DQ
cdb675bf3d
Add proxy cert file to jobservice when https enabled
...
jobservice may request via absolute path of url to harbor
Signed-off-by: DQ <dengq@vmware.com>
2020-04-04 17:44:34 +00:00
DQ
23ed189ed4
Add SAN to gencert script
...
add localhost and 127.0.0.1 to SAN
Signed-off-by: DQ <dengq@vmware.com>
2020-04-04 17:44:34 +00:00
He Weiwei
77a8c3205f
fix(prepare): not accpet items of false value in external_redis
...
Item in yaml without value will be as None in python, which will make
the password of redis as `None` in `get_redis_configs`. This fix will
not accept items of `false value` in `external_redis` configurations.
Closes #11367
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-04-03 04:09:26 +00:00
Qian Deng
a702c32346
Merge pull request #11063 from ninjadq/fix_syslog_dir_in_tpl
...
Fix: fix logrotate is dir issue
2020-04-02 11:37:29 +08:00
Qian Deng
0319baabcb
Merge pull request #11381 from ninjadq/enhance_migrate_config
...
Enhance migrate config
2020-04-02 10:00:38 +08:00
DQ
dc271e1a87
Add packaging to pipenv
...
Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 22:54:47 +08:00
DQ
d636f2ea5c
Enhance help message
...
Provide more info in help message
Add requried opition and they will show missing option if you are not provide them instead of Exception
Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 17:02:59 +08:00
DQ
b2e1905e7a
Enhance: Stop upgrade when input version less then 1.9.0
...
The migration script should failure early when version is not supported
Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 15:35:49 +08:00
Ziming Zhang
ae7834af0b
feat(cicd) fix build base image
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-26 10:55:40 +08:00
Qian Deng
9e101b73a4
Merge pull request #11156 from ninjadq/migrate_config_to_harbor2
...
Migrate config to harbor2
2020-03-25 16:02:18 +08:00
DQ
85ec0e7820
Enhance: Refactor the migration structure
...
1. Refactor structure of migrate file
2. fix some previous bugs
Signed-off-by: DQ <dengq@vmware.com>
2020-03-23 21:26:28 +08:00
DQ
444678fe07
Fix: module path raise exception when it is loop
...
add test for loop
Signed-off-by: DQ <dengq@vmware.com>
2020-03-23 19:29:59 +08:00
Maosheng Ren
1dbec0c1d7
Fix a typo in the help message of install.sh ( #11167 )
...
Signed-off-by: ren maosheng <stevenr@vmware.com>
2020-03-23 10:30:37 +08:00
DQ
e8bb977ae1
Feat: Upgrade configs to harbor 2.0
...
add migrate files for harbor 2.0
Signed-off-by: DQ <dengq@vmware.com>
2020-03-20 15:20:32 +08:00
DQ
1e0c9f7231
Feat: Add config migrator to prepare
...
deprecated migrator container and move config migration to prepare
Signed-off-by: DQ <dengq@vmware.com>
2020-03-20 03:04:10 +08:00
Steven Zou
2859cd8b69
Merge pull request #11134 from danielpacak/feat/issue_11090/trivy_skip_update_flag
...
feat(trivy): Configure Trivy to skip database updates
2020-03-19 18:13:08 +08:00
Wenkai Yin(尹文开)
9ebcf95758
Merge pull request #11122 from ywk253100/200318_replication_task
...
Increase the length the columns (src_resource, dst_resource)of replication_task
2020-03-19 12:16:27 +08:00
DQ
f18a546429
Fix: return error when internal_tls_not_provided
...
When iinternal_tls is empty, prepare should works as usual
Signed-off-by: DQ <dengq@vmware.com>
2020-03-19 10:37:58 +08:00
Daniel Pacak
7325105714
feat(trivy): Configure Trivy to skip database updates
...
Resolves : #11090
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-18 17:11:47 +01:00
DQ
6e8d44101f
Enhance: User can generate cert by their own ca key pair
...
User can put their ca key pair on internal cert dir and name them to `harbor_internal_ca.key` and `harbor_internal_ca.crt` we wil use them to generate other certs
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
b93092e012
Add tls for trivy
...
Add trivy tls cert files
Add tivey tls env and config
enhance gencert
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
c954969bcd
Add mTLS configs
...
mTLS only enabled in jobservice and registryctl
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
c5d73e6a0c
Add switch to https
...
use switch to make decision whether mTLS or server TLS
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
454382149f
TLS update for chart, clairadapter, registry
...
Remove trustca in chartmuseum
Remove trustca in registry
Add tls in clair-adapter
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
03e11c63c7
Fix docker file with secure tls change
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
dcc6950af7
Feat: auto install ca in registry
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
b852605193
Feat: enable mtls in harbor replication
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
40e67f3b14
Feat: Enable mtls for registry
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
07a1d51693
Feat: enable tls in registryctlAdd tls related code in registryctl
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
da359f609f
Feat: enable mtls in core
...
add mtls related code in core
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
a4855cca36
Feat: update prepare to support tls
...
update makefile
add model for prepare
update jinja template for prepare
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
Wang Yan
b4e941e961
drop table access log in migration ( #11118 )
...
Use the audit log instead, the access log table should be dropped after migration
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-18 19:04:38 +08:00
Wenkai Yin
ac9658bc1e
Increase the length the columns (src_resource, dst_resource)of replication_task
...
Fixes #10786 by increaseing the length of src_resource and dst_resource to 256
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-18 17:05:32 +08:00
He Weiwei
7d20154db5
fix: remove old artifact model ( #11112 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-03-18 14:20:06 +08:00
Daniel Pacak
9c13116963
chore(trivy): Allow configuring HTTP(S) proxy
...
Resolves : #11032
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-16 12:26:49 +01:00
Daniel Pacak
46fb43bc25
chore: Bump up Trivy adapter to v0.4.0
...
Allows configuring SCANNER_TRIVY_GITHUB_TOKEN environment variable,
which is passed to trivy executable binary when it starts scanning
a given artifact.
This is to increase GitHub requests rate limit from 60 per hours
(for anonymous requests) to 5000 when Trivy download its
vulnerabilities database.
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-16 09:53:16 +01:00
DQ
1eeea6b888
Fix: fix logrotate is dir issue
...
Change it to bind command
Signed-off-by: DQ <dengq@vmware.com>
2020-03-13 14:58:45 +08:00
Wenkai Yin
a4a1913598
Repair the count usage during the upgrading
...
As the count quota is against artifact rather than tag in 2.0, the count usage should be recalculated
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-13 13:59:48 +08:00
Ted Guan
4ac31c6d46
Add API for query supported event types and notify types; Return policy name in last trigger info; Remove project_id unique constraint in table notification_policy ( #11029 )
...
Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>
2020-03-11 18:06:58 +08:00
Wenkai Yin(尹文开)
8452100148
Merge pull request #10942 from ywk253100/200305_reference
...
Persistent the URLs and annotations of artifact references in database
2020-03-11 16:20:18 +08:00
Wang Yan
bd7940217a
upgrade golang version to v1.13.8 ( #11006 )
...
The vesrion contains two security bug fix - CVE-2020-0601, CVE-2020-7919
More details, see the golang milestone:
https://github.com/golang/go/issues?q=milestone%3AGo1.13.8+label%3ACherryPickApproved
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-11 12:20:06 +08:00
Ziming Zhang
695a2559be
feat(cicd) use unified version as tag name, clean more
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 17:13:28 +08:00
Ziming Zhang
200c352c35
feat(cicd) use unified version as tag name
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 15:30:03 +08:00
Daniel Jiang
6d89553c4d
Merge pull request #10937 from reasonerjt/csrf-2.0
...
Update CSRF mechanism
2020-03-09 12:31:08 +08:00
Wenkai Yin(尹文开)
75eb7a8c5a
Merge pull request #10955 from wy65701436/migrate-access
...
add sql for migrating access log
2020-03-09 10:00:08 +08:00
Daniel Jiang
ae5ffce83a
Update CSRF mechanism
...
This commit replaces beego's CSRF mechanism with gorilla's csrf library.
The criteria for requests to skip the csrf check remain the same.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-03-09 01:15:54 +08:00
wang yan
288c7790d0
add sql for migrating access log
...
1, loop each access log, change to resource/resource_type, and insert into audit log
2, loop each first push operation, change it to create repository and insert into audit log.
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-06 12:06:12 +08:00
wang yan
2b0b7576b2
Fix gc issue on clean the artifact trash
...
1, enable dao test for artifact trash
2, set default flush trash table to false
3, hanlder empty parameter in API call
4, add registry auth info into jobservice container
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-06 03:11:31 +08:00
stonezdj(Daojun Zhang)
49619e1907
Merge pull request #10939 from wy65701436/access-log-mgr
...
add audit logs API
2020-03-05 16:24:21 +08:00
wang yan
df237a5b17
add audit logs API
...
1, add API entry for get audit logs
2. add audit log manager to hanlder CRUD
Use the new format of audit log to cover differernt resource, artifact/tag/repostory/project
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-05 11:40:51 +08:00
Wenkai Yin
76c04b0219
Persistent the URLs and annotations of artifact references in database
...
Persistent the URLs and annotations of artifact references in database
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-05 10:54:45 +08:00
Will Sun
a5d9a3b65d
Merge pull request #10863 from AllForNothing/api-center
...
Fix Api cennter
2020-03-05 10:00:15 +08:00
Wenkai Yin(尹文开)
4fa4c4e74c
Merge pull request #10815 from cd1989/redis-idle-timeout
...
Set redis idle timeout for core
2020-03-03 14:10:22 +08:00
Wenkai Yin
4c9b59c904
Migrate artifact data in 2.0
...
Abstract extra attributes and annotations for artifacts stored in database
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-28 18:09:02 +08:00
jwangyangls
572510c82d
Merge pull request #10755 from Snaacker/master
...
Fix typo
2020-02-28 11:59:51 +08:00
Daniel Jiang
1823c984f7
Merge branch 'master' into redis-idle-timeout
2020-02-27 22:01:22 +08:00
AllForNothing
d41c5496a2
Fix Api cennter
...
Signed-off-by: AllForNothing <sshijun@vmware.com>
2020-02-27 15:55:20 +08:00
Wenkai Yin
02c2647e1e
Use the repository name of artifact model
...
As we store the repository name in the artifact table, we can use it direclty in the code to reduce the database query
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-26 13:37:09 +08:00
stonezdj(Daojun Zhang)
a7e5873f46
Merge pull request #10821 from stonezdj/20200224_remove_notification
...
Remove registry notification and change core health check url
2020-02-25 13:34:37 +08:00
Ziming Zhang
94230b5e19
feat(cicd) fix some build problem
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-02-25 12:05:39 +08:00
stonezdj
6005101c95
Remove registry notification and change /api/ping
...
Update config.yaml.jinja to remove notification
Change api/ping in core/Dockerfile
Signed-off-by: stonezdj <stonezdj@gmail.com>
2020-02-25 11:24:21 +08:00
Wang Yan
948d45604c
Revise the GC job flow,
...
1, set harbor to readonly
2, select the candidate artifacts from Harbor DB.
3, call registry API(--delete-untagged=false) to delete manifest bases on the results of #2
4, clean keys of redis DB of registry, clean artifact trash and untagged from DB.
5, roll back readonly.
Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-24 18:29:55 +08:00
Wenkai Yin
bd204464f3
Remove dead code
...
Remove dead code
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-23 17:11:46 +08:00
dechen
e642a73280
Set redis idle timeout for core
...
Signed-off-by: dechen <xxyydream@gmail.com>
2020-02-23 12:31:56 +08:00
Wenkai Yin
9312b788dc
Upgrade the artifact table
...
Split the table artifact into artifact and tags, and populate related data
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-21 20:37:31 +08:00
Wang Yan
22021a988e
Merge pull request #10753 from wy65701436/artifact-trash
...
add artifact trash manager
2020-02-19 19:14:48 +08:00
Steven Zou
f1374737f6
Merge pull request #10694 from danielpacak/feature/install_with_trivy
...
chore(install): Add --with-trivy arg to the installation script
2020-02-19 16:27:57 +08:00
Wang Yan
f160505686
add artifact trash manager
...
1, move the deleted artifact into trash
2, disable GC to delete the untagged manifest
Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-19 14:52:58 +08:00
Tran Huy
2aed96851e
Fix typo
...
Signed-off-by: Tran Huy <Tran.Huy@ericsson.com>
2020-02-18 13:26:59 +01:00
Wenkai Yin(尹文开)
341cb88cba
Merge pull request #10727 from ywk253100/200214_bump_up_legacy_api_version
...
Bump up legacy api version to v2.0
2020-02-18 10:37:25 +08:00
Wenkai Yin(尹文开)
d7903fcf1b
Merge pull request #10682 from ywk253100/200126_label
...
Support add/remove label to/from artifact
2020-02-17 11:33:45 +08:00
Daniel Pacak
1b60bb255c
refactor(Makefile): Add variables for download URLs
...
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-02-14 11:58:59 +01:00
Wenkai Yin
94787ea60d
Bump up the version of legacy APIs to v2.0
...
Bump up the version of legacy APIs to v2.0
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-14 13:16:30 +08:00
Daniel Pacak
70dda1387a
chore: Configure Redis URL for Trivy adapter
...
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-02-13 17:57:02 +01:00
Daniel Pacak
4755439b75
chore: Build Trivy adapter from sources
...
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-02-13 15:32:57 +01:00
Wenkai Yin
93731eeb2e
Support add/remove label to/from artifact
...
This commit add supporting for adding/removing label to/from artifacts and populates labels when listing artifacts
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-13 10:46:23 +08:00
Daniel Pacak
a642667ffc
chore(install): Add --with-trivy arg to the installation script
...
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-02-12 23:47:56 +01:00
Ziming Zhang
6047a8102a
fix(feat) fix prepare version in installer
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-02-06 10:58:29 +08:00
Will Sun
acfcd2d175
Merge pull request #10489 from AllForNothing/postinstall
...
Fix postinstall script in Docker
2020-02-03 14:13:12 +08:00
Daniel Jiang
2064a1cd6d
Switch to basic authentication for registry
...
1. Add basic authorizer for registry which modify the request
to add basic authorization header to request based on configuration.
2. Set basic auth header for proxy when accessing registry
3. Switche the registry to use basic auth by default and use the basic
authorizer to access Harbor.
4. Make necessary change to test cases, particularly
"test_robot_account.py" and "docker_api.py", because the error is
changed after siwtched to basic auth from token auth. #10604 is opened
to track the follow up work.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-01-31 21:46:47 +09:00
Wenkai Yin
7dc28bcff9
Add foreign key to avoid the concurrent issue
...
Add foreign key to avoid the concurrent issue when operating the artifacts, tags and references
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-01-21 16:03:51 +08:00
sshijun
3175d5f646
Fix postinstall script in Docker
...
Signed-off-by: sshijun <sshijun@vmware.com>
2020-01-15 16:28:57 +08:00
Daniel Jiang
a087ba02e3
Populate basic auth information for registry
...
This commit updates `prepare` and templates to populate the credential
for registry for basic authentication.
A temporary flag `registry_use_basic_auth` was added to avoid breakage.
It MUST be removed before the release.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-31 14:50:46 +08:00
Wenkai Yin(尹文开)
5f11ca4df6
Merge pull request #10248 from ywk253100/191213_controller
...
Define the interface for artifact manager
2019-12-24 17:44:18 +08:00
Wenkai Yin
ac605db5da
Define the controller/manager interface for artifact and tag
...
1. Define the controller/manager interface for artifact and tag
2. Provide a null implementation for artifact manager
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-12-24 17:12:55 +08:00
Ziming
e32649adb4
enhance[cicd] introduce github action for CICD
...
In order to replace travis.
Implement 5 CI jobs
- UTTEST
- APITEST_DB
- APITEST_LDAP
- OFFLINE
- UI_UT
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-12-17 18:36:33 +08:00
Wenkai Yin
7b41c900a7
Create the models for OCI supporting
...
This commits does some basic init work for supporting OCI:
1. Create the artifact and tag model
2. Create database tables
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-12-12 16:05:38 +08:00
Steven Zou
7bf9372f32
chore[api]:rename API folder to api
...
- update swagger yaml file reference in `Makefile`
- update swagger yaml file reference in `README`
- update swagger yaml file reference in `docs/configure_swagger.md`
- update swagger yaml file reference in `make/photon/portal/Dockerfile`
- update swagger yaml file reference in `tests/swaggerchecker.sh`
Signed-off-by: Steven Zou <szou@vmware.com>
2019-12-11 17:41:27 +08:00
Wang Yan
550d690997
Merge pull request #10135 from bitsf/upgrade_clair
...
upgrade clair to v2.1.1
2019-12-06 11:52:10 +08:00
Ziming
9cad403762
fix(build): npm install with special endpoint ( #10168 )
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: Iaaf33310a2621d58cdc3b9d3359607a961fef05e
2019-12-06 11:45:48 +08:00
Wang Yan
2a63382236
Merge pull request #10047 from bitsf/makefile_clean
...
optimize the makefile process
2019-12-05 19:03:19 +08:00
He Weiwei
4ea5c41553
chore(scanner): upgrade clair scanner to 1.0.1 ( #10147 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-12-05 17:52:37 +08:00
Ziming Zhang
332f88ec8c
add make clean
...
Change-Id: Ibe806972a19cd69bfd90be051cdc340c4d7c6afb
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-12-05 14:44:07 +08:00
Ziming Zhang
744ae62831
upgrade clair to v2.1.1
...
Change-Id: Idb2ad0470a51666d75895d8c5e68d80a67e05276
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-12-05 14:27:26 +08:00
Wenkai Yin(尹文开)
d145f4baf4
Merge pull request #10034 from ywk253100/191128_clean
...
Clean up admiral-related code
2019-12-04 17:33:31 +08:00
stonezdj(Daojun Zhang)
339c1d4cab
Merge pull request #10088 from reasonerjt/authproxy-cert-setting
...
Support pinning to authproxy server's cert
2019-12-04 14:03:27 +08:00
Daniel Jiang
7bb71db478
Merge pull request #10003 from ninjadq/migrator_miss_component_no_proxy
...
Add default domainname for no_proxy
2019-12-03 10:50:32 +08:00
Daniel Jiang
902598fabd
Support pinning to authproxy server's cert
...
This commit add an attribute to configurations, whose value is the
certificate of authproxy server. When this attribute is set Harbor will
pin to this cert when connecting authproxy.
This value will also be part of the response of systemInfo API.
This commit will be cherrypicked to 1.10 and 1.9 branch.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-03 07:31:26 +08:00
Qian Deng
e5f8c2d779
Merge pull request #10022 from ninjadq/fix_ca_bundle_path_join
...
Fix ca bundle path join issue
2019-12-02 11:31:23 +08:00
Wenkai Yin
dd2bc0ecef
Clean up admiral-related code
...
Clean up admiral-related code as it's useless
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-11-28 17:28:54 +08:00
DQ
79344887b9
Fix ca bundle path join issue
...
CA bundle name start with '/' will break the os path join
Signed-off-by: DQ <dengq@vmware.com>
2019-11-27 18:37:45 +08:00
Will Sun
a52b99e180
Merge branch 'master' into remove-lib
2019-11-27 17:44:30 +08:00
DQ
ed6438cf69
Add default domainname for no_proxy
...
All internal service and known internal hostname shuold add to no_proxy by default
Signed-off-by: DQ <dengq@vmware.com>
2019-11-27 15:10:42 +08:00
sshijun
c692f5c67e
Move lib into src for better UI building
...
Signed-off-by: sshijun <sshijun@vmware.com>
2019-11-27 09:59:06 +08:00
wang yan
7b664f64f1
Bump up golang version to v1.13.4
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-26 19:18:45 +08:00
Wang Yan
60101c4ea1
Merge pull request #9964 from heww/fix-clair-updaters-disable
...
fix(prepaire,clair): disable clair updaters when its interval is 0
2019-11-22 13:38:34 +08:00
He Weiwei
b8308f41a0
fix(prepaire,clair): disable clair updaters when its interval is 0
...
Closes #9961
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-22 03:31:20 +00:00
stonezdj
938168b8ad
Failed to start harbor when proxy is set
...
Fix #9614 , all communication between internal components should bypass the proxy
Add chartmuseum, notary-server,clair-adapter to the no_proxy list in harbor.yml
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-11-22 11:22:51 +08:00
stonezdj(Daojun Zhang)
2b0ede5341
Merge pull request #9829 from reasonerjt/rm-k8s-install
...
Remove scripts to deploy Harbor on k8s
2019-11-19 15:53:49 +08:00
Wang Yan
eab974419c
Merge pull request #9825 from stonezdj/bug_9681
...
Avoid to create duplicated immutable tag rules in the same project
2019-11-18 17:26:22 +08:00
stonezdj
15898f2069
Avoid to create duplicated immutable tag rules in the same project
...
Fix #9681 , add constraint on immutable_tag_rule and catch the error
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-11-15 14:46:23 +08:00
Daniel Jiang
2fcd174e4b
Merge pull request #9828 from wy65701436/cii-docker-base
...
add base images when to build harbor assets
2019-11-15 14:24:11 +08:00
He Weiwei
fe69a5df99
build(scanner-adapter): bump up clair adapter to v1.0.1-rc2
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-13 02:35:21 +00:00
wang yan
47793e77e3
update base file name ane pass base version to build file
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 19:12:49 +08:00
Wang Yan
544cc98971
add base images when to build harbor assets
...
* add base images when to build harbor assets
Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 15:38:51 +08:00
Daniel Jiang
39a22d4470
Remove scripts to deploy Harbor on k8s
...
This commit removes scripts have been deprecated for a while and users have to use
helm chart to deploy Harbor on top of k8s cluster.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-11 19:23:22 +08:00
Yogi_Wang
cddc1149f1
Modify the memory of nodejs used from 8192MB to 2048MB
...
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-11-11 17:05:42 +08:00
Wang Yan
6da183d576
Merge pull request #9800 from ninjadq/failure_earlier_of_ca_bundle_permission_check
...
Failure earlier of ca bundle permission check
2019-11-11 14:09:21 +08:00
Wang Yan
0b09bd14b1
Merge pull request #9756 from ninjadq/add_ignore_media_type
...
Add ignore mediatypes for registry
2019-11-08 18:34:13 +08:00
DQ
80c3e76b5a
check the permission of ca bundle file
...
CA bundle need check before use
Signed-off-by: DQ <dengq@vmware.com>
2019-11-08 15:34:17 +08:00
DQ
7237067d63
Bump config version
...
Bump version to 1.10
Signed-off-by: DQ <dengq@vmware.com>
2019-11-07 17:06:20 +08:00
Daniel Jiang
06e4e124d8
Refine request handle process ( #9760 )
...
* Refine request handle process
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-07 13:02:17 +08:00
DQ
45868107aa
Add ignore mediatypes for registry
...
Add these mediatypes to reduce the amount of registry event
Signed-off-by: DQ <dengq@vmware.com>
2019-11-06 21:39:08 +08:00
Wang Yan
a9e8c6a430
Merge pull request #9738 from ninjadq/fix_install_script
...
Fix install script
2019-11-06 14:24:07 +08:00
Steven Zou
240f771006
Merge pull request #9733 from steven-zou/fix/scan_all_enhancements
...
do improvements to the scan all job
2019-11-05 16:22:50 +08:00
Steven Zou
ebc5d2482b
do improvements to the scan all job
...
- update scan all job to avoid sending too many HTTP requets
- update scan controller to support scan options
- update the db schema of the scan report to introduce requester
- introduce scan all metrics to report the overall progress of scan all job
- fix the status updating bug in scan report
- enhance the admin job status updats
- add duplicate checking before triggering generic admin job
- update the db scheme of admin job
fix #9705
fix #9722
fix #9670
Signed-off-by: Steven Zou <szou@vmware.com>
2019-11-05 15:12:07 +08:00
Wang Yan
27cb25cc04
Merge pull request #9400 from ninjadq/inject_certs_to_non_root
...
Inject certs to non root
2019-11-05 14:49:08 +08:00
DQ
75c91273bc
Fix install script
...
Move load images to above
Signed-off-by: DQ <dengq@vmware.com>
2019-11-05 11:22:30 +08:00
DQ
ece321a53a
Change certs's owner to 10000
...
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 17:38:41 +08:00
Wang Yan
3f39b0ba4f
Merge pull request #9550 from ninjadq/enable_https_by_default
...
Enable https by default
2019-11-04 16:51:33 +08:00
DQ
a0462f0baa
Change the clair container to non root user
...
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
DQ
d0ed075b91
Change chartmuseum container to non-root
...
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
DQ
1c76d52152
Add registryctl to non-root
...
And the install_cert.sh will changed for non-root too
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
Qian Deng
336dbfd3e1
Merge pull request #9452 from ninjadq/add_certs_in_specific_dir
...
All certs in /harbor_cust_certs will appended to ca_bundle
2019-11-01 13:13:18 +08:00
Daniel Jiang
02dab35a43
Merge pull request #9683 from ninjadq/upgrade_python_rand_gen
...
Replance python ran lib to secrets
2019-10-31 21:51:38 +08:00
DQ
873d9f5b82
Enable https by default
...
1. Umcomment https related configs
2. Remove the https prepare related thing in ci
Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 20:58:09 +08:00
DQ
2529f69fba
All certs in /harbor_cust_certs will appended to ca_bundle
...
Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 20:51:08 +08:00
Daniel Jiang
bc65609a10
Merge pull request #9657 from wy65701436/quota-sync-switcher
...
add a switcher for quota sync on core launch
2019-10-31 19:22:23 +08:00
Wang Yan
fa784d7514
Merge pull request #9649 from wy65701436/fix-9081
...
add ldflags for harbor compiler and linker
2019-10-31 19:14:16 +08:00
DQ
6c01049d94
Replance python ran lib to secrets
...
Secrets is included in python 3.6, so just import and use it
Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 17:23:19 +08:00
wang yan
c46d7e856a
add a switcher for quota sync on core launch
...
As the quota sync is default called by harbor-core on every launch, and it will break the launch process if any failure throwed.
1, The commit is to provide an switcher for the system admin to bypass the quota sync.
2, In case Harbor goes into the restarting cycle.
Harbor already provides an internal API to sync quota data, in the failure case,
system admin can launch harbor and call the /api/internal/syncquota to sync quota.
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-31 16:17:27 +08:00
Steven Zou
7b6e83090e
create API folder to keep API swagger files
...
- create API folder
- move harbor API swagger file to API/harbor
- add scanner adapter open API swagger file to API/scanner
- update protal build Dockerfile
- update swagger explorer build command in Makefile
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-30 21:41:03 +08:00
wang yan
253e87d186
inject ldflags for harbor compiler and linker
...
1, replace the UIVERSION file with ldflags, which is generarted by make to inject into the UI core.
2, inject additional ldflags for harbor compiler
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-30 18:31:42 +08:00
He Weiwei
b0f7404231
chore(log): log level support for clair adapter ( #9640 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-29 16:50:26 +08:00
He Weiwei
28e0c0693b
Upgrade clair adapter to v1.0.0
...
1. Upgrade clair adapter to v1.0.0.
2. Make the clair adapter which installed by harbor immutable and using internal registry address.
3. Add support to build clair adapter image from binary.
4. Switch to ScannerPull action when make authorization for the scan request.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-26 17:25:36 +00:00
wang yan
f9996663d8
update immutable rule API
...
1, unify disable and enable
2, fix update rule error
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-25 14:11:07 +08:00
Steven Zou
cb59ba3bbc
support using internal registry addr to perform scan
...
- do changes to the sql schema
- add `UseInternalAddr` and `Immutable` properties to scanner registration
- support multiple authentication type
- basic
- bearer token
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-24 18:28:35 +08:00
Wang Yan
d503f2a245
Merge pull request #9489 from reasonerjt/bump-up-golang
...
Bump up golang to 1.12.12
2019-10-22 10:54:35 +08:00
Daniel Jiang
6e131d511c
Hide DB URL from notary migrator script
...
This commit modify the log message from upstream notary DB migrator, to
make sure the DB URL is not displayed.
Fixes #7510
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-21 23:10:27 +08:00
Daniel Jiang
dbe6ebceec
Bump up golang to 1.12.12
...
Bump up the golang for compiling the binaries to 1.12.12
This commit also includes some minor changes to Makefile to fix issue in
building the binary files.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-21 15:55:58 +08:00
He Weiwei
bf6a14c9ad
feat(role): introduce a limited guest role ( #9403 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-20 14:21:28 +08:00
wang yan
8c4cf17129
disable noglob after import common
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-18 17:55:33 +08:00
Steven Zou
0f16913635
rebase: resolve the code confilcts with master
...
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-17 17:42:41 +08:00
He Weiwei
8964a8697a
build(clair): internal clair adapter when install with clair
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-17 12:00:51 +08:00
Steven Zou
f18afc0a3f
do changes to let the vul policy check compatiable with new framework
...
- update the scan/scanner controller
- enhance the report summary generation
- do changes to the vulnerable handler
- remove the unused clair related code
- add more UT cases
- update the scan web hook event
- drop the unsed tables/index/triggers in sql schema
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-16 23:15:26 +08:00
stonezdj(Daojun Zhang)
0fa4934679
Merge pull request #8596 from JakubOnderka/patch-4
...
nginx: Remove TLSv1.1 support
2019-10-16 11:39:55 +08:00
wang yan
25f638a989
Merge branch 'master' of https://github.com/goharbor/harbor into robot-invisiable
2019-10-14 14:35:45 +08:00
wang yan
3e81bd7f1d
add visible attribute to robot account
...
The commit is to make robot controller could create invisible robot account for internal use
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-12 00:51:48 +08:00
Steven Zou
9fd8b6306c
refactor code to reflect code review comments
...
- refactor the db schema \
- refactor permission checking in API handlers \
to follow the latest code/interface changes
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-11 18:07:47 +08:00
Steven Zou
58afd8e14b
[stage3] support pluggable scanner
...
- implement scan controller
- add scan resource and update role bindings
- update registration model and related interfaces
Signed-off-by: Steven Zou <szou@vmware.com>
- implement scan API to do scan/get report/get log
- update repository rest API to produce scan report summary
- update scan job hook handler
- update some UT cases
- update robot account making content
- hidden credential in the job log
Commnet scan related API test cases which will be re-activate later
fix #8985
fix the issues found by codacy
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-11 12:53:02 +08:00
Daniel Jiang
49f12d0b16
Merge pull request #8786 from reasonerjt/fix-8622
...
Extract shared func for checkenv and install scripts
2019-10-10 16:53:51 +08:00
He Weiwei
6fbb77d65a
build(portal): npm registry configurable and build cache support ( #9356 )
...
1. Introduce NPM_REGISTRY in Makefile to support npm registry
configuration when build portal image.
2. Install npm pkgs before copy portal src so that build cache works for
npm install in portal image.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-10 15:29:50 +08:00
Daniel Jiang
b9154a858b
Extract shared func for checkenv and install scripts
...
This commit fixes #8622 by extract shared func into common.sh to avoid
inconsistency in future.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-10 15:07:09 +08:00
Wang Yan
7e73dfb754
Merge pull request #9221 from wy65701436/fix-9186
...
patch registry fix of issue 2553
2019-09-26 19:34:18 +08:00
wang yan
3cf7e702be
patch regsitry fix of issue 2553
...
This commit is target to fix harbor issue #9186 , which root cause is mentioned by
https://github.com/docker/distribution/issues/2553 , and fixed by https://github.com/docker/distribution/pull/2879 .
As the latest distribution release(v2.7.1) does not contain this fix, but it will break the quota migraion process on S3 storage, we have to path this fix into Harbor regsitry binary.
[Tag Version]
It uses the issue number(2553) as the tag naming convention, like v2.7.1-patch-2553, means that we patch the fix of issue 2553 into v2.7.1.
[Note]
So far, this fix is only targets on docker regsitry v2.7.1. If the registry has this fix in new release, we'll move on.
Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-26 18:27:53 +08:00
Qian Deng
578adaa064
Merge pull request #9240 from ninjadq/add_extra_headers_in_nginx
...
Add headers in nginx config file
2019-09-26 10:27:08 +08:00
DQ
2bc11200d6
Move db change to new migration file
...
DB should move to new migration file cause 1.9 is already released
Signed-off-by: DQ <dengq@vmware.com>
2019-09-25 15:57:03 +08:00
DQ
e7394041ab
Add headers in nginx config file
...
extra headered added in https and http config
Signed-off-by: DQ <dengq@vmware.com>
2019-09-24 17:50:40 +08:00
stonezdj(Daojun Zhang)
ec559b0585
Merge pull request #9123 from stonezdj/immutable_tags
...
Add DAO for immutable tags
2019-09-23 21:46:07 +08:00
Steven Zou
a73f896f23
Merge pull request #9154 from steven-zou/feature/pluggable_scanner_s2
...
[stage2]support pluggable scanner
2019-09-23 21:12:27 +08:00
stonezdj
29d2bcce99
Add DAO for immutable tags
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-09-23 16:45:07 +08:00
Steven Zou
d616bc3509
add scan report CRUD supporting and
...
- change error collection in scan job
- add dead client checking in client pool
- change key word type to interface{} for q.Query
- update bearer authorizer
- add required UT cases
Signed-off-by: Steven Zou <szou@vmware.com>
2019-09-23 16:21:39 +08:00
Steven Zou
0c19eba8c2
[stage2]support pluggable scanner
...
- add scanner rest API v1 spec
- implement v1 client which is used to talk to scanner adapter
- adjust data/orm models
- adjust code package structure
Signed-off-by: Steven Zou <szou@vmware.com>
- implement scan client which is used to talk to scanner adapter
- implement scan job which take the work of communicating with scanner
- update scanner mgmt API routes
- add corresponding UT cases
2019-09-23 09:37:54 +08:00
Daniel Jiang
3e5973fc6e
Add Secure flag to cookie
...
This commit modifies nginx configuration file to make sure the secure
flag is added to "Set-Cookie" header when Harbor is serving https
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 21:04:37 +08:00
Steven Zou
4c4897aef1
Merge pull request #9134 from steven-zou/feature/pluggable_scanners
...
support pluggable scanner
2019-09-19 16:08:24 +08:00
Steven Zou
e324a4d623
support pluggable scanner
...
- add DAO layer for scanner registration
- add CURD manager for scanner registration
- add API controller for plug scanner
- add REST APIs for CURD of plug scanner
- add migration sql:0011_1.10.0
- add scan interface definition (no implementations)
- add related UT cases with testify
fix #8979 #8990
Signed-off-by: Steven Zou <szou@vmware.com>
2019-09-18 21:56:45 +08:00
jwangyangls
6dd2ae90a0
Merge pull request #9011 from jwangyangls/upgrade_clarity-2.1
...
Upgrade angular from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
2019-09-18 10:45:40 +08:00
Yogi_Wang
a7c7a8e675
Upgrade angualr from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
...
Signed-off-by: Yogi_Wang <yawang@vmware.com>
Signed-off-by: Meina Zhou <meinaz@vmware.com>
Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-18 10:12:20 +08:00
Daniel Jiang
753219834e
Merge pull request #8960 from ninjadq/upgrade_hash_alg_for_pswd
...
Upgrade hash alg for pswd
2019-09-12 11:22:39 +08:00
DQ
ea5c27fcd5
Enhance: Upgrade encrypt alg to sha256
...
previous sha1 will still used for old password
Signed-off-by: DQ <dengq@vmware.com>
2019-09-09 21:48:21 +08:00
stonezdj(Daojun Zhang)
ca97c85279
Merge pull request #8927 from ninjadq/fix_config_with_components
...
Add logic to read clair and notary config
2019-09-09 15:50:09 +08:00
DQ
495a257ab5
Add logic to read clair and notary config
...
Signed-off-by: DQ <dengq@vmware.com>
2019-09-05 12:49:32 +08:00
Daniel Jiang
b75cbe1a7e
Merge pull request #8912 from ninjadq/no_cache_index_html
...
Add no-cache to index.html
2019-09-03 13:01:55 +08:00
Qian Deng
97c40df40f
Merge pull request #8593 from ninjadq/fix_wording_in_doc
...
Update config file names
2019-09-03 10:53:23 +08:00
DQ
d50df0f0db
Add no-cache to index.html
...
shouldn't cache index.html for access fresh page after upgrade.
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:48:02 +08:00
DQ
aef93af21f
Fix docker-compose version to 1.18.0
...
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:37:42 +08:00
DQ
377739204b
Update config file names
...
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:19:06 +08:00
stonezdj(Daojun Zhang)
469018ae9e
Merge pull request #8891 from ninjadq/fix_prepare_file_permission
...
Fix: prepare permission issue
2019-09-02 18:07:14 +08:00
Qian Deng
86f2bb26a3
Fix docker-compose file permmission
...
non-root user can see the content
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-09-02 13:57:18 +08:00
DQ
6ed3d52615
Fix: prepare permission issue
...
1. recursivele change ownership for all prepare dir
2. database file permission fix
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 10:04:38 +08:00
Wang Yan
6e462baa0d
Merge pull request #8837 from ninjadq/disable_redis_n_db_container_if_use_exeternal
...
Disable redis and db containers if external db enabled
2019-09-01 17:47:28 +08:00
He Weiwei
e2a19d8ab9
fix(build): max idle and open conn settings for external db ( #8854 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-29 15:04:10 +08:00
Wenkai Yin(尹文开)
5da4286ef4
Hard delete project metadata ( #8856 )
...
Hard delete project metadata
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-29 12:14:39 +08:00
Wang Yan
87893abc5e
Merge pull request #8829 from ywk253100/190822_retry_status
...
Add status revision to handle retrying in replication task
2019-08-28 10:55:13 +08:00
Wang Yan
39f78ae768
Merge pull request #7872 from cd1989/config-redis-pool-idletimeout
...
Config idle timeout for redis pool to avoid jobservice restarting
2019-08-27 14:46:01 +08:00
Wenkai Yin
7924f37d86
Add status revision to handle retrying in replication task
...
Add status revision to handle retrying in replication task
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-27 14:17:11 +08:00
wang yan
28f7b7a64e
fix #8839 : update bolb size type to bigint
...
and extend the length of content type to 1024
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-27 10:43:29 +08:00
DQ
fe3c71094b
Disable redis and db containers if external db enabled
...
If depend on external redis or pg. local db and redis should not start. Therefore can save some resources.
Signed-off-by: DQ <dengq@vmware.com>
2019-08-26 17:59:13 +08:00
Wang Yan
35e786e54c
Merge pull request #8794 from ywk253100/190822_retry_status
...
Add status revision to retention task to handle retrying
2019-08-23 10:54:35 +08:00
Wang Yan
c9dc262540
Merge pull request #8773 from ninjadq/Feat--migration_scritp_180_2_190
...
Feat: Add migration script for 1.9
2019-08-22 23:51:14 +08:00