As CLI does not support oauth flow, we'll use secret for help OIDC user
to authenticate via CLI.
Add column to store secret and token, and add code to support
verify/refresh token associates with secret. Such that when the user is
removed from OIDC provider the secret will no longer work.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
* add authn proxy docker login support
User could use the web hook token issued by k8s api server to login to harbor.
The username should add a specific prefix.
Signed-off-by: wang yan <wangyan@vmware.com>
* update code per review comments
Signed-off-by: wang yan <wangyan@vmware.com>
* Add UT for auth proxy modifier
Signed-off-by: wang yan <wangyan@vmware.com>
Previously the settings of HTTP authproxy were set in environment
variable.
This commit move them to the configuration API
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is to make the expiration of robot account configurable
1, The expiration could be set by system admin in the configuation page or
by /api/config with robot_token_expiration=60, the default value is 30 days.
2, The expiration could be shown in the robot account infor both on UI and API.
Signed-off-by: wang yan <wangyan@vmware.com>
This commit is to do:
1, Add post response on creating robot account
2, Lower-case the attribute of response
Signed-off-by: wang yan <wangyan@vmware.com>
Add API implementation of robot account
1. POST /api/project/pid/robots
2, GET /api/project/pid/robots/id?
3, PUT /api/project/pid/robots/id
4, DELETE /api/project/pid/robots/id
Signed-off-by: wang yan <wangyan@vmware.com>
Fixes#6115
As for the change in migration sql file, in 1.7 we'll switch to
jobservice for scheduling "scan all" job. To avoid inconsistency,
this item will be reset and user will need to configure the policy again.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
- add new interface method to get total count of charts under namespaces by calling get index
- add new field 'chart_count' in project model
- append chart count to the project model in project API
Signed-off-by: Steven Zou <szou@vmware.com>
The sslmode of the connection with postgresql is hardcoded as "disable" currently, this commit expose it as an environment variable so that users can configure it
Signed-off-by: Wenkai Yin <yinw@vmware.com>
It supports Harbor admin to trigger job either manual or
schedule. The job will be populated to job service to execute.
The api includes:
1. POST /api/system/gc
2, GET /api/system/gc/:id
3, GET /api/system/gc/:id/log
4, PUT/GET/POST /api/system/gc/schedule
The project list will contain all public projects, user is a member of this project, or user is in the group which is a member of this projects.
Change the behaviour of user roles, if the user is not a member of this project, then return the user's groups role of current project
