harbor

mirror of https://github.com/goharbor/harbor.git synced 2024-06-27 23:35:10 +02:00

Author	SHA1	Message	Date
Wenkai Yin	43df3bf8a4	Add upgrade sql file introduced in 2.1.4 1. Add upgrade sql file introduced in 2.1.4 2. Minor improvement for task/execution to cover corner cases Signed-off-by: Wenkai Yin <yinw@vmware.com>	2021-03-15 16:48:51 +08:00
Xavier Duthil	280c8272f8	Use exec in all components' entrypoints Use the exec Bash command so that the final running application becomes the container’s PID 1. This allows the application to receive any Unix signals sent to the container, in accordance with https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#entrypoint Currently, SIGTERM signals sent by kubernetes are not passed to the executed binary. Signed-off-by: Xavier Duthil <xavier.duthil@corp.ovh.com>	2021-03-05 15:00:25 +01:00
Wang Yan	3dfddfdf4e	patch upstream fix for io reader (#14356 ) Fixes #12850 This patch can fix the GC failure in the NFS v3 env, see https://github.com/distribution/distribution/pull/3309#issuecomment-783606968 Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-03-04 15:33:09 +08:00
Daniel Jiang	387be3686a	Refine the way to set X-Forwarded-Proto in nginx Refine the way to set the header so user won't need to comment it if Harbor is sitting behind a reverse proxy. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2021-02-25 17:43:55 +08:00
danfengliu	9e3f0de12c	Merge pull request #14124 from danfengliu/reschedule-docker-login-policy-in-build-base-image-in-master Reschedule docker login policy in base image build process	2021-02-23 10:10:59 +08:00
danfengliu	7d05c8e513	Reschedule docker login policy in base image build process Signed-off-by: danfengliu <danfengl@vmware.com>	2021-02-22 10:05:25 +08:00
Josh Soref	dfe360040b	Spelling * addition * attribute * auditing * availability * available * bandwidth * browser * business * cadence * chartmuseum * client * column * content * demonstrate * described * endpoints * facilitate * github * harbor * information * instance * manual * meaningful * operation * overridden * password * possible * project * refactor * replication * requires * running * scanned * settings * signup * those * unsigned * vulnerability -- Also removes trailing space from a filename Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2021-02-19 11:59:15 +08:00
DQ	307c5a8ed4	Fix metrics template for http mode the port shouldn't be hardcode Signed-off-by: DQ <dengq@vmware.com>	2021-02-05 18:44:28 +00:00
Ziming Zhang	ec83f49a1a	fix(retention) migrate sql error Signed-off-by: Ziming Zhang <zziming@vmware.com>	2021-02-05 09:09:26 +00:00
Wang Yan	24ec772978	fix gc migration issue (#14174 ) For the upgrade path v1.10 - v2.1.* - v2.2.0, if user doesn't reset the GC schdule that was created in 1.10 in the v2.1, the job parameters will keep empty in the database. The fix gives a default value for the schedule record. Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-02-05 12:25:24 +08:00
DQ	051b5f289d	Add sen existed check for internal cert fali ealier when there is no san Signed-off-by: DQ <dengq@vmware.com>	2021-01-28 08:22:07 +00:00
Wenkai Yin(尹文开)	50a1e85095	Make sure the revision of execution isn't null during the upgrade (#14085 ) Make sure the revision of execution isn't null during the upgrade Fixes #14075 Signed-off-by: Wenkai Yin <yinw@vmware.com>	2021-01-27 10:10:36 +08:00
Qian Deng	f013d88efc	Merge pull request #14013 from ninjadq/upgrade_script_for_2_2_0 Harbor upgrading for 2.2	2021-01-22 18:10:24 +08:00
Qian Deng	045e1d9abe	Merge pull request #14040 from ninjadq/metric_improvement Metric improvement	2021-01-22 17:13:57 +08:00
DQ	489f31d8fe	Add upgrade scirpt for 2.2 1. add metrics config item in config 2. upgrade version in template Signed-off-by: DQ <dengq@vmware.com>	2021-01-22 16:15:06 +08:00
Wang Yan	dba229d0df	build third party binaries in CI (#14019 ) Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-01-22 11:33:42 +08:00
DQ	92cf728371	Add custom cert for exporter * injecting custom certs related config to exporter Signed-off-by: DQ <dengq@vmware.com>	2021-01-20 10:52:34 +08:00
DQ	a61e9b0e2e	Add san for notary upgrading if san not exists then remove that cert, prepare will regenerate one Signed-off-by: DQ <dengq@vmware.com>	2021-01-18 21:00:35 +08:00
Wenkai Yin	7c072e17a6	Fix the legacy scheduled job issue for GC/scan all Fix the legacy scheduled job issue for GC/scan all Fixes #13968 Signed-off-by: Wenkai Yin <yinw@vmware.com>	2021-01-15 22:02:36 +08:00
Daniel Jiang	1b64b9fdc2	Bump up the go-migrate (#13914 ) Bump it up to v4.11.0 to be consistent with harbor-core Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2021-01-11 19:08:17 +08:00
He Weiwei	4a326aa8b0	chore: delete records of scan_report The report in previous scan_report records not work well the vulnerabilities stored in the schema table, so delete the scan_report records. Signed-off-by: He Weiwei <hweiwei@vmware.com>	2021-01-08 03:39:11 +00:00
Qian Deng	642d56041d	Add san for notary cert (#13928 ) Signed-off-by: DQ <dengq@vmware.com>	2021-01-08 01:00:34 +08:00
stonezdj	6b8fb8431d	Add quay registry to proxy cache Update env.jinja to add quay Signed-off-by: stonezdj <stonezdj@gmail.com>	2021-01-06 17:22:57 +08:00
Ziming Zhang	8faa76a1b6	feat(retention) refactor task manager Signed-off-by: Ziming Zhang <zziming@vmware.com>	2021-01-05 12:08:03 +08:00
Wenkai Yin(尹文开)	19ad8ad68d	Merge pull request #13823 from reasonerjt/inst-cert-home-dir Replace tilde in install_cert.sh	2020-12-25 10:25:51 +08:00
prahaladdarkin	a890b28e1e	Store vulnerability data from scanner into a relational format (#13616 ) feat: Store vulnerability report from scanner into a relational format Convert vulnerability report JSON obtained from scanner into a relational format describe in:https://github.com/goharbor/community/pull/145 Signed-off-by: prahaladdarkin <prahaladd@vmware.com>	2020-12-25 08:47:46 +08:00
Wang Yan	7a8a8fa104	upgrade go version to v1.15.6 (#13836 ) Signed-off-by: wang yan <wangyan@vmware.com>	2020-12-23 18:53:09 +08:00
He Weiwei	3831e82b20	refactor: remove code of admin job (#13819 ) Remove code of admin job as it's not needed by scan all/gc now. Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-12-22 11:48:16 +08:00
Daniel Jiang	9d99dfa82b	Replace tilde in install_cert.sh This commit fixes #13287 to remove the usage of tilde as the $HOME is not available in some cases. More details see #13287 Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-12-21 20:39:34 +08:00
Qian Deng	31138f12b0	Merge pull request #13806 from ninjadq/fix_python_yaml_load Fix pythom yaml load to safe_load	2020-12-21 16:04:12 +08:00
Qian Deng	9197471e70	Add Scan for internal tls (#13810 ) Signed-off-by: DQ <dengq@vmware.com>	2020-12-21 15:23:11 +08:00
Wang Yan	9bc6f3cee4	fix robot account update issue (#13741 ) * fix robot account update issue enable the update method to support both v1 & v2 robot update Signed-off-by: Wang Yan <wangyan@vmware.com> * resolve review comments Signed-off-by: Wang Yan <wangyan@vmware.com>	2020-12-18 20:01:26 +08:00
Wang Yan	6bc1047013	migration admin job data (#13766 ) 1, migrate gc and scan all schedule to schedule/task/exectuion 2, migrate gc history to task/execution Signed-off-by: Wang Yan <wangyan@vmware.com>	2020-12-18 16:35:24 +08:00
Will Sun	4392a626f3	Merge pull request #13804 from AllForNothing/scan-all Fix robot account UI issues	2020-12-18 15:48:26 +08:00
Qian Deng	64fcfeaa2f	Merge pull request #13754 from ninjadq/fix_loglevel_parsing_for_registry Fix log level issue in registry	2020-12-18 14:47:15 +08:00
AllForNothing	b20cc474b3	Fix robot account UI issues Signed-off-by: AllForNothing <sshijun@vmware.com>	2020-12-18 14:11:08 +08:00
DQ	234b29e170	Fix pythom yaml load to safe_load Signed-off-by: DQ <dengq@vmware.com>	2020-12-16 14:59:06 +08:00
Daniel Jiang	b0c8cadad7	Add default CVE allowlist to project library (#13770 ) fixes #12700 Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-12-16 14:20:56 +08:00
Wenkai Yin	69808f033e	Tiny fixes for task manager 1. Add update time for execution 2. Add unique constraint for schedule to avoid dup records when updating policies 3. Format replication log 4. Keep the webhook handler for legacy replication jobs to avoid jobservice resending the status change request Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-12-14 17:26:32 +08:00
He Weiwei	08580f9fec	refactor(scan): refactor scan/scan all job to task manager (#13684 ) Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-12-14 13:34:35 +08:00
DQ	19e8527cc1	Fix log level issue in registry 1. fix level issue in registry.jinja 2. add log level to registryctl Signed-off-by: DQ <dengq@vmware.com>	2020-12-14 11:52:42 +08:00
Wenkai Yin(尹文开)	6569016d35	Merge pull request #13139 from wy65701436/migrate-gc Migrate gc to task manager	2020-12-14 10:43:44 +08:00
Wang Yan	39e1a4f2b4	add extra attributes in the schedule table Signed-off-by: Wang Yan <wangyan@vmware.com>	2020-12-14 02:28:52 +08:00
wang yan	1bb79d402d	update code per review comments Signed-off-by: wang yan <wangyan@vmware.com>	2020-12-10 16:08:52 +08:00
Wang Yan	dba5522d0b	Migrate to task manager (#129 ) 1, remove the gc to new programming model 2, move api define to harbor v2 swagger 3, leverage task & execution manager to manage gc job schedule, trigger and log. Signed-off-by: wang yan <wangyan@vmware.com>	2020-12-10 14:00:33 +08:00
DQ	d95f22448c	Add cache for exporter Add timed cache for exporter default cache time is 30s, cleanup job run every 4 hours Signed-off-by: DQ <dengq@vmware.com>	2020-12-09 21:22:40 +08:00
DQ	f0db193895	Add prepare file for exporter prepare env for exporter Signed-off-by: DQ <dengq@vmware.com>	2020-12-09 21:22:13 +08:00
DQ	dc0047c48c	Add build script for exporter - Add dockerfile - update makefile Signed-off-by: DQ <dengq@vmware.com>	2020-12-09 20:42:21 +08:00
Wang Yan	d2fa2e6b84	update robot secret (#13654 ) * update robot secret 1, use SHA256 to generate and validate robot secret instread of symmetric encryption. 2, update the patch input object Signed-off-by: Wang Yan <wangyan@vmware.com> * update robot secret 1, use SHA256 to generate and validate robot secret instread of symmetric encryption. 2, update the patch input object Signed-off-by: Wang Yan <wangyan@vmware.com>	2020-12-03 18:13:06 +08:00
Wang Yan	732e9a21cd	updates on robot accounts (#13623 ) * updates on robot accounts 1, add patch method to refresh secret of a robot 2, fix robot account update issue 3, add editable attribute to handle the version 1 robot account 4, add duration for robot account 5, hide secret for get/list robot account Signed-off-by: wang yan <wangyan@vmware.com> * update code per review comments 1, change expirate creation func to AddDate(). 2, remove the scanner duration specification, use the default value. Signed-off-by: Wang Yan <wangyan@vmware.com>	2020-12-01 18:31:34 +08:00
DQ	907904f480	Add DB Migration code for clair cleanning - Delete clair scanner if exist - Delete report is it is scanned by clair - Set Trivy to Default if it exist and not default scanner Signed-off-by: DQ <dengq@vmware.com>	2020-11-29 16:19:02 +08:00
DQ	590212b485	Remove clair related code - clair code in harbor core - clair code in frontend - clair code in robotcase Signed-off-by: DQ <dengq@vmware.com>	2020-11-27 14:01:04 +08:00
stonezdj(Daojun Zhang)	be4e6a5985	Merge pull request #13537 from stonezdj/201118_add_more_registry_type Add more registry type to proxy cache	2020-11-26 11:16:16 +08:00
Ziming Zhang	d55f55aeb9	fix(chartmuseum) compatible s3 cache fail Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-11-25 17:00:16 +08:00
He Weiwei	eb38180483	fix(quota): ignore the fail when getting reference of quota 1. Clean the dirty data in quota/quota_usage. 2. Ignore the fail when getting the reference of quota. Closes #13387 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-11-24 14:50:38 +00:00
Wenkai Yin(尹文开)	fe8b628f0c	Merge pull request #13437 from ywk253100/200929_replication Refactor the replication execution	2020-11-24 10:38:22 +08:00
Wenkai Yin	294385c34d	Refactor the replication execution 1. Use the task manager to manage the underlying execution/task 2. Use the pkg/scheduler to schedule the periodical job 3. Apply the new program model 4. Migration the old data into the new data model Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-11-23 14:24:10 +08:00
stonezdj	e667121a34	Add more registry type to proxy cache Includes: azure-acr, aws-ecr, google-gcr Signed-off-by: stonezdj <stonezdj@gmail.com>	2020-11-18 10:38:07 +08:00
Will Sun	eca3de3489	Merge pull request #13494 from dirkmueller/lock_json_include Include package.json/package-lock.json in portal image	2020-11-16 16:38:02 +08:00
stonezdj(Daojun Zhang)	fb549b2d9e	Merge pull request #13444 from wy65701436/robot2-self-mgr add robot mgr	2020-11-16 11:33:33 +08:00
He Weiwei	83c07d6680	fix: ensure the role_id of role is correct (#13476 ) Closes #13317 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-11-12 15:34:04 +08:00
Dirk Mueller	12adc63a48	Include package.json/package-lock.json in portal image This allows Trivy and other vulnerability scanners to correctly determine the embedded dependencies in minified harbor-portal image. Also simplify build process by reducing the number of layers in the final stage container image Signed-off-by: Dirk Mueller <dirk@dmllr.de>	2020-11-11 21:21:28 +01:00
Wang Yan	3550b5e5e9	add robot mgr the robot account manager to handle the CRUD Signed-off-by: wang yan <wangyan@vmware.com>	2020-11-11 13:47:03 +08:00
Wang Yan	9723655378	update code per review comments 1, rename table name to permission_policy 2, rename functions name Signed-off-by: Wang Yan <wangyan@vmware.com>	2020-11-10 18:11:31 +08:00
Wang Yan	ec15e320bf	add role permission manager for robot enhancement 1, add two db tables of role permission and rbac policy 2, add manager of these two tables Signed-off-by: Wang Yan <wangyan@vmware.com>	2020-11-10 16:49:29 +08:00
He Weiwei	ebc3443da9	Merge pull request #13474 from heww/fix-issue-11892 fix: compute artifact size from db for schema1 manifest	2020-11-10 16:20:39 +08:00
DQ	c10a6325d8	Add deprecated msg for clair Signed-off-by: DQ <dengq@vmware.com>	2020-11-10 11:39:18 +08:00
DQ	0c9faea294	Clean up Clair in prepare script Signed-off-by: DQ <dengq@vmware.com>	2020-11-10 11:39:18 +08:00
DQ	8a584aff89	Clean up clair and clair-adapter in build scripts 1. Makefles 2. Dockerfiles 3. Installation script 4. harbor.yml template Signed-off-by: DQ <dengq@vmware.com>	2020-11-10 11:39:18 +08:00
He Weiwei	9c8377909b	fix: compute artifact size from db for schema1 manifest Closes #11892 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-11-09 12:32:07 +00:00
DQ	9152521b11	Fix: log container password expire move chage command to base image Signed-off-by: DQ <dengq@vmware.com>	2020-11-09 18:29:41 +08:00
DQ	eb470501be	Add metrics to Harbor Core 1. Add configs in prepare 2. Add models and config items in Core 3. Encapdulate getting metric in commom package 4. Add a middleware for global request to collect 3 metrics Signed-off-by: DQ <dengq@vmware.com>	2020-11-03 14:33:10 +08:00
Daniel Jiang	fb687aeef8	Use pkg/token to generate JWT token This commit refactors the approach to encode a token in handler of /service/token, by reusing pkg/token to avoid inconsistency. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-10-15 16:16:44 +08:00
DQ	184e89365b	Fix internal tls config upgrade issue internal tls config upgrade is not included in template, this pr is to add it. Signed-off-by: DQ <dengq@vmware.com>	2020-09-25 09:54:31 +08:00
Wenkai Yin(尹文开)	8b9727f53f	Support store the cron type in the schedule (#13097 ) There is requirement that show the cron type(daily, weekly, etc.) on the UI, this commit adds the support for storing the cron type in the schedule model Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-09-24 16:48:56 +08:00
DQ	17f3bfccb4	Fix trivy setting in upgrading script Signed-off-by: DQ <dengq@vmware.com>	2020-09-08 18:15:57 +08:00
Daniel Jiang	1b8bec3994	Merge pull request #12896 from wy65701436/fixes-12889 fix migration issue	2020-08-28 14:16:21 +08:00
He Weiwei	687043c298	Merge pull request #12880 from stefannica/use-exit-in-db-entrypoint Use exec in harbor database entrypoint	2020-08-28 10:09:58 +08:00
Daniel Jiang	91e2779822	Fill in the icon of known artifacts in artifact controller Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-08-28 01:33:26 +08:00
wang yan	84094e7a5d	fix migration issue fixes #12889 Before the migration script to fix the nativate repo_id issue, is has to remove the duplicate tags from the tag table, which may caused by user in v2.0.2 to retag & repush the missing image. Signed-off-by: wang yan <wangyan@vmware.com>	2020-08-27 19:04:39 +08:00
Daniel Jiang	7b42defb9a	Make the 2.1.0 migration SQL script idempotent Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-08-26 16:50:25 +08:00
Daniel Jiang	37e0aa0798	Merge pull request #12873 from wy65701436/fixes-12827 fix db migration issue	2020-08-26 14:42:24 +08:00
wang yan	9822e5bb15	fix db migration issue fixes #12827 After user migrates Harbor from v2.0.2, user got 404 when to pull specific images, and no work after push the same images again. Fix: 1, If the issue is caused by missing repository data, this fix can revert the missing repository data and all things should be fine. 2, If the issue is caused by missing blob data, this fix can revert the missing repository data and still left the media type of artifact as 'UNKNOWN', which leads the meta data and build history of the image cannot be shown in UI. User can delete and push the image again to resolve it. Signed-off-by: wang yan <wangyan@vmware.com>	2020-08-26 12:02:20 +08:00
Ziming Zhang	ff19dd499c	fix(jobservice) redis sentinel failover hang Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-08-26 10:42:44 +08:00
Stefan Nica	1c768d0bf1	Use exec in harbor database entrypoint The harbor-db pod takes a long time to terminate. Using an `exec` command in the entrypoint ensures that Unix signals reach the postgres process [1]. [1] https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example Signed-off-by: Stefan Nica <snica@suse.com>	2020-08-25 20:24:52 +02:00
Wang Yan	ad47d2f444	fix upgrade issue (#12857 ) fixes #12849 1, gives a default value to blob status in the migration script, and use none to replace the empty string as the StatusNone, that will more readable on debugging failure. 2, GC jobs marks all of blobs as StatusDelete in the mark phase, but if encounter any failure in the sweep phase, GC job will quite and all of blobs are in StatusDelete. If user wants to execute the GC again, it will fail as the StatusDelete cannot be marked as StatusDelete. So, add StatusDelete in the status map to make StatusDelete can be marked as StatusDelete. Signed-off-by: wang yan <wangyan@vmware.com>	2020-08-24 16:08:15 +08:00
Daniel Jiang	c0602b5fb3	Merge pull request #12832 from ywk253100/200820_data Add id column to data_migration table	2020-08-21 19:30:05 +08:00
Daniel Jiang	4f812f7926	Merge pull request #12811 from ninjadq/fix_portal_health_check Fix schema of the portal health check	2020-08-21 13:44:47 +08:00
Ted Guan	645dea36a6	Fix for duplicate webhook policy name (#12729 ) Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>	2020-08-20 18:02:13 +08:00
Wenkai Yin	975ef193dd	Add id column to data_migration table Add id column to data_migration table and add logic to make sure there is only one data version record Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-08-20 17:43:15 +08:00
Dirk Mueller	08a4d8efd2	Update to golang 1.14.7 (#12809 ) We should use a golang that isn't having security issues. This includes: * go1.14.6 (released 2020/07/16) includes fixes to the go command, the compiler, the linker, vet, and the database/sql, encoding/json, net/http, reflect, and testing packages. See the Go 1.14.6 milestone on our issue tracker for details. * go1.14.7 (released 2020/08/06) includes security fixes to the encoding/binary package. See the Go 1.14.7 milestone on our issue tracker for details (CVE-2020-16845) Signed-off-by: Dirk Mueller <dirk@dmllr.de> Signed-off-by: Dirk Mueller <dmueller@suse.com>	2020-08-20 15:38:35 +08:00
DQ	e9323ca268	Fix schema of the portal health check it should be https Signed-off-by: DQ <dengq@vmware.com>	2020-08-19 15:58:51 +08:00
Wenkai Yin	0fd230c2d6	Refresh the status of execution for every status changing of task Refresh the status of execution for every status changing of task to support filtering executions by status directly Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-08-17 17:38:55 +08:00
Wenkai Yin	b1ddb5e2cc	Implement the icon API to get the icon of artifact Implement the icon API to get the icon of artifact Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-08-15 08:40:38 +08:00
Wenkai Yin	cca1dcca51	Use a separated database table to store the data version Use a separated database table to store the data version. Fixes #12747 Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-08-14 11:38:13 +08:00
Qian Deng	5dbbfa76d3	Merge pull request #12766 from ninjadq/add_log_dependency_to_trivy Add log denpendency ti trivy	2020-08-13 18:23:09 +08:00
Qian Deng	85fa6654ec	Fix: Add privileged for prepare command (#12689 ) Mount `/` dir in container require privilege And this change will make `z` label useless. So remove them Signed-off-by: DQ <dengq@vmware.com>	2020-08-13 14:55:42 +08:00
Qian Deng	78d4b54ddc	Merge pull request #12765 from ninjadq/fix_trivy_append_in_2_1_0_config Fix: append trivy every time when run migrate	2020-08-13 14:47:54 +08:00
DQ	a251e90507	Add log denpendency ti trivy To void trivy can not start issue Signed-off-by: DQ <dengq@vmware.com>	2020-08-13 11:35:21 +08:00
DQ	7ba498be5b	Fix: append trivy every time run migrate Signed-off-by: DQ <dengq@vmware.com>	2020-08-11 17:43:25 +08:00
Yiyang Huang	b98dc97fbd	feat: enhanced default processor Signed-off-by: Yiyang Huang <huangyiyang.huangyy@bytedance.com>	2020-08-11 01:31:02 +08:00
He Weiwei	8f036c765a	chore(images): install shadow package in base images The latest `photon:2.0` does not include `groupadd` and `useradd` we need to install `shadow` package which includes these commands. Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-08-10 10:23:48 +00:00
Wenkai Yin(尹文开)	d599cd98bf	Merge pull request #10455 from chlins/fix/quay-replication-adapter-refactor fix(replication): refactor quay adapter to fix authorization and supp…	2020-08-10 16:37:19 +08:00
Wenkai Yin(尹文开)	e8f9fb63c0	Merge pull request #12674 from reasonerjt/standalone-db-migrator Provide a standalone migrator to migrate DB schema.	2020-08-10 15:11:52 +08:00
Daniel Pacak	9397dff093	docs: Explain how to use Trivy in offline mode (#12102 ) Resolves: #11985 Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>	2020-08-10 08:48:04 +02:00
chlins	b765cfe0ce	fix(replication): refactor quay adapter to fix authorization and support quay.io and enterprise quay (#10317 ) Signed-off-by: chlins <chlins.zhang@gmail.com>	2020-08-08 13:17:01 +08:00
Tianon Gravi	4752cac051	Remove unused "sudo" package from most images Notably missing is the "log" image, which still uses sudo. Signed-off-by: Tianon Gravi <tianon@infosiftr.com>	2020-08-06 12:44:06 -07:00
Daniel Jiang	4f94f59d2a	Provide a standalone migrator to migrate DB schema. Fixes #11885 This part will not by default be packaged into release. A README.md will be added in another commit. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-08-06 18:57:55 +08:00
Qian Deng	26dc5d1b15	Merge pull request #12557 from ninjadq/rm_expose_port Remove expose port in dockerfiles	2020-08-06 14:29:51 +08:00
Wenkai Yin	d6288a43e8	Do some refine for the scheduler 1. Accept vendorType and vendorID when creating the schedule 2. Provide more methods in the scheduler interface to reduce the duplicated works of callers 3. Use a new ormer and transaction when creating the schedule Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-08-05 17:43:18 +08:00
DQ	b015440074	Remove expose port in dockerfiles The export is dynamical now because of introduce of internal TLS Signed-off-by: DQ <dengq@vmware.com>	2020-08-05 10:42:46 +08:00
Qian Deng	fbef7fd088	Merge pull request #12651 from ninjadq/add_migration_2_1_0 Add migration 2.1.0	2020-08-03 15:59:28 +08:00
DQ	1e32792dc5	Add migration 2.1.0 db_max_open_comms should be 1000 if its value between 100 and 1000 Signed-off-by: DQ <dengq@vmware.com>	2020-08-03 15:17:41 +08:00
DQ	d3ab9d7c6b	Add internal tls configs for portal add related file, config, command to enabled https for portal Signed-off-by: DQ <dengq@vmware.com>	2020-07-31 12:10:47 +08:00
Qian Deng	a2112bfa40	Merge pull request #12539 from ninjadq/core_config_port Fix: beego app config port hardcode	2020-07-27 17:21:18 +08:00
DQ	d7618a6274	Fix: beego app config port hardcode the port should be flexible depend on the internal tls Signed-off-by: DQ <dengq@vmware.com>	2020-07-27 15:35:43 +08:00
Steven Zou	ee35e1ecc6	Merge pull request #12507 from chlins/fix/preheat-update-instance fix(preheat): fix preheat handler PingInstance and UpdateInstance	2020-07-20 17:45:24 +08:00
Steven Zou	46d7434d0b	Merge pull request #12473 from ywk253100/200706_scheduler Refactor the scheduler with the task manager mechanism	2020-07-20 15:53:14 +08:00
chlins	78927af032	fix(preheat): fix preheat handler PingInstance and UpdateInstance Signed-off-by: chlins <chlins.zhang@gmail.com>	2020-07-20 15:42:24 +08:00
Wenkai Yin	4dc4b6728c	Refactor the scheduler with the task manager mechanism Refactor the scheduler with the task manager mechanism, this will reduce the duplicate code Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-07-20 14:03:15 +08:00
Ziming Zhang	8857e89e40	feature(redis) support redis sentinel Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-07-19 21:19:03 +08:00
Wang Yan	bad8f026fc	upgrade golang to v1.14.5 (#12489 ) Signed-off-by: wang yan <wangyan@vmware.com>	2020-07-16 16:20:54 +08:00
Qian Deng	bd26c294e8	Merge pull request #12341 from ninjadq/support_multi_down_version Enhance: Support multi downversion in migration	2020-07-15 23:39:11 +08:00
Daniel Jiang	947eadaa72	Merge pull request #12440 from heww/remove-init-clair-db refactor: remove initialization of clair db	2020-07-15 00:38:12 +08:00
He Weiwei	c000608d55	Merge pull request #12437 from heww/db-max-connections chore(db): change max_connections of postgres to 1024	2020-07-14 17:24:16 +08:00
He Weiwei	2a6fe801bc	chore(db): change max_connections of postgres to 1024 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-07-14 07:34:37 +00:00
Daniel Jiang	e96165412d	Merge pull request #12432 from ywk253100/200709_allowlist Rename "reuse_sys_cve_whitelist" to "reuse_sys_cve_allowlist"	2020-07-13 16:42:43 +08:00
chlins	38d14dff30	fix(preheat): validate instance/policy name, set unique filed and policy manager adds parsePolicy Signed-off-by: chlins <chlins.zhang@gmail.com>	2020-07-10 10:29:47 +08:00
He Weiwei	039aef5356	refactor: remove initialization of clair db To fetch vulnerability database updated time of the Clair had moved to the Clair adapter so removes the initialization of clair db in the core. Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-07-09 15:26:14 +00:00
Wenkai Yin	cd6c1b8c31	Rename "reuse_sys_cve_whitelist" to "reuse_sys_cve_allowlist" Rename "reuse_sys_cve_whitelist" to "reuse_sys_cve_allowlist" in project metadata Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-07-09 11:04:44 +08:00
Daniel Jiang	1637e6a588	Rename master role to maintainer This commit rename the var name, text appearance, and swagger of "master" role to "maintainer" role. It only covers backend code. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-07-08 09:20:07 +08:00
DQ	4617e0ff38	Enhance: Support multi downversion in migration 1. Change down version to list to accept multi verstion value 2. Update search function use BFS to find migration path 2. Add test case Signed-off-by: DQ <dengq@vmware.com>	2020-07-07 21:36:58 +08:00
stonezdj(Daojun Zhang)	6f4e8150d5	Merge pull request #12383 from ywk253100/200702_registry_api Suport filtering registries by type in listing registry API	2020-07-07 14:21:54 +08:00
Wenkai Yin	02690d1d04	Suport filtering registries by type in listing registry API Suport filtering registries by type in listing registry API Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-07-07 10:30:46 +08:00
fanjiankong	a0c2d0ac9e	feat(preheat):add preheat api, controller and manager - define instance's api - define extension models for api - implement preheat controller - implement preheat manager - most code are picked up from the original P2P feat branch Signed-off-by: fanjiankong <fanjiankong@tencent.com>	2020-07-03 11:25:42 +08:00
Wenkai Yin(尹文开)	1d03b8727a	Merge pull request #12357 from ninjadq/add_env_for_aws Fix Amazon S3 storage not work	2020-07-01 11:10:47 +08:00
chlins	15e4361d6e	feat: add p2p preheat policy dao and manager(#12286 ) Signed-off-by: chlins <chlins.zhang@gmail.com>	2020-06-30 15:56:50 +08:00
DQ	d0ddd61ad9	Fix Amazon S3 storage not work The Chartmuseum S3 client need set an Env variable Ref: https://github.com/helm/chartmuseum/issues/280 Signed-off-by: DQ <dengq@vmware.com>	2020-06-30 15:16:18 +08:00
He Weiwei	0474a2a040	Merge pull request #12322 from heww/install-tls-ca feat(certs): install internal tls ca from /etc/harbor/ssl dir	2020-06-25 21:03:35 +08:00
He Weiwei	13436b75a6	feat(certs): install internal tls ca from /etc/harbor/ssl dir Closes #10222 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-06-24 08:58:08 +00:00
AllForNothing	fff6f7529a	Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com>	2020-06-24 16:17:17 +08:00
Wang Yan	53044da28f	update blob controller & manager (#12101 ) * update blob controller & manager 1, add two more attributes, version, update_time and status 2, add delete and fresh update time method in blob mgr & ctr. Signed-off-by: wang yan <wangyan@vmware.com>	2020-06-23 17:11:54 +08:00
wang yan	c10467eb36	continue refactor Signed-off-by: wang yan <wangyan@vmware.com>	2020-06-23 13:10:57 +08:00
Wang Yan	de504993ad	update blob controller & manager 1, add two more attributes, update_time and status 2, add delete and fresh update time method in blob mgr & ctr. Signed-off-by: wang yan <wangyan@vmware.com>	2020-06-23 13:10:57 +08:00
Max Rosin	34d5591b1b	Fix DOCKERIMASES and SWAAGER_IMAGE_BUILD_CMD typos in Makefiles Fix #12259 Signed-off-by: Max Rosin <git@hackrid.de>	2020-06-16 12:18:55 +02:00
Wenkai Yin	127988b70c	Define the task manager interface and data model Define the task manager interface and data model Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-06-15 18:42:09 +08:00
Wenkai Yin	a79bb127b3	Update creating project API to support proxy cache project Update creating project API to support proxy cache project Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-06-10 17:14:12 +08:00
Wang Yan	dec8397c21	Add api to delete blob and manifest (#12006 ) * Add api to delete blob and manifest Enable the capability of registry controller to delete blob and manifest Signed-off-by: wang yan <wangyan@vmware.com>	2020-06-06 01:34:23 +08:00
Qian Deng	9e1302211b	Merge pull request #12072 from ninjadq/add_timeout_in_nginx_config Add timeout in nginx config	2020-06-02 15:14:42 +08:00
Steven Zou	c7c1742b88	Merge pull request #12106 from heww/clean-clair-url refactor(configuration): cleanup unneeded CLAIR_URL configuration in core	2020-06-01 19:24:19 +08:00
Daniel Jiang	58894e9d9c	Merge pull request #12071 from ninjadq/upgrade_chartversion Enhance: Upgrade chartmuseum version	2020-06-01 13:36:54 +08:00
Daniel Jiang	6271da471b	Update health check script for harbor-db (#12103 ) This patch remove the trailing space of the hostname introduced by `hostname -i`. The trailing space will cause resolution error after this patch is applied to glibc in photon: https://github.com/vmware/photon/blob/2.0/SPECS/glibc/glibc-fix-CVE-2019-10739.patch Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-05-30 14:05:39 +08:00
He Weiwei	d97be71234	refactor(configuration): cleanup unneeded CLAIR_URL configuration in core Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-05-29 07:27:50 +00:00
DQ	278338e401	Add timount on nginx configs set timeout to 900 Signed-off-by: DQ <dengq@vmware.com>	2020-05-26 16:18:35 +08:00
DQ	715685ae51	Remove tls1.1 in notary Signed-off-by: DQ <dengq@vmware.com>	2020-05-26 16:11:57 +08:00
DQ	f7ffd991cc	Enhance: Upgrade chartmuseum version Upgrade chartmuseum version 0.12.0 Signed-off-by: DQ <dengq@vmware.com>	2020-05-26 15:59:58 +08:00
AllForNothing	90e34e0104	Improve i18n service Signed-off-by: AllForNothing <sshijun@vmware.com>	2020-05-06 14:45:56 +08:00
DQ	b06e19a637	Fix: GCS storage gc issue Mount gcs key to registryctl Signed-off-by: DQ <dengq@vmware.com>	2020-04-29 15:04:16 +08:00
Daniel Jiang	f91d7080d1	Merge pull request #11753 from tedgxt/2.0-webhook-event-types-fix Webhook data fix when updgrding to 2.0	2020-04-28 19:36:44 +08:00
Qian Deng	9469252e85	Merge pull request #11745 from ninjadq/mount_ca_bundle Enhance: Create shared to store shared ca	2020-04-28 10:19:26 +08:00
Qian Deng	7f1e3a7bb8	Merge pull request #11758 from ninjadq/output_subprocess_stdout Output subprocess stdout	2020-04-28 09:46:02 +08:00
DQ	f70339870a	Enhance: Create shared to store shared ca this shared ca will mount to all harbor components Signed-off-by: DQ <dengq@vmware.com>	2020-04-28 02:58:11 +08:00
guanxiatao	f96cfab100	Table notification_policy fix when updgrding to 2.0 Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>	2020-04-27 20:13:46 +08:00
Wang Yan	add8dedc90	Fix the database upgrade issue (#11766 ) It's a workaround for issue https://github.com/goharbor/harbor/issues/11754 The phenomenon is the repository data is gone, but artifacts belong to the repository are still there. To resolve it, just set the repository_id to a negative, and cannot duplicate. Signed-off-by: wang yan <wangyan@vmware.com>	2020-04-27 17:28:36 +08:00
DQ	90faf700f8	Enhance: output the stdout of gen cert script use popen replace check_all Signed-off-by: DQ <dengq@vmware.com>	2020-04-27 10:43:22 +08:00
DQ	026e37e777	Fix chart museum absolute url issue if absolute url is enabled return true else set it to false Signed-off-by: DQ <dengq@vmware.com>	2020-04-26 13:04:29 +08:00
DQ	599ca98c09	Hidden veriify client cert verfiy option Remove to avoid replication access core from external_url issue Signed-off-by: DQ <dengq@vmware.com>	2020-04-23 10:14:36 +08:00
Daniel Jiang	2ecf0425a4	Remove the certs of notary signer Since `prepare` generates the certs as needed during installation, these certs should not exist in the repo. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-04-21 13:20:19 +08:00
DQ	b728f04d0a	Fix tls min version for registry cert,key,mintls should in the same context Signed-off-by: DQ <dengq@vmware.com>	2020-04-20 19:19:15 +08:00
Qian Deng	9c7caddeae	Merge pull request #11635 from hyy0322/set-root-password-never-expire fix: set root password never expire	2020-04-16 22:05:10 +08:00
Maosheng Ren	89e9ea0145	Merge pull request #11636 from danielpacak/bump_up_trivy_adapter_to_0.9.0 chore(trivy): Bump up trivy adapter to 0.9.0	2020-04-16 16:16:50 +08:00
Wang Yan	790064df2e	fix notification policy ugrade issue (#11627 ) Fixes #11624 All of the existing policies created v1.10 has no name, it fails the upgrade process. When to set the unique constraint for policy name, the empty can be seen as duplicated key. ERROR: could not create unique index "notification_policy_name_key" DETAIL: Key (name)=() is duplicated. Signed-off-by: wang yan <wangyan@vmware.com>	2020-04-16 14:53:58 +08:00
Daniel Pacak	5c3abee135	chore(trivy): Bump up trivy adapter to 0.9.0 - Vendor the latest Trivy release 0.6.0 - Configure TLS 1.2 as min version when TLS is enabled - Add more tracing to adapter config to facilitate troubleshooting Resolves: #11544 Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>	2020-04-16 08:40:27 +02:00
DQ	42c1095216	Fix cert issue of trivy Trivy can't access harbor from external if https enabled so inject cert to trivy container trust Signed-off-by: DQ <dengq@vmware.com>	2020-04-16 10:52:03 +08:00
Yiyang Huang	4598f52057	fix: set root password never expire Signed-off-by: Yiyang Huang <huangyiyang@caicloud.io>	2020-04-16 00:15:28 +08:00
He Weiwei	355c16943c	chore(clair): bump up clair adapter version to 1.0.2 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-04-15 14:07:46 +00:00
He Weiwei	385aaac00d	Merge pull request #11620 from heww/fix-issue-11524 feat(scanner): make Clair and Trivy as reserved name for scanners	2020-04-15 15:21:35 +08:00
He Weiwei	f5487479dd	feat(scanner): make Clair and Trivy as reserved name for scanners Closes #11524 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-04-15 02:26:02 +00:00
Qian Deng	95d7c9382b	Merge pull request #11592 from ninjadq/min_version_tls_to_12 Min version tls to 12	2020-04-14 18:12:55 +08:00
wang yan	ff2a6c7a01	add warning to registry binary name Fixes #11606 As we DO NOT want to user to execute GC in the container, rename it and append the warning message. Signed-off-by: wang yan <wangyan@vmware.com>	2020-04-14 15:16:50 +08:00
DQ	75f78b64b2	Set registry tls version to 1.2 when internal tls enabled set min version of registry to 1.2 Signed-off-by: DQ <dengq@vmware.com>	2020-04-13 18:13:30 +08:00
jwangyangls	e28b5811f7	Merge pull request #11176 from jwangyangls/change-helm-version Separate swagger to get v2.0 swagger and chart swagger	2020-04-10 17:12:00 +08:00
Yogi_Wang	33ed4fb67e	Separate swagger to get v2.0 swagger and chart swagger 1. Partial helm api version number clear 2. Separate swagger to get v2.0 swagger and chart swagger 3. router add chart swagger Signed-off-by: Yogi_Wang <yawang@vmware.com>	2020-04-10 16:25:30 +08:00
DQ	e907cbe2b6	Fix health check for jobservice and regctl need cert when mTLS is enabled Signed-off-by: DQ <dengq@vmware.com>	2020-04-09 20:35:46 +08:00
DQ	08ff622310	Remove lines not needed volume already defined above Signed-off-by: DQ <dengq@vmware.com>	2020-04-09 20:06:51 +08:00
Ziming Zhang	572ebef685	feat(cicd) parameterize docker base image and external url Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-04-08 00:21:47 +08:00
DQ	6ae1b1dc97	Add missiong entrypoint file for trivy-adapter Signed-off-by: DQ <dengq@vmware.com>	2020-04-07 10:39:07 +00:00
He Weiwei	3f567514b5	Merge pull request #11468 from wy65701436/remove-count-quota-code remove the chart handling in quota	2020-04-07 16:51:07 +08:00
Daniel Jiang	5bcd015d6f	Merge pull request #11469 from ninjadq/clean_up_migrator Remove migrator flags in script	2020-04-07 16:37:24 +08:00
Daniel Jiang	e064bd4c01	Merge pull request #11428 from ninjadq/fix_container_unhealth Fix container unhealth	2020-04-07 15:57:00 +08:00
wang yan	a96d2f3746	remove the chart handling in quota 1, remove the chartmuseum controller 2, doesn't handle chartrepo url in v2 middleware Signed-off-by: wang yan <wangyan@vmware.com>	2020-04-07 15:26:34 +08:00
DQ	1ae50b8d66	Remove migrator flags in script Because migrator tool removed Signed-off-by: DQ <dengq@vmware.com>	2020-04-07 14:57:10 +08:00
DQ	4a836ea975	Fix health check url health check url should depend on internal https Signed-off-by: DQ <dengq@vmware.com>	2020-04-07 03:35:52 +00:00
wang yan	44825e819e	deprecate quota count on artifact Fixes #11241 1, remove count quota from quota manager 2, remove count in DB scheme 3, remove UI relates on quota 4, update UT, API test and UI UT. Signed-off-by: wang yan <wangyan@vmware.com>	2020-04-06 16:56:11 +08:00
DQ	cdb675bf3d	Add proxy cert file to jobservice when https enabled jobservice may request via absolute path of url to harbor Signed-off-by: DQ <dengq@vmware.com>	2020-04-04 17:44:34 +00:00
DQ	23ed189ed4	Add SAN to gencert script add localhost and 127.0.0.1 to SAN Signed-off-by: DQ <dengq@vmware.com>	2020-04-04 17:44:34 +00:00
He Weiwei	77a8c3205f	fix(prepare): not accpet items of false value in external_redis Item in yaml without value will be as None in python, which will make the password of redis as `None` in `get_redis_configs`. This fix will not accept items of `false value` in `external_redis` configurations. Closes #11367 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-04-03 04:09:26 +00:00
Qian Deng	a702c32346	Merge pull request #11063 from ninjadq/fix_syslog_dir_in_tpl Fix: fix logrotate is dir issue	2020-04-02 11:37:29 +08:00
Qian Deng	0319baabcb	Merge pull request #11381 from ninjadq/enhance_migrate_config Enhance migrate config	2020-04-02 10:00:38 +08:00
DQ	dc271e1a87	Add packaging to pipenv Signed-off-by: DQ <dengq@vmware.com>	2020-04-01 22:54:47 +08:00
DQ	d636f2ea5c	Enhance help message Provide more info in help message Add requried opition and they will show missing option if you are not provide them instead of Exception Signed-off-by: DQ <dengq@vmware.com>	2020-04-01 17:02:59 +08:00
DQ	b2e1905e7a	Enhance: Stop upgrade when input version less then 1.9.0 The migration script should failure early when version is not supported Signed-off-by: DQ <dengq@vmware.com>	2020-04-01 15:35:49 +08:00
Ziming Zhang	ae7834af0b	feat(cicd) fix build base image Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-03-26 10:55:40 +08:00
Qian Deng	9e101b73a4	Merge pull request #11156 from ninjadq/migrate_config_to_harbor2 Migrate config to harbor2	2020-03-25 16:02:18 +08:00
DQ	85ec0e7820	Enhance: Refactor the migration structure 1. Refactor structure of migrate file 2. fix some previous bugs Signed-off-by: DQ <dengq@vmware.com>	2020-03-23 21:26:28 +08:00
DQ	444678fe07	Fix: module path raise exception when it is loop add test for loop Signed-off-by: DQ <dengq@vmware.com>	2020-03-23 19:29:59 +08:00
Maosheng Ren	1dbec0c1d7	Fix a typo in the help message of install.sh (#11167 ) Signed-off-by: ren maosheng <stevenr@vmware.com>	2020-03-23 10:30:37 +08:00
DQ	e8bb977ae1	Feat: Upgrade configs to harbor 2.0 add migrate files for harbor 2.0 Signed-off-by: DQ <dengq@vmware.com>	2020-03-20 15:20:32 +08:00
DQ	1e0c9f7231	Feat: Add config migrator to prepare deprecated migrator container and move config migration to prepare Signed-off-by: DQ <dengq@vmware.com>	2020-03-20 03:04:10 +08:00
Steven Zou	2859cd8b69	Merge pull request #11134 from danielpacak/feat/issue_11090/trivy_skip_update_flag feat(trivy): Configure Trivy to skip database updates	2020-03-19 18:13:08 +08:00
Wenkai Yin(尹文开)	9ebcf95758	Merge pull request #11122 from ywk253100/200318_replication_task Increase the length the columns (src_resource, dst_resource)of replication_task	2020-03-19 12:16:27 +08:00
DQ	f18a546429	Fix: return error when internal_tls_not_provided When iinternal_tls is empty, prepare should works as usual Signed-off-by: DQ <dengq@vmware.com>	2020-03-19 10:37:58 +08:00
Daniel Pacak	7325105714	feat(trivy): Configure Trivy to skip database updates Resolves: #11090 Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>	2020-03-18 17:11:47 +01:00
DQ	6e8d44101f	Enhance: User can generate cert by their own ca key pair User can put their ca key pair on internal cert dir and name them to `harbor_internal_ca.key` and `harbor_internal_ca.crt` we wil use them to generate other certs Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	b93092e012	Add tls for trivy Add trivy tls cert files Add tivey tls env and config enhance gencert Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	c954969bcd	Add mTLS configs mTLS only enabled in jobservice and registryctl Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	c5d73e6a0c	Add switch to https use switch to make decision whether mTLS or server TLS Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	454382149f	TLS update for chart, clairadapter, registry Remove trustca in chartmuseum Remove trustca in registry Add tls in clair-adapter Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	03e11c63c7	Fix docker file with secure tls change Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	dcc6950af7	Feat: auto install ca in registry Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	b852605193	Feat: enable mtls in harbor replication Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	40e67f3b14	Feat: Enable mtls for registry Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	07a1d51693	Feat: enable tls in registryctlAdd tls related code in registryctl Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	da359f609f	Feat: enable mtls in core add mtls related code in core Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	a4855cca36	Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
Wang Yan	b4e941e961	drop table access log in migration (#11118 ) Use the audit log instead, the access log table should be dropped after migration Signed-off-by: wang yan <wangyan@vmware.com>	2020-03-18 19:04:38 +08:00
Wenkai Yin	ac9658bc1e	Increase the length the columns (src_resource, dst_resource)of replication_task Fixes #10786 by increaseing the length of src_resource and dst_resource to 256 Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-03-18 17:05:32 +08:00
He Weiwei	7d20154db5	fix: remove old artifact model (#11112 ) Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-03-18 14:20:06 +08:00
Daniel Pacak	9c13116963	chore(trivy): Allow configuring HTTP(S) proxy Resolves: #11032 Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>	2020-03-16 12:26:49 +01:00
Daniel Pacak	46fb43bc25	chore: Bump up Trivy adapter to v0.4.0 Allows configuring SCANNER_TRIVY_GITHUB_TOKEN environment variable, which is passed to trivy executable binary when it starts scanning a given artifact. This is to increase GitHub requests rate limit from 60 per hours (for anonymous requests) to 5000 when Trivy download its vulnerabilities database. Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>	2020-03-16 09:53:16 +01:00
DQ	1eeea6b888	Fix: fix logrotate is dir issue Change it to bind command Signed-off-by: DQ <dengq@vmware.com>	2020-03-13 14:58:45 +08:00
Wenkai Yin	a4a1913598	Repair the count usage during the upgrading As the count quota is against artifact rather than tag in 2.0, the count usage should be recalculated Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-03-13 13:59:48 +08:00
Ted Guan	4ac31c6d46	Add API for query supported event types and notify types; Return policy name in last trigger info; Remove project_id unique constraint in table notification_policy (#11029 ) Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>	2020-03-11 18:06:58 +08:00
Wenkai Yin(尹文开)	8452100148	Merge pull request #10942 from ywk253100/200305_reference Persistent the URLs and annotations of artifact references in database	2020-03-11 16:20:18 +08:00
Wang Yan	bd7940217a	upgrade golang version to v1.13.8 (#11006 ) The vesrion contains two security bug fix - CVE-2020-0601, CVE-2020-7919 More details, see the golang milestone: https://github.com/golang/go/issues?q=milestone%3AGo1.13.8+label%3ACherryPickApproved Signed-off-by: wang yan <wangyan@vmware.com>	2020-03-11 12:20:06 +08:00
Ziming Zhang	695a2559be	feat(cicd) use unified version as tag name, clean more Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-03-09 17:13:28 +08:00
Ziming Zhang	200c352c35	feat(cicd) use unified version as tag name Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-03-09 15:30:03 +08:00
Daniel Jiang	6d89553c4d	Merge pull request #10937 from reasonerjt/csrf-2.0 Update CSRF mechanism	2020-03-09 12:31:08 +08:00
Wenkai Yin(尹文开)	75eb7a8c5a	Merge pull request #10955 from wy65701436/migrate-access add sql for migrating access log	2020-03-09 10:00:08 +08:00
Daniel Jiang	ae5ffce83a	Update CSRF mechanism This commit replaces beego's CSRF mechanism with gorilla's csrf library. The criteria for requests to skip the csrf check remain the same. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-03-09 01:15:54 +08:00
wang yan	288c7790d0	add sql for migrating access log 1, loop each access log, change to resource/resource_type, and insert into audit log 2, loop each first push operation, change it to create repository and insert into audit log. Signed-off-by: wang yan <wangyan@vmware.com>	2020-03-06 12:06:12 +08:00
wang yan	2b0b7576b2	Fix gc issue on clean the artifact trash 1, enable dao test for artifact trash 2, set default flush trash table to false 3, hanlder empty parameter in API call 4, add registry auth info into jobservice container Signed-off-by: wang yan <wangyan@vmware.com>	2020-03-06 03:11:31 +08:00
stonezdj(Daojun Zhang)	49619e1907	Merge pull request #10939 from wy65701436/access-log-mgr add audit logs API	2020-03-05 16:24:21 +08:00
wang yan	df237a5b17	add audit logs API 1, add API entry for get audit logs 2. add audit log manager to hanlder CRUD Use the new format of audit log to cover differernt resource, artifact/tag/repostory/project Signed-off-by: wang yan <wangyan@vmware.com>	2020-03-05 11:40:51 +08:00
Wenkai Yin	76c04b0219	Persistent the URLs and annotations of artifact references in database Persistent the URLs and annotations of artifact references in database Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-03-05 10:54:45 +08:00
Will Sun	a5d9a3b65d	Merge pull request #10863 from AllForNothing/api-center Fix Api cennter	2020-03-05 10:00:15 +08:00
Wenkai Yin(尹文开)	4fa4c4e74c	Merge pull request #10815 from cd1989/redis-idle-timeout Set redis idle timeout for core	2020-03-03 14:10:22 +08:00
Wenkai Yin	4c9b59c904	Migrate artifact data in 2.0 Abstract extra attributes and annotations for artifacts stored in database Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-02-28 18:09:02 +08:00
jwangyangls	572510c82d	Merge pull request #10755 from Snaacker/master Fix typo	2020-02-28 11:59:51 +08:00
Daniel Jiang	1823c984f7	Merge branch 'master' into redis-idle-timeout	2020-02-27 22:01:22 +08:00

... 3 4 5 6 7 ...

1323 Commits