During the harbor core initialization if the database takes longer to
be ready there is a risk of deadlock when checking for the TCP connection
with the database.
The `TestTCPConn` function uses unbuffered channels to check when the
connection succeeds/timeouts. The timeout check is executed in parallel
with the connection check (this runs in a gorountine). The deadlock happens
when the goroutine execution takes longer than the function timeout
(hence setting `cancel <- 1`) and the DialTimeout call succeeds (hence
setting `success <- 1`). At this point both threads are waiting for the
channels values to be read.
This is reproducible mostly on slow systems where initializing the
database takes longer and finishes during the 5th time of the
`DialTimeout` call where it eventually exceeds the TestTCPConn timeout.
This fix sets the `success` and `cancel` channels as buffered
(non-blocking).
Signed-off-by: Flávio Ramalho <framalho@suse.com>
Containerd in e2e image was using native one in ubuntu, it should be updated to the latest release.
And add proxy cache py-tests including pull image/manifest list by docker and ctr CLI.
Signed-off-by: danfengliu <danfengl@vmware.com>
Add oidc_admin_group to configuration, and make sure a token with the
group name in group claim has the admin authority.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Use `project.Controller` instead of `promgr.ProjectManager` in security
implementations because we will remove `promgr` package later.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
Search LDAP group with groupDN+filter, then match baseDN
Create a default filter when ldap group filter is empty
Fixes#13156
Signed-off-by: stonezdj <stonezdj@gmail.com>
This commit refactors the approach to encode a token in handler of /service/token,
by reusing pkg/token to avoid inconsistency.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Referring https://docs.codecov.io/docs/fixing-paths , this commit fixes
the path to make sure the coverage changes can be viewed on codecov's
dashboard.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Compare the local digest and the remote digest when pull by tag
Use HEAD request (ManifestExist) instead of GET request (GetManifest) to avoid been throttled
For manifest list, it can avoid GET request because cached manifest list maybe different with the original manifest list
Make RemoteInterface public
Fixes#13112
Signed-off-by: stonezdj <stonezdj@gmail.com>
1. Verify LDAP group admin in UI;
2. Update LDAP group admin need to verify the AdminRoleInAuth, get current user will return this field as true.
Signed-off-by: danfengliu <danfengl@vmware.com>
