Merge remote-tracking branch 'upstream/master' into 170830_email_insecure

This commit is contained in:
Wenkai Yin 2017-09-04 15:10:24 +08:00
commit bb77ceebae
16 changed files with 1869 additions and 1904 deletions

View File

@ -100,9 +100,10 @@ script:
- docker-compose -f make/docker-compose.test.yml down
- sudo rm -rf /data/config/*
- ls /data/cert
- sudo make install GOBUILDIMAGE=golang:1.7.3 COMPILETAG=compile_golangimage CLARITYIMAGE=vmware/harbor-clarity-ui-builder:1.2.7 NOTARYFLAG=true
- sudo make install GOBUILDIMAGE=golang:1.7.3 COMPILETAG=compile_golangimage CLARITYIMAGE=vmware/harbor-clarity-ui-builder:1.2.7 NOTARYFLAG=true CLAIRFLAG=true
- docker ps
- ./tests/validatecontainers.sh
- ./tests/notarytest.sh
- ./tests/swaggerchecker.sh
- ./tests/startuptest.sh

634
LICENSE

File diff suppressed because it is too large Load Diff

4
NOTICE
View File

@ -1,8 +1,8 @@
NOTICE
Harbor 1.2.0
Harbor
Copyright (c) 2017 VMware, Inc. All Rights Reserved.
Copyright (c) 2016-2017 VMware, Inc. All Rights Reserved.
This product is licensed to you under the Apache License, Version 2.0 (the "License"). You may not use this product except in compliance with the License.

View File

@ -973,6 +973,11 @@ paths:
one by one in background, so there's no way to track the overall status
of the "scan all" action. Only system adim has permission to call this
API.
parameters:
- name: project_id
in: query
type: integer
description: When this parm is set only the images under the project identified by the project_id will be scanned.
responses:
'202':
description: >-
@ -1217,7 +1222,7 @@ paths:
description: User need to login first.
'500':
description: Unexpected internal errors.
'/jobs/replication/{id}':
/jobs/replication/{id}:
delete:
summary: Delete specific ID job.
description: |
@ -1242,7 +1247,7 @@ paths:
description: Project ID does not exist.
'500':
description: Unexpected internal errors.
'/jobs/replication/{id}/log':
/jobs/replication/{id}/log:
get:
summary: Get job logs.
description: |
@ -1267,6 +1272,32 @@ paths:
description: The specific repository ID's log does not exist.
'500':
description: Unexpected internal errors.
/jobs/scan/{id}/log:
get:
summary: Get job logs.
description: |
This endpoint let user get scan job logs filtered by specific ID.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Relevant job ID
tags:
- Products
responses:
'200':
description: Get job log successfully.
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'404':
description: The specific repository ID's log does not exist.
'500':
description: Unexpected internal errors.
/policies/replication:
get:
summary: List filters policies by name and project_id
@ -1327,7 +1358,7 @@ paths:
project and target.
'500':
description: Unexpected internal errors.
'/policies/replication/{id}':
/policies/replication/{id}:
get:
summary: Get replication policy.
description: |
@ -1387,7 +1418,7 @@ paths:
project and target.
'500':
description: Unexpected internal errors.
'/policies/replication/{id}/enablement':
/policies/replication/{id}/enablement:
put:
summary: Put modifies enablement of the policy.
description: |
@ -1821,7 +1852,7 @@ paths:
'200':
description: Get system configurations successfully. The response body is a map.
schema:
type: object
$ref: '#/definitions/Configurations'
'401':
description: User need to log in first.
'403':
@ -1840,15 +1871,8 @@ paths:
in: body
required: true
schema:
type: object
description: >-
The configurations map need to be modified, the following are keys
"auth_mode", "email_from", "email_host", "email_identity",
"email_password", "email_port", "email_ssl", "email_username",
"ldap_base_dn", "ldap_filter", "ldap_scope", "ldap_search_dn",
"ldap_search_password", "ldap_timeout", "ldap_uid", "ldap_url",
"project_creation_restriction", "self_registration",
"verify_remote_cert".
$ref: '#/definitions/Configurations'
description: The configuration map can contain a subset of the attributes of the schema, which are to be updated.
responses:
'200':
description: Modify system configurations successfully.
@ -2679,3 +2703,76 @@ definitions:
description: >-
The version which the vulnerability is fixed, this is an optional
property.
Configurations:
type: object
properties:
auth_mode:
type: string
description: The auth mode of current system, such as "db_auth", "ldap_auth"
email_from:
type: string
description: The sender name for Email notification.
email_host:
type: string
description: The hostname of SMTP server that sends Email notification.
email_port:
type: integer
description: The port of SMTP server.
email_identity:
type: string
description: By default it's empty so the email_username is picked.
email_username:
type: string
description: The username for authenticate against SMTP server.
email_ssl:
type: boolean
description: When it's set to true the system will access Email server via TLS by default. If it's set to false, it still will handle "STARTTLS" from server side.
ldap_url:
type: string
description: The URL of LDAP server.
ldap_base_dn:
type: string
description: The Base DN for LDAP binding.
ldap_filter:
type: string
description: The filter for LDAP binding.
ldap_scope:
type: integer
description: 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
ldap_uid:
type: string
description: The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"
ldap_search_dn:
type: string
description: The DN of the user to do the search.
ldap_timeout:
type: integer
description: timeout in seconds for connection to LDAP server.
project_creation_restriction:
type: string
description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly".
self_registration:
type: boolean
description: Whether the Harbor instance supports self-registration. If it's set to false, admin need to add user to the instance.
token_expiration:
type: integer
description: The expiration time of the token for internal Registry, in minutes.
verify_remote_cert:
type: boolean
description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication.
scan_all_policy:
type: object
properties:
type:
type: string
description: The type of scan all policy, currently the valid values are "none" and "daily"
parameter:
type: object
properties:
daily_time:
type: integer
description: The offest in seconds of UTC 0 o'clock, only valid when the policy type is "daily"
description: The parameters of the policy, the values are dependant on the type of the policy.

View File

@ -59,13 +59,8 @@ http {
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $$scheme;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_body_temp_path /tmp/nginx_client_body_temp;
proxy_temp_path /tmp/nginx_proxy_temp;
proxy_buffering off;
proxy_request_buffering off;
}
location /service/ {

View File

@ -78,13 +78,8 @@ http {
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $$scheme;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_body_temp_path /tmp/nginx_client_body_temp;
proxy_temp_path /tmp/nginx_proxy_temp;
proxy_buffering off;
proxy_request_buffering off;
}
location /service/ {

View File

@ -6,6 +6,9 @@ MAINTAINER wangyan@vmware.com
COPY entrypoint.sh /
RUN chmod u+x /entrypoint.sh
RUN mkdir -p /etc/docker/registry
COPY config.yml /etc/docker/registry/config.yml
COPY binary/registry /usr/bin
RUN chmod u+x /usr/bin/registry

View File

@ -53,10 +53,12 @@ docker rmi -f registry-golang
echo "Build registry binary success, then to build photon image..."
cd $cur
echo $PHOTONIMAGE
cp $TEMP/cmd/registry/config-example.yml config.yml
docker build -f Dockerfile -t $PHOTONIMAGE .
rm -rf $TEMP
rm -rf binary
rm -rf config.yml
echo 'Push image to docker hub.'
../../pushimage.sh $PHOTONIMAGE USERNAME PASSWORD
../../pushimage.sh $PHOTONIMAGE $USERNAME $PASSWORD

View File

@ -197,11 +197,11 @@ export class RepositoryStackviewComponent implements OnChanges, OnInit {
signedDataSet(repoName: string): void {
let signature: string = '';
if (this.signedCon[repoName].length === 0) {
this.confirmationDialogSet('DELETION_TITLE_REPO', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO', ConfirmationButtons.DELETE_CANCEL);
this.confirmationDialogSet('REPOSITORY.DELETION_TITLE_REPO', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO', ConfirmationButtons.DELETE_CANCEL);
return;
}
signature = this.signedCon[repoName].join(',');
this.confirmationDialogSet('DELETION_TITLE_REPO_SIGNED', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO_SIGNED', ConfirmationButtons.CLOSE);
this.confirmationDialogSet('REPOSITORY.DELETION_TITLE_REPO_SIGNED', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO_SIGNED', ConfirmationButtons.CLOSE);
}
confirmationDialogSet(summaryTitle: string, signature: string, repoName: string, summaryKey: string, button: ConfirmationButtons): void {

View File

@ -175,6 +175,7 @@ export class ResultBarChartComponent implements OnInit, OnDestroy {
copyValue(newVal: VulnerabilitySummary): void {
if (!newVal || !newVal.scan_status) { return; }
this.summary.scan_status = newVal.scan_status;
this.summary.job_id = newVal.job_id;
this.summary.severity = newVal.severity;
this.summary.components = newVal.components;
this.summary.update_time = newVal.update_time;

View File

@ -31,7 +31,7 @@
"clarity-icons": "^0.9.8",
"clarity-ui": "^0.9.8",
"core-js": "^2.4.1",
"harbor-ui": "0.4.52",
"harbor-ui": "0.4.60",
"intl": "^1.2.5",
"mutationobserver-shim": "^0.3.2",
"ngx-cookie": "^1.0.0",

View File

@ -323,7 +323,7 @@
"DELETION_TITLE_REPO": "Confirm Repository Deletion",
"DELETION_TITLE_REPO_SIGNED": "Repository cannot be deleted",
"DELETION_SUMMARY_REPO_SIGNED": "Repository '{{repoName}}' cannot be deleted because the following signed images existing.\n{{signedImages}} \nYou should unsign all the signed images before deleting the repository!",
"DELETION_SUMMARY_REPO": "Do you want to delete repository {{param}}?",
"DELETION_SUMMARY_REPO": "Do you want to delete repository {{repoName}}?",
"DELETION_TITLE_TAG": "Confirm Tag Deletion",
"DELETION_SUMMARY_TAG": "Do you want to delete tag {{param}}?",
"DELETION_TITLE_TAG_DENIED": "Signed tag cannot be deleted",

View File

@ -324,7 +324,7 @@
"DELETION_TITLE_REPO": "Confirmar Eliminación de Repositorio",
"DELETION_TITLE_REPO_SIGNED": "Repository cannot be deleted",
"DELETION_SUMMARY_REPO_SIGNED": "Repository '{{repoName}}' cannot be deleted because the following signed images existing.\n{{signedImages}} \nYou should unsign all the signed images before deleting the repository!",
"DELETION_SUMMARY_REPO": "¿Quiere eliminar el repositorio {{param}}?",
"DELETION_SUMMARY_REPO": "¿Quiere eliminar el repositorio {{repoName}}?",
"DELETION_TITLE_TAG": "Confirmación de Eliminación de Etiqueta",
"DELETION_SUMMARY_TAG": "¿Quiere eliminar la etiqueta {{param}}?",
"DELETION_TITLE_TAG_DENIED": "La etiqueta firmada no puede ser eliminada",

View File

@ -323,7 +323,7 @@
"DELETION_TITLE_REPO": "删除镜像仓库确认",
"DELETION_TITLE_REPO_SIGNED": "仓库不能被删除",
"DELETION_SUMMARY_REPO_SIGNED": "镜像仓库 '{{repoName}}' 不能被删除,因为存在以下签名镜像.\n{{signedImages}} \n在删除镜像仓库前需先删除所有的签名镜像",
"DELETION_SUMMARY_REPO": "确认删除镜像仓库 {{param}}?",
"DELETION_SUMMARY_REPO": "确认删除镜像仓库 {{repoName}}?",
"DELETION_TITLE_TAG": "删除镜像标签确认",
"DELETION_SUMMARY_TAG": "确认删除镜像标签 {{param}}?",
"DELETION_TITLE_TAG_DENIED": "已签名的镜像不能被删除",

View File

@ -287,3 +287,6 @@ Test Case - Admin Push Signed Image
Test Case - Admin Push Un-Signed Image
${rc} ${output}= Run And Return Rc And Output docker push ${ip}/library/hello-world:latest
Log To Console ${output}
Test Case - Clean Harbor Images
Down Harbor with_notary=true

8
tests/validatecontainers.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
set -e
if docker ps --filter "status=restarting" | grep 'vmware'; then
echo "container is restaring, fail CI."
exit 1
fi