382 Commits

Author	SHA1	Message	Date
Yiyang Huang	4598f52057	fix: set root password never expire ... Signed-off-by: Yiyang Huang <huangyiyang@caicloud.io>	2020-04-16 00:15:28 +08:00
Qian Deng	95d7c9382b	Merge pull request #11592 from ninjadq/min_version_tls_to_12 ... Min version tls to 12	2020-04-14 18:12:55 +08:00
wang yan	ff2a6c7a01	add warning to registry binary name ... Fixes #11606 As we DO NOT want to user to execute GC in the container, rename it and append the warning message. Signed-off-by: wang yan <wangyan@vmware.com>	2020-04-14 15:16:50 +08:00
DQ	75f78b64b2	Set registry tls version to 1.2 ... when internal tls enabled set min version of registry to 1.2 Signed-off-by: DQ <dengq@vmware.com>	2020-04-13 18:13:30 +08:00
jwangyangls	e28b5811f7	Merge pull request #11176 from jwangyangls/change-helm-version ... Separate swagger to get v2.0 swagger and chart swagger	2020-04-10 17:12:00 +08:00
Yogi_Wang	33ed4fb67e	Separate swagger to get v2.0 swagger and chart swagger ... 1. Partial helm api version number clear 2. Separate swagger to get v2.0 swagger and chart swagger 3. router add chart swagger Signed-off-by: Yogi_Wang <yawang@vmware.com>	2020-04-10 16:25:30 +08:00
DQ	e907cbe2b6	Fix health check for jobservice and regctl ... need cert when mTLS is enabled Signed-off-by: DQ <dengq@vmware.com>	2020-04-09 20:35:46 +08:00
DQ	08ff622310	Remove lines not needed ... volume already defined above Signed-off-by: DQ <dengq@vmware.com>	2020-04-09 20:06:51 +08:00
Ziming Zhang	572ebef685	feat(cicd) parameterize docker base image and external url ... Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-04-08 00:21:47 +08:00
DQ	6ae1b1dc97	Add missiong entrypoint file for trivy-adapter ... Signed-off-by: DQ <dengq@vmware.com>	2020-04-07 10:39:07 +00:00
Daniel Jiang	5bcd015d6f	Merge pull request #11469 from ninjadq/clean_up_migrator ... Remove migrator flags in script	2020-04-07 16:37:24 +08:00
DQ	1ae50b8d66	Remove migrator flags in script ... Because migrator tool removed Signed-off-by: DQ <dengq@vmware.com>	2020-04-07 14:57:10 +08:00
DQ	4a836ea975	Fix health check url ... health check url should depend on internal https Signed-off-by: DQ <dengq@vmware.com>	2020-04-07 03:35:52 +00:00
DQ	cdb675bf3d	Add proxy cert file to jobservice when https enabled ... jobservice may request via absolute path of url to harbor Signed-off-by: DQ <dengq@vmware.com>	2020-04-04 17:44:34 +00:00
DQ	23ed189ed4	Add SAN to gencert script ... add localhost and 127.0.0.1 to SAN Signed-off-by: DQ <dengq@vmware.com>	2020-04-04 17:44:34 +00:00
He Weiwei	77a8c3205f	fix(prepare): not accpet items of false value in external_redis ... Item in yaml without value will be as None in python, which will make the password of redis as `None` in `get_redis_configs`. This fix will not accept items of `false value` in `external_redis` configurations. Closes #11367 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2020-04-03 04:09:26 +00:00
Qian Deng	a702c32346	Merge pull request #11063 from ninjadq/fix_syslog_dir_in_tpl ... Fix: fix logrotate is dir issue	2020-04-02 11:37:29 +08:00
DQ	dc271e1a87	Add packaging to pipenv ... Signed-off-by: DQ <dengq@vmware.com>	2020-04-01 22:54:47 +08:00
DQ	d636f2ea5c	Enhance help message ... Provide more info in help message Add requried opition and they will show missing option if you are not provide them instead of Exception Signed-off-by: DQ <dengq@vmware.com>	2020-04-01 17:02:59 +08:00
DQ	b2e1905e7a	Enhance: Stop upgrade when input version less then 1.9.0 ... The migration script should failure early when version is not supported Signed-off-by: DQ <dengq@vmware.com>	2020-04-01 15:35:49 +08:00
Qian Deng	9e101b73a4	Merge pull request #11156 from ninjadq/migrate_config_to_harbor2 ... Migrate config to harbor2	2020-03-25 16:02:18 +08:00
DQ	85ec0e7820	Enhance: Refactor the migration structure ... 1. Refactor structure of migrate file 2. fix some previous bugs Signed-off-by: DQ <dengq@vmware.com>	2020-03-23 21:26:28 +08:00
DQ	444678fe07	Fix: module path raise exception when it is loop ... add test for loop Signed-off-by: DQ <dengq@vmware.com>	2020-03-23 19:29:59 +08:00
DQ	e8bb977ae1	Feat: Upgrade configs to harbor 2.0 ... add migrate files for harbor 2.0 Signed-off-by: DQ <dengq@vmware.com>	2020-03-20 15:20:32 +08:00
DQ	1e0c9f7231	Feat: Add config migrator to prepare ... deprecated migrator container and move config migration to prepare Signed-off-by: DQ <dengq@vmware.com>	2020-03-20 03:04:10 +08:00
Steven Zou	2859cd8b69	Merge pull request #11134 from danielpacak/feat/issue_11090/trivy_skip_update_flag ... feat(trivy): Configure Trivy to skip database updates	2020-03-19 18:13:08 +08:00
DQ	f18a546429	Fix: return error when internal_tls_not_provided ... When iinternal_tls is empty, prepare should works as usual Signed-off-by: DQ <dengq@vmware.com>	2020-03-19 10:37:58 +08:00
Daniel Pacak	7325105714	feat(trivy): Configure Trivy to skip database updates ... Resolves: #11090 Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>	2020-03-18 17:11:47 +01:00
DQ	6e8d44101f	Enhance: User can generate cert by their own ca key pair ... User can put their ca key pair on internal cert dir and name them to `harbor_internal_ca.key` and `harbor_internal_ca.crt` we wil use them to generate other certs Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	b93092e012	Add tls for trivy ... Add trivy tls cert files Add tivey tls env and config enhance gencert Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	c954969bcd	Add mTLS configs ... mTLS only enabled in jobservice and registryctl Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	c5d73e6a0c	Add switch to https ... use switch to make decision whether mTLS or server TLS Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	454382149f	TLS update for chart, clairadapter, registry ... Remove trustca in chartmuseum Remove trustca in registry Add tls in clair-adapter Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	03e11c63c7	Fix docker file with secure tls change ... Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:10 +08:00
DQ	dcc6950af7	Feat: auto install ca in registry ... Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	b852605193	Feat: enable mtls in harbor replication ... Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	40e67f3b14	Feat: Enable mtls for registry ... Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	07a1d51693	Feat: enable tls in registryctlAdd tls related code in registryctl ... Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	da359f609f	Feat: enable mtls in core ... add mtls related code in core Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
DQ	a4855cca36	Feat: update prepare to support tls ... update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com>	2020-03-18 19:22:09 +08:00
Daniel Pacak	9c13116963	chore(trivy): Allow configuring HTTP(S) proxy ... Resolves: #11032 Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>	2020-03-16 12:26:49 +01:00
Daniel Pacak	46fb43bc25	chore: Bump up Trivy adapter to v0.4.0 ... Allows configuring SCANNER_TRIVY_GITHUB_TOKEN environment variable, which is passed to trivy executable binary when it starts scanning a given artifact. This is to increase GitHub requests rate limit from 60 per hours (for anonymous requests) to 5000 when Trivy download its vulnerabilities database. Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>	2020-03-16 09:53:16 +01:00
DQ	1eeea6b888	Fix: fix logrotate is dir issue ... Change it to bind command Signed-off-by: DQ <dengq@vmware.com>	2020-03-13 14:58:45 +08:00
Wang Yan	bd7940217a	upgrade golang version to v1.13.8 (#11006) ... The vesrion contains two security bug fix - CVE-2020-0601, CVE-2020-7919 More details, see the golang milestone: https://github.com/golang/go/issues?q=milestone%3AGo1.13.8+label%3ACherryPickApproved Signed-off-by: wang yan <wangyan@vmware.com>	2020-03-11 12:20:06 +08:00
Ziming Zhang	695a2559be	feat(cicd) use unified version as tag name, clean more ... Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-03-09 17:13:28 +08:00
Ziming Zhang	200c352c35	feat(cicd) use unified version as tag name ... Signed-off-by: Ziming Zhang <zziming@vmware.com>	2020-03-09 15:30:03 +08:00
Daniel Jiang	ae5ffce83a	Update CSRF mechanism ... This commit replaces beego's CSRF mechanism with gorilla's csrf library. The criteria for requests to skip the csrf check remain the same. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2020-03-09 01:15:54 +08:00
wang yan	2b0b7576b2	Fix gc issue on clean the artifact trash ... 1, enable dao test for artifact trash 2, set default flush trash table to false 3, hanlder empty parameter in API call 4, add registry auth info into jobservice container Signed-off-by: wang yan <wangyan@vmware.com>	2020-03-06 03:11:31 +08:00
Will Sun	a5d9a3b65d	Merge pull request #10863 from AllForNothing/api-center ... Fix Api cennter	2020-03-05 10:00:15 +08:00
Daniel Jiang	1823c984f7	Merge branch 'master' into redis-idle-timeout	2020-02-27 22:01:22 +08:00