Commit Graph

431 Commits

Author SHA1 Message Date
Wenkai Yin
0a8929b85e Do the authentication with CRAM-MD5 when the connection is insecure 2018-03-08 14:21:44 +08:00
stonezdj
4c6d1488bd Add UT 2018-02-09 15:29:08 +08:00
stonezdj
f138067242 Refactor project member 2018-02-09 10:38:51 +08:00
Wenkai Yin
10f56d26fe Change codes to make everything OK after upgrading to beego 1.9.0 2018-02-05 13:07:52 +08:00
Wenkai Yin
9022abfc13 Fix code issues found by Gas 2018-01-29 15:17:03 +08:00
Wenkai Yin
515cac010a
Merge pull request #4071 from ywk253100/180117_policy_pagination
Add pagination support in listing replication policy API
2018-01-19 15:19:45 +08:00
Wenkai Yin
611709a7be Add pagination support in listing replication policy API 2018-01-18 15:54:12 +08:00
stone
c815dc01dd
Merge pull request #4043 from reasonerjt/uaa-bugfix
Read Email from UAA while onboarding user.
2018-01-18 14:04:35 +08:00
Tan Jiang
d5d913f51d Read Email from UAA while onboarding user.
Will call the userinfo API of UAA to get user info and generage user
model based on the response.  Also this commit include a change that
whenever the UAA Client is to be used it will update the configuraiton,
this is needed as we enable user to update the configuration of UAA via
UI.
2018-01-17 10:28:49 +08:00
Wenkai Yin
8cda2d8d65
Merge pull request #4036 from ywk253100/180116_s3
Propagate registry storage driver name to adminserver and return it in /api/systeminfo
2018-01-16 18:41:08 +08:00
Qian Deng
5017670d00
Merge pull request #4005 from ninjadq/db_migrate_from_1_3_to_1_4
Update migration tool for v1.4
2018-01-16 17:04:54 +08:00
Wenkai Yin
53d5a2256a Propagate registry storage driver name to adminserver and return it in /api/systeminfo 2018-01-16 16:57:28 +08:00
Deng, Qian
b3e65ed71e Update migration tool for v1.4
1. Update database meta file
2. Add migration file for 1.4
2018-01-16 15:38:51 +08:00
Wenkai Yin
a1dd8c3bff
Merge pull request #4004 from ywk253100/180111_jobservice
Provide a mechanism to stop pending and retrying jobs
2018-01-15 12:55:44 +08:00
Tan Jiang
d6bf0ea11d Remove data generated by dao_test after the test. 2018-01-12 15:56:30 +08:00
Wenkai Yin
4070ed5152 Provide a mechanism to stop pending and retrying jobs 2018-01-12 15:29:20 +08:00
Daniel Jiang
43afd426bb
Merge pull request #3995 from reasonerjt/admin-rename
Provide API to rename admin
2018-01-12 13:59:13 +08:00
stone
ec173305a3
Merge pull request #3974 from stonezdj/ldap_ping_timeout
Setting timeout for ldap ping
2018-01-12 11:22:27 +08:00
Tan Jiang
a392a8dc29 Provide API to rename admin
This is to provide a workaround for very corner case that in user's
authentication backend (LDAP, UAA) has a user called "admin" and because
Harbor's super user is hard coded to "admin" it's not possible to login
the "admin" with credentials in LDAP or UAA.

To minimize the impact, we'll provide an internal API for user to update
the super user's username from "admin" to "admin@harbor.local", this API
can be called by "admin" only, and is not reversible.
2018-01-11 23:01:06 +08:00
stonezdj
c48c7f7b6a Setting timeout for ldap ping 2018-01-10 15:14:30 +08:00
Wenkai Yin
e26b442c9c
Merge pull request #3951 from ywk253100/180104_replicate_interval
Manual starting replication will be rejected if there are pending/running jobs
2018-01-10 10:56:45 +08:00
Daniel Jiang
f8af1f275e
Merge pull request #3911 from stonezdj/ldap_search_level
Ambiguous UI and internal values ldap_scope
2018-01-08 14:53:55 +08:00
Wenkai Yin
87ce1c84d5 Manual starting replication will be rejected if there are pending/running jobs 2018-01-05 17:05:57 +08:00
stonezdj
26b86984d2 Ambiguous UI and internal values ldap_scope #3764 2018-01-05 15:51:37 +08:00
pfh
13308ce9d8 Merge remote-tracking branch 'upstream/master' into repEnhance 2018-01-05 14:09:03 +08:00
Wenkai Yin
51297cdfd7
Merge pull request #3887 from ywk253100/171227_ssrf
Fix SSRF security issue #3755 in ping target, email server and LDAP server APIs
2018-01-04 18:11:47 +08:00
Daniel Jiang
8e5115c832
Merge pull request #3870 from stonezdj/ldap_syncuser2
Sync user email in ldap #3663
2018-01-04 13:28:51 +08:00
Wenkai Yin
3448fd9a2d Fix SSRF security issue #3755 in ping target, email server and LDAP server APIs 2018-01-04 12:26:17 +08:00
Tan Jiang
e02de2068a Enable configuring the CA Certificate for UAA
Enable configuring the path of root cert of UAA in harbor.cfg.  It only
takes effects if the verify_cert is set to "true" If the file does not
exist, the configuration is skipped.
The intention for this commit is to support integration with nested UAA
in PAS or PKS, we don't expect user to manually configure this value,
though he can do it if he wants.
2018-01-03 16:21:29 +08:00
Wenkai Yin
96a63c56b1 Merge remote-tracking branch 'upstream/master' into 180103_merge 2018-01-03 10:32:03 +08:00
Wenkai Yin
a9d7403bee Update project ID property if needed when updating replication policy 2017-12-27 15:04:26 +08:00
stonezdj
35716dedd3 Sync user email in ldap #3663 2017-12-26 18:53:32 +08:00
stonezdj
9f99d0400c Call EscapeFilter for filter to avoid security issue 2017-12-26 15:34:14 +08:00
Daniel Jiang
94c78b3bee
Merge pull request #3858 from xuri/master
Simple code and typo fixed.
2017-12-26 12:06:27 +08:00
Tan Jiang
da20e4f11c Search UAA when adding member to a project.
1)Enable UAA client to search UAA by calling '/Users' API.
2)Implement 'SearchUser' in UAA auth helper, register it to auth
package.
2017-12-26 00:25:32 +08:00
Ri Xu
9adccd3723
Simple code and typo fixed.
Signed-off-by: Ri Xu <xuri.me@gmail.com>
2017-12-23 20:55:07 +08:00
yixingjia
fa67e11680
Merge pull request #3831 from yixingjia/HA_Clair
Make Clair DB configurable
2017-12-21 11:31:26 +08:00
Tan Jiang
12cd733678 Remove useless code from UI router and API
Some URLs are not used on UI, so they are removed.  And the validation
code of API is removed as we use the security context approach.

fix test issue
2017-12-20 23:10:38 +08:00
yixingj
f63588855f Make Clair DB configurable
Make the HOST,PORT,USERNAME,DB configurable for
Clair
2017-12-20 18:29:50 +08:00
Wenkai Yin
8d62d989a5 Fix bug #4791
Remove the table join when querying repositories with project name
2017-12-19 21:47:39 +08:00
Tan Jiang
2ffc58a5d4 Refactor the configuraiton of UAA
Remove the attribute "uaa_ca_root" from harbor.cfg and introduce
"uaa_verify_cert".  Similar to LDAP settings, this allow user to
explicitly turn of the cert verification against UAA server, such that
the code will work with self-signed certificate.
2017-12-19 14:42:07 +08:00
Daniel Jiang
62cebbdb5d
Merge pull request #3797 from reasonerjt/uaa-restriction
Disable user management features when auth mode is UAA.
2017-12-18 22:47:08 +08:00
Daniel Jiang
cdadc94d0f
Merge pull request #3804 from ywk253100/171215_jobservice
Print stack trace when recover from panic and print warning message rather than returning an error when updating 0 records
2017-12-18 16:36:20 +08:00
Tan Jiang
224f75b9a6 Refactor /users API, add more restircation in password reset
Simplified the code when checking if a user is modiable in different
auth modes.
Also add restriction in password, such that when the auth mode is not DB
auth, only the super user can choose to reset his password.
2017-12-18 14:32:29 +08:00
Wenkai Yin
260ef561c4 Update the HTTP client for easy use by add more util functions 2017-12-16 06:45:59 +08:00
stonezdj
9393d26fdc Fix ldap ping issue #3653 2017-12-15 14:47:54 +08:00
Wenkai Yin
a736cb7b09 Update the HTTP client according to the comments 2017-12-15 09:40:31 +08:00
Wenkai Yin
b5e7de331e Delete enabled and start_time properties of replication rule 2017-12-15 09:40:31 +08:00
Wenkai Yin
fe10c2e7f5 Create replicator to submit replication job to jobservice 2017-12-15 09:40:31 +08:00
Wenkai Yin
8b4fdfc2cc Add unit tests for replication related methods 2017-12-15 09:40:31 +08:00
Wenkai Yin
a54b7dd4c0 Merge remote-tracking branch 'upstream/master' into 171219_merge 2017-12-15 08:48:57 +08:00
Wenkai Yin
43489c2b67 Print stack trace when recover from panic and print warning message rather than returning an error when updating 0 records 2017-12-14 13:48:45 +08:00
stone
cbd1431333
Merge pull request #3726 from stonezdj/ldap_refactor2
Refactor LDAP code

Changes include:
1. Use session to manage the lifecycle of LDAP connections
2. Abstract common AuthenticateHelper interface for db_auth, ldap_auth, uaa_auth
2017-12-13 16:21:20 +08:00
stonezdj
ec67974104 Refactor ldap
Changes include:

1. Use Session to manage the lifecycle of ldap connections
2. Abstract common AuthenticateHelper interface for db_auth, ldap_auth,
uaa_auth mode
2017-12-13 14:57:04 +08:00
Wenkai Yin
665a54edc3 Merge remote-tracking branch 'upstream/master' into 171213_merge 2017-12-13 13:40:24 +08:00
yixingj
9b03c93afd Add database driver for Harbor configurations
1>Add a new database driver for configurations
2> change the current default driver from json
to database
2017-12-06 13:06:54 +08:00
Wenkai Yin
594d213630 Publish replication notification for manual, scheduel and immediate trigger 2017-12-04 15:07:30 +08:00
Daniel Jiang
d13321f2b5
Support getting user info via token in UAA Client (#3686) 2017-11-27 18:13:36 +08:00
Wenkai Yin
6b0ee138e5 Implement immediate trigger and the methods of WatchList 2017-11-27 14:23:21 +08:00
stonezdj
16243cfbbc Add LDAP remote certifcate validation
push test

Add unit test for ldap verify cert

remove common.VerifyRemoteCert

Update code with PR review comments

Add change ldaps config and add UT testcase for TLS feature

add ldap verfiy cert checkbox about #3513

Draft harbor ova install guide

Search and import ldap user when add project members

Add unit test case for SearchAndImportUser

ova guide

Add ova install guide

Add ova install guide 2

Add ova install guide 3

Call ValidateLdapConf before search ldap

trim space in username

Remove leading space in openLdap username

Remove doc change in this branch

Update unit test for ldap search and import user

Add test case about ldap verify cert checkbox

Modify ldap testcase
2017-11-24 12:41:51 +08:00
Wenkai Yin
31cf6c078e Implement replication policy manager 2017-11-16 10:55:03 +08:00
Steven Zou
c2e0c8d1f2 Define the related interfaces for triggers and core controllers of replication service 2017-11-10 15:06:24 +08:00
reasonerjt
19a13e8575 Deprivilege harbor-ui harbor-jobservice harbor-adminserver
Use non-root user to run the service within these docker images, and provide HEALTHCHECK
mechanism.
2017-11-09 03:09:09 -08:00
Wenkai Yin
149b628292 update 2017-11-09 16:20:56 +08:00
Wenkai Yin
5cef58baa1 update according to the comments 2017-11-08 17:53:41 +08:00
Daniel Jiang
8dfe5f0bfc
Merge pull request #3536 from ywk253100/171102_fail_earlier
Fail earlier when found database schema dismatch
2017-11-07 15:01:14 +08:00
Wenkai Yin
5293a9287b Fail earlier when found database schema dismatch 2017-11-07 13:07:56 +08:00
Tan Jiang
512384722a Make the internal URL of UI and JobService configurable 2017-11-03 20:43:25 +08:00
Wenkai Yin
51d5df0849 Update replication policy API to support trigger and filter 2017-11-02 14:59:26 +08:00
Steven Zou
87d966e369
Merge pull request #3510 from steven-zou/master
Update the alternate policy and corresponding task to support byweekly
2017-11-01 21:51:04 -05:00
Steven Zou
cee0bcec22 Update the alternate policy and corresponding task to support by weekly besides daily 2017-11-01 13:55:56 +08:00
Wenkai Yin
0ddca31355 Add column id to table project_metadagta as the primary key 2017-10-30 17:37:25 +08:00
Wenkai Yin
5b2ececae8 Merge pull request #3436 from ywk253100/171020_meta_api
Add project metadata API
2017-10-27 05:16:50 -05:00
Wenkai Yin
c355034c14 Add project metadata API
Project metadata API can be used to integrated with project management
service which can not provide all metadatas needed by Harbor.
2017-10-27 17:05:15 +08:00
Daniel Jiang
d8634290e8 Merge pull request #3420 from reasonerjt/master
Add Unit test cases for Clair Client.
2017-10-23 12:18:05 +08:00
Tan Jiang
b925569767 Add Unit test cases for Clair Client. 2017-10-22 21:54:04 +08:00
Wenkai Yin
2156750b04 Move certificate verification to target level
The certificate verification is on system level before this commit. Moving it
to target level makes the configuration more flexible for different targets.
2017-10-20 15:36:56 +08:00
Wenkai Yin
66b2d0d3f3 Apply project level policies to standalone Harbor
The following features are only enabled in integration mode, this commit moves
these to standalone Harbor:
 - Content trust policy: only signed images can be pulled
 - Vulnerability policy: only images whose severity is below the threshold can be pulled
 - Automatic scan policy: automatic scan pushed images
2017-10-19 17:33:28 +08:00
Tan Jiang
eab6b43d99 Make the root CA certificate of UAA should be configurable 2017-10-16 17:40:29 +08:00
Tan Jiang
51286d9baa Provide UAA authenticator for password based authentication. 2017-10-07 00:16:53 +08:00
Wenkai Yin
e495357d98 implement the default project metadata manager 2017-09-28 16:17:51 +08:00
Wenkai Yin
e79334a445 Add interfaces to implement project level policy (#3271)
* add interfaces to implement project level policy
2017-09-26 16:41:08 +08:00
Wenkai Yin
dc4f2ece72 readjust package structure 2017-09-20 15:24:19 +08:00
Wenkai Yin
f0946b63cf fix code style issues reported by golint 2017-09-19 17:16:54 +08:00
Wenkai Yin
8d7644b8b5 Merge pull request #3151 from ywk253100/170830_email_insecure
Expose the insecure flag for email configuration
2017-09-15 15:01:30 +08:00
weibaohui
84d66d85fa Correct spelling
Correct spelling
2017-09-11 15:13:24 +08:00
Wenkai Yin
923a8d65b1 expose insecure flag in api 2017-09-04 15:10:07 +08:00
Daniel Jiang
f41d2ff436 Merge pull request #3101 from ywk253100/170822_replica
Convert 500 error returned by Admiral to duplicate project error when creating duplicate project
2017-08-22 15:59:19 +08:00
Wenkai Yin
599d94be0c update 2017-08-22 15:22:25 +08:00
Wenkai Yin
ffb2f4201b update 2017-08-22 14:28:45 +08:00
Wenkai Yin
bb958a7f4b convert 500 error returned by Admiral to duplicate project error when creating duplicate project 2017-08-22 13:34:06 +08:00
Tan Jiang
c1bbcb5bab update the interval of clair updater to 12 hours, and update the interval for scan all to 2 hours 2017-08-21 13:45:23 +08:00
Wenkai Yin
7296bdc131 increase length of username in database to 256 2017-08-17 15:24:34 +08:00
Tan Jiang
2ffcf10eaa restart scan jobs when jobservice is started 2017-08-16 17:24:41 +08:00
Daniel Jiang
1403fe09ff Merge pull request #3030 from reasonerjt/fix-jobservice-update-vuln-bug
Do not throw error if the scan result is unchanged
2017-08-11 13:26:15 +08:00
Tan Jiang
882683ae6f Do not throw error if the scan result is unchanged 2017-08-10 17:26:39 +08:00
Tan Jiang
5846d7d28d add cve link in Harbor API 2017-08-10 15:27:30 +08:00
Daniel Jiang
5ba363657f Merge pull request #3006 from ywk253100/170808_bug_fix
[BAT]Remove useless codes
2017-08-09 16:05:16 +08:00
Daniel Jiang
78bacbc80a Merge pull request #2978 from wy65701436/issue-2975
Issue 2975
2017-08-09 16:05:00 +08:00
Wenkai Yin
7fedca3a4a remove useless codes 2017-08-09 15:13:51 +08:00
Daniel Jiang
383a09e21f Merge pull request #2982 from reasonerjt/tc-vuln-data
add tc for vulnerability transform
2017-08-08 12:15:54 +08:00
Steven Zou
b6b232ce6a Merge pull request #2945 from vmware/fix_issue_#2762
Fix data race issues of go sources
2017-08-07 21:57:03 +08:00
Tan Jiang
5b6c53a1bf add the json file required by UT 2017-08-07 21:12:49 +08:00
wangyan
657d3c322f fix issue 2975
udpate

update

update

update

update

update
2017-08-07 18:01:37 +08:00
Tan Jiang
8f41be471d add tc for vulnerability transform 2017-08-07 17:14:51 +08:00
Steven Zou
21d3f4a549 Fix data race issues of go sources 2017-08-07 14:50:37 +08:00
Daniel Jiang
6bd622196e Merge pull request #2972 from reasonerjt/master
Fix perf issue and connection leak in Clair.
2017-08-04 19:48:26 +08:00
Tan Jiang
fa0cb8731c Fix performance issue and connection leakage 2017-08-04 19:22:52 +08:00
Daniel Jiang
d4dce3bb60 Merge pull request #2970 from wy65701436/issue-2965
fix 2965
2017-08-04 19:17:01 +08:00
wangyan
5b54b554ab update 2017-08-04 18:59:16 +08:00
wangyan
bcc1a5c41d fix 2965
update package

update
2017-08-04 18:44:00 +08:00
Wenkai Yin
8963a15520 remove useless insecure flag 2017-07-31 13:45:49 +08:00
Wenkai Yin
a8dc75dd15 update 2017-07-28 13:10:26 +08:00
Wenkai Yin
1da9b8653b update according to the comments 2017-07-27 18:23:55 +08:00
Wenkai Yin
0a74a0f1e4 update 2017-07-27 08:17:29 +08:00
Wenkai Yin
71e4c3c447 Merge remote-tracking branch 'upstream/master' into 170724_registry
Conflicts:
	src/ui/utils/utils.go
2017-07-26 18:46:41 +08:00
Wenkai Yin
cc264f85e7 do not ping if using raw token authorizer 2017-07-26 18:41:36 +08:00
Daniel Jiang
69c49dd7d1 Merge pull request #2856 from reasonerjt/project-scan-all
Provide API for scanning images under a project
2017-07-26 10:58:58 +03:00
Tan Jiang
10c8573464 provide API for scanning images under a projet 2017-07-26 15:19:17 +08:00
Steven Zou
7c2699953d Fix config change watching issue 2017-07-25 20:27:25 +08:00
Yan
274f764622 update interceptor error code (#2836)
* update interceptor error code

* update

* update error string

* update interceptor error code

update

update error string
2017-07-23 18:34:44 -07:00
Wenkai Yin
b127ba391d Merge pull request #2827 from ywk253100/170720_replic
Fix replicate issue
2017-07-20 18:48:33 +08:00
Wenkai Yin
2e427bffe2 fix replicate issue 2017-07-20 16:47:14 +08:00
Wenkai Yin
603d15671a delete the method of getting security context of specific user 2017-07-19 18:05:50 +08:00
Steven Zou
8f921db588 Refine scheduler 2017-07-19 16:57:22 +08:00
Steven Zou
5c876621ec Merge branch 'master' into fix_issue_#2793 2017-07-19 12:34:43 +08:00
Wenkai Yin
44ad4581e5 Merge pull request #2807 from ywk253100/170718_integration
Support basic auth in integration mode
2017-07-19 10:14:44 +08:00
Wenkai Yin
fc2bb51582 support basic auth in integration mode 2017-07-18 19:20:19 +08:00
Steven Zou
201095a259 Enhance scanning policy notify handler and add more testing cases 2017-07-17 23:43:24 +08:00
Steven Zou
db58ca673d Fix issue of detecting configuration changes 2017-07-17 17:39:41 +08:00
Tan Jiang
629cf29850 The password to access clair db can be configured in harbor.cfg, skip auto-scan if clair-db is not ready 2017-07-17 15:25:47 +08:00
Tan Jiang
771e26a188 fix bug 2017-07-14 14:53:12 +08:00
Tan Jiang
72b3a020e3 provide default timestamp for all distros in system info api 2017-07-13 18:48:05 +08:00
Daniel Jiang
ca6bd3b585 Merge pull request #2741 from reasonerjt/fetch-timestamp-from-clairdb
read last update from clair db, return in system info
2017-07-12 17:16:30 +08:00
Tan Jiang
7fdb77f6d2 fix tc 2017-07-12 16:48:57 +08:00
Tan Jiang
436f0efab8 overall timestamp returns 0 when error happens, split check and mark into two func 2017-07-12 15:57:57 +08:00
Wenkai Yin
ba22ee5022 Merge pull request #2738 from ywk253100/170711_integration
Disable some APIs in integration mode
2017-07-12 15:13:50 +08:00
Tan Jiang
5f233f3e21 address comment 2017-07-12 15:05:27 +08:00
Wenkai Yin
005d783463 Merge pull request #2732 from ywk253100/170710_bug_fix
Bug fix
2017-07-12 12:59:24 +08:00
Tan Jiang
543cf62e14 read last update from clair db, return in system info 2017-07-11 21:26:31 +08:00
Wenkai Yin
52f9e5f1c8 disable some APIs in integration mode 2017-07-11 18:13:48 +08:00
Steven Zou
cbdf49c8e9 Merge remote-tracking branch 'upstream/master' 2017-07-11 15:44:32 +08:00
Steven Zou
7ee052b9dd Update policy scheduler according to comments 2017-07-11 15:22:00 +08:00
Wenkai Yin
0de64ed139 bug fix 2017-07-10 18:38:21 +08:00
Daniel Jiang
6fa12cdb1e Merge pull request #2730 from reasonerjt/scan-all-control
restrict scan all API, it should be called once every a period of time
2017-07-10 16:17:26 +08:00
Wenkai Yin
0b282039e9 Merge pull request #2725 from ywk253100/170707_status_code
Return real status code returned by admiral APIs
2017-07-10 10:12:50 +08:00
Tan Jiang
eb11cda596 restrict scan all API, it should be called once every a period of time 2017-07-09 22:06:13 +08:00
Tan Jiang
e1e975096c add int id for scan overview and revoke the change in beego 2017-07-09 12:37:08 +08:00
Steven Zou
ff889cedde Fix conflict 2017-07-07 20:15:40 +08:00
Steven Zou
a0718385c1 Fix the import cycle issue 2017-07-07 20:12:01 +08:00