mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-30 06:03:45 +01:00
Merge remote-tracking branch 'upstream/master' into 170830_email_insecure
This commit is contained in:
commit
bb77ceebae
@ -100,9 +100,10 @@ script:
|
||||
- docker-compose -f make/docker-compose.test.yml down
|
||||
- sudo rm -rf /data/config/*
|
||||
- ls /data/cert
|
||||
- sudo make install GOBUILDIMAGE=golang:1.7.3 COMPILETAG=compile_golangimage CLARITYIMAGE=vmware/harbor-clarity-ui-builder:1.2.7 NOTARYFLAG=true
|
||||
- sudo make install GOBUILDIMAGE=golang:1.7.3 COMPILETAG=compile_golangimage CLARITYIMAGE=vmware/harbor-clarity-ui-builder:1.2.7 NOTARYFLAG=true CLAIRFLAG=true
|
||||
|
||||
- docker ps
|
||||
- docker ps
|
||||
- ./tests/validatecontainers.sh
|
||||
- ./tests/notarytest.sh
|
||||
- ./tests/swaggerchecker.sh
|
||||
- ./tests/startuptest.sh
|
||||
|
4
NOTICE
4
NOTICE
@ -1,8 +1,8 @@
|
||||
NOTICE
|
||||
|
||||
Harbor 1.2.0
|
||||
Harbor
|
||||
|
||||
Copyright (c) 2017 VMware, Inc. All Rights Reserved.
|
||||
Copyright (c) 2016-2017 VMware, Inc. All Rights Reserved.
|
||||
|
||||
This product is licensed to you under the Apache License, Version 2.0 (the "License"). You may not use this product except in compliance with the License.
|
||||
|
||||
|
@ -973,6 +973,11 @@ paths:
|
||||
one by one in background, so there's no way to track the overall status
|
||||
of the "scan all" action. Only system adim has permission to call this
|
||||
API.
|
||||
parameters:
|
||||
- name: project_id
|
||||
in: query
|
||||
type: integer
|
||||
description: When this parm is set only the images under the project identified by the project_id will be scanned.
|
||||
responses:
|
||||
'202':
|
||||
description: >-
|
||||
@ -1217,7 +1222,7 @@ paths:
|
||||
description: User need to login first.
|
||||
'500':
|
||||
description: Unexpected internal errors.
|
||||
'/jobs/replication/{id}':
|
||||
/jobs/replication/{id}:
|
||||
delete:
|
||||
summary: Delete specific ID job.
|
||||
description: |
|
||||
@ -1242,7 +1247,7 @@ paths:
|
||||
description: Project ID does not exist.
|
||||
'500':
|
||||
description: Unexpected internal errors.
|
||||
'/jobs/replication/{id}/log':
|
||||
/jobs/replication/{id}/log:
|
||||
get:
|
||||
summary: Get job logs.
|
||||
description: |
|
||||
@ -1267,6 +1272,32 @@ paths:
|
||||
description: The specific repository ID's log does not exist.
|
||||
'500':
|
||||
description: Unexpected internal errors.
|
||||
/jobs/scan/{id}/log:
|
||||
get:
|
||||
summary: Get job logs.
|
||||
description: |
|
||||
This endpoint let user get scan job logs filtered by specific ID.
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
type: integer
|
||||
format: int64
|
||||
required: true
|
||||
description: Relevant job ID
|
||||
tags:
|
||||
- Products
|
||||
responses:
|
||||
'200':
|
||||
description: Get job log successfully.
|
||||
'400':
|
||||
description: Illegal format of provided ID value.
|
||||
'401':
|
||||
description: User need to log in first.
|
||||
'404':
|
||||
description: The specific repository ID's log does not exist.
|
||||
'500':
|
||||
description: Unexpected internal errors.
|
||||
|
||||
/policies/replication:
|
||||
get:
|
||||
summary: List filters policies by name and project_id
|
||||
@ -1327,7 +1358,7 @@ paths:
|
||||
project and target.
|
||||
'500':
|
||||
description: Unexpected internal errors.
|
||||
'/policies/replication/{id}':
|
||||
/policies/replication/{id}:
|
||||
get:
|
||||
summary: Get replication policy.
|
||||
description: |
|
||||
@ -1387,7 +1418,7 @@ paths:
|
||||
project and target.
|
||||
'500':
|
||||
description: Unexpected internal errors.
|
||||
'/policies/replication/{id}/enablement':
|
||||
/policies/replication/{id}/enablement:
|
||||
put:
|
||||
summary: Put modifies enablement of the policy.
|
||||
description: |
|
||||
@ -1821,7 +1852,7 @@ paths:
|
||||
'200':
|
||||
description: Get system configurations successfully. The response body is a map.
|
||||
schema:
|
||||
type: object
|
||||
$ref: '#/definitions/Configurations'
|
||||
'401':
|
||||
description: User need to log in first.
|
||||
'403':
|
||||
@ -1840,15 +1871,8 @@ paths:
|
||||
in: body
|
||||
required: true
|
||||
schema:
|
||||
type: object
|
||||
description: >-
|
||||
The configurations map need to be modified, the following are keys
|
||||
"auth_mode", "email_from", "email_host", "email_identity",
|
||||
"email_password", "email_port", "email_ssl", "email_username",
|
||||
"ldap_base_dn", "ldap_filter", "ldap_scope", "ldap_search_dn",
|
||||
"ldap_search_password", "ldap_timeout", "ldap_uid", "ldap_url",
|
||||
"project_creation_restriction", "self_registration",
|
||||
"verify_remote_cert".
|
||||
$ref: '#/definitions/Configurations'
|
||||
description: The configuration map can contain a subset of the attributes of the schema, which are to be updated.
|
||||
responses:
|
||||
'200':
|
||||
description: Modify system configurations successfully.
|
||||
@ -2679,3 +2703,76 @@ definitions:
|
||||
description: >-
|
||||
The version which the vulnerability is fixed, this is an optional
|
||||
property.
|
||||
Configurations:
|
||||
type: object
|
||||
properties:
|
||||
auth_mode:
|
||||
type: string
|
||||
description: The auth mode of current system, such as "db_auth", "ldap_auth"
|
||||
email_from:
|
||||
type: string
|
||||
description: The sender name for Email notification.
|
||||
email_host:
|
||||
type: string
|
||||
description: The hostname of SMTP server that sends Email notification.
|
||||
email_port:
|
||||
type: integer
|
||||
description: The port of SMTP server.
|
||||
email_identity:
|
||||
type: string
|
||||
description: By default it's empty so the email_username is picked.
|
||||
email_username:
|
||||
type: string
|
||||
description: The username for authenticate against SMTP server.
|
||||
email_ssl:
|
||||
type: boolean
|
||||
description: When it's set to true the system will access Email server via TLS by default. If it's set to false, it still will handle "STARTTLS" from server side.
|
||||
ldap_url:
|
||||
type: string
|
||||
description: The URL of LDAP server.
|
||||
ldap_base_dn:
|
||||
type: string
|
||||
description: The Base DN for LDAP binding.
|
||||
ldap_filter:
|
||||
type: string
|
||||
description: The filter for LDAP binding.
|
||||
ldap_scope:
|
||||
type: integer
|
||||
description: 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
|
||||
ldap_uid:
|
||||
type: string
|
||||
description: The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"
|
||||
ldap_search_dn:
|
||||
type: string
|
||||
description: The DN of the user to do the search.
|
||||
ldap_timeout:
|
||||
type: integer
|
||||
description: timeout in seconds for connection to LDAP server.
|
||||
project_creation_restriction:
|
||||
type: string
|
||||
description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly".
|
||||
self_registration:
|
||||
type: boolean
|
||||
description: Whether the Harbor instance supports self-registration. If it's set to false, admin need to add user to the instance.
|
||||
token_expiration:
|
||||
type: integer
|
||||
description: The expiration time of the token for internal Registry, in minutes.
|
||||
verify_remote_cert:
|
||||
type: boolean
|
||||
description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication.
|
||||
scan_all_policy:
|
||||
type: object
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
description: The type of scan all policy, currently the valid values are "none" and "daily"
|
||||
parameter:
|
||||
type: object
|
||||
properties:
|
||||
daily_time:
|
||||
type: integer
|
||||
description: The offest in seconds of UTC 0 o'clock, only valid when the policy type is "daily"
|
||||
description: The parameters of the policy, the values are dependant on the type of the policy.
|
||||
|
||||
|
||||
|
||||
|
@ -59,13 +59,8 @@ http {
|
||||
|
||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
||||
|
||||
proxy_buffer_size 4k;
|
||||
proxy_buffers 4 32k;
|
||||
proxy_busy_buffers_size 64k;
|
||||
proxy_temp_file_write_size 64k;
|
||||
client_body_temp_path /tmp/nginx_client_body_temp;
|
||||
proxy_temp_path /tmp/nginx_proxy_temp;
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /service/ {
|
||||
|
@ -78,13 +78,8 @@ http {
|
||||
|
||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
||||
|
||||
proxy_buffer_size 4k;
|
||||
proxy_buffers 4 32k;
|
||||
proxy_busy_buffers_size 64k;
|
||||
proxy_temp_file_write_size 64k;
|
||||
client_body_temp_path /tmp/nginx_client_body_temp;
|
||||
proxy_temp_path /tmp/nginx_proxy_temp;
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /service/ {
|
||||
|
@ -6,6 +6,9 @@ MAINTAINER wangyan@vmware.com
|
||||
COPY entrypoint.sh /
|
||||
RUN chmod u+x /entrypoint.sh
|
||||
|
||||
RUN mkdir -p /etc/docker/registry
|
||||
COPY config.yml /etc/docker/registry/config.yml
|
||||
|
||||
COPY binary/registry /usr/bin
|
||||
RUN chmod u+x /usr/bin/registry
|
||||
|
||||
|
@ -53,10 +53,12 @@ docker rmi -f registry-golang
|
||||
echo "Build registry binary success, then to build photon image..."
|
||||
cd $cur
|
||||
echo $PHOTONIMAGE
|
||||
cp $TEMP/cmd/registry/config-example.yml config.yml
|
||||
docker build -f Dockerfile -t $PHOTONIMAGE .
|
||||
|
||||
rm -rf $TEMP
|
||||
rm -rf binary
|
||||
rm -rf config.yml
|
||||
|
||||
echo 'Push image to docker hub.'
|
||||
../../pushimage.sh $PHOTONIMAGE USERNAME PASSWORD
|
||||
../../pushimage.sh $PHOTONIMAGE $USERNAME $PASSWORD
|
@ -197,11 +197,11 @@ export class RepositoryStackviewComponent implements OnChanges, OnInit {
|
||||
signedDataSet(repoName: string): void {
|
||||
let signature: string = '';
|
||||
if (this.signedCon[repoName].length === 0) {
|
||||
this.confirmationDialogSet('DELETION_TITLE_REPO', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO', ConfirmationButtons.DELETE_CANCEL);
|
||||
this.confirmationDialogSet('REPOSITORY.DELETION_TITLE_REPO', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO', ConfirmationButtons.DELETE_CANCEL);
|
||||
return;
|
||||
}
|
||||
signature = this.signedCon[repoName].join(',');
|
||||
this.confirmationDialogSet('DELETION_TITLE_REPO_SIGNED', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO_SIGNED', ConfirmationButtons.CLOSE);
|
||||
this.confirmationDialogSet('REPOSITORY.DELETION_TITLE_REPO_SIGNED', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO_SIGNED', ConfirmationButtons.CLOSE);
|
||||
}
|
||||
|
||||
confirmationDialogSet(summaryTitle: string, signature: string, repoName: string, summaryKey: string, button: ConfirmationButtons): void {
|
||||
|
@ -175,6 +175,7 @@ export class ResultBarChartComponent implements OnInit, OnDestroy {
|
||||
copyValue(newVal: VulnerabilitySummary): void {
|
||||
if (!newVal || !newVal.scan_status) { return; }
|
||||
this.summary.scan_status = newVal.scan_status;
|
||||
this.summary.job_id = newVal.job_id;
|
||||
this.summary.severity = newVal.severity;
|
||||
this.summary.components = newVal.components;
|
||||
this.summary.update_time = newVal.update_time;
|
||||
|
@ -31,7 +31,7 @@
|
||||
"clarity-icons": "^0.9.8",
|
||||
"clarity-ui": "^0.9.8",
|
||||
"core-js": "^2.4.1",
|
||||
"harbor-ui": "0.4.52",
|
||||
"harbor-ui": "0.4.60",
|
||||
"intl": "^1.2.5",
|
||||
"mutationobserver-shim": "^0.3.2",
|
||||
"ngx-cookie": "^1.0.0",
|
||||
|
@ -323,7 +323,7 @@
|
||||
"DELETION_TITLE_REPO": "Confirm Repository Deletion",
|
||||
"DELETION_TITLE_REPO_SIGNED": "Repository cannot be deleted",
|
||||
"DELETION_SUMMARY_REPO_SIGNED": "Repository '{{repoName}}' cannot be deleted because the following signed images existing.\n{{signedImages}} \nYou should unsign all the signed images before deleting the repository!",
|
||||
"DELETION_SUMMARY_REPO": "Do you want to delete repository {{param}}?",
|
||||
"DELETION_SUMMARY_REPO": "Do you want to delete repository {{repoName}}?",
|
||||
"DELETION_TITLE_TAG": "Confirm Tag Deletion",
|
||||
"DELETION_SUMMARY_TAG": "Do you want to delete tag {{param}}?",
|
||||
"DELETION_TITLE_TAG_DENIED": "Signed tag cannot be deleted",
|
||||
|
@ -324,7 +324,7 @@
|
||||
"DELETION_TITLE_REPO": "Confirmar Eliminación de Repositorio",
|
||||
"DELETION_TITLE_REPO_SIGNED": "Repository cannot be deleted",
|
||||
"DELETION_SUMMARY_REPO_SIGNED": "Repository '{{repoName}}' cannot be deleted because the following signed images existing.\n{{signedImages}} \nYou should unsign all the signed images before deleting the repository!",
|
||||
"DELETION_SUMMARY_REPO": "¿Quiere eliminar el repositorio {{param}}?",
|
||||
"DELETION_SUMMARY_REPO": "¿Quiere eliminar el repositorio {{repoName}}?",
|
||||
"DELETION_TITLE_TAG": "Confirmación de Eliminación de Etiqueta",
|
||||
"DELETION_SUMMARY_TAG": "¿Quiere eliminar la etiqueta {{param}}?",
|
||||
"DELETION_TITLE_TAG_DENIED": "La etiqueta firmada no puede ser eliminada",
|
||||
|
@ -323,7 +323,7 @@
|
||||
"DELETION_TITLE_REPO": "删除镜像仓库确认",
|
||||
"DELETION_TITLE_REPO_SIGNED": "仓库不能被删除",
|
||||
"DELETION_SUMMARY_REPO_SIGNED": "镜像仓库 '{{repoName}}' 不能被删除,因为存在以下签名镜像.\n{{signedImages}} \n在删除镜像仓库前需先删除所有的签名镜像",
|
||||
"DELETION_SUMMARY_REPO": "确认删除镜像仓库 {{param}}?",
|
||||
"DELETION_SUMMARY_REPO": "确认删除镜像仓库 {{repoName}}?",
|
||||
"DELETION_TITLE_TAG": "删除镜像标签确认",
|
||||
"DELETION_SUMMARY_TAG": "确认删除镜像标签 {{param}}?",
|
||||
"DELETION_TITLE_TAG_DENIED": "已签名的镜像不能被删除",
|
||||
|
@ -286,4 +286,7 @@ Test Case - Admin Push Signed Image
|
||||
|
||||
Test Case - Admin Push Un-Signed Image
|
||||
${rc} ${output}= Run And Return Rc And Output docker push ${ip}/library/hello-world:latest
|
||||
Log To Console ${output}
|
||||
Log To Console ${output}
|
||||
|
||||
Test Case - Clean Harbor Images
|
||||
Down Harbor with_notary=true
|
8
tests/validatecontainers.sh
Executable file
8
tests/validatecontainers.sh
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
if docker ps --filter "status=restarting" | grep 'vmware'; then
|
||||
echo "container is restaring, fail CI."
|
||||
exit 1
|
||||
fi
|
Loading…
Reference in New Issue
Block a user