Previously there was a in-memory marker to prevent user from frequently
calling the "scan all" API. This has become problematic in HA
deployment, and is no longer needed after enhancement in jobservice.
This commit removes the marker for "scan all" api, however, we need to
review the mechanism and rework to make it stateless.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
In various parts of the code, we used insecure transport in http Client
when we assume the endpoint is http. This causes complaints form
security scanner. We should use secure transport in such cases.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1. Update the nginx.conf
2. Update Makefile
3. Update docker-compose
4. Update image name
5. Rename folder ui to core
6. Change the harbor-ui's package name to core
7. Remove unused static file on harbor-core
8. Remove unused code for harbor-portal
Signed-off-by: Qian Deng <dengq@vmware.com>
Fix issue #5776, LDAP servers are case insensitive. because only LDAP
group DN is used to compare/equal operation, lowercase all LDAP group DN
when retrieves it from LDAP server, and lowercase them before save in DB
Signed-off-by: stonezdj <stonezdj@gmail.com>
This commit moves the database schema upgrading after database initialization. The init will test TCP connection.
Signed-off-by: Wenkai Yin <yinw@vmware.com>
It supports Harbor admin to trigger job either manual or
schedule. The job will be populated to job service to execute.
The api includes:
1. POST /api/system/gc
2, GET /api/system/gc/:id
3, GET /api/system/gc/:id/log
4, PUT/GET/POST /api/system/gc/schedule
Add SafeCastString, SafeCastInt, SafeCastFloat64, SafeCastBool function to check
the type matched and avoid panic in runtime
Add default value to configure settings to avoid cannot save configure
issue
docker regsitry. This version has the API to call regsitry GC with jobservice
secret. Seprates it into a standalone container as do not want to invoke two
processes in one container.
It needs to mount the registry storage into this container in order to do GC,
and needs to copy the registry binary into it.
The location header returned by the remote registry contains no scheme and host parts if "relativeurls" is enabled,
this commit fix it by adding them at the beginning of location.
Fix the following issues.
1) GroupList is not found in SecurityContext user info
2) Retrieve multiple memberof information from LDAP.
3) If user is in two groups with guest, administrator role separately, display the max privilege role.
Currently "Critical" vulnerablity is treated as "Unknown" in Harbor.
This commit provides a quickfix that it will be interpret as "High". In
future, we should consider introduce "Critical" and enable UI to handle
it to be more consistent with CVSS spec.
This commit fixes a recently discovered issue on Kubernetes #4496
It make necessary to avoid calling `chown` to config files during the
bootstrap of the containers.
