Commit Graph

2680 Commits

Author SHA1 Message Date
Shijun Sun (c)
274ab7bcff add CVE-Whitelist
Signed-off-by: Shijun Sun (c) <sshijun@vmware.com>
2019-07-15 19:47:46 +08:00
Wang Yan
b98ca7bf0b
Merge pull request #8237 from wy65701436/redis-locker
add redis lock
2019-07-11 20:10:16 +08:00
wang yan
ef14f0cf35 add redis lock, it will be used to lock digest in the quota scenario
Signed-off-by: wang yan <wangyan@vmware.com>
2019-07-11 19:24:24 +08:00
Wenkai Yin(尹文开)
3bebf7bc64
Merge pull request #8238 from reasonerjt/project-cve-whitelist
Enable project level CVE whitelist
2019-07-10 14:41:01 +08:00
jwangyangls
432f08b5b5
Merge pull request #8241 from jwangyangls/fixReplicationLabelFilterbug
Fix bug when no labels
2019-07-10 14:38:51 +08:00
jwangyangls
c73fa851ff
Merge pull request #8221 from jwangyangls/addGroupInhttpMode
Add user group when http auth mode
2019-07-10 14:38:31 +08:00
Yogi_Wang
6ef82d4db9 Fix bug when no labels
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-07-10 13:02:34 +08:00
Daniel Jiang
8f5f0031c7 Enable project level CVE whitelist
This commit update the project API to support "reuse_sys_cve_whitelist"
setting in project metadata and "cve_whitelist" in project request.
Also modify the interceptor to support project level CVE whitelist if
the reuse flag is false.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-07-08 18:55:54 +08:00
Yogi_Wang
c57087574a Add user group when http auth mode
add the pages  in project and system

Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-07-08 17:28:38 +08:00
Wenkai Yin(尹文开)
5f9420a5a7
Merge pull request #8190 from ywk253100/190701_replication
Merge Default ImageRegistry into the native adapter to reduce the duplicate code
2019-07-08 12:47:55 +08:00
Daniel Jiang
c296f0ddfb
Merge pull request #8176 from stonezdj/http_group
Refactor LDAP usergroup
2019-07-08 09:54:31 +08:00
stonezdj
c0ed55445d Refactor LDAP group
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-07-05 14:44:18 +08:00
Wenkai Yin(尹文开)
0f28fe42fd
Merge pull request #8167 from ywk253100/190622_replication
Support v1 signed media type when do the replication
2019-07-05 14:33:22 +08:00
Wenkai Yin(尹文开)
c01bedb740
Merge pull request #8220 from reasonerjt/oidc-rotation-fix
Reload OIDC provider older than 3 seconds
2019-07-05 10:12:33 +08:00
Daniel Jiang
a75bc027de
Merge pull request #8213 from reasonerjt/oidc-helm-push
Handle helm push in OIDC filter
2019-07-04 15:56:50 +08:00
Daniel Jiang
88a5572f8e Reload OIDC provider older than 3 seconds
This commit make sure the OIDC is more actively recreated, to mitigate
the problem in #8177

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-07-04 14:55:34 +08:00
Steven Zou
63e2ce7606
Merge pull request #8209 from steven-zou/fix/enqueuer_schedule_slot
use separate key for the last periodic enqueue data
2019-07-03 21:48:21 +08:00
Steven Zou
8fc693d843
Merge pull request #8208 from steven-zou/fix/enqueuer_ut
fix failure ut case of job service
2019-07-03 17:32:13 +08:00
Daniel Jiang
8a9d352f54 Handle helm push in OIDC filter
Fixes #8130
Enable OIDC filter to handle requests to /api/chartrepo/*

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-07-03 17:29:37 +08:00
Steven Zou
b88159e747 use separate key for the last periodic enqueue data
Signed-off-by: Steven Zou <szou@vmware.com>
2019-07-03 17:08:23 +08:00
Daniel Jiang
5d887ad0d8
Merge pull request #8179 from reasonerjt/interceptor-use-whitelist
Apply CVE white list in interceptor
2019-07-03 15:12:33 +08:00
Steven Zou
1002e3ce17 fix failure ut case of job service
Signed-off-by: Steven Zou <szou@vmware.com>
2019-07-03 15:10:41 +08:00
Daniel Jiang
bba4b2a6a4 Apply CVE white list in interceptor
Interceptor will filter the vulnerability in whitelist while calculating
the serverity of an image and determine whether or not to block client
form pulling it.

It will use the system level whitelist in this commit, another commit
will switch to project level whitelist based on setting in a project.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-07-03 14:13:00 +08:00
Steven Zou
8bb18e73d2
Merge pull request #8159 from ywk253100/190627_label_filter
Update replication label filter
2019-07-03 13:08:54 +08:00
Daniel Jiang
6f166bc02c
Merge pull request #8154 from markpeek/markpeek-registry-health-check
Switch registry health check to a 200 response url
2019-07-03 10:29:35 +08:00
He Weiwei
720dcc72bd Fix read permission of project member read api
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-07-02 14:40:46 +08:00
jwangyangls
02c5823915
Merge pull request #8182 from jwangyangls/fixVulnerabilityWidth
Fix the different width on vulnerability
2019-07-02 11:56:48 +08:00
jwangyangls
e87381d671
Merge pull request #8178 from jwangyangls/replicationAddLabelFilter
Add label filter in replication Ng
2019-07-02 11:55:55 +08:00
jwangyangls
1916f3c078
Merge pull request #8165 from AllForNothing/filter-ui
fix  filter ui bug : half filter is covered when there is one or two records in a datagrid
2019-07-02 11:07:07 +08:00
Yogi_Wang
9c07caa1a6 Add label filter in replication Ng
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-07-02 10:53:17 +08:00
Wenkai Yin
8768a5678c Merge Default ImageRegistry into the native adapter to reduce the duplicate code
Merge Default ImageRegistry into the native adapter to reduce the duplicate code

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-01 19:21:12 +08:00
Wenkai Yin(尹文开)
174cfd5de5
Merge pull request #8172 from cd1989/azure-acr-adapter
Implement azure acr adapter
2019-07-01 19:06:19 +08:00
Yogi_Wang
c3572028b9 Fix the different width on vulnerability
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-07-01 17:26:59 +08:00
cd1989
c305103e05 Add unit test for azure adapter
Signed-off-by: cd1989 <chende@caicloud.io>
2019-07-01 14:31:12 +08:00
cd1989
2097e928d0 Implement azure acr adapter
Signed-off-by: cd1989 <chende@caicloud.io>
2019-06-29 18:34:48 +08:00
AllForNothing
322c79f348 fix filter ui bug #7700
Signed-off-by: sshijun <sshijun@vmware.com>
2019-06-28 15:48:24 +08:00
Wenkai Yin
6ba2ace0a6 Update replication label filter
Support specify multiple labels in one label filter

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-06-28 15:03:58 +08:00
Wenkai Yin
d2a938812f Support v1 signed media type when do the replication
Support v1 signed media type when do the replicatio

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-06-28 13:24:28 +08:00
Wenkai Yin
943dfd32fc Clean up the dao test for replication
Clean up the dao test for replication

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-06-28 13:18:26 +08:00
Ziming
a69cea9952
Merge pull request #8028 from bitsf/replication_gcr_ui_1.9
ui change: gcr/ecr driver for replication
2019-06-27 14:16:34 +08:00
Ziming
50180f0d7a
Merge pull request #7946 from bitsf/replication_gcr_1.9
gcr driver for replication
2019-06-27 14:16:07 +08:00
Will Sun
108b9284a5
Merge pull request #8150 from AllForNothing/robot-account-helm-ui
UI modification for creating robot account
2019-06-27 13:23:39 +08:00
Ziming
af548e915e
Merge branch 'master' into replication_gcr_1.9 2019-06-27 11:27:33 +08:00
Steven Zou
5521b7b7ad
Merge pull request #7915 from bitsf/replication_ecr_1.9
aws driver for replication
2019-06-27 11:24:54 +08:00
Wenkai Yin(尹文开)
fce920bbee
Merge pull request #8075 from reasonerjt/sys-vuln-whitelist-api
API for system level vulnerability whitelist
2019-06-27 10:53:09 +08:00
Mark Peek
3cae31da54 Switch registry health check to a 200 response url
The health check for the registry was using "/v2" which returned an
unauthorized response and put additional errors in the logs. Switch
to using "/" which returns an OK response with reduced logging.

Signed-off-by: Mark Peek <markpeek@vmware.com>
2019-06-26 14:23:08 -07:00
Daniel Jiang
4aca812ff2 API for system level vulnerability whitelist
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-06-26 23:35:40 +08:00
sshijun
42cf09fad6 UI modification for creating robot account
Signed-off-by: sshijun <sshijun@vmware.com>
2019-06-26 19:40:02 +08:00
Ziming Zhang
b9dbe429be ui change:gcr/ecr driver for replication
Change-Id: I52aa3a35da898d2501b09ff90b5a65169a6d54ed
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-06-26 09:52:32 +08:00
Ziming Zhang
072bdd101b aws driver for replication
Change-Id: I8792ffce2eaa5975359bb6159a1ba7b85926a925
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-06-25 19:11:27 +08:00