Commit Graph

162 Commits

Author SHA1 Message Date
stonezdj(Daojun Zhang)
29cdc398e0
Check if the internal_tls_config is not null when get strong_ssl_ciph… (#20032)
Check if the internal_tls_config is not null when get strong_ssl_cipher value

Signed-off-by: stonezdj <daojunz@vmware.com>
Co-authored-by: stonezdj <daojunz@vmware.com>
2024-02-26 09:46:40 +00:00
stonezdj(Daojun Zhang)
2b6608fb52
Move strong_ssl_ciphers to top level in harbor.yaml (#19914)
fixes #19912

Signed-off-by: stonezdj <stonezdj@gmail.com>
2024-02-26 05:08:35 +00:00
Shengwen YU
bca9b14bbf
feat: enable configuration of skip_java_db_update (#19996)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-02-21 10:13:52 +08:00
MinerYang
a3e1b1eb79
add ip_family config in harbor.yml (#19934)
add ipFamily config in values.yaml

Signed-off-by: yminer <yminer@vmware.com>

update name

update prepare and migration

update comments

Signed-off-by: yminer <yminer@vmware.com>

remove print msg

update migrate template

update default value

update migrating template
2024-02-02 18:15:25 +08:00
Chlins Zhang
c7e25295fe
fix: support customize cache db for business (#19182)
Support to configure the customized redis db for cache layer and other
misc business for core, by default the behavior is same with
previous(stored in db 0).

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-08-18 11:04:16 +08:00
Shengwen YU
320c0d63ca
feat: add config for job_loggers (#18970)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2023-07-24 22:10:36 +08:00
Chlins Zhang
8ff095d68f
feat: add the configuration for quota update provider (#18928)
Add the related configurations for the quota update provider to the
harbor.yml.

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-07-24 16:28:19 +08:00
Wang Yan
bf7c82b9a8
remove the notary from backend (#18668)
Since harbor deprecates notary since v2.9.0, this pull request targets to remove the code related with notary.

Signed-off-by: Wang Yan <wangyan@vmware.com>
2023-05-18 18:47:42 +08:00
MinerYang
2d98e8fe1e
Allow redis password using safe special characters (#18566)
allow redis password safe special characters

Signed-off-by: yminer <yminer@vmware.com>

string and None type conversion
2023-04-24 11:01:46 +08:00
Peter Jakubis
284d58453c
Change storage_service.redirect.disabled in harbor.yml.tmpl to storage_service.redirect.deactivate (#14615)
* set to disable

Signed-off-by: Peter Jakubis <balonik32@gmail.com>

* move pr-14615 prepare migration version from 2.7.0 to 2.8.0

Signed-off-by: yminer <yminer@vmware.com>

---------

Signed-off-by: Peter Jakubis <balonik32@gmail.com>
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Peter Jakubis <peter.jakubis@piano.io>
Co-authored-by: Vadim Bauer <vb@container-registry.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Co-authored-by: yminer <yminer@vmware.com>
2023-03-22 13:55:22 +08:00
Chlins Zhang
67d3f9add8
feat: support configurate the http client timeout for webhook job (#18382)
Signed-off-by: chlins <chenyuzh@vmware.com>
2023-03-21 11:54:10 +08:00
Chlins Zhang
14df2b2b60
feat: support configrate the jobservice logger sweeper duration (#18365)
Support configurate the jobservice logger sweeper duration from
harbor.yml.

Closes: #10958

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-03-18 10:46:40 +08:00
MinerYang
e76aff6a0a
add external redis username config to support redis6 ACL (#18364)
add external redis username o support redis6 ACL

Signed-off-by: yminer <yminer@vmware.com>
2023-03-17 14:16:19 +08:00
stonezdj(Daojun Zhang)
d03f0dcf2d
Skip to update pull time and pull count for scanner robot account (#17807)
Add prefix for scanner robot account
   Fixes #14638

Signed-off-by: stonezdj <daojunz@vmware.com>

# Conflicts:
#	api/v2.0/swagger.yaml
#	src/common/const.go
#	src/lib/config/metadata/metadatalist.go
2023-02-20 15:09:21 +08:00
Wang Yan
738fde7d3b
remove chartmuseum backend (#18191)
Harbor deprecates chartmuseum as of v2.8.0

Epic: https://github.com/goharbor/harbor/issues/17958

Discussion: https://github.com/goharbor/harbor/discussions/15057

Signed-off-by: Wang Yan <wangyan@vmware.com>
2023-02-16 18:11:05 +08:00
Chlins Zhang
bfe4362a67
fix: remove the scan exports volume (#18107)
1. Change the Export CVE temporary file directory to /tmp.
2. Remove the scan data export volume in Dockerfile and docker-compose
   yaml.

Fixes: #18067

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-01-31 17:30:47 +08:00
Jianwei Guo
cb11540a14
add parameters for PostgreSQL (#16641)
Signed-off-by: sayaoailun <guojianwei007@126.com>
2022-11-30 19:08:08 +08:00
Shengwen YU
0acfbdc7a1
feat: bump TRIVYVERSION to v0.32.1 and bump TRIVYADAPTERVERSION to v0.30.2 (#17681)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2022-10-25 14:26:53 +08:00
Soumik Majumder
861ca553df
Add autoescape parameter to jinja environments (#15770)
Signed-off-by: Soumik Majumder <soumikm@vmware.com>

Signed-off-by: Soumik Majumder <soumikm@vmware.com>
2022-08-23 11:02:16 +08:00
Wang Yan
ef8b8f0be7
resolve the cve export volumn permission (#17157)
See the right uid and gid for the scandata_exports in the prepare

Signed-off-by: Wang Yan <wangyan@vmware.com>
2022-07-12 14:52:18 +08:00
chlins
8c223135e7 feat: add cache layer for artifact (#16739)
Implement cache layer for resource artifact and define common
cache manager and workflow. Also add cache related options to
configuration yaml.

Signed-off-by: chlins <chenyuzh@vmware.com>
2022-04-25 18:01:45 +08:00
MinerYang
6c97d3f0c7
rollback to delete external redis username (#16353)
Signed-off-by: yminer <yminer@vmmware.com>

Co-authored-by: yminer <yminer@vmmware.com>
2022-02-11 17:28:10 +08:00
MinerYang
1a2dd256b5
Add external redis username for AUTH (#16336)
* add external redis username for AUTH

* update harbor.yml.tmpl

* add external redis username for AUTH

update harbor.yml.tmpl

Co-authored-by: yminer <yminer@vmmware.com>
2022-02-09 22:06:28 +08:00
Shengwen Yu
46f97ecf6c feat: bump TRIVYVERSION to v0.22.0 and bump TRIVYADAPTERVERSION to v0.25.0
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2022-01-21 09:14:07 +08:00
stonezdj
17d8b7b813 Add upload purge config to registry/config.yml
Enable the uploadpurging by default
  Fixes #15641

Signed-off-by: stonezdj <stonezdj@gmail.com>
2022-01-04 11:15:51 +08:00
Qian Deng
69a194b2b4 Fix: using traditional PKCS#1 format RSA key
The openssl 3.0.0 using newer `PKCS#8` format.
But it's not compatitable with harbor core
So using tradictional format instead

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-12-10 11:34:12 +08:00
Rolf Ahrenberg
5f3972f86d
Add configurable timeout for Trivy scans (#15796)
Signed-off-by: Rolf Ahrenberg <Rolf.Ahrenberg@saunalahti.fi>
2021-10-22 14:36:12 +08:00
Qian Deng
3c23926bdc Add validation for tracing
* add  validation of tracing in validating process

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-09-27 13:10:55 +00:00
Qian Deng
bad913cf6d Refactor trace code
* use lib trace helper function
* add gracefull shutdown
* Add commens for new added exposed function
* Add licence on top of new created files
* Update trace library
* Update configs
* Add attribute and namespance in config

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-09-18 10:58:52 +00:00
Qian Deng
14095fb10b Add trace to registryctl
* Add trace init to main
* Add trace for http server
* Add trace for gc
* Add env template trace

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-09-18 10:58:52 +00:00
Qian Deng
b812a300be Add trace related configs
* Update harbor config template
* Update python config parsing
* Update env template

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-09-18 10:58:52 +00:00
DQ
fbe9cd88f8 Enabled Prometheus for Jobservice
* Add prom server on jobservice
* Enabeld configs in templates
* Enabeld jobservice metrics in nginx

Signed-off-by: DQ <dengq@vmware.com>
2021-03-30 08:52:59 +00:00
DQ
051b5f289d Add sen existed check for internal cert
fali ealier when there is no san

Signed-off-by: DQ <dengq@vmware.com>
2021-01-28 08:22:07 +00:00
DQ
489f31d8fe Add upgrade scirpt for 2.2
1. add metrics config item in config
2. upgrade version in template

Signed-off-by: DQ <dengq@vmware.com>
2021-01-22 16:15:06 +08:00
DQ
a61e9b0e2e Add san for notary upgrading
if san not exists then remove that cert, prepare will regenerate one

Signed-off-by: DQ <dengq@vmware.com>
2021-01-18 21:00:35 +08:00
Qian Deng
642d56041d
Add san for notary cert (#13928)
Signed-off-by: DQ <dengq@vmware.com>
2021-01-08 01:00:34 +08:00
Qian Deng
31138f12b0
Merge pull request #13806 from ninjadq/fix_python_yaml_load
Fix pythom yaml load to safe_load
2020-12-21 16:04:12 +08:00
DQ
234b29e170 Fix pythom yaml load to safe_load
Signed-off-by: DQ <dengq@vmware.com>
2020-12-16 14:59:06 +08:00
DQ
19e8527cc1 Fix log level issue in registry
1. fix level issue in registry.jinja
2. add log level to registryctl

Signed-off-by: DQ <dengq@vmware.com>
2020-12-14 11:52:42 +08:00
DQ
f0db193895 Add prepare file for exporter
prepare env for exporter

Signed-off-by: DQ <dengq@vmware.com>
2020-12-09 21:22:13 +08:00
DQ
0c9faea294 Clean up Clair in prepare script
Signed-off-by: DQ <dengq@vmware.com>
2020-11-10 11:39:18 +08:00
DQ
eb470501be Add metrics to Harbor Core
1. Add configs in prepare
 2. Add models and config items in Core
 3. Encapdulate getting metric in commom package
 4. Add a middleware for global request to collect 3 metrics

Signed-off-by: DQ <dengq@vmware.com>
2020-11-03 14:33:10 +08:00
DQ
d3ab9d7c6b Add internal tls configs for portal
add related file, config, command to enabled https for portal

Signed-off-by: DQ <dengq@vmware.com>
2020-07-31 12:10:47 +08:00
DQ
d7618a6274 Fix: beego app config port hardcode
the port should be flexible depend on the internal tls

Signed-off-by: DQ <dengq@vmware.com>
2020-07-27 15:35:43 +08:00
Ziming Zhang
8857e89e40 feature(redis) support redis sentinel
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-07-19 21:19:03 +08:00
DQ
4617e0ff38 Enhance: Support multi downversion in migration
1. Change down version to list to accept multi verstion value
2. Update search function use BFS to find migration path
2. Add test case

Signed-off-by: DQ <dengq@vmware.com>
2020-07-07 21:36:58 +08:00
Qian Deng
9469252e85
Merge pull request #11745 from ninjadq/mount_ca_bundle
Enhance: Create shared to store shared ca
2020-04-28 10:19:26 +08:00
DQ
f70339870a Enhance: Create shared to store shared ca
this shared ca will mount to all harbor components

Signed-off-by: DQ <dengq@vmware.com>
2020-04-28 02:58:11 +08:00
DQ
026e37e777 Fix chart museum absolute url issue
if absolute url is enabled return true else set it to false

Signed-off-by: DQ <dengq@vmware.com>
2020-04-26 13:04:29 +08:00
DQ
599ca98c09 Hidden veriify client cert verfiy option
Remove to avoid replication access core from external_url issue

Signed-off-by: DQ <dengq@vmware.com>
2020-04-23 10:14:36 +08:00