Maosheng Ren
1dbec0c1d7
Fix a typo in the help message of install.sh ( #11167 )
...
Signed-off-by: ren maosheng <stevenr@vmware.com>
2020-03-23 10:30:37 +08:00
Steven Zou
2859cd8b69
Merge pull request #11134 from danielpacak/feat/issue_11090/trivy_skip_update_flag
...
feat(trivy): Configure Trivy to skip database updates
2020-03-19 18:13:08 +08:00
Wenkai Yin(尹文开)
9ebcf95758
Merge pull request #11122 from ywk253100/200318_replication_task
...
Increase the length the columns (src_resource, dst_resource)of replication_task
2020-03-19 12:16:27 +08:00
DQ
f18a546429
Fix: return error when internal_tls_not_provided
...
When iinternal_tls is empty, prepare should works as usual
Signed-off-by: DQ <dengq@vmware.com>
2020-03-19 10:37:58 +08:00
Daniel Pacak
7325105714
feat(trivy): Configure Trivy to skip database updates
...
Resolves : #11090
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-18 17:11:47 +01:00
DQ
6e8d44101f
Enhance: User can generate cert by their own ca key pair
...
User can put their ca key pair on internal cert dir and name them to `harbor_internal_ca.key` and `harbor_internal_ca.crt` we wil use them to generate other certs
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
b93092e012
Add tls for trivy
...
Add trivy tls cert files
Add tivey tls env and config
enhance gencert
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
c954969bcd
Add mTLS configs
...
mTLS only enabled in jobservice and registryctl
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
c5d73e6a0c
Add switch to https
...
use switch to make decision whether mTLS or server TLS
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
454382149f
TLS update for chart, clairadapter, registry
...
Remove trustca in chartmuseum
Remove trustca in registry
Add tls in clair-adapter
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
03e11c63c7
Fix docker file with secure tls change
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
dcc6950af7
Feat: auto install ca in registry
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
b852605193
Feat: enable mtls in harbor replication
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
40e67f3b14
Feat: Enable mtls for registry
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
07a1d51693
Feat: enable tls in registryctlAdd tls related code in registryctl
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
da359f609f
Feat: enable mtls in core
...
add mtls related code in core
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
a4855cca36
Feat: update prepare to support tls
...
update makefile
add model for prepare
update jinja template for prepare
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
Wang Yan
b4e941e961
drop table access log in migration ( #11118 )
...
Use the audit log instead, the access log table should be dropped after migration
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-18 19:04:38 +08:00
Wenkai Yin
ac9658bc1e
Increase the length the columns (src_resource, dst_resource)of replication_task
...
Fixes #10786 by increaseing the length of src_resource and dst_resource to 256
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-18 17:05:32 +08:00
He Weiwei
7d20154db5
fix: remove old artifact model ( #11112 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-03-18 14:20:06 +08:00
Daniel Pacak
9c13116963
chore(trivy): Allow configuring HTTP(S) proxy
...
Resolves : #11032
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-16 12:26:49 +01:00
Daniel Pacak
46fb43bc25
chore: Bump up Trivy adapter to v0.4.0
...
Allows configuring SCANNER_TRIVY_GITHUB_TOKEN environment variable,
which is passed to trivy executable binary when it starts scanning
a given artifact.
This is to increase GitHub requests rate limit from 60 per hours
(for anonymous requests) to 5000 when Trivy download its
vulnerabilities database.
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-16 09:53:16 +01:00
Wenkai Yin
a4a1913598
Repair the count usage during the upgrading
...
As the count quota is against artifact rather than tag in 2.0, the count usage should be recalculated
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-13 13:59:48 +08:00
Ted Guan
4ac31c6d46
Add API for query supported event types and notify types; Return policy name in last trigger info; Remove project_id unique constraint in table notification_policy ( #11029 )
...
Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>
2020-03-11 18:06:58 +08:00
Wenkai Yin(尹文开)
8452100148
Merge pull request #10942 from ywk253100/200305_reference
...
Persistent the URLs and annotations of artifact references in database
2020-03-11 16:20:18 +08:00
Wang Yan
bd7940217a
upgrade golang version to v1.13.8 ( #11006 )
...
The vesrion contains two security bug fix - CVE-2020-0601, CVE-2020-7919
More details, see the golang milestone:
https://github.com/golang/go/issues?q=milestone%3AGo1.13.8+label%3ACherryPickApproved
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-11 12:20:06 +08:00
Ziming Zhang
695a2559be
feat(cicd) use unified version as tag name, clean more
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 17:13:28 +08:00
Ziming Zhang
200c352c35
feat(cicd) use unified version as tag name
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 15:30:03 +08:00
Daniel Jiang
6d89553c4d
Merge pull request #10937 from reasonerjt/csrf-2.0
...
Update CSRF mechanism
2020-03-09 12:31:08 +08:00
Wenkai Yin(尹文开)
75eb7a8c5a
Merge pull request #10955 from wy65701436/migrate-access
...
add sql for migrating access log
2020-03-09 10:00:08 +08:00
Daniel Jiang
ae5ffce83a
Update CSRF mechanism
...
This commit replaces beego's CSRF mechanism with gorilla's csrf library.
The criteria for requests to skip the csrf check remain the same.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-03-09 01:15:54 +08:00
wang yan
288c7790d0
add sql for migrating access log
...
1, loop each access log, change to resource/resource_type, and insert into audit log
2, loop each first push operation, change it to create repository and insert into audit log.
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-06 12:06:12 +08:00
wang yan
2b0b7576b2
Fix gc issue on clean the artifact trash
...
1, enable dao test for artifact trash
2, set default flush trash table to false
3, hanlder empty parameter in API call
4, add registry auth info into jobservice container
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-06 03:11:31 +08:00
stonezdj(Daojun Zhang)
49619e1907
Merge pull request #10939 from wy65701436/access-log-mgr
...
add audit logs API
2020-03-05 16:24:21 +08:00
wang yan
df237a5b17
add audit logs API
...
1, add API entry for get audit logs
2. add audit log manager to hanlder CRUD
Use the new format of audit log to cover differernt resource, artifact/tag/repostory/project
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-05 11:40:51 +08:00
Wenkai Yin
76c04b0219
Persistent the URLs and annotations of artifact references in database
...
Persistent the URLs and annotations of artifact references in database
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-05 10:54:45 +08:00
Will Sun
a5d9a3b65d
Merge pull request #10863 from AllForNothing/api-center
...
Fix Api cennter
2020-03-05 10:00:15 +08:00
Wenkai Yin(尹文开)
4fa4c4e74c
Merge pull request #10815 from cd1989/redis-idle-timeout
...
Set redis idle timeout for core
2020-03-03 14:10:22 +08:00
Wenkai Yin
4c9b59c904
Migrate artifact data in 2.0
...
Abstract extra attributes and annotations for artifacts stored in database
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-28 18:09:02 +08:00
jwangyangls
572510c82d
Merge pull request #10755 from Snaacker/master
...
Fix typo
2020-02-28 11:59:51 +08:00
Daniel Jiang
1823c984f7
Merge branch 'master' into redis-idle-timeout
2020-02-27 22:01:22 +08:00
AllForNothing
d41c5496a2
Fix Api cennter
...
Signed-off-by: AllForNothing <sshijun@vmware.com>
2020-02-27 15:55:20 +08:00
Wenkai Yin
02c2647e1e
Use the repository name of artifact model
...
As we store the repository name in the artifact table, we can use it direclty in the code to reduce the database query
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-26 13:37:09 +08:00
stonezdj(Daojun Zhang)
a7e5873f46
Merge pull request #10821 from stonezdj/20200224_remove_notification
...
Remove registry notification and change core health check url
2020-02-25 13:34:37 +08:00
Ziming Zhang
94230b5e19
feat(cicd) fix some build problem
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-02-25 12:05:39 +08:00
stonezdj
6005101c95
Remove registry notification and change /api/ping
...
Update config.yaml.jinja to remove notification
Change api/ping in core/Dockerfile
Signed-off-by: stonezdj <stonezdj@gmail.com>
2020-02-25 11:24:21 +08:00
Wang Yan
948d45604c
Revise the GC job flow,
...
1, set harbor to readonly
2, select the candidate artifacts from Harbor DB.
3, call registry API(--delete-untagged=false) to delete manifest bases on the results of #2
4, clean keys of redis DB of registry, clean artifact trash and untagged from DB.
5, roll back readonly.
Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-24 18:29:55 +08:00
Wenkai Yin
bd204464f3
Remove dead code
...
Remove dead code
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-23 17:11:46 +08:00
dechen
e642a73280
Set redis idle timeout for core
...
Signed-off-by: dechen <xxyydream@gmail.com>
2020-02-23 12:31:56 +08:00
Wenkai Yin
9312b788dc
Upgrade the artifact table
...
Split the table artifact into artifact and tags, and populate related data
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-21 20:37:31 +08:00