表中。",
"OIDC_GROUP_CLAIM_WARNING": "它只能包含字母、数字、下划线,且输入长度不超过256字符。",
"OIDC_AUTOONBOARD": "跳过登录界面这样用户就不能更改其用户名。用户名是从ID令牌中获取的",
"OIDC_USER_CLAIM": "指定从ID令牌中获取的名称。如果未指定则默认为'name'",
"NEW_SECRET": "Cli secret 必须超过8个字符并至少包含1个大写字母1个小写字母和1个数字。"
@ -959,9 +957,12 @@
"OIDC_SETNAME": "设置OIDC用户名",
"OIDC_SETNAMECONTENT": "在通过第三方OIDC进行身份验证时您必须第一次创建一个Harbor用户名。这将在Harbor中用于与项目、角色等关联。",
"OIDC_USERNAME": "用户名",
"GROUP_CLAIM_NAME": "组名称",
"GROUP_CLAIM_NAME": "组声明名称",
"GROUP_CLAIM_NAME_INFO": "您在 OIDC 提供商中配置的自定义组声明的名称",
"OIDC_ADMIN_GROUP": "OIDC管理员组",
"OIDC_ADMIN_GROUP_INFO": "OIDC管理员组名称。所有该组内用户都会有管理员权限此属性可以为空。"
"OIDC_ADMIN_GROUP_INFO": "OIDC管理员组名称。所有该组内用户都会有管理员权限此属性可以为空。",
"OIDC_GROUP_FILTER": "OIDC 组过滤器",
"OIDC_GROUP_FILTER_INFO": "该过滤器将会过滤掉不匹配此项正则表达式的 OIDC 组"
},
"SCANNING": {
"STOP_SCAN_ALL_SUCCESS": "停止扫描所有镜像任务成功!",

7
src/portal/src/i18n/lang/zh-tw-lang.json
View File

@ -102,8 +102,6 @@
"OIDC_ENDPOINT": "OIDC服務器的地址。",
"OIDC_SCOPE": "在身份驗證期間發送到OIDC服務器的scope。它必須包含“openid”和“offline_access”。如果您使用Google,請從此字段中刪除“脫機訪問”。",
"OIDC_VERIFYCERT": "如果您的OIDC服務器是通過自簽名證書託管的,請取消選中此框。",
"OIDC_GROUP_CLAIM": "ID和token中的Claim名稱,在組的名稱列表中。",
"OIDC_GROUP_CLAIM_WARNING": "它只能包含字母、數字、下劃線,且輸入長度不超過256字符。",
"OIDC_AUTOONBOARD": "Skip the onboarding screen, so user cannot change its username. Username is provided from ID Token",
"OIDC_USER_CLAIM": "The name of the claim in the ID Token where the username is retrieved from. If not specified, it will default to 'name'",
"NEW_SECRET": "Cli secret 必須超過8個字符,並至少包含1個大寫字母,1個小寫字母和1個數字。"
@ -955,8 +953,11 @@
"OIDC_SETNAMECONTENT": "在通過第三方OIDC進行身份驗證時,您必須第一次創建一個Harbor用戶名。這將在端口中用於與項目、角色等關聯。",
"OIDC_USERNAME": "用戶名",
"GROUP_CLAIM_NAME": "組名稱",
"GROUP_CLAIM_NAME_INFO": "The name of a custom group claim that you have configured in your OIDC provider",
"OIDC_ADMIN_GROUP": "OIDC Admin Group",
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to."
"OIDC_ADMIN_GROUP_INFO": "Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to.",
"OIDC_GROUP_FILTER": "OIDC Group Filter",
"OIDC_GROUP_FILTER_INFO": "Exclude OIDC groups who match the provided regular expression."
},
"SCANNING":{
"STOP_SCAN_ALL_SUCCESS": "Trigger stopping scan all successfully!",