Commit Graph

7535 Commits

Author SHA1 Message Date
jwangyangls
3144635ea1
Merge pull request #9139 from jwangyangls/add-oidc-claim
Add oidc group claim in config-auth、member、administrator
2019-09-20 15:58:31 +08:00
xaleeks
43b25d5ddd
Merge pull request #9166 from michmike/master
Updating the security disclosure process
2019-09-20 15:34:40 +08:00
Yogi_Wang
63f135337e Add oidc group claim
1. add oidc group claim in configration page
2. add oidc group-page in user page,you can go to it through clicking add-group button;
3. add oidc list page in administrator ,admin can go to this page
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-09-20 13:53:25 +08:00
Michael Michael
64e60fe9cc
Update SECURITY.md 2019-09-19 21:30:37 -07:00
Wenkai Yin(尹文开)
20262d70bb
Merge pull request #9155 from reasonerjt/gen-session-id
Generate new session ID after login
2019-09-20 11:22:44 +08:00
Michael Michael
3d9dc4e734
Update SECURITY.md 2019-09-19 19:08:22 -07:00
Michael Michael
e908e1c588
Update SECURITY.md
updating to include cncf lists for public disclosure

Signed-off-by: Michael Michael michmike@cs.stanford.edu
2019-09-19 15:29:27 -07:00
Michael Michael
0300a804c4
Update SECURITY.md 2019-09-19 15:07:20 -07:00
Michael Michael
34093e73c4
Update SECURITY.md 2019-09-19 14:22:04 -07:00
Michael Michael
e80d208192
Update SECURITY.md 2019-09-19 14:08:49 -07:00
Michael Michael
daec26a5f9
moving the doc to the top of the repo 2019-09-19 10:37:40 -07:00
Wang Yan
adc9878e65
Merge pull request #9165 from xaleeks/xaleeks-security-disclosure-process
security disclosure process
2019-09-20 01:09:01 +08:00
xaleeks
9b4e3fa5c4 security disclosure process
Signed-off-by: xaleeks <xalex@vmware.com>
2019-09-20 00:02:34 +08:00
Daniel Jiang
07dd14d3b5 Generate new session ID after login
This commit mitigates the Session Fixation issue by making sure a new
session ID is generated each time user logs in to Harbor

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 20:51:50 +08:00
danfengliu
c360e71d51
Merge pull request #9148 from AllForNothing/add-member-nightly
Improve project name validator when adding new project
2019-09-19 17:13:31 +08:00
Steven Zou
4c4897aef1
Merge pull request #9134 from steven-zou/feature/pluggable_scanners
support pluggable scanner
2019-09-19 16:08:24 +08:00
sshijun
6b2ba60c1e Improve project name validator when adding new project
Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-19 13:53:36 +08:00
jwangyangls
e505ba53f0
Merge pull request #9147 from jwangyangls/add-id-edit-rep
Add id in repo info button
2019-09-19 13:03:06 +08:00
Yogi_Wang
450184c4ec Add id in repo info button
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-09-19 12:21:07 +08:00
jwangyangls
5ffba4a6f5
Merge pull request #9069 from danfengliu/script-project-quotas-nightly-test-case
Script test case for project quotas
2019-09-19 10:27:22 +08:00
Steven Zou
e324a4d623 support pluggable scanner
- add DAO layer for scanner registration
- add CURD manager for scanner registration
- add API controller for plug scanner
- add REST APIs for CURD of plug scanner
- add migration sql:0011_1.10.0
- add scan interface definition (no implementations)
- add related UT cases with testify

fix #8979 #8990

Signed-off-by: Steven Zou <szou@vmware.com>
2019-09-18 21:56:45 +08:00
Steven Zou
ae0c129b27
Merge pull request #9125 from wy65701436/refactor-selector
refactor selector of retention
2019-09-18 18:27:16 +08:00
Danfeng Liu (c)
5d1913842c Script test case for project quotas, there will be 2 or 3 test cases in this PR, like project quota edit, prject quota functionality.
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2019-09-18 17:55:25 +08:00
jwangyangls
e226f0a258
Merge pull request #9137 from jwangyangls/fix-group-clarity-ui
Supplement group ui
2019-09-18 17:45:24 +08:00
wang yan
42a5db83b2 refactor selector of retention
extract select from pkg/retention, move it to pkg/artselector to make it usable by immutable tag

Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-18 16:38:41 +08:00
Will Sun
81a143855e
Merge pull request #9136 from AllForNothing/css-modify
Modify css for add-memeber page and project-config page
2019-09-18 16:29:20 +08:00
Yogi_Wang
069f884a7c Supplement group ui
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-09-18 16:02:58 +08:00
sshijun
e7b2b4bb03 Modify css for add-memeber page and project-config page. Format
global.scss file

Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-18 14:58:44 +08:00
Will Sun
de550c4073
Merge pull request #8901 from phantooom/master
fix portal Chinese translate
2019-09-18 14:18:46 +08:00
jwangyangls
6dd2ae90a0
Merge pull request #9011 from jwangyangls/upgrade_clarity-2.1
Upgrade angular from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
2019-09-18 10:45:40 +08:00
Yogi_Wang
a7c7a8e675 Upgrade angualr from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
Signed-off-by: Yogi_Wang <yawang@vmware.com>

Signed-off-by: Meina Zhou <meinaz@vmware.com>
Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-18 10:12:20 +08:00
xaleeks
460756c293
Merge pull request #9130 from xaleeks/xaleeks-permissions-updates
added permissions for 1.9 features
2019-09-18 09:14:17 +08:00
xaleeks
8ae4c78214 fixed cve whitelist permissions
Signed-off-by: xaleeks <xalex@vmware.com>
2019-09-18 00:47:30 +08:00
xaleeks
bf3416cbf7 added permissions for 1.9 features
Signed-off-by: xaleeks <xalex@vmware.com>
2019-09-17 22:55:24 +08:00
stonezdj(Daojun Zhang)
1d16fcfd93
Merge pull request #9118 from wy65701436/fix-redeclared
remove filter redeclared as imported package name in base.go
2019-09-17 18:11:54 +08:00
wang yan
5498b5719b remove filter redeclared as imported package name in base.go
It's introduced by https://github.com/goharbor/harbor/pull/8976

Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-17 16:36:59 +08:00
Wang Yan
f77ce4aa3a
Merge pull request #8976 from ninjadq/add_auth_for_project_head
Fix: Add authenticate to projects head
2019-09-17 14:02:45 +08:00
stonezdj(Daojun Zhang)
0aa51a568d
Merge pull request #9101 from reasonerjt/oidc-groups-config
Add groups claim to OIDC configuration
2019-09-17 10:38:43 +08:00
Stuart Clements
0470b334c6
Adding docs about webhooks, tag retention, CVE whitelists and project quotas (#8869)
* Adding docs about webhooks

* Fixed title

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from Alex

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Adding placeholder for tag retentionl correct # of endpoints

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added doc for tag retention

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added JSON example for webhooks

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added global webhook setting and error handling

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from mmpei

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comment from Alex

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comment about concurrency from Alex

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comment from steven about ** wildcard

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from Steven on examples

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added screen cap to edit retention rule

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Fixing indentation

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Clarified quotas

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added doc for quotas

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Removing fullstops

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Fixed image links

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Documenting CVE whitelists

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Fix cut n paste error

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Adding images `

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Another cut n paste error

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Typos

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Tidied the language somewhat

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from Wang Yan

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Completed unfinished sentence.

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from Alex

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comment from Alex on artifact counts

* Replaced "artifact" with "tag" as appropriate

* Updated CVE whitelist button label

* Comments from He Weiwei

* Review comments
2019-09-16 14:54:40 +02:00
Stuart Clements
0f4cf89253
Documented how to configure Syslog and DB connection pool in harbor.yml (#9005)
* Documented how to configure Syslog connection in harbor.yml

* Documenting DB connection pool

* Removed extraneous character

* Comments from Qian.

* Comment from Weiwei

* Another comment from Weiwei

* Added max_open_conns and max_idle_conns to the external DB

* Corrected defaults for max_open_conns and max_idle_conns
2019-09-16 11:53:16 +02:00
Daniel Jiang
f36efa4dcd Add groups claim to OIDC configuration
This commit add the new setting "oidc_groups_claim" to Harbor's
configurations.
And add "group_claim" to OIDCSetting struct.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-16 15:54:14 +08:00
Daniel Jiang
89b8dfc508
Merge pull request #9004 from stuclem/robot-helm
Documented that Robo accounts can push/pull helm charts
2019-09-16 11:34:16 +08:00
Wang Yan
bd6bd6e749
Merge pull request #9053 from wy65701436/quota-e2e
Quota e2e case
2019-09-16 01:00:16 +08:00
Wang Yan
6b5fd36bb3 add e2e test case for project quota
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Push an image to project(PA) by user(UA), then check the project quota usage;
5. Check quota change
6. Delete image, the quota should be changed to 0.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-15 22:16:11 +08:00
xaleeks
76f1580634
Merge pull request #8994 from stuclem/replication-improvements
Documenting new registry providers as replication endpoints
2019-09-13 19:09:49 +08:00
xaleeks
81a25f2d6e
Merge pull request #9045 from stuclem/upgrade
Updated upgrade and migration guide for 1.9
2019-09-13 19:02:52 +08:00
Stuart Clements
f14411dcab Comments from Alex 2019-09-12 17:06:37 +02:00
Stuart Clements
5490bf395b Comment from Daniel 2019-09-12 13:45:38 +02:00
Stuart Clements
4a43fd4a09 Comments from Alex 2019-09-12 12:47:14 +02:00
Mia ZHOU
0d11caa1ef
Merge pull request #9073 from AllForNothing/quota-id
change element id in config page
2019-09-12 16:49:38 +08:00