Commit Graph

8177 Commits

Author SHA1 Message Date
stonezdj(Daojun Zhang)
6647a274f1
Merge pull request #10358 from reasonerjt/tokenreview-onboard-1.10
Onboard user when doing token review - cherrypick to 1.10
2019-12-27 17:19:05 +08:00
danfengliu
e0b4620838
Merge pull request #10359 from danfengliu/cherry-pick-Go-Into-Repo-refector
[Cherry-pick to 1.10.0] Refect keyword of Go Into Reop
2019-12-27 16:55:03 +08:00
Daniel Jiang
1d0c61a6da Disable XSRF check for /service/token
This commit disables XSRF check for "service/token" so that when
containerd sends `POST` it will not return 403 and containerd can
fallback to `GET` to complete the workflow.

Fixes #10305

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-27 14:25:17 +08:00
danfengliu
b79a251918 Refect keyword of Go Into Reop
Signed-off-by: danfengliu <danfengl@vmware.com>
2019-12-27 13:37:35 +08:00
Daniel Jiang
94a3da33e6 Onboard user when doing token review
This commit will make the "tokenreview" security filter onboard
user if the request carries a valid token.  If the "skipsearch" flag in
http_auth setting is set to false the onboard will fail.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-27 13:29:21 +08:00
jwangyangls
9755d879db
Merge pull request #10306 from jwangyangls/tanslation-modify-retag-replication
[Cherry-pick]Translation modification of replication and tag in Chinese mode
2019-12-25 14:50:46 +08:00
Yogi_Wang
c937e0a6bf Translation modification of replication and tag in Chinese mode
1.replicaiton ==> 复制
2.tag ==> tag
3.retag ==> tag拷贝
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-12-18 16:13:31 +08:00
Wenkai Yin(尹文开)
ae034185eb
Merge pull request #10258 from reasonerjt/stastic-api-group-member-1.10
Stastics API should handle group members - cherrypick to 1.10
2019-12-16 15:46:51 +08:00
Steven Zou
eccc89a37e
doc[compatibility]:remove not evaluated scanners
all the scanner listed in the compatibility doc should be evaluated
2019-12-16 14:59:14 +08:00
xaleeks
2c2032b401
Merge pull request #10270 from steven-zou/doc/compatibility
[CHERRY-PICK-1.10.0]:doc[compatibility]:add compatibility doc ref in the README
2019-12-16 14:45:25 +08:00
Steven Zou
163ba2c7b1 doc[compatibility]:add doc ref in the README
- refer the harbor compatibility doc in the README
- add .md suffix to the README file under api/harbor

Signed-off-by: Steven Zou <szou@vmware.com>
2019-12-16 14:09:16 +08:00
Steven Zou
2c284d0608 doc[compatibility] provide compatibility doc
- list all the supported replicaiton adapters
- list all the verified OIDC providers including the ones verified by the end users
- list all the pluggable scanners

Signed-off-by: Steven Zou <szou@vmware.com>
2019-12-16 14:06:35 +08:00
Daniel Jiang
3cc9b42b68 Stastics API should handle group members
statistic API use security Context to list project rather than calling
projectmanager directly, such that the group membership will be taken
into account.
fixes #10230

It should be cherry picked to 1.9.x and 1.10.x branches

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-13 17:55:21 +08:00
xaleeks
c614c165fa
Merge pull request #10212 from ninjadq/update_doc_of_migration_110
[doc] Update doc for migration
2019-12-12 16:39:02 +08:00
DQ
fce32fba0e [doc] Update doc for migration
Migration guild is a lit bit confusion

Add copy after migrate config file

Signed-off-by: DQ <dengq@vmware.com>
2019-12-12 13:15:11 +08:00
Will Sun
44b9805536
Merge pull request #10220 from AllForNothing/release-1.10.0
Add links to view doc for scanners ui
2019-12-11 15:51:55 +08:00
sshijun
890c6ac6c8 Add links to view doc for scanners ui
Signed-off-by: sshijun <sshijun@vmware.com>
2019-12-11 13:23:33 +08:00
Steven Zou
af73efb042
Merge pull request #10210 from steven-zou/chore/clear_scanner_specs_1.10
Chore/clear scanner specs 1.10
2019-12-10 18:54:34 +08:00
Steven Zou
07dbbf1023 doc[api spec]:rename folder name to
Signed-off-by: Steven Zou <szou@vmware.com>
2019-12-10 14:20:54 +08:00
Steven Zou
828c7c082d doc[scanner]:clear scanner spec related
- remove the scanner open API spec from api folder
- update README doc to remove the API reference

Signed-off-by: Steven Zou <szou@vmware.com>
2019-12-09 18:56:11 +08:00
Will Sun
9efe8b47d7
Merge pull request #10174 from AllForNothing/release-1.10.0
Improve ui for  project config page
2019-12-06 14:59:28 +08:00
sshijun
414bc1a8cc Improve ui for project config page
Signed-off-by: sshijun <sshijun@vmware.com>
2019-12-06 13:54:10 +08:00
Wang Yan
6b84b62f75
Merge pull request #10155 from bitsf/upgrade_clair_1.10
[cherry-pick] upgrade clair to v2.1.1
2019-12-06 11:48:42 +08:00
Wang Yan
2e2c849aa6
Merge pull request #10165 from ywk253100/191205_sort_1.10
Sort the tag before returning the list when calling API
2019-12-06 11:37:51 +08:00
Wenkai Yin(尹文开)
6287a9f26e
Merge pull request #10152 from wy65701436/fix-10092
improve pulling vulnerable images warning message
2019-12-06 11:18:16 +08:00
stonezdj(Daojun Zhang)
5da568cf12
Merge pull request #10156 from reasonerjt/rm-authproxy-case-sensitive-v1.10
Get rid of case-sensitivity in authproxy setting -- Cherrypick to v1.10
2019-12-06 10:40:03 +08:00
jwangyangls
9f66682fa0
Merge pull request #10151 from jwangyangls/fix-bug-1.10-issue
[cherry-pick]Fix bug in master about 1.10
2019-12-06 10:07:35 +08:00
Will Sun
46e004b167
Merge pull request #10144 from AllForNothing/release-1.10.0
Modify ui to fix some bugs(cherry-pick #10143)
2019-12-06 09:09:39 +08:00
Wenkai Yin
0e821a9237 Sort the tag before returning the list when calling API
Sort the tag before returning the list when calling API list tag API

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-12-05 19:54:11 +08:00
sshijun
ef8041511d Modify ui to fix some bugs
Signed-off-by: sshijun <sshijun@vmware.com>
2019-12-05 18:28:01 +08:00
He Weiwei
91af4f2413
chore(scanner): upgrade clair scanner to 1.0.1 (#10148)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-12-05 17:52:16 +08:00
Yogi_Wang
3071926f75 Fix bug in master about 1.10
Signed-off-by: Yogi_Wang <yawang@vmware.com>

Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-12-05 16:41:31 +08:00
danfengliu
cc66b0f44d
Merge pull request #10153 from danfengliu/cherry-pick-internal-registry
[Cherry-Pick-To-1.10] Add local registry for nightly quotas test
2019-12-05 15:03:40 +08:00
Daniel Jiang
8d3df218d9 Get rid of case-sensitivity in authproxy setting
This commit removes the attribute to control case-sensitivity from
authproxy setting.
The result in token review status will be used as the single source of
truth, regardless the case of the letters in group names and user names.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-05 14:49:41 +08:00
Ziming Zhang
2b378899df upgrade clair to v2.1.1
Change-Id: Idb2ad0470a51666d75895d8c5e68d80a67e05276
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-12-05 14:28:32 +08:00
Danfeng Liu (c)
bfc5c28fde As we like to use a local registry for nightly quotas test, so that the sample image will not be update without noticed, so modify quotas test case to use local image for pulling.
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2019-12-05 14:00:24 +08:00
wang yan
1ea5ed0381 improve pulling vulnerable images warning message
To make the message more friendly and readable for the end-user

Signed-off-by: wang yan <wangyan@vmware.com>
2019-12-05 11:36:04 +08:00
Daniel Jiang
bd28ad1ae7
Merge pull request #10132 from reasonerjt/authproxy-server-setting-v1.10
Support pinning to authproxy server's cert - Cherrypick to 1.10
2019-12-04 22:58:53 +08:00
Daniel Jiang
8329c209db Support pinning to authproxy server's cert
This commit add an attribute to configurations, whose value is the
certificate of authproxy server.  When this attribute is set Harbor will
pin to this cert when connecting authproxy.
This value will also be part of the response of systemInfo API.

This commit will be cherrypicked to 1.10 and 1.9 branch.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-04 16:10:45 +08:00
stonezdj(Daojun Zhang)
98d932cd57
Merge pull request #10051 from reasonerjt/groups-review-token-filter-1.10
populate group list when doing token review - cherrypick to 1.10
2019-12-03 11:07:26 +08:00
Daniel Jiang
ae2d0f0588
Merge pull request #10026 from ninjadq/migrator_miss_component_no_proxy_110
Add default domainname for no_proxy
2019-12-03 10:51:12 +08:00
Qian Deng
eabeb5982f
Merge pull request #10028 from ninjadq/fix_ca_bundle_path_join_110
Fix ca bundle path join issue
2019-12-02 13:56:58 +08:00
Daniel Jiang
21129a6d1b
Merge pull request #10048 from reasonerjt/fix-proj-length-1.10.0
Update minimum length of project name - cherry pick to 1.10
2019-12-02 11:22:44 +08:00
Daniel Jiang
cfff4d6d59 populate group list when doing token review
This commit fixes #9869
It has some refactor to make sure the group is populated when user is
authenticated via tokenreview workflow.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-29 20:09:32 +08:00
Daniel Jiang
3a6e7433e7 Update minimum length of project name
This commit fixes #9946, that when creating a project the minimum length
should be 1, not 2.

This commit should be cherry picked to 1.9.x and 1.10.x branch .

We need to double check if this change impacts the creation of replication
rule.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-29 19:33:23 +08:00
Daniel Jiang
798059aed5
Merge pull request #10013 from heww/permission-checking-improvement
perf(rbac): add permission evaluator to improve performance
2019-11-29 11:23:56 +08:00
Will Sun
2d21c3f2fa
Merge pull request #10021 from AllForNothing/release-1.10.0
Disable scan now button if no default scanner(cherry-pick #10032)
2019-11-29 10:04:34 +08:00
sshijun
ac6545c784 Fix tag-retention ui bug and disable scan button
Signed-off-by: sshijun <sshijun@vmware.com>
2019-11-28 17:53:27 +08:00
He Weiwei
8738e61a42 perf(rbac): add permission evaluator to improve performance
1. Introduce Evaluator interface which do the permission checking.
2. Do permission checking in security context by `Evaluator`.
3. Cache the regexp in keyMatch for casbin.
4. Cache rbac evaluator in namespace evaluator to improve performance.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-28 05:16:26 +00:00
DQ
3aedae86b2 Fix ca bundle path join issue
CA bundle name start with '/' will break the os path join

Signed-off-by: DQ <dengq@vmware.com>
2019-11-27 18:48:23 +08:00