This commit makes OIDC CLI secret filter allow more URLs so that the
OIDC CLI secret can be used for replication
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1, update typo in the update blob status sql, the typo will not impact the sql result.
2, correct blob status in the middleware & GC job log.
Signed-off-by: wang yan <wangyan@vmware.com>
* add debugging env for GC time window
For debugging, the tester/users wants to run GC to delete the removed artifact immediately instead of waitting for two hours, add the env(GC_BLOB_TIME_WINDOW) to meet this.
Signed-off-by: wang yan <wangyan@vmware.com>
1, The update blob status method should udpate the blob version of the blob object as well, otherwise the GC job cannot handle the blob status transform(none - delete - deleting - deletefailed)
as the method is using version equals as the query condition.
2, For the deleting blob which marked for more than 2 hours, it should be set to delete failed in head blob & put manifest request
Signed-off-by: wang yan <wangyan@vmware.com>
When to call,
~~~ REQUEST ~~~
GET /v2/conformance/testrepo/manifests/.INVALID_MANIFEST_NAME
Per OCI distribution spec, it has to return 404, instead of 400 (project name required)
Signed-off-by: wang yan <wangyan@vmware.com>
* handle blob status chanage in put blob middlware
After blob is uploaded success, the middleware will update the blob status accordingly.
Signed-off-by: wang yan <wangyan@vmware.com>
* move send error to source lib
Move the sendError into library in case the cycle dependency as regsitry and core are now the consumers.
Signed-off-by: wang yan <wangyan@vmware.com>
When scanner like trivy handles the auth flow to pull image, it pings
the /v2 and access the token service url in response body, by default it
will be external endpoint of Harbor.
There will be problem when Harbor is deployed on a single node with hairpinning not
supported.
This commit makes sure the address of token service in the challenge is
internal url of core component when the request is from internal.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit removes the EnsureArtifactDigest as its implementation is
problematic: the artifactinfo in context is immutable.
When the content trust middleware needs the digest it will retrieve it
via artifact controller.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1. Ignore limitation when refresh quota for project.
2. Return 403 when quota errors occurred.
3. Add test for Refresh method of quota controller.
Closes#11512
Signed-off-by: He Weiwei <hweiwei@vmware.com>
Fixes#11241
1, remove count quota from quota manager
2, remove count in DB scheme
3, remove UI relates on quota
4, update UT, API test and UI UT.
Signed-off-by: wang yan <wangyan@vmware.com>
1. Prevent the pull action when scan report status is not successfuly.
2. Bypass the checking when no vulnerabilities not found.
3. Improve the returned message when prevented the pull action.
Closes#11202
Signed-off-by: He Weiwei <hweiwei@vmware.com>
Docker CLI fails if it's not logged in upon seeing "basic" realm challenging while pinging the "/v2" endpoint. (#11266)
Some CLI will send HEAD to artifact endpoint before pushing (#11188)(#11271)
To fix such problems, this commit re-introduce the token auth flow to the CLIs.
For a HEAD request to "/v2/xxx" with no "Authoirzation" header, the v2_auth middleware populates the
"Www-Authenticate" header to redirect it to token endpoint with proper
requested scope.
It also adds security context to based on the content of the JWT which has the claims of the registry.
So a request from CLI carrying a token signed by the "/service/token" will have proper permissions.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Fixes#11206
1, fix middleware doesn't work for docker pull without auth
2, fix middleware doesn't bypass scanner pull
Signed-off-by: wang yan <wangyan@vmware.com>
That was added to support core process sending request to `/v2/xxx`.
It's no longer needed after reworking the flow.
This commit removes this.
Fixes#10602, as it's not a case we need to support for now.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
As we don't support bearer token in Harbor 2.0, the URL checking logic in auth proxy security generator should be updated
Signed-off-by: Wenkai Yin <yinw@vmware.com>
Fixes#11016
1. src/pkg/q->src/internal/q
2. src/internal->src/lib (internal is a reserved package name of golang)
3. src/api->src/controller
Signed-off-by: Wenkai Yin <yinw@vmware.com>
1. Skip vulnerability prevention checking when artifact is not
scannable.
2. Skip vulnerability prevention checking when artifact is image index
and its type is `IMAGE` or `CNAB`.
3. Skip vulnerability prevention checking when the artifact is pulling
by the scanner.
4. Change `hasCapability` from blacklist to whitelist.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
1, enable audit logs for notifications
2, move the handler and meatadata into API
3, use the notification middleware to send out notification
Signed-off-by: wang yan <wangyan@vmware.com>
the notification is for send out the event after DB transaction complete.
It's safe to send hook as this middleware is after transaction in the response path.
Signed-off-by: wang yan <wangyan@vmware.com>
1. Before put manifest request, ensure that the requested size resource
include the blobs which are referenced by the manifest but not
associated with project.
2. After put manifest request, associate the blobs which are referenced
by the manifest but not associated with project.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
Type assertion not work when the ctx in the request changed in the next
handler, so change to use value in the ctx to decide whether to commit
tx.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
To avoid depedency loop, this commit moves the model of ArtifactInfo to
internal pacakge, so that a controller can it from context when needed.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1. Introduce `Evaluator` interface which do the permission checking.
2. `admin`, `lazy`, `rbac`, `namespace` and `evaluartor` set are implemented the
`Evaluator` interface.
3. Move project rbac implemention from `project` to `rbac` pkg to reduce
the name conflict with project instance of model.
4. Do permission checking in security context by `Evaluator`.
5. Cache the regexp in rbac evaluator for casbin.
6. Cache evaluator in namespace evaluator to improve performance.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
1. Escape the path paramters before the APIs.
2. Unescape the path paramters in the Prepare stage of the swagger
operations.
Closes#10860
Signed-off-by: He Weiwei <hweiwei@vmware.com>
Scanner uses the robot account to pull image and scan, the policy checker should bypass the
pull action even the policy enabled, otherwise the scan job will fail.
Signed-off-by: wang yan <wangyan@vmware.com>
If "Www-Authenticate" header is set for Harbor management API, the browser will show a basic auth dialog when get 401 error, this commit moves the header to the registry APIs
Signed-off-by: Wenkai Yin <yinw@vmware.com>
1, Return DIGEST_INVALID error in delete manifest instead of NOT_FOUND
2, Disable return 500 in immutable middleware
3, Return empty array in catalog and tags API instead of null
Signed-off-by: wang yan <wangyan@vmware.com>
This commit replaces beego's CSRF mechanism with gorilla's csrf library.
The criteria for requests to skip the csrf check remain the same.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Remove it since we don's use bearer token as the registry token and the skipper of scanner pull will
be covered in the robot account access scope.
Signed-off-by: wang yan <wangyan@vmware.com>
1, Use signature manager to get signature
2, Check the immutable and signature status when deleting.
3, Remove the immutable middleware for delelte manifest
Signed-off-by: wang yan <wangyan@vmware.com>
use the tag controller to handle CRUD of tags, especially the delete scenario, it could validate
the immutable and signature. And move the code of tag handling from artifact controller to tag controller
Signed-off-by: wang yan <wangyan@vmware.com>
As we store the repository name in the artifact table, we can use it direclty in the code to reduce the database query
Signed-off-by: Wenkai Yin <yinw@vmware.com>
This commit gets rid of middleware info middleware, and make artifact
info the single source of truth in terms of the artifact a request
handles. Fixes#10574
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1. Add middleware to record the accepted blob size for stream blob
upload.
2. Add middleware to create blob and associate it with project after blob upload
complete.
3. Add middleware to sync blobs, create blob for manifest and associate blobs
with the manifest after put manifest.
4. Add middleware to associate blob with project after mount blob.
5. Cleanup associations for the project when artifact deleted.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
* refactor(scan,scanner): move scan and scanner controllers to api pkg
Signed-off-by: He Weiwei <hweiwei@vmware.com>
* feat(scan-all-job): move artifacts query from job to notification
Move artifact query from scan all job to its notification handler to
ensure that the components in pkg will not call controllers in api.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
* Populate signature status in artifact API
This Commit add signature status into response of list artifact API.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1. As "List" method of artifact DAO doesn't return the artifacts that referenced by other and without tag, so we introduce a new method "GetByDigest" to check the existence of artifact
2. The "Www-Authenticate" header is needed to be returned when the request is unauthorized. This is required in the OCI distribution spec and is needed when pushing CNAB
Signed-off-by: Wenkai Yin <yinw@vmware.com>
1. Escape and clean request path for `legacyAPISkipper`.
2. Escape and clean request path for `MethodAndPathSkipper`.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
This commit implements the API to get build history of image with manifest version 2 and populates the addition links when listing/getting the artifact
Signed-off-by: Wenkai Yin <yinw@vmware.com>
1. Add `NewContext` and `FromContext` funcs in security pkg.
2. Add `Name` func in `security.Context` interface to make the checking
for the `/api/internal/configurations` API clear.
3. Get the security from the context to prepare change the security
filter to middleware.
4. Remove `GetSecurityContext` in filter pkg.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
1. Add basic authorizer for registry which modify the request
to add basic authorization header to request based on configuration.
2. Set basic auth header for proxy when accessing registry
3. Switche the registry to use basic auth by default and use the basic
authorizer to access Harbor.
4. Make necessary change to test cases, particularly
"test_robot_account.py" and "docker_api.py", because the error is
changed after siwtched to basic auth from token auth. #10604 is opened
to track the follow up work.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
When the registry shifts from token auth to basic auth, we'll use the middleware to check permission.
This commit add middlewares for populate the artifact info and check
permission based on request to /v2/* api via security context
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1. Upgrade beego to v1.12.0
2. Add RequestID middleware to all HTTP requests.
3. Add Orm middleware to v2 and v2.0 APIs.
4. Remove OrmFilter from all HTTP requests.
5. Fix some test cases which cause panic in API controllers.
6. Enable XSRF for test cases of CommonController.
7. Imporve ReadOnly middleware.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
To move the regtoken middlware to new v2 handler framework, it parses the docker pull bearer token and check whether it's a scanner pull.
Signed-off-by: wang yan <wangyan@vmware.com>
To add a new middleware to resolve the manifest information from request path, then pass
it into the request context for later use.
Signed-off-by: wang yan <wangyan@vmware.com>
This commit adds several handlers to handle registry requests, some of the handlers aren't implemented yet, will be done later
Signed-off-by: Wenkai Yin <yinw@vmware.com>
