Commit Graph

746 Commits

Author SHA1 Message Date
Wenkai Yin
d74624d306 Iterate all paginations when listing projects and repositories (#7660)
Iterate all paginations when listing projects and repositories

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-05-07 13:34:48 +08:00
Wenkai Yin
e64a71d809
Merge pull request #7594 from wy65701436/fix-gc-log
Fix get log issue of Periodic job
2019-04-30 10:19:17 +08:00
He Weiwei
37a4f1c982 Remove push+pull action (#7571)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-04-29 15:37:10 +08:00
wang yan
02c7cbeec2 Fix get log issue of Periodic job
Use the latest error or success execution as the periodic job log

Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-29 15:30:05 +08:00
Wenkai Yin
c53d73775a
Merge pull request #7590 from reasonerjt/oidc-wrong-secret-err
Return more details for error in exchange token
2019-04-29 14:22:37 +08:00
Wang Yan
c26f655bce
add periodic job UUID to upstream job id and use execution log as the… (#7530)
* add periodic job UUID to upstream job id and use execution log as the periodic log

Signed-off-by: wang yan <wangyan@vmware.com>

* add comments to fix codacy

Signed-off-by: wang yan <wangyan@vmware.com>

* Update code per comments

Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-28 15:09:56 +08:00
Wenkai Yin
7af679af7e
Merge pull request #7567 from reasonerjt/oidc-google-refresh-token
Persist the new token in DB after login
2019-04-28 14:12:25 +08:00
Daniel Jiang
15626fcae0 Return more details for error in exchange token
This commit update the response off OIDC callback when there's error in exchange token.
Additionally add comments to clarify that by default 500 error will not
contain any details.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-28 13:41:53 +08:00
Wenkai Yin
2a463016a9 Upgrade the distribution and notary library (#7516)
* Return 404 when the log of task doesn't exist

Return 404 when the log of task doesn't exist

Signed-off-by: Wenkai Yin <yinw@vmware.com>

* Upgrade the distribution and notary library

Upgrade the distribution library to 2.7.1, the notary library to 0.6.1

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-28 12:00:26 +08:00
Daniel Jiang
473fed5689 Persist the new token in DB after login
This commit make sure the token is persist to DB after every time after
a user logs in via OIDC provider, to make sure the secret is usable for
the OIDC providers that don't provide refresh token.

It also updates the authorize URL for google to make sure the refresh
token will be returned.

Also some misc refinement included, including add comment to the
OIDC onboarded user, preset the username in onboard dialog.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-27 23:03:59 +08:00
Wenkai Yin
6511417ba6
Merge pull request #7495 from stonezdj/const_debts
Replace string with const in metadatalist.go
2019-04-25 17:41:04 +08:00
stonezdj
504eab56c3 Replace string with const in metadatalist.go
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-04-25 17:01:43 +08:00
Wenkai Yin
7160e411cc
Merge pull request #7498 from ywk253100/190423_docker_hub
Support replicate public repositories from Docker Hub
2019-04-24 17:17:23 +08:00
Wenkai Yin
66087aac82
Merge pull request #7493 from stonezdj/tech_debts
Remove adminserver in sourcecode
2019-04-24 16:24:59 +08:00
Steven Zou
9bd2de3e35
Merge pull request #7452 from steven-zou/fix_issues_for_jobservice
Fix issues for jobservice
2019-04-24 16:15:43 +08:00
Wenkai Yin
5629bf8546 Support replicate public repositories from Docker Hub
Support replicate the public repositories from Docker Hub without providing the credential

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-24 16:15:31 +08:00
Steven Zou
9bcbe2907b fix go vet issues in the code
Signed-off-by: Steven Zou <szou@vmware.com>
2019-04-24 07:31:37 +08:00
stonezdj
d7798a12d2 Remove adminserver in sourcecode
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-04-23 15:05:29 +08:00
wang yan
1b4c75af25 Add event into upload ctx
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-23 10:57:31 +08:00
wang yan
df6e0600c9 Fix chart upload issue on event based
Use chart API to load the uploaded chart file to get the name and version

Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-23 10:57:31 +08:00
Steven Zou
3937c8b0dc Merge branch 'master' into fix_issues_for_jobservice 2019-04-22 19:26:51 +08:00
Daniel Jiang
1fdc2e6ba9 Provide API to generate CLI secret
This commit provide an API to allow a user that is onboarded via OIDC
authn update his CLI secret.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-22 13:34:12 +08:00
Steven Zou
8e734407c0 Merge branch 'master' into fix_issues_for_jobservice 2019-04-19 21:15:21 +08:00
stonezdj(Daojun Zhang)
36d13e8243
Merge pull request #7328 from stonezdj/debts
Fix issue 6450 Test LDAP server error without save configuration
2019-04-19 16:51:57 +08:00
Steven Zou
f8feaa192e add get scheduled and periodic executions APIs
Signed-off-by: Steven Zou <szou@vmware.com>
2019-04-19 13:54:23 +08:00
Wenkai Yin
059b75e97c
Merge pull request #7392 from reasonerjt/oidc-logout
Handle OIDC user invalidation from OIDC provider.
2019-04-19 12:46:36 +08:00
Daniel Jiang
239b33c5fb Handle OIDC user invalidation from OIDC provider.
Ths commmit ensures that when user's token is invalidated OIDC provider, he
cannot access protected resource in Harbor with the user info in his session.
We share the code path with secret verification b/c the refresh token
can be used only once, so it has to be stored in one place.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-19 01:27:31 +08:00
Steven Zou
16f97326ad
Merge pull request #7433 from goharbor/replication_ng
Merge the replication ng branch to master
2019-04-18 16:35:45 +08:00
Steven Zou
1f481e492c Refactor job servcie primary logic to fix related bugs
Signed-off-by: Steven Zou <szou@vmware.com>
2019-04-18 16:02:49 +08:00
stonezdj
41a574e55c Fix issue 6450 Test LDAP server error without save configuration
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-04-18 14:24:21 +08:00
wang yan
ba76550d14 Disable throw internal error to UI
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-18 00:04:19 +08:00
wang yan
e017294f71 merge with master latest
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-17 17:52:39 +08:00
Wang Yan
a6af9e9972
Support well-formatted error returned from the REST APIs. (#6957)
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-17 16:43:06 +08:00
wang yan
7a373c2eed Add event trigger to helm upload/deletion replication
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-15 19:02:33 +08:00
Wenkai Yin
c222f18fa7 Update replication
1. Refine the health check of docker hub
2. Remove the GetNamespace method from adapter interface

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-13 15:20:06 +08:00
Daniel Jiang
f92bc8076d "Skip verify cert" to "verify cert"
This commit tweaks the attribute for auth proxy mode and OIDC auth mode.
To change it from "Skip verify cert" to "verify cert" so they are more
consistent with other modes.
Additionally it removes a workaround in `SearchUser` in auth proxy
authenticator.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-12 23:25:54 +08:00
Daniel Jiang
763c5df010 Add UT
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-11 15:30:19 +08:00
Wenkai Yin
b73acde051 Support the migration for scheduled replication rule from previous version of Harbor
Support the migration for scheduled replication rule from previous version of Harbor

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-11 13:14:32 +08:00
Daniel Jiang
0d18e6c82f Update according to comments
For more context see PR #7335

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-10 19:38:12 +08:00
Daniel Jiang
0a2343f542 Support secret for docker CLI
As CLI does not support oauth flow, we'll use secret for help OIDC user
to authenticate via CLI.
Add column to store secret and token, and add code to support
verify/refresh token associates with secret.  Such that when the user is
removed from OIDC provider the secret will no longer work.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-10 19:38:11 +08:00
Daniel Jiang
08e00744be Fix misc bugs for e2e OIDC user onboard process
This commit adjust the code and fix some bugs to make onboard process
work.
Only thing missed is that the UI will need to initiate the redirection,
because the request of onboarding a user was sent via ajax call and didn't
handle the 302.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-10 19:38:11 +08:00
Wenkai Yin
580674f3da Merge remote-tracking branch 'upstream/master' into 190409_sync 2019-04-09 17:01:09 +08:00
Wenkai Yin
855c0a2a6e
Merge pull request #7194 from stonezdj/remove_error_msg
Remove error message of saving system setting to db
2019-04-09 12:02:17 +08:00
Wenkai Yin
d72a53aa0c
Merge pull request #7318 from ywk253100/190408_upgrade
Upgrade the replication_job table
2019-04-08 22:43:40 +08:00
Wenkai Yin
4ffa0c3da0 Upgrade the replication_job table
This commit migrates the replication_job table, add one execution record and one task record for each job

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-08 22:23:53 +08:00
stonezdj
e8ab7156bc Remove error message of saving system setting to db
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-04-08 18:16:18 +08:00
cd1989
5a2d03593f Add helth check method to registry adapter
Signed-off-by: cd1989 <chende@caicloud.io>
2019-04-08 10:03:28 +08:00
Wenkai Yin
e8fe2aa60c Upgrade the registry and replication policy tables
Upgrade the registry and replication tables in database

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-05 13:25:00 +08:00
Wenkai Yin
4116433de8
Merge pull request #7306 from ywk253100/190404_cleanup
Remove the useless replication code
2019-04-04 21:18:04 +08:00
Wenkai Yin
c2f702be2a Remove the useless replication code
This commit removes the useless replication code

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-04 20:56:25 +08:00
Wenkai Yin
b66b1f341e Merge remote-tracking branch 'upstream/master' into 190404_sync 2019-04-04 14:55:09 +08:00
Yan
da0e20ec60
Add controller to onboard oidc user (#7286)
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-03 20:47:22 +08:00
wang yan
dcf1d704e6 fix dao UT issue and refine the error of onboard OIDC user
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-03 14:05:18 +08:00
wang yan
41018041f7 remove oidc controller and add more UTs
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-03 09:54:21 +08:00
Yan
0de5999f52 add the controller for ocdi onboard user
Signed-off-by: wang yan <wangyan@vmware.com>
2019-04-03 09:52:22 +08:00
Wenkai Yin
74efee569e Update the registry client to support pulling public images from docker hub without login
Only add the authentication info when the username is provided to support pulling public images from docker hub without login

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-04-01 19:15:07 +08:00
Daniel Jiang
587acd33ad Add callback controller for OIDC
This commit add callback controller to handle the redirection from
successful OIDC authentication.
For E2E case this requires callback controller to kick off onboard
process, which will be covered in subsequent commits.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-04-01 12:35:31 +08:00
Wenkai Yin
8c7b63bac2
Merge pull request #7248 from ywk253100/190326_event
Add event based trigger and scheduled trigger
2019-03-29 14:58:09 +08:00
Wenkai Yin
4f8e283e8e Add event based trigger and scheduled trigger
This commit implements the event based trigger and scheduled trigger in replilcation

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-03-29 13:48:34 +08:00
Daniel Jiang
9ce98f4acd Add controller to handle oidc login
The controller will redirect user to the OIDC login page based on
configuration.
Additionally this commit add some basic code to wrap `oauth2` package
and `provider` in `go-oidc`, and fixed an issue in UT to make
InMemoryDriver for config management thread-safe.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-03-28 11:29:05 +08:00
Yan
03709e4ec1
add authn proxy (#7199)
* add authn proxy docker login support

User could use the web hook token issued by k8s api server to login to harbor.
The username should add a specific prefix.

Signed-off-by: wang yan <wangyan@vmware.com>

* update code per review comments

Signed-off-by: wang yan <wangyan@vmware.com>

* Add UT for auth proxy modifier

Signed-off-by: wang yan <wangyan@vmware.com>
2019-03-27 12:37:54 +08:00
Wenkai Yin
017bba8dc1 Merge remote-tracking branch 'upstream/master' into 190327_sync 2019-03-27 11:43:51 +08:00
Daniel Jiang
49aae76205 Onbard settings for OIDC provider (#7204)
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-03-25 12:24:39 +08:00
Yan
8d3946a0e2
Refactor scan all api (#7120)
* Refactor scan all api

This commit is to let scan all api using admin job to handle schedule
management. After the PR, GC and scan all share unified code path.

Signed-off-by: wang yan <wangyan@vmware.com>

* update admin job api code according to review comments

Signed-off-by: wang yan <wangyan@vmware.com>

* Update test code and comments per review

Signed-off-by: wang yan <wangyan@vmware.com>
2019-03-22 17:52:21 +08:00
Wenkai Yin
49cf50adb1 Merge remote-tracking branch 'upstream/master' into 190324_sync
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-03-22 15:55:52 +08:00
Meina Zhou
130e132f86 Merge branch 'master' into replication_ng
Signed-off-by: Meina Zhou <meinaz@vmware.com>
2019-03-21 14:16:33 +08:00
He Weiwei
79235fffd1 Fix pagination for users and users search apis
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-03-21 13:03:30 +08:00
Wenkai Yin
fb394c2c7a Replicate helm charts
This commit provides the capability for Harbor to replicate helm charts

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-03-20 00:35:15 +08:00
stonezdj(Daojun Zhang)
7060747d5b ldap_url and ldap_base_dn not exist in user config (#7115)
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-03-15 15:20:12 +08:00
wang yan
73d68903d6 update robot account return attribute
Signed-off-by: wang yan <wangyan@vmware.com>
2019-03-14 13:57:50 +08:00
Wenkai Yin
258b22a9a5 Fix bug in replication
This commit fixes bugs found in the implement of replciation NG

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-03-10 20:57:59 +08:00
Wenkai Yin
cabef73980 Add Harbor adapter for replication
Implement the replication adapter for Harbor registry

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-03-13 21:39:39 +08:00
peimingming
4efad287ce Add execution and hooks
Signed-off-by: peimingming <peimingming@corp.netease.com>
2019-03-13 09:35:01 +08:00
Wenkai Yin
772367498f Merge remote-tracking branch 'upstream/master' into 190311_sync 2019-03-11 20:34:49 +08:00
Frank Kung
5bd5d59a4f 1. Define ng persist replication policy model.
2. Add ng replication policy CURD methods.
3. Implement ng policy manger.

Signed-off-by: Frank Kung <kfanjian@gmail.com>
Signed-off-by: 慕薇疯魔 <kfanjian@gmail.com>
2019-03-11 11:13:10 +08:00
Wenkai Yin
ec2a7f9239 Implement replication operation API
This commit implements the replication operation related APIs

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-03-08 10:06:33 +08:00
stonezdj(Daojun Zhang)
f7745baf30
Merge pull request #6599 from stonezdj/pr6161
Add new parameter ldap_group_membership_attribute (PR#6161)
2019-03-07 13:26:26 +08:00
De Chen
2bc2a44db8
Merge branch 'replication_ng' into registries-management 2019-03-05 16:22:34 +08:00
cd1989
b00098d492 Add unit tests and fix CI
Signed-off-by: cd1989 <chende@caicloud.io>
2019-03-05 15:37:36 +08:00
stonezdj
4dfee0c1f0 Remove verify_remote_cert
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-03-05 14:04:10 +08:00
stonezdj
cf134bc80e Add new parameter ldap_group_membership_attribute
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-03-03 10:03:22 +08:00
Daniel Jiang
321874c815 Move Settings of HTTP auth proxy (#7047)
Previously the settings of HTTP authproxy were set in environment
variable.
This commit move them to the configuration API

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-03-01 14:11:14 +08:00
cd1989
8732a20709 Rewrite registry manager with new interface
Signed-off-by: cd1989 <chende@caicloud.io>
2019-02-27 11:54:04 +08:00
cd1989
6bdf3053a7 Implement registries manager
Signed-off-by: cd1989 <chende@caicloud.io>
2019-02-27 11:54:04 +08:00
Wenkai Yin
95888b3dc2
Merge branch 'replication_ng' into 190130_transfer_repo 2019-02-27 11:00:42 +08:00
wang yan
91aa67a541 Update expiration variable name to expiresat/tokenduration
Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-25 11:55:42 +08:00
wang yan
36a778b482 Update expiration schema to bigint and default unit to minute
Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-22 18:42:43 +08:00
wang yan
47a09b5891 add expiration of robot account
This commit is to make the expiration of robot account configurable

1, The expiration could be set by system admin in the configuation page or
by /api/config with robot_token_expiration=60, the default value is 30 days.
2, The expiration could be shown in the robot account infor both on UI and API.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-22 18:42:34 +08:00
stonezdj(Daojun Zhang)
4cb49e5388
Merge pull request #6963 from stonezdj/remove_container
Remove everything of adminserver container
2019-02-22 18:27:43 +08:00
stonezdj
0cba36d79f Remove everything of adminserver
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-02-22 16:34:39 +08:00
Nguyen Quang Huy
eda6c47b3e add signoff for DCO gate (#6981)
Some variable name, function name is colliding with builtin function.

Signed-off-by: Nguyen Quang Huy <huynq0911@gmail.com>
2019-02-22 15:00:18 +08:00
Daniel Jiang
321adc8362
Merge pull request #6941 from ywk253100/190213_replication_policy
Fix #6698: cannot create a same name replication policy after deleting it
2019-02-21 16:03:55 +08:00
stonezdj
7a5fbf718f Revise code with review comments
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-02-18 15:20:54 +08:00
stonezdj
36e1c13a43 fix ut error in systeminfo_test.go
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-02-18 14:06:19 +08:00
stonezdj
1ae5126bb4 Refactor adminserver stage 3: replace config api and change ut settings
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-02-18 14:06:19 +08:00
Wenkai Yin
f0f2e77fb4 Implement the repository transfer
This commit implements the Transfer interface for resource repository

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-02-15 17:49:35 +08:00
Wenkai Yin
530ba1d27b Fix #6698
This commit fixes the issue #6698: cannot create a same name replication policy after deleting it

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-02-15 15:17:48 +08:00
Daniel Jiang
81639e2110
Merge pull request #6865 from wy65701436/remove-token
Remove the token attribute from robot table
2019-02-13 19:23:06 +08:00
Yan
e9556a4cec
Add post response for robot account API (#6906)
This commit is to do:
1, Add post response on creating robot account
2, Lower-case the attribute of response

Signed-off-by: wang yan <wangyan@vmware.com>
2019-02-13 14:40:04 +08:00
He Weiwei
1c4b9aa346 Protect API using rbac
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-02-01 18:55:06 +08:00
wang yan
5d6a28d73e Remove the token attribute for robot table
This commit is to remove the token attribute as harbor doesn't store the token in DB.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-30 23:56:23 +08:00
wang yan
f4f4535304 Fix action and resouce of RBAC change
Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-29 17:05:15 +08:00
Daniel Jiang
bf663df0e7
Merge pull request #6820 from wy65701436/robot-service
Add robot account authn & authz implementation
2019-01-29 16:08:25 +08:00
He Weiwei
6e95b98108 Standard actions for rbac
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-01-29 11:59:11 +08:00
He Weiwei
1da0a66fe5
Merge pull request #6781 from heww/user-permissions-api
Implement api for get current user permissions
2019-01-29 01:58:51 +08:00
He Weiwei
0ab7c93e16 Replace casbin builtin keyMatch2 with custom match func
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-01-29 01:26:38 +08:00
wang yan
2d7ea9c383 update codes per review comments
Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-28 21:26:06 +08:00
He Weiwei
8b5e68073d Implement api for get current user permissions
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-01-28 18:06:52 +08:00
Yan
71f37fb820 * Add robot account authn & authz implementation.
This commit is to add the jwt token service, and do the authn & authz for robot account.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-28 17:39:57 +08:00
Daniel Jiang
20db0e737b Provide HTTP authenticator
An HTTP authenticator verifies the credentials by sending a POST request
to an HTTP endpoint.  After successful authentication he will be
onboarded to Harbor's local DB and assigned a role in a project.

This commit provides the initial implementation.
Currently one limitation is that we don't have clear definition about
how we would "search" a user via this HTTP authenticator, a flag for
"alway onboard" is provided to skip the search, otherwise, a user has
to login first before he can be assigned a role in Harbor.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-01-28 15:43:44 +08:00
He Weiwei
3f8e06a8bc Support master role for project member create and update apis (#6780)
* Support master role for project member create and update apis

Signed-off-by: He Weiwei <hweiwei@vmware.com>

* Fix description for role_id in swagger.yaml

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-01-23 14:56:23 +08:00
He Weiwei
ae061482ae Add Can method to securty.Context interface (#6779)
* Add Can method to securty.Context interface

Signed-off-by: He Weiwei <hweiwei@vmware.com>

* Improve mockSecurityContext Can method

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-01-23 14:32:37 +08:00
wang yan
903e15235e Update validation and error message per comments 2019-01-17 15:33:05 +08:00
wang yan
4cde11892a update the conflict check with DB unique constrain error message
Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-17 13:13:55 +08:00
Yan
1af0f3c3b9 Add API implementation of robot account
Add API implementation of robot account

1. POST /api/project/pid/robots
2, GET /api/project/pid/robots/id?
3, PUT /api/project/pid/robots/id
4, DELETE /api/project/pid/robots/id

Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-17 13:13:55 +08:00
He Weiwei
8dab10bbed
Merge pull request #6765 from heww/rename-ram
Rename ram to rbac
2019-01-17 11:50:14 +08:00
He Weiwei
bacfe64979 Rename ram to rbac
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-01-16 18:20:30 +08:00
Wenkai Yin
f8d9653419
Merge pull request #6737 from ywk253100/190109_health_check
Implement the unified health check API
2019-01-16 18:14:14 +08:00
He Weiwei
76bee7a9fc
Merge pull request #6710 from heww/security-by-ram
Implement current security interfaces using ram
2019-01-16 17:47:13 +08:00
Wenkai Yin
be4455ec1b Implement the unified health check API
The commit implements an unified health check API for all Harbor services

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-01-16 17:21:04 +08:00
He Weiwei
ebd26c0105 Implement current security interfaces using ram
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-01-16 16:08:17 +08:00
Steven Zou
464bdf71cd
Merge pull request #6727 from wy65701436/robot-dao
Add dao of robot account
2019-01-14 19:34:23 +08:00
wang yan
d349c256e8 add support for query nil
Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-11 16:19:42 +08:00
Daniel Jiang
a1d4bfd332
Merge pull request #6344 from reasonerjt/bump-up-golang
Bump up golang to 1.11.2
2019-01-11 16:15:59 +08:00
Daniel Jiang
5d59d6fab8 Bump up golang to 1.11.2
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-01-11 14:44:32 +08:00
wang yan
6bd6fbd4ad Add fuzzy match and delete funt per review comments
Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-11 14:26:49 +08:00
wang yan
c6ae1388ec Add dao of robot account
Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-10 14:51:33 +08:00
Daniel Jiang
80af81154c
Merge pull request #6702 from wy65701436/robot-db-scheme
Add DB table for robot account
2019-01-10 14:25:58 +08:00
wang yan
db09f9f101 Update token length and upper case the sql key words
Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-09 10:00:54 +08:00
wang yan
362a0638d0 Add DB table for robot account
This commit is to add DB scheme for robot account and update the db orm releated.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-01-08 18:46:16 +08:00
Daniel Jiang
b5788f0695
Merge pull request #6671 from heww/ram
Add ram pkg
2019-01-08 15:39:36 +08:00
He Weiwei
79f786ecbe Add ram pkg
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-01-04 13:17:13 +08:00
Wenkai Yin
75d45ebd9d
Merge pull request #6547 from cd1989/retag-input-validation
Validate repo and tag names in retag
2019-01-03 17:45:44 +08:00
cd1989
c117a23133 Validate repo and tag names in retag
Signed-off-by: cd1989 <chende@caicloud.io>
2018-12-24 16:49:39 +08:00
Daniel Jiang
93c0a18b06
Merge pull request #6537 from stonezdj/ref_admin_driver
Refactor config settings stage2
2018-12-21 15:12:56 +08:00
stonezdj
2446878f6b Refactor config settings stage2
Signed-off-by: stonezdj <stonezdj@gmail.com>
2018-12-21 10:59:11 +08:00
Wenkai Yin
b28bca7af4
Merge pull request #6541 from salkin/proxy-transport
Add support for http proxy in transport
2018-12-18 15:46:29 +08:00
Niklas Wik
138bc69f0f Add support for http proxy in transport
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
2018-12-17 10:35:27 +02:00
stonezdj(Daojun Zhang)
13511d74ed Refactor config settings encrypt + metadata (#6387)
Signed-off-by: stonezdj <stonezdj@gmail.com>
2018-12-12 12:14:33 +08:00
Wenkai Yin
f7a28ee2a2 Remove the duplicate http error struct (#6516)
There are two different types to represent http error in the current code. This commit updates the codes to keep only one.

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2018-12-12 11:51:19 +08:00
cd1989
caf07a96fe Give meaningful messages when retag forbided
Signed-off-by: cd1989 <chende@caicloud.io>
2018-12-06 16:25:21 +08:00
Daniel Jiang
ae240df031 Remove the Scan all in-memory marker (#6399)
Previously there was a in-memory marker to prevent user from frequently
calling the "scan all" API.  This has become problematic in HA
deployment, and is no longer needed after enhancement in jobservice.

This commit removes the marker for "scan all" api, however, we need to
review the mechanism and rework to make it stateless.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-12-02 15:40:50 +08:00
Steven Zou
ec2ad4d0b8
Merge pull request #6093 from cd1989/replication-record-id
Add op uuid to image replication
2018-11-30 14:54:43 +08:00
Wenkai Yin
9d5cf57373 Check the existence of name when creating replication rule and fix bugs in testing library (#6381)
1. Fix #5102 by checking the existence of name when creating/editing replication rule
2. Add unique constraint to the name of replication policy and target
3. Fix bugs of testing library

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2018-11-30 13:32:20 +08:00
peimingming
238dbc0347 Add UT and review comments and issue fix (#6144)
Signed-off-by: peimingming <peimingming@corp.netease.com>
2018-11-28 17:43:14 +08:00
peimingming
c67fdc40f5 Support store job log in DB (#6144)
Signed-off-by: peimingming <peimingming@corp.netease.com>
2018-11-28 15:09:29 +08:00
Steven Zou
e6d4c024ee Update README of job service to reflect latest updates
Signed-off-by: Steven Zou <szou@vmware.com>
2018-11-08 10:35:12 +08:00
Steven Zou
7b106d06c5 Build logger framework to support configurable loggers/sweepers/getters
Signed-off-by: Steven Zou <szou@vmware.com>
2018-11-06 09:31:31 +08:00
Daniel Jiang
39b4d011c7 Not submit scan all job when core container starts
Fixes #6115

As for the change in migration sql file, in 1.7 we'll switch to
jobservice for scheduling "scan all" job.  To avoid inconsistency,
this item will be reset and user will need to configure the policy again.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-10-25 19:01:52 +08:00
Steven Zou
3b76a960e1
Merge pull request #6039 from stonezdj/refact_5996
Refactor capacity
2018-10-24 10:50:11 +08:00
陈德
1ffd9d8fba Add op uuid to image replication
Signed-off-by: 陈德 <chende@caicloud.io>
2018-10-21 23:55:57 +08:00
Steven Zou
db24cbe25a
Merge pull request #5779 from cd1989/images-retag
Merge Images retag
2018-10-19 11:04:48 +08:00
Daniel Jiang
fe2e58e1a0 Ignore duplication error when inserting config
This commit mitigates the situation when more then one adminserver is
deployed and there may be duplication error when they try to initialize
the configuration to DB.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-10-19 10:23:00 +08:00
陈德
a1b4729aa7 Add more unit tests
Signed-off-by: 陈德 <chende@caicloud.io>
2018-10-18 00:26:25 +08:00
stonezdj
0278981523 Change admin server to core in jobservice
Signed-off-by: stonezdj <stonezdj@gmail.com>
2018-10-16 19:23:12 +08:00
stonezdj(Daojun Zhang)
b764033fc9
Merge pull request #6007 from stonezdj/refact_5998
Change admin server to core in jobservice
2018-10-15 17:52:24 +08:00
stonezdj
79bac7a64e Change admin server to core in jobservice
Signed-off-by: stonezdj <stonezdj@gmail.com>
2018-10-15 14:56:18 +08:00
Daniel Jiang
00c8344c13 Remove the local scheduler
This is no longer needed after moving the "scan all" to job-service.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-10-15 14:14:11 +08:00
Wenkai Yin
83147b1982
Merge pull request #6003 from wy65701436/fix-gc-bug
Fix gc api issues
2018-10-11 10:26:38 +08:00
Daniel Jiang
1188bd89b9 Use secure transport to access HTTP endpoint
In various parts of the code, we used insecure transport in http Client
when we assume the endpoint is http.  This causes complaints form
security scanner.  We should use secure transport in such cases.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-10-10 17:51:02 +08:00
wang yan
a4ad4c7282 Fix gc api issues
1, filter out the scan all jobs in the gc list.
2, make it able to delete unexecuted scheduler.

Signed-off-by: wang yan <wangyan@vmware.com>
2018-10-10 15:45:03 +08:00
陈德
b648084d95 Improve code styles and fix after Harbor refactoring
Signed-off-by: 陈德 <chende@caicloud.io>
2018-10-09 10:49:03 +08:00
陈德
03d5157eaf Updae retag api spec
Signed-off-by: 陈德 <chende@caicloud.io>
2018-10-08 19:07:23 +08:00
陈德
75f1cdb449 Update swagger file to add retag API
Signed-off-by: 陈德 <chende@caicloud.io>
2018-10-08 19:07:22 +08:00
陈德
48d2435146 Fix notification event filtered because of user agent
Signed-off-by: 陈德 <chende@caicloud.io>
2018-10-08 19:07:22 +08:00
陈德
03af3c5936 Add image retag API
Signed-off-by: 陈德 <chende@caicloud.io>
2018-10-08 19:07:21 +08:00
James Zabala
e09a157dce
Merge pull request #5896 from erks/normalize_ldap_group_dn
Normalize (make lowercase) ldap_group_dn during onboarding
2018-10-02 16:03:03 -04:00
Daniel Jiang
b12dc3b5d8 Schedule "scan all" via jobservice
This commit leverage the jobservice to trigger "scan all" and
gets rid of the local scheduler to make the harbor-core container
stateless.
It keeps using the notifer mechanism to handle the configuration change.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-09-28 15:42:37 +08:00
Steven Zou
8b538cbc0a Return the total count of charts under the project in project API
- add new interface method to get total count of charts under namespaces by calling get index
- add new field 'chart_count' in project model
- append chart count to the project model in project API

Signed-off-by: Steven Zou <szou@vmware.com>
2018-09-25 17:56:11 +08:00
Daniel Jiang
0699980924 Add Scan All job to job service (#5934)
This commit adds the job to scan all images on registry.
It also makes necessary change to Secret based security context, to
job service has higher permission to call the API of core service.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-09-22 13:07:32 +08:00
clouderati
587459df15 Replacing copyright notices with "Copyright Project Harbor Authors".
Signed-off-by: clouderati <35942204+clouderati@users.noreply.github.com>
2018-09-19 16:59:36 +00:00
Qian Deng
7873a0312a Rename harbor-ui to harbor-core
1. Update the nginx.conf
2. Update Makefile
3. Update docker-compose
4. Update image name
5. Rename folder ui to core
6. Change the harbor-ui's package name to core
7. Remove unused static file on harbor-core
8. Remove unused code for harbor-portal

Signed-off-by: Qian Deng <dengq@vmware.com>
2018-09-19 16:35:13 +08:00
Yan
29ca31cf6c
Update gc api to fix issues found by UI implemention (#5920)
This commit is to update gc api to fix issues found by UI implemention:
1, Return json format of gc schedule
2, Unify capital and small letter
3,Return gc records by desc

Signed-off-by: wang yan <wangyan@vmware.com>
2018-09-19 14:36:47 +08:00
Touch Ungboriboonpisal
e256547411 Normalize (make lowercase) the ldap group dn when onboarding
Fixes #5895

Signed-off-by: Touch Ungboriboonpisal <tungbori@zynga.com>
2018-09-18 13:37:35 -07:00
Wenkai Yin
dfcd6f044d
Merge pull request #5888 from steven-zou/mark_labels_to_chart
Add API to support marking labels to charts
2018-09-14 15:09:46 +08:00
Steven Zou
7b8fe27c22 Add API to support marking labels to charts
- add related chart label API entries
- extract label related functionalities to a separate manager interface
- add a base controller for label related actions
- add related UT cases

Signed-off-by: Steven Zou <szou@vmware.com>
2018-09-14 13:27:50 +08:00
Wenkai Yin
89893779fb Support configuring sslmode for the connection of database (#5861)
The sslmode of the connection with postgresql is hardcoded as "disable" currently, this commit expose it as an environment variable so that users can configure it

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2018-09-14 13:05:05 +08:00
Wenkai Yin
1f195c2b5f
Merge pull request #5840 from Colstuwjx/fix-tcp-probe
Fix `TestTCPConn` break issue.
2018-09-10 14:46:04 +08:00
Daniel Jiang
cd31cbf892
Merge pull request #5828 from stonezdj/ldap_caseinsense
LDAP group DN should be case insensitively
2018-09-07 10:48:31 +08:00
Colstuwjx
e49a9de2f4 Fix TestTCPConn break issue.
Signed-off-by: Colstuwjx <Colstuwjx@gmail.com>
2018-09-06 14:58:04 +08:00
stonezdj
9dca49ba6e LDAP group DN should be case insensitive
Fix issue #5776, LDAP servers are case insensitive. because only LDAP
group DN is used to compare/equal operation, lowercase all LDAP group DN
when retrieves it from LDAP server, and lowercase them before save in DB

Signed-off-by: stonezdj <stonezdj@gmail.com>
2018-09-06 11:33:05 +08:00
Wenkai Yin
5427c0064c
Merge pull request #5731 from Colstuwjx/fix-log-test
Fix logger test case, add SetSkipLine func.
2018-09-06 08:17:17 +08:00
Colstuwjx
bab203c0f4 Fix logger test case.
Signed-off-by: Colstuwjx <Colstuwjx@gmail.com>
2018-09-05 19:25:17 +08:00
陈德
0582db9a82 Apply consistent format for comments
Signed-off-by: 陈德 <chende@caicloud.io>
2018-09-05 16:16:31 +08:00
Wenkai Yin
49bb5cfafb Test TCP connection before upgrading database schema
This commit moves the database schema upgrading after database initialization. The init will test TCP connection.

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2018-09-05 02:07:47 +08:00
陈德
6eb972c383 Add pull scope to post/put/patch method
Signed-off-by: 陈德 <chende@caicloud.io>
2018-09-03 11:12:11 +08:00
陈德
a59af8ce82 fix gofmt
Signed-off-by: 陈德 <chende@caicloud.io>
2018-08-30 14:11:18 +08:00
陈德
666bd692fe Support repo list sorting
Signed-off-by: 陈德 <chende@caicloud.io>
2018-08-30 10:56:50 +08:00
wang yan
aab761ac8a Fix gofmt check results
Signed-off-by: wang yan <wangyan@vmware.com>
2018-08-29 11:50:00 +08:00
Yan
fca2bb3a6b
Fix misspell checking results (#5749)
Signed-off-by: wang yan <wangyan@vmware.com>
2018-08-29 10:25:42 +08:00
Daniel Jiang
dcf4e2ee78 Update import path in go code
vmware -> goharbor

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-08-23 17:50:53 +08:00
wangyan
9a95f14918 Cherry-pick -- Fix security issue found by gas 2018-08-03 01:16:53 -07:00
Daniel Jiang
6062bf279b Set default creation_time and update_time at model
This commit set the default value of creation_time and update_time to
data objects by adding `orm:add_now` annotations.
2018-07-31 12:56:14 +08:00
stonezdj
9b209858f4 Ldap_group_admin_dn can not updated via rest 2018-07-24 17:47:57 +08:00
silenceshell
7745b79b2e var name should not be error (#5332)
Rename the variable names from "error" to "err"
2018-07-24 11:33:21 +08:00
Steven Zou
bb380e6dbc
Merge pull request #5314 from steven-zou/chart_repo_supporting
Refactor chart API endpoints
2018-07-20 20:43:55 +08:00
Steven Zou
0227a1315a Keep the chart server related configurations in adminserver
append chart server related config options to the supporting list of adminserver
provide chart server related config access method in the API layer
update prepare script and ui env template file to enable cache driver config for chart server API
append flag info in the systeminfo API to indicate if chart server is deployed with Harbor
refactor the response rewriting logic to return structual error object
add api init method to initilizing objects required in API handlers
chage owner of the storage folder
update offline/online package scripts in Harbor-Util.robot
2018-07-20 19:40:33 +08:00
Yan
efdb57548f
add admin job api (#5344)
It supports Harbor admin to trigger job either manual or
schedule. The job will be populated to job service to execute. 
The api includes:
1. POST /api/system/gc
2, GET /api/system/gc/:id 
3, GET /api/system/gc/:id/log
4, PUT/GET/POST /api/system/gc/schedule
2018-07-20 19:22:37 +08:00
stonezdj
f5e82f75a7 Add SafeCast function and set default value for some sytem configure
Add SafeCastString, SafeCastInt, SafeCastFloat64, SafeCastBool function to check
the type matched and avoid panic in runtime

Add default value to configure settings to avoid cannot save configure
issue
2018-07-17 17:00:06 +08:00
Yan
9e65499c10
Add garbage collection job implemention, this job could (#5268)
be triggered by manual and schedule. It calls registrtctl
to do the GC job, and log the output.
2018-07-16 18:08:40 +08:00