Commit Graph

1067 Commits

Author SHA1 Message Date
He Weiwei
fe69a5df99 build(scanner-adapter): bump up clair adapter to v1.0.1-rc2
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-13 02:35:21 +00:00
wang yan
47793e77e3 update base file name ane pass base version to build file
Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 19:12:49 +08:00
Wang Yan
544cc98971 add base images when to build harbor assets
* add base images when to build harbor assets

Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 15:38:51 +08:00
Daniel Jiang
39a22d4470 Remove scripts to deploy Harbor on k8s
This commit removes scripts have been deprecated for a while and users have to use
helm chart to deploy Harbor on top of k8s cluster.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-11 19:23:22 +08:00
Yogi_Wang
cddc1149f1 Modify the memory of nodejs used from 8192MB to 2048MB
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-11-11 17:05:42 +08:00
Wang Yan
6da183d576
Merge pull request #9800 from ninjadq/failure_earlier_of_ca_bundle_permission_check
Failure earlier of ca bundle permission check
2019-11-11 14:09:21 +08:00
Wang Yan
0b09bd14b1
Merge pull request #9756 from ninjadq/add_ignore_media_type
Add ignore mediatypes for registry
2019-11-08 18:34:13 +08:00
DQ
80c3e76b5a check the permission of ca bundle file
CA bundle need check before use

Signed-off-by: DQ <dengq@vmware.com>
2019-11-08 15:34:17 +08:00
DQ
7237067d63 Bump config version
Bump version to 1.10

Signed-off-by: DQ <dengq@vmware.com>
2019-11-07 17:06:20 +08:00
Daniel Jiang
06e4e124d8
Refine request handle process (#9760)
* Refine request handle process

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-07 13:02:17 +08:00
DQ
45868107aa Add ignore mediatypes for registry
Add these mediatypes to reduce the amount of registry event

Signed-off-by: DQ <dengq@vmware.com>
2019-11-06 21:39:08 +08:00
Wang Yan
a9e8c6a430
Merge pull request #9738 from ninjadq/fix_install_script
Fix install script
2019-11-06 14:24:07 +08:00
Steven Zou
240f771006
Merge pull request #9733 from steven-zou/fix/scan_all_enhancements
do improvements to the scan all job
2019-11-05 16:22:50 +08:00
Steven Zou
ebc5d2482b do improvements to the scan all job
- update scan all job to avoid sending too many HTTP requets
- update scan controller to support scan options
- update the db schema of the scan report to introduce requester
- introduce scan all metrics to report the overall progress of scan all job
- fix the status updating bug in scan report
- enhance the admin job status updats
- add duplicate checking before triggering generic admin job
- update the db scheme of admin job

fix #9705
fix #9722
fix #9670

Signed-off-by: Steven Zou <szou@vmware.com>
2019-11-05 15:12:07 +08:00
Wang Yan
27cb25cc04
Merge pull request #9400 from ninjadq/inject_certs_to_non_root
Inject certs to non root
2019-11-05 14:49:08 +08:00
DQ
75c91273bc Fix install script
Move load images to above

Signed-off-by: DQ <dengq@vmware.com>
2019-11-05 11:22:30 +08:00
DQ
ece321a53a Change certs's owner to 10000
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 17:38:41 +08:00
Wang Yan
3f39b0ba4f
Merge pull request #9550 from ninjadq/enable_https_by_default
Enable https by default
2019-11-04 16:51:33 +08:00
DQ
a0462f0baa Change the clair container to non root user
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
DQ
d0ed075b91 Change chartmuseum container to non-root
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
DQ
1c76d52152 Add registryctl to non-root
And the install_cert.sh will changed for non-root too

Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
Qian Deng
336dbfd3e1
Merge pull request #9452 from ninjadq/add_certs_in_specific_dir
All certs in /harbor_cust_certs will appended to ca_bundle
2019-11-01 13:13:18 +08:00
Daniel Jiang
02dab35a43
Merge pull request #9683 from ninjadq/upgrade_python_rand_gen
Replance python ran lib to secrets
2019-10-31 21:51:38 +08:00
DQ
873d9f5b82 Enable https by default
1. Umcomment https related configs
2. Remove the https prepare related thing in ci

Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 20:58:09 +08:00
DQ
2529f69fba All certs in /harbor_cust_certs will appended to ca_bundle
Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 20:51:08 +08:00
Daniel Jiang
bc65609a10
Merge pull request #9657 from wy65701436/quota-sync-switcher
add a switcher for quota sync on core launch
2019-10-31 19:22:23 +08:00
Wang Yan
fa784d7514
Merge pull request #9649 from wy65701436/fix-9081
add ldflags for harbor compiler and linker
2019-10-31 19:14:16 +08:00
DQ
6c01049d94 Replance python ran lib to secrets
Secrets is included in python 3.6, so just import and use it

Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 17:23:19 +08:00
wang yan
c46d7e856a add a switcher for quota sync on core launch
As the quota sync is default called by harbor-core on every launch, and it will break the launch process if any failure throwed.

1, The commit is to provide an switcher for the system admin to bypass the quota sync.
2, In case Harbor goes into the restarting cycle.

Harbor already provides an internal API to sync quota data, in the failure case,
system admin can launch harbor and call the /api/internal/syncquota to sync quota.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-31 16:17:27 +08:00
Steven Zou
7b6e83090e create API folder to keep API swagger files
- create API folder
- move harbor API swagger file to API/harbor
- add scanner adapter open API swagger file to API/scanner
- update protal build Dockerfile
- update swagger explorer build command in Makefile

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-30 21:41:03 +08:00
wang yan
253e87d186 inject ldflags for harbor compiler and linker
1, replace the UIVERSION file with ldflags, which is generarted by make to inject into the UI core.
2, inject additional ldflags for harbor compiler

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-30 18:31:42 +08:00
He Weiwei
b0f7404231
chore(log): log level support for clair adapter (#9640)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-29 16:50:26 +08:00
He Weiwei
28e0c0693b Upgrade clair adapter to v1.0.0
1. Upgrade clair adapter to v1.0.0.
2. Make the clair adapter which installed by harbor immutable and using internal registry address.
3. Add support to build clair adapter image from binary.
4. Switch to ScannerPull action when make authorization for the scan request.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-26 17:25:36 +00:00
wang yan
f9996663d8 update immutable rule API
1, unify disable and enable
2, fix update rule error

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-25 14:11:07 +08:00
Steven Zou
cb59ba3bbc support using internal registry addr to perform scan
- do changes to the sql schema
- add `UseInternalAddr` and `Immutable` properties to scanner registration
- support multiple authentication type
  - basic
  - bearer token

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-24 18:28:35 +08:00
Wang Yan
d503f2a245
Merge pull request #9489 from reasonerjt/bump-up-golang
Bump up golang to 1.12.12
2019-10-22 10:54:35 +08:00
Daniel Jiang
6e131d511c Hide DB URL from notary migrator script
This commit modify the log message from upstream notary DB migrator, to
make sure the DB URL is not displayed.
Fixes #7510

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-21 23:10:27 +08:00
Daniel Jiang
dbe6ebceec Bump up golang to 1.12.12
Bump up the golang for compiling the binaries to 1.12.12
This commit also includes some minor changes to Makefile to fix issue in
building the binary files.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-21 15:55:58 +08:00
He Weiwei
bf6a14c9ad
feat(role): introduce a limited guest role (#9403)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-20 14:21:28 +08:00
wang yan
8c4cf17129 disable noglob after import common
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-18 17:55:33 +08:00
Steven Zou
0f16913635 rebase: resolve the code confilcts with master
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-17 17:42:41 +08:00
He Weiwei
8964a8697a build(clair): internal clair adapter when install with clair
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-17 12:00:51 +08:00
Steven Zou
f18afc0a3f do changes to let the vul policy check compatiable with new framework
- update the scan/scanner controller
- enhance the report summary generation
- do changes to the vulnerable handler
- remove the unused clair related code
- add more UT cases
- update the scan web hook event
- drop the unsed tables/index/triggers in sql schema

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-16 23:15:26 +08:00
stonezdj(Daojun Zhang)
0fa4934679
Merge pull request #8596 from JakubOnderka/patch-4
nginx: Remove TLSv1.1 support
2019-10-16 11:39:55 +08:00
wang yan
25f638a989 Merge branch 'master' of https://github.com/goharbor/harbor into robot-invisiable 2019-10-14 14:35:45 +08:00
wang yan
3e81bd7f1d add visible attribute to robot account
The commit is to make robot controller could create invisible robot account for internal use

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-12 00:51:48 +08:00
Steven Zou
9fd8b6306c refactor code to reflect code review comments
- refactor the db schema \
- refactor  permission checking in API handlers \

to follow the latest code/interface changes

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-11 18:07:47 +08:00
Steven Zou
58afd8e14b [stage3] support pluggable scanner
- implement scan controller
- add scan resource and update role bindings
- update registration model and related interfaces

Signed-off-by: Steven Zou <szou@vmware.com>

- implement scan API to do scan/get report/get log
- update repository rest API to produce scan report summary
- update scan job hook handler
- update some UT cases

- update robot account making content
- hidden credential in the job log

Commnet scan related API test cases which will be re-activate later
fix #8985

fix the issues found by codacy

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-11 12:53:02 +08:00
Daniel Jiang
49f12d0b16
Merge pull request #8786 from reasonerjt/fix-8622
Extract shared func for checkenv and install scripts
2019-10-10 16:53:51 +08:00
He Weiwei
6fbb77d65a
build(portal): npm registry configurable and build cache support (#9356)
1. Introduce NPM_REGISTRY in Makefile to support npm registry
configuration when build portal image.
2. Install npm pkgs before copy portal src so that build cache works for
npm install in portal image.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-10 15:29:50 +08:00
Daniel Jiang
b9154a858b Extract shared func for checkenv and install scripts
This commit fixes #8622 by extract shared func into common.sh to avoid
inconsistency in future.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-10 15:07:09 +08:00
Wang Yan
7e73dfb754
Merge pull request #9221 from wy65701436/fix-9186
patch registry fix of issue 2553
2019-09-26 19:34:18 +08:00
wang yan
3cf7e702be patch regsitry fix of issue 2553
This commit is target to fix harbor issue #9186, which root cause is mentioned by
https://github.com/docker/distribution/issues/2553, and fixed by https://github.com/docker/distribution/pull/2879.

As the latest distribution release(v2.7.1) does not contain this fix, but it will break the quota migraion process on S3 storage, we have to path this fix into Harbor regsitry binary.

[Tag Version]
It uses the issue number(2553) as the tag naming convention, like v2.7.1-patch-2553, means that we patch the fix of issue 2553 into v2.7.1.

[Note]
So far, this fix is only targets on docker regsitry v2.7.1. If the registry has this fix in new release, we'll move on.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-26 18:27:53 +08:00
Qian Deng
578adaa064
Merge pull request #9240 from ninjadq/add_extra_headers_in_nginx
Add headers in nginx config file
2019-09-26 10:27:08 +08:00
DQ
2bc11200d6 Move db change to new migration file
DB should move to new migration file cause 1.9 is already released

Signed-off-by: DQ <dengq@vmware.com>
2019-09-25 15:57:03 +08:00
DQ
e7394041ab Add headers in nginx config file
extra headered added in https and http config

Signed-off-by: DQ <dengq@vmware.com>
2019-09-24 17:50:40 +08:00
stonezdj(Daojun Zhang)
ec559b0585
Merge pull request #9123 from stonezdj/immutable_tags
Add DAO for immutable tags
2019-09-23 21:46:07 +08:00
Steven Zou
a73f896f23
Merge pull request #9154 from steven-zou/feature/pluggable_scanner_s2
[stage2]support pluggable scanner
2019-09-23 21:12:27 +08:00
stonezdj
29d2bcce99 Add DAO for immutable tags
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-09-23 16:45:07 +08:00
Steven Zou
d616bc3509 add scan report CRUD supporting and
- change error collection in scan job
- add dead client checking in client pool
- change key word type to interface{} for q.Query
- update bearer authorizer
- add required UT cases

Signed-off-by: Steven Zou <szou@vmware.com>
2019-09-23 16:21:39 +08:00
Steven Zou
0c19eba8c2 [stage2]support pluggable scanner
- add scanner rest API v1 spec
- implement v1 client which is used to talk to scanner adapter
- adjust data/orm models
- adjust code package structure

Signed-off-by: Steven Zou <szou@vmware.com>

- implement scan client which is used to talk to scanner adapter
- implement scan job which take the work of communicating with scanner
- update scanner mgmt API routes
- add corresponding UT cases
2019-09-23 09:37:54 +08:00
Daniel Jiang
3e5973fc6e Add Secure flag to cookie
This commit modifies nginx configuration file to make sure the secure
flag is added to "Set-Cookie" header when Harbor is serving https

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 21:04:37 +08:00
Steven Zou
4c4897aef1
Merge pull request #9134 from steven-zou/feature/pluggable_scanners
support pluggable scanner
2019-09-19 16:08:24 +08:00
Steven Zou
e324a4d623 support pluggable scanner
- add DAO layer for scanner registration
- add CURD manager for scanner registration
- add API controller for plug scanner
- add REST APIs for CURD of plug scanner
- add migration sql:0011_1.10.0
- add scan interface definition (no implementations)
- add related UT cases with testify

fix #8979 #8990

Signed-off-by: Steven Zou <szou@vmware.com>
2019-09-18 21:56:45 +08:00
jwangyangls
6dd2ae90a0
Merge pull request #9011 from jwangyangls/upgrade_clarity-2.1
Upgrade angular from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
2019-09-18 10:45:40 +08:00
Yogi_Wang
a7c7a8e675 Upgrade angualr from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
Signed-off-by: Yogi_Wang <yawang@vmware.com>

Signed-off-by: Meina Zhou <meinaz@vmware.com>
Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-18 10:12:20 +08:00
Daniel Jiang
753219834e
Merge pull request #8960 from ninjadq/upgrade_hash_alg_for_pswd
Upgrade hash alg for pswd
2019-09-12 11:22:39 +08:00
DQ
ea5c27fcd5 Enhance: Upgrade encrypt alg to sha256
previous sha1 will still used for old password

Signed-off-by: DQ <dengq@vmware.com>
2019-09-09 21:48:21 +08:00
stonezdj(Daojun Zhang)
ca97c85279
Merge pull request #8927 from ninjadq/fix_config_with_components
Add logic to read clair and notary config
2019-09-09 15:50:09 +08:00
DQ
495a257ab5 Add logic to read clair and notary config
Signed-off-by: DQ <dengq@vmware.com>
2019-09-05 12:49:32 +08:00
Daniel Jiang
b75cbe1a7e
Merge pull request #8912 from ninjadq/no_cache_index_html
Add no-cache to index.html
2019-09-03 13:01:55 +08:00
Qian Deng
97c40df40f
Merge pull request #8593 from ninjadq/fix_wording_in_doc
Update config file names
2019-09-03 10:53:23 +08:00
DQ
d50df0f0db Add no-cache to index.html
shouldn't cache index.html for access fresh page after upgrade.

Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:48:02 +08:00
DQ
aef93af21f Fix docker-compose version to 1.18.0
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:37:42 +08:00
DQ
377739204b Update config file names
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:19:06 +08:00
stonezdj(Daojun Zhang)
469018ae9e
Merge pull request #8891 from ninjadq/fix_prepare_file_permission
Fix: prepare permission issue
2019-09-02 18:07:14 +08:00
Qian Deng
86f2bb26a3 Fix docker-compose file permmission
non-root user can see the content

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-09-02 13:57:18 +08:00
DQ
6ed3d52615 Fix: prepare permission issue
1. recursivele change ownership for all prepare dir
2. database file permission fix

Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 10:04:38 +08:00
Wang Yan
6e462baa0d
Merge pull request #8837 from ninjadq/disable_redis_n_db_container_if_use_exeternal
Disable redis and db containers if external db enabled
2019-09-01 17:47:28 +08:00
He Weiwei
e2a19d8ab9
fix(build): max idle and open conn settings for external db (#8854)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-29 15:04:10 +08:00
Wenkai Yin(尹文开)
5da4286ef4 Hard delete project metadata (#8856)
Hard delete project metadata

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-29 12:14:39 +08:00
Wang Yan
87893abc5e
Merge pull request #8829 from ywk253100/190822_retry_status
Add status revision to handle retrying in replication task
2019-08-28 10:55:13 +08:00
Wang Yan
39f78ae768
Merge pull request #7872 from cd1989/config-redis-pool-idletimeout
Config idle timeout for redis pool to avoid jobservice restarting
2019-08-27 14:46:01 +08:00
Wenkai Yin
7924f37d86 Add status revision to handle retrying in replication task
Add status revision to handle retrying in replication task

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-27 14:17:11 +08:00
wang yan
28f7b7a64e fix #8839: update bolb size type to bigint
and extend the length of content type to 1024

Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-27 10:43:29 +08:00
DQ
fe3c71094b Disable redis and db containers if external db enabled
If depend on external redis or pg. local db and redis should not start. Therefore can save some resources.

Signed-off-by: DQ <dengq@vmware.com>
2019-08-26 17:59:13 +08:00
Wang Yan
35e786e54c
Merge pull request #8794 from ywk253100/190822_retry_status
Add status revision to retention task to handle retrying
2019-08-23 10:54:35 +08:00
Wang Yan
c9dc262540
Merge pull request #8773 from ninjadq/Feat--migration_scritp_180_2_190
Feat: Add migration script for 1.9
2019-08-22 23:51:14 +08:00
Wenkai Yin
661470e7bc Add status revision to retention task to handle retrying
Add status revision to retention task to handle retrying

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-22 20:04:25 +08:00
Wenkai Yin(尹文开)
a9d77f5c2c
Merge pull request #8589 from ninjadq/upgrade_docker-compose_checker
Update docker-compose checker
2019-08-22 20:00:42 +08:00
DQ
fd7b867fe3 Add config template
Add upgrade script
Update latest version

Signed-off-by: DQ <dengq@vmware.com>
2019-08-22 17:23:33 +08:00
He Weiwei
a2c8536d37 fix(build): install tzdata pkg for core and jobservice images
Closes #8314

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-21 14:40:29 +00:00
cd1989
db9b52d827 Config idle timeout for redis pool
Signed-off-by: cd1989 <chende@caicloud.io>
2019-08-20 17:23:32 +08:00
Steven Zou
217252a097
Merge pull request #8675 from ywk253100/190814_retention_task
Handle the retention task status updating in concurrency
2019-08-20 17:07:21 +08:00
Daniel Jiang
f674bb4e6c
Merge pull request #8590 from ninjadq/fix_registry_log_level
Fix: registry log level rendering issue
2019-08-20 09:11:56 +08:00
Daniel Jiang
f10fb67d6d
Merge pull request #8662 from stonezdj/email_sec2
Set default email to null if not provided
2019-08-20 09:01:50 +08:00
Daniel Jiang
b34fda173c Bump up Clair to v2.0.9
Fixes #8584

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-08-19 16:19:29 +08:00
stonezdj
5fa8eb7854 Set default email to null if not provided
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-08-19 15:20:44 +08:00
Daniel Jiang
b15c6bcdc7
Merge pull request #8259 from amritanshu-pandey/feature/fix-typos
fix typos in prepare script
2019-08-19 15:09:24 +08:00
wang yan
6e11ecc6fc Update codes per review comments
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-16 14:58:52 +08:00
Wenkai Yin
48b067f596 Handle the retention task status updating in concurrency
Compare the status code when updating retention task status to avoid the concurrent issue

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-15 18:36:18 +08:00
He Weiwei
98e1f68468 feat(configuration,db): connection pool configs for db
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-14 14:30:34 +08:00
Daniel Jiang
ca585f8b9c
Merge pull request #8640 from ninjadq/fix_permission_of_nginx_cert
Fix permission of nginx cert
2019-08-14 14:23:40 +08:00
Wenkai Yin(尹文开)
a6445c1ebe
Merge pull request #8472 from kofj/feature/proxy
Proxy
2019-08-13 12:27:19 +08:00
Qian Deng
b4975d8601 Fix nginx permission issue
* mount root of host
* copy file to data dir and change ownership and permission

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-13 02:59:27 +00:00
jwangyangls
fd6a422bf8
Merge pull request #8605 from jwangyangls/fix-Link-to-license-hardcoded
Fix issue width Link to license in the about dialog should not be hardcoded to master
2019-08-12 10:50:18 +08:00
疯魔慕薇
3e8a73ca1e Proxy
1. Global proxy config for components.
2. Prepare proxy configure for clair, core and jobservice.

Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com>
2019-08-11 00:24:18 +08:00
Wang Yan
54a39c7159
Merge pull request #8597 from heww/size-quota
refactor(quota,middleware): implement size quota by quota interceptor
2019-08-09 15:44:33 +08:00
Yogi_Wang
53bd4d7897 Fix issue width Link to license in the about dialog should not be hardcoded to master
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-08-09 13:26:43 +08:00
He Weiwei
e62c29123d refactor(quota,middleware): implement size quota by quota interceptor
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-08 23:55:54 +00:00
Qian Deng
a935823e3d
Merge pull request #8362 from ninjadq/non-root-contaienr
Non root contaienr
2019-08-08 17:34:25 +08:00
DQ
131d26c0f8 Docker compose check function need updated to 1.23.0+
Signed-off-by: DQ <dengq@vmware.com>
2019-08-08 14:22:03 +08:00
Jakub Onderka
8f83310022 nginx: Remove TLSv1.1 support
Signed-off-by: Jakub Onderka <jakub.onderka@gmail.com>
2019-08-07 17:51:31 +02:00
guanxiatao
7e40e335b7 add sql schema
Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>

Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>
2019-08-07 21:35:46 +08:00
王添
94d4f9c6b6 add webhook job
Signed-off-by: 王添 <wangtian@corp.netease.com>
2019-08-07 20:56:31 +08:00
Steven Zou
f3ba25f656
Merge pull request #8536 from bitsf/tag_retention_task_num
add task retain num
2019-08-07 17:39:39 +08:00
DQ
057bc34703 Fix: registry log level rendering issue
when log level is warning, the actual value of registry should be warn

Signed-off-by: DQ <dengq@vmware.com>
2019-08-07 14:35:36 +08:00
Qian Deng
dacb1fc79e Add healthcheck in Dockerfile* redis* jobservice
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 13:16:12 +00:00
Qian Deng
89d6370201 Remove ruby dependency while build portal
Python is already intalled in node image. so we can use python to parse yaml file

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
303471563f DB container run as non-root
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
8b7f1ae4c0 Add proxy nginx container as non-root user
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
f8a8040c8f Add notary as non-root user
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
29727148b3 Running job service with non-root container
job-service running with 10000:10000 user

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Qian Deng
e62a9f1e18 Running redis using non-root user
redis running with user redis

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Qian Deng
904f04fac1 Enhance: Running contaienr with non-root user
* core
* portal

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Qian Deng
96b62e5741 Make core container to non-root user
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Daniel Jiang
eec4fc2798 Remove clair notifier
The way Harbor handles notification is problematic.
It currently triggers rescan, which will cause problem when there are
lot of images in the registry.
Such as #7316
This commit removes the notifier and we need to revisit the notification
to figure out how to map the notification to a particular image if need
the notification mechanism in future.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-08-06 01:58:15 +08:00
Ziming Zhang
026aee75d9 add task retain num
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I2f8b89454fe3bb9b56af237048c9e2b90783f434
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-08-05 17:57:09 +08:00
Daniel Jiang
bd32787813
Merge pull request #8540 from JakubOnderka/patch-2
nginx.https.conf.jinja template indention fix
2019-08-02 17:52:51 +08:00
Jakub Onderka
53b5dcfece nginx.https.conf.jinja template indention fix
Signed-off-by: Jakub Onderka <jakub.onderka@gmail.com>
2019-08-01 22:24:19 +02:00
wang yan
6987825ffd Delete the nono scan all schedule in migration
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-01 16:59:13 +08:00
wang yan
4410cc93f9 add internal reg request handler chain
this is for internal registry api call, the request should be intercpeted by quota middlerwares, like retag and delete.
Note: The api developer has to know that if the internal registry call in your api, please consider to use
NewRepositoryClientForLocal() to init the repository client, which can handle quota change.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-07-30 19:39:56 +08:00
Wenkai Yin(尹文开)
7fd06edccf
Merge pull request #8451 from ywk253100/190729_retention_task
Add property "repository" to retention task
2019-07-29 17:18:42 +08:00
Ziming Zhang
ba47b4c00f get execution status on the fly
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: Iefcf8946d7a2c7a27bc22bd326ee9723b4b79c66
2019-07-29 14:48:39 +08:00
Wenkai Yin
a55860d2df Add property "repository" to retention task
Add property "repository" to retention task

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-29 13:47:18 +08:00
Wenkai Yin(尹文开)
d45674960f
Merge pull request #8417 from goharbor/project-quota-dev
Add feature project quota dev
2019-07-26 15:41:09 +08:00
Wenkai Yin
2e9521ad45 Support to stop one execution of retention
Support to stop one execution of retention

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-25 16:48:00 +08:00
wang yan
4763864dae merge with latest master code with quota feature branch
Signed-off-by: wang yan <wangyan@vmware.com>
2019-07-24 08:47:05 -07:00
Ziming
43c2af9857 map retention with policy (#8313)
Signed-off-by: Ziming Zhang <zziming@vmware.com>

Implement the API and controller of tag retention
 - API handler
 - retention controller
 - dao
2019-07-24 17:22:26 +08:00
He Weiwei
ce58c58c01 feat(quota,api): quota support for create project API
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-07-24 01:02:51 +08:00
Wenkai Yin
03cc8046eb Implement the task management in retention manager
Implement the task management in retention manager

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-23 19:23:04 +08:00
Wenkai Yin
7362fae7cc Implement a common scheduler
Implement a common scheduler that can be used globally

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-23 17:20:31 +08:00
He Weiwei
9c9b8d3a6d Merge branch 'master' into project-quota-dev 2019-07-19 10:02:51 +08:00
Steven Zou
746d082e2e Merge branch 'master' into feature/tag_retention 2019-07-18 10:40:49 +08:00
Daniel Jiang
e0e6a1d30b
Merge pull request #8301 from ninjadq/external_endpoint_support
Add supoort for external endpoint
2019-07-18 01:36:08 +08:00
Qian Deng
739b4723db
Merge pull request #8308 from ninjadq/upgrade_chartmuseum_2_v0_9_0
Upgrade chartmuseum from v0.8.1 to v0.9.0
2019-07-17 16:48:52 +08:00
DQ
6cf4596292 Add supoort for external endpoint
Add config item in harbor.yml
Make fowarding rule configurable

Signed-off-by: DQ <dengq@vmware.com>
2019-07-17 16:23:37 +08:00
Wenkai Yin(尹文开)
a64e089773
Merge pull request #8210 from stonezdj/http_group_dao2
Add HTTP group support
2019-07-17 15:22:36 +08:00
Qian Deng
5cd3594f20 Upgrade chartmuseum from v0.8.1 to v0.9.0
Signed-off-by: Qian Deng <dengqian0826@gmail.com>
2019-07-17 06:45:23 +00:00
Ziming Zhang
815901ea33 fix
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I3f2d3c7f1e32b4983c31c23d9753f04239e3c82f
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-07-16 19:24:40 +08:00
stonezdj
bb2ae7c093 Add HTTP group feature
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-07-16 15:38:46 +08:00
wang yan
105518fe12 Merge branch 'master' of https://github.com/goharbor/harbor into project-quota-dev 2019-07-16 14:51:37 +08:00
Amritanshu Pandey
bde54cf938 fix typos
Signed-off-by: Amritanshu Pandey <amp.msit@gmail.com>
2019-07-15 04:28:10 +00:00
wang yan
24c3753581 add dao of artifact
Signed-off-by: wang yan <wangyan@vmware.com>

Add dao for quota

Signed-off-by: He Weiwei <hweiwei@vmware.com>

fix govet

Signed-off-by: wang yan <wangyan@vmware.com>
2019-07-08 23:42:50 +08:00
Ronald van Butselaar
7cd29b399a Add SELinux label to all volumes inside prepare script
Signed-off-by: Ronald van Butselaar <ronald@vbutselaar.nl>
2019-06-28 16:21:39 +02:00
Steven Zou
5521b7b7ad
Merge pull request #7915 from bitsf/replication_ecr_1.9
aws driver for replication
2019-06-27 11:24:54 +08:00
Daniel Jiang
4aca812ff2 API for system level vulnerability whitelist
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-06-26 23:35:40 +08:00
Ziming Zhang
072bdd101b aws driver for replication
Change-Id: I8792ffce2eaa5975359bb6159a1ba7b85926a925
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-06-25 19:11:27 +08:00
stonezdj
a8cd1bca59 Change the mount target of gcs.key file
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-06-16 13:34:32 +08:00
Wenkai Yin
1ceb7a2fb9
Merge pull request #7825 from ninjadq/update_installation_doc
Update doc caused by refactor prepare
2019-05-17 10:02:47 +08:00
Qian Deng
48151f6d46 Update doc caused by refactor prepare
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-16 23:01:12 +08:00
Wenkai Yin
64cacc99e0
Merge pull request #7750 from liqiang-fit2cloud/fix-7288
Fix issue: harbor 1.7.4 aliyun oss chartmuseum 500
2019-05-16 18:23:35 +08:00
Qian Deng
f75a60f300 Fix typo
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-16 15:15:42 +08:00
Qian Deng
f4ac7f9b4a
Merge pull request #7816 from ninjadq/fix_typo_of_azure
fix typo of azure config
2019-05-16 10:53:22 +08:00
Qian Deng
ea889d5a50 Fix typo in azure config
Fix typo in chart azure

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-15 18:25:34 +08:00
Wenkai Yin
1a8a55855b Add "MaxMessageSize" to the config of rsyslogd
Add "MaxMessageSize" to the config of rsyslogd to avoid the mess of log file when the size of one log line > 8k

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-05-15 18:10:22 +08:00
Qian Deng
1677686140 Made logs in jobservice configurable
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-15 10:57:42 +08:00
Qian Deng
4188c4db76
Merge pull request #7719 from ninjadq/fix_chart_relative_url_issue
Fix chart relative url issue
2019-05-15 10:02:07 +08:00
stonezdj(Daojun Zhang)
47f24cab4b
Merge pull request #7770 from ninjadq/fix_typo_in_registry_config
Typo in registry config
2019-05-14 13:58:03 +08:00
Qian Deng
f607c5177d Fix frontend failure caused by absolute path
Fix failures because front downlowd chart using relative path

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-14 13:22:06 +08:00
Qian Deng
3022b617f2 Add chart absolute url item in config
Add a config item to enable and disalbe chart_url

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-14 12:56:20 +08:00
Qian Deng
cd6c5a9f10 Enable absolute url in helm chart
assign public_url to chart-url
remove namespace merge in index.yaml

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-14 12:56:20 +08:00
Qian Deng
41e399dec0 Fix issue caused by notary default_alias
Fix notary issue

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-13 18:43:15 +08:00
Qian Deng
6db39f9c71 Typo in registry config
it should be disable not disabled

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 23:08:21 +08:00
Wenkai Yin
a2e7692f10 Document how to use the external database in installation guide (#7761)
Document how to use the external database in installation guide. Fixes #7189

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-05-10 17:16:58 +08:00
Wang Yan
e7f5954c71
Fix migrator scan all schedule from v1.7.0 (#7763)
In v1.7.0, it creates an record for scan all but without cron string, just update the record with the cron in properties.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-05-10 17:08:52 +08:00
Qian Deng
439b44c61f Fix public url shoud not display port is it's default value (#7760)
if https port is 443 or http port is 80, then only showing url

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 16:53:25 +08:00
Qian Deng
eba20baba5
Merge pull request #7612 from ninjadq/fix_tls_related_issues
Fix tls related issues
2019-05-10 16:36:51 +08:00
Daniel Jiang
0b0fad04e9
Merge pull request #7757 from reasonerjt/install-sh-chk
Fix a bug of checking docker version in install.sh
2019-05-10 15:42:34 +08:00
Qian Deng
d255e66604 Remove -it in docker run
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 15:31:58 +08:00
Qian Deng
286167ad74
Merge pull request #7755 from ninjadq/fix_rendering_none_in_jinja
Fix None rendered in jinja2
2019-05-10 14:59:21 +08:00
Daniel Jiang
b802f14e1f Fix a bug of checking docker version in install.sh
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-05-10 13:55:04 +08:00
Wang Yan
ef4afff8b0
Update default value of external_database (#7756)
Signed-off-by: wang yan <wangyan@vmware.com>
2019-05-10 13:41:47 +08:00
Qian Deng
f9f9661acd New type of bind volume
using long style bind volume

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 13:18:48 +08:00
Qian Deng
cd9932db23 Update the path of server.key and server.crt
change the path of cert key paris to prevent futrue issues.

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 13:18:48 +08:00
Qian Deng
3dfebed98e Enhance: Add an empty cert files if not exist
To avoid confusion error message

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 13:18:48 +08:00
Qian Deng
6ea0514bb7 Revert "Set default mode to https"
This reverts commit 8a308a63e2.

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 13:18:48 +08:00
Qian Deng
96bb638067
Merge pull request #7749 from reasonerjt/install-sh-chk
Update the version check in install.sh
2019-05-10 12:56:37 +08:00
Qian Deng
0aaccf62b2 Fix None rendered in jinja2
jinja2 render None to empty string

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 12:17:02 +08:00
Qian Deng
bb66358df8 Update migratrion script (#7728)
* Fix migration script

1. port is string when parsed from configparser
2. remove index and db_user in if condition

Signed-off-by: Qian Deng <dengq@vmware.com>

* Add port to public_url

Add port to public_url

Signed-off-by: Qian Deng <dengq@vmware.com>

* Customized value for notary and clair

db config in notary and clair is hardcoded

Signed-off-by: Qian Deng <dengq@vmware.com>

* Add notary and clair db config in harbor.yml

Add notary clair config to harbor.yml and fix related regression

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 10:44:05 +08:00
Wang Yan
774a9f8d75
Remove unused configure item cfg_expiration (#7744)
Signed-off-by: wang yan <wangyan@vmware.com>
2019-05-09 22:07:18 +08:00
Wenkai Yin
5ce57a24ac
Merge pull request #7739 from ywk253100/190508_upgrade
Fixes #7693, the filters of replication policy is lost after upgrade
2019-05-09 20:16:13 +08:00
Daniel Jiang
4c18f487ad Update the version check in install.sh
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-05-09 19:18:52 +08:00
liqiang-fit2cloud
218889acdd Fix issue: https://github.com/goharbor/harbor/issues/7288
Signed-off-by: liqiang-fit2cloud <liqiang@fit2cloud.com>
2019-05-09 18:57:57 +08:00
Qian Deng
39f2bf2dfe
Merge pull request #7639 from ninjadq/fix_chart_storage_issue
Fix chart storage keyfile issue in gcs
2019-05-09 16:26:03 +08:00
Daniel Jiang
a67cc2b8b5
Merge pull request #7640 from ninjadq/remove_env_duplicate_items
Remove duplicate env items
2019-05-09 15:35:26 +08:00
Wenkai Yin
8ca3c44b87 Fixes #7693, the filters of replication policy is lost after upgrade
Fixes #7693, the filters of replication policy is lost after upgrade

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-05-09 14:13:32 +08:00
Qian Deng
322b108acf Remove duplicate env items
some env items are duplicate in both env and config_env file

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-09 10:55:39 +08:00
Qian Deng
d0e5936665 Fix chart storage keyfile issue in gcs
Add volumn binding on docker-compose.yml

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-08 19:20:36 +08:00
Wang Yan
095f7b2ff7
add scan all and gc schedule migration (#7628)
* add scan all and gc schedule migration

Signed-off-by: wang yan <wangyan@vmware.com>

* Fix gofmt errors

Signed-off-by: wang yan <wangyan@vmware.com>

* Update code according to review comments

Signed-off-by: wang yan <wangyan@vmware.com>

* remove convertschedule return name just return value

Signed-off-by: wang yan <wangyan@vmware.com>
2019-05-08 19:11:33 +08:00
Qian Deng
3550e2eb23
Merge pull request #7624 from ninjadq/prepare_for_harbor_tile
Prepare for harbor tile
2019-05-08 17:45:38 +08:00
Qian Deng
a70202f063 Add redirect disable item
if set storage redirect disable ture, will render it in registry config file

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-08 16:05:22 +08:00
Qian Deng
c44e3bf9d1 Clean admin server related config (#7615)
Clean up the admin_server

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-08 10:56:56 +08:00
Qian Deng
30918eff61
Merge pull request #7652 from reasonerjt/uaa-ca-file
Alow user to set CA cert for UAA in harbor.yml
2019-05-07 12:36:00 +08:00
Qian Deng
bed60352bd
Merge pull request #7329 from ninjadq/migration_script_to_1_8_0
Add migration script from 1.7.0 to 1.8.0
2019-05-07 10:53:51 +08:00
Wenkai Yin
d27a6c0335 Fix a few bugs of replication (#7619)
1. handle the public/private property when creating the projects
2. extend the length of access_secret
3. update the task status by using orm functions

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-05-07 10:47:14 +08:00
Daniel Jiang
0bb2829d27 Alow user to set CA cert for UAA in harbor.yml
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-05-06 17:32:02 +08:00
Wang Yan
a1ad6374ae
add install cert for registry contoller (#7633)
Mount the ca bunlder into registry controller, and add them into os
trust store that resolves the problem of garabe collection on ca
enabled registry.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-05-05 15:24:52 +08:00
Qian Deng
71104011b3 Enhance: Read prepare dir in Env fisrt
If HARBOR_BUNDLE_DIR is exist, then get dir value from this.

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-30 16:16:06 +08:00
Qian Deng
fdd8ba7b83
Merge pull request #7600 from reasonerjt/fix-harbor-yml-typo
Fix typo in harbor.yml
2019-04-30 11:00:58 +08:00
Daniel Jiang
b5f2f71394 Fix typo in harbor.yml
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-29 18:51:00 +08:00
Qian Deng
c06c3fd08d Fix cannot load external configs of database (#7591)
Fix that when loading external db config wrong varible used

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-29 15:34:12 +08:00
Daniel Jiang
5cd3c039a9
Merge pull request #7463 from reasonerjt/regen-cli-secret
Provide API to generate CLI secret
2019-04-22 14:54:20 +08:00
Daniel Jiang
1fdc2e6ba9 Provide API to generate CLI secret
This commit provide an API to allow a user that is onboarded via OIDC
authn update his CLI secret.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-22 13:34:12 +08:00
Qian Deng
f742c415ad Upgrade the version of jinja2
Prevent verneribility issue

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-22 10:58:44 +08:00
Daniel Jiang
71cd51c9f4
Merge pull request #7326 from ninjadq/default_config_to_https
Set default mode to https
2019-04-22 09:24:39 +08:00
Wenkai Yin
a5cc228781
Merge pull request #7420 from ywk253100/190417_revert_local_harbor
Update the migration sql
2019-04-17 19:58:31 +08:00
wang yan
e017294f71 merge with master latest
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-17 17:52:39 +08:00
Wenkai Yin
547c2337de Update the migration sql
1. Update the migration sql
2. Rename the ResourceRepository from repository to image

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-17 17:18:03 +08:00
Qian Deng
8a7d04ef47
Merge pull request #7387 from ninjadq/add_compatibility_in_registry
Add compatibility config
2019-04-17 16:30:04 +08:00
Qian Deng
85fdf885e8
Merge pull request #7386 from ninjadq/fix_http_scheme_on_install_sh
Fix: grep https not work
2019-04-17 16:29:35 +08:00
Qian Deng
c1e676ad99 Add migration script from 1.7.0 to 1.8.0
Add jinja2 to migrator
Add template to migrator
Add config upgrading script

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-17 15:14:54 +08:00
Wenkai Yin
6e0d892963 Support creating project with service account
This commit introduces a solution to workaround the restriction of project creation API: only normal users can create projects

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-17 14:50:32 +08:00
Qian Deng
8a308a63e2 Set default mode to https
Default mode to https
The cert file value is set to previous version style

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-16 15:50:12 +08:00
Qian Deng
aad63e7ae5 Add compatibility config
Add compatibility config in registry.yml

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-16 15:44:47 +08:00
Qian Deng
9ddfd259d3 Fix bug when rendering port in proxy
rendering 443 when https enabled
rendering 4443 when notary enabled

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-16 11:20:13 +08:00
Qian Deng
0e8436263f Fix: grep https not work
Add space before right braket

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-15 14:32:36 +08:00
cd1989
27c1bdc5e2 Fix make prepare problem
Signed-off-by: cd1989 <chende@caicloud.io>
2019-04-10 19:48:13 +08:00
Daniel Jiang
0a2343f542 Support secret for docker CLI
As CLI does not support oauth flow, we'll use secret for help OIDC user
to authenticate via CLI.
Add column to store secret and token, and add code to support
verify/refresh token associates with secret.  Such that when the user is
removed from OIDC provider the secret will no longer work.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-10 19:38:11 +08:00
Daniel Jiang
a243c7f05a
Merge pull request #7330 from wy65701436/reg-271
Patch regsitry v2.7.1 with fix on distribution issue 2819
2019-04-10 09:45:56 +08:00
wang yan
469473b31c Patch regsitry v2.7.1 with fix on distribution issue 2819
This commit is to build a regsitry bases on v2.7.1 code and introduces
an fix on issue #2819, this is a P0 bug on v2.7.1 which causes GCS doesn't
work well on v2.7.1

For more details, refer to https://github.com/docker/distribution/pull/2821

Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-09 18:42:29 +08:00
cd1989
92b04cffd5 Fix make prepare problem
Signed-off-by: cd1989 <chende@caicloud.io>
2019-04-09 17:02:09 +08:00
Wenkai Yin
580674f3da Merge remote-tracking branch 'upstream/master' into 190409_sync 2019-04-09 17:01:09 +08:00
Qian Deng
deba378842 Enhance: Refacotr Registry config file
1. Refactor registry configs
2. cp gcs keyfile is exist

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-09 14:40:41 +08:00
Qian Deng
74c4e243e3 Refator the host related config
1. Refactor host config
2. Refactor certiface config
3. Add port config
4. Add log info config

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-09 12:55:07 +08:00
Qian Deng
fef7702e9a Enhance: Refactor the config parse logic
Refactor the config parse logic

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-09 12:55:07 +08:00
Qian Deng
ac1b7bb1fb Enhance: remove the reload key item
Remove the reload_config item in config file

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-09 12:55:07 +08:00
Qian Deng
cd65b68ab3 Enhance: Refactor the format
Refactor the whole structure of harbor.yml

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-09 12:55:07 +08:00
Wenkai Yin
4ffa0c3da0 Upgrade the replication_job table
This commit migrates the replication_job table, add one execution record and one task record for each job

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-08 22:23:53 +08:00
Wenkai Yin
e8fe2aa60c Upgrade the registry and replication policy tables
Upgrade the registry and replication tables in database

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-05 13:25:00 +08:00
Wenkai Yin
b66b1f341e Merge remote-tracking branch 'upstream/master' into 190404_sync 2019-04-04 14:55:09 +08:00
Yan
0de5999f52 add the controller for ocdi onboard user
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-03 09:52:22 +08:00
Wenkai Yin
4484bca756 Fix replication related issues
1. Add operation property for tasks
2. Add trigger property for executions
3. Update the getting registry info API to allow passing 0 as ID to get the info of local Harbor registry

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-02 14:26:17 +08:00
Qian Deng
15c2c9048f Fix: clair env file should using empty string is not exist
This is quick fix, further fixs will in the config refactor PR

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-04-01 18:12:34 +08:00
Wenkai Yin
8c7b63bac2
Merge pull request #7248 from ywk253100/190326_event
Add event based trigger and scheduled trigger
2019-03-29 14:58:09 +08:00
Wenkai Yin
4f8e283e8e Add event based trigger and scheduled trigger
This commit implements the event based trigger and scheduled trigger in replilcation

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-03-29 13:48:34 +08:00
Qian Deng
cb846bd936 Fix: copy upstream file to nginx config file
Copy notary.upstream.conf to nginx config file

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-27 17:56:31 +08:00
Wenkai Yin
017bba8dc1 Merge remote-tracking branch 'upstream/master' into 190327_sync 2019-03-27 11:43:51 +08:00
wang yan
1ba1c5726a Upgrade node version to 10.15
To fix the issue https://lists.debian.org/debian-devel-announce/2019/03/msg00006.html,
it needs to upgrade node to 10.15, which has pitched the fix.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-03-27 10:47:13 +08:00
Qian Deng
215149fc2f
Merge pull request #7206 from ninjadq/update_pyyaml_version
Fix: upgrade pyyaml version to 4.2b1
2019-03-26 15:11:42 +08:00
Qian Deng
df2425a02b Fix: upgrade pyyaml version to 4.2b1
Because previous version has security issue

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-22 19:05:16 +08:00
Qian Deng
e538a4c448 Fix: install.sh failure if $host env is setted (#7203)
Fix sed replace cmd

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-22 19:04:40 +08:00
Wenkai Yin
49cf50adb1 Merge remote-tracking branch 'upstream/master' into 190324_sync
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-03-22 15:55:52 +08:00
Qian Deng
ba4764c61d
Merge pull request #6755 from ninjadq/refactor_prepare
Refactor the prepare script
2019-03-22 14:54:30 +08:00
Qian Deng
fcdab4d4af Fix: packaging offline in new prepare
This new prepare script now support offline packaging

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-22 13:56:15 +08:00
Meina Zhou
130e132f86 Merge branch 'master' into replication_ng
Signed-off-by: Meina Zhou <meinaz@vmware.com>
2019-03-21 14:16:33 +08:00
Qian Deng
0c84751a10 Enhance: Refactor the notary structure
1. Update notary template on docker-compose
2. automatic generate cert if not exist

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-18 10:20:42 +08:00
Qian Deng
93af296eeb Enhance: refactor the mount dirs and workflow of generate cert
mount a temp dir input for all input files and configs
generated secrets file stored in data volumns keys dir
certs file stored in data volumns nginx dir

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-15 15:51:11 +08:00
Che-Wei Lin
7aa00aee87 fix hostname command not found (#7045)
Signed-off-by: mycroftlin <mycroftlin@tencent.com>
2019-03-15 10:52:47 +08:00
peimingming
4efad287ce Add execution and hooks
Signed-off-by: peimingming <peimingming@corp.netease.com>
2019-03-13 09:35:01 +08:00
Wenkai Yin
53529b4b1b Merge the sql script into one file
Keep all the sql script for v1.8 in only one file

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-03-11 20:38:45 +08:00
Wenkai Yin
772367498f Merge remote-tracking branch 'upstream/master' into 190311_sync 2019-03-11 20:34:49 +08:00
慕薇疯魔
1039800fa9 1. Migration for policy manager.
2. Clear test database after run test.
3. UT for policy manager and dao.

Signed-off-by: 慕薇疯魔 <kfanjian@gmail.com>
2019-03-11 16:01:31 +08:00
Qian Deng
b0f158c4c8 Add migratior script
Add migrator template and script

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-08 16:46:14 +08:00
Qian Deng
7b7cb82f86 Enhance: refactor the format of harbor.yml
refactor the format of the harbor.yml configuration items

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-08 16:46:13 +08:00
Qian Deng
ab7c81dac6 Fix: the adminserver caused regression
Remove some code related to adminserver
Fix some issues by adminserver removeing

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-08 16:46:13 +08:00
Qian Deng
5f80fe7b8a Refacotr the prepare script base on the proposal https://github.com/goharbor/community/pull/22
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-03-08 16:46:13 +08:00
cd1989
8732a20709 Rewrite registry manager with new interface
Signed-off-by: cd1989 <chende@caicloud.io>
2019-02-27 11:54:04 +08:00
Wenkai Yin
b530905b40 Update the upgrade sql to fix #6698
This commit updates the upgrade sql script to fix #6698: cannot recreate the same name replication policy after it is deleted

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-02-26 15:15:08 +08:00
wang yan
91aa67a541 Update expiration variable name to expiresat/tokenduration
Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-25 11:55:42 +08:00
wang yan
36a778b482 Update expiration schema to bigint and default unit to minute
Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-22 18:42:43 +08:00
wang yan
47a09b5891 add expiration of robot account
This commit is to make the expiration of robot account configurable

1, The expiration could be set by system admin in the configuation page or
by /api/config with robot_token_expiration=60, the default value is 30 days.
2, The expiration could be shown in the robot account infor both on UI and API.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-22 18:42:34 +08:00
stonezdj
0cba36d79f Remove everything of adminserver
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-02-22 16:34:39 +08:00
He Weiwei
f19ad5c522 Disable validation for registry (#6993)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-02-22 10:30:40 +08:00
Daniel Jiang
1832699e93 Bump up the migrate tool of notary
fixes #5863
The migrate binary that we include in notary is quite out dated.
Additionally it introduced a breaking change, more details see #5863

In this commit a go program was added to workaround this issue to ensure the
migration process works, and refined bootstrap scripts and make process accordingly.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-02-21 00:36:24 -08:00
Steven Zou
056ccbac41
Merge pull request #6931 from ninjadq/bump_chart_version
Enhhance: bump chartmuseum version to 0.8.1
2019-02-20 14:51:07 +08:00
Wenkai Yin
38d3c33ce4
Merge pull request #6729 from stonezdj/ref_admin_replace_backup
Refactor adminserver stage3
2019-02-19 13:52:46 +08:00
Wenkai Yin
696264bee9 Run logrotate as user 10000 to avoid issue #6895 (#6913)
This commit fixes issue #6895 by running logrotate with user 10000

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-02-19 13:18:45 +08:00
stonezdj
c9a8de9002 copy migration script to core container instead of mount volumn
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-02-18 14:06:19 +08:00
stonezdj
1ae5126bb4 Refactor adminserver stage 3: replace config api and change ut settings
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-02-18 14:06:19 +08:00
Qian Deng
4a4ebc2fba Enhhance: bump chartmuseum version to 0.8.1
bump the version of chartmuseum to 0.8.1

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-02-15 15:19:53 +08:00
Daniel Jiang
81639e2110
Merge pull request #6865 from wy65701436/remove-token
Remove the token attribute from robot table
2019-02-13 19:23:06 +08:00
Wenkai Yin
cd57f70f2f
Merge pull request #6901 from wy65701436/upgrade-registry-270
Upgrade registry binary to v2.7.1
2019-02-13 19:01:37 +08:00
Yan
161f2127e2
Fix format of makefile (#6909)
Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-13 10:54:32 +08:00
wang yan
c77b387c53 Upgrade registry binary to v2.7.0
Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-13 10:24:08 +08:00
Yan
5412e581de
Add a flag judging on building migrator (#6905)
This commit is to add a flag judging when to build image of migator, which is not necessary.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-12 20:33:42 +08:00
wang yan
5d6a28d73e Remove the token attribute for robot table
This commit is to remove the token attribute as harbor doesn't store the token in DB.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-30 23:56:23 +08:00
He Weiwei
3f8e06a8bc Support master role for project member create and update apis (#6780)
* Support master role for project member create and update apis

Signed-off-by: He Weiwei <hweiwei@vmware.com>

* Fix description for role_id in swagger.yaml

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-01-23 14:56:23 +08:00
Daniel Jiang
a1d4bfd332
Merge pull request #6344 from reasonerjt/bump-up-golang
Bump up golang to 1.11.2
2019-01-11 16:15:59 +08:00
Daniel Jiang
5d59d6fab8 Bump up golang to 1.11.2
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-01-11 14:44:32 +08:00
Daniel Jiang
80af81154c
Merge pull request #6702 from wy65701436/robot-db-scheme
Add DB table for robot account
2019-01-10 14:25:58 +08:00
wang yan
db09f9f101 Update token length and upper case the sql key words
Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-09 10:00:54 +08:00
wang yan
362a0638d0 Add DB table for robot account
This commit is to add DB scheme for robot account and update the db orm releated.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-08 18:46:16 +08:00
Wenkai Yin
edcbb8f29f Update the upgrade sql to rename the duplicate records
Rename the "name" colume in table "replication_policy" and "replication_target" before adding the "UNIQUE" constraint to avoid the upgrade failure

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-01-04 14:55:33 +08:00
overdogwatch
a8d0ab1a21 Update Dockerfile
I guess that the purpose of this check is to verify that the container is listening on port 10514. Healthcheck default timeout is 30 sec. In places where the DNS resolver is not working properly, this check could take more than 30 sec, which leads to decide that the container health is unhealthy. I advise you to add to your check the option n, which prevents netstat trying to determine the symbolic host.

Signed-off-by: overdogwatch <overdogwatch@gmail.com>
2018-12-27 09:47:48 +02:00
Qian Deng
af7b61ebd5 Add customized config file for proxy
This is a solution for product that using harbor as proxy to add customized location

Signed-off-by: Qian Deng <dengq@vmware.com>
2018-12-26 13:35:07 +08:00
Meina Zhou
d45ccbbb29 add developer center in swagger ui way
Signed-off-by: Meina Zhou <meinaz@vmware.com>
2018-12-13 15:17:38 +08:00
Daniel Jiang
481bdb01a2
Merge pull request #6409 from ninjadq/upgrade_config_2_170
Feat: Upgrade harbor.cfg from 1.6.0 to 1.7.0
2018-12-04 01:05:59 -08:00
Qian Deng
7647e688fd Feat: Upgrade harbor.cfg from 1.6.0 to 1.7.0
Add script to upgrade harbor.cfg

Signed-off-by: Qian Deng <dengq@vmware.com>
2018-12-04 10:36:11 +08:00
Steven Zou
ec2ad4d0b8
Merge pull request #6093 from cd1989/replication-record-id
Add op uuid to image replication
2018-11-30 14:54:43 +08:00