Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-01-01 21:47:57 +01:00
Code Issues Projects Releases Wiki Activity
6,961 Commits 55 Branches 321 Tags 341 MiB
4763864dae
Commit Graph

644 Commits

Author SHA1 Message Date
He Weiwei
37a4f1c982 Remove push+pull action (#7571) 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-04-29 15:37:10 +08:00
wang yan
02c7cbeec2 Fix get log issue of Periodic job 
Use the latest error or success execution as the periodic job log

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-29 15:30:05 +08:00
Wenkai Yin
c53d73775a
Merge pull request #7590 from reasonerjt/oidc-wrong-secret-err 
Return more details for error in exchange token
 2019-04-29 14:22:37 +08:00
Wang Yan
c26f655bce
add periodic job UUID to upstream job id and use execution log as the… (#7530) 
* add periodic job UUID to upstream job id and use execution log as the periodic log

Signed-off-by: wang yan <wangyan@vmware.com>

* add comments to fix codacy

Signed-off-by: wang yan <wangyan@vmware.com>

* Update code per comments

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-28 15:09:56 +08:00
Wenkai Yin
7af679af7e
Merge pull request #7567 from reasonerjt/oidc-google-refresh-token 
Persist the new token in DB after login
 2019-04-28 14:12:25 +08:00
Daniel Jiang
15626fcae0 Return more details for error in exchange token 
This commit update the response off OIDC callback when there's error in exchange token.
Additionally add comments to clarify that by default 500 error will not
contain any details.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-28 13:41:53 +08:00
Wenkai Yin
2a463016a9 Upgrade the distribution and notary library (#7516) 
* Return 404 when the log of task doesn't exist

Return 404 when the log of task doesn't exist

Signed-off-by: Wenkai Yin <yinw@vmware.com>

* Upgrade the distribution and notary library

Upgrade the distribution library to 2.7.1, the notary library to 0.6.1

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-28 12:00:26 +08:00
Daniel Jiang
473fed5689 Persist the new token in DB after login 
This commit make sure the token is persist to DB after every time after
a user logs in via OIDC provider, to make sure the secret is usable for
the OIDC providers that don't provide refresh token.

It also updates the authorize URL for google to make sure the refresh
token will be returned.

Also some misc refinement included, including add comment to the
OIDC onboarded user, preset the username in onboard dialog.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-27 23:03:59 +08:00
Wenkai Yin
6511417ba6
Merge pull request #7495 from stonezdj/const_debts 
Replace string with const in metadatalist.go
 2019-04-25 17:41:04 +08:00
stonezdj
504eab56c3 Replace string with const in metadatalist.go 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-04-25 17:01:43 +08:00
Wenkai Yin
7160e411cc
Merge pull request #7498 from ywk253100/190423_docker_hub 
Support replicate public repositories from Docker Hub
 2019-04-24 17:17:23 +08:00
Wenkai Yin
66087aac82
Merge pull request #7493 from stonezdj/tech_debts 
Remove adminserver in sourcecode
 2019-04-24 16:24:59 +08:00
Steven Zou
9bd2de3e35
Merge pull request #7452 from steven-zou/fix_issues_for_jobservice 
Fix issues for jobservice
 2019-04-24 16:15:43 +08:00
Wenkai Yin
5629bf8546 Support replicate public repositories from Docker Hub 
Support replicate the public repositories from Docker Hub without providing the credential

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-24 16:15:31 +08:00
Steven Zou
9bcbe2907b fix go vet issues in the code 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-04-24 07:31:37 +08:00
stonezdj
d7798a12d2 Remove adminserver in sourcecode 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-04-23 15:05:29 +08:00
wang yan
1b4c75af25 Add event into upload ctx 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-23 10:57:31 +08:00
wang yan
df6e0600c9 Fix chart upload issue on event based 
Use chart API to load the uploaded chart file to get the name and version

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-23 10:57:31 +08:00
Steven Zou
3937c8b0dc Merge branch 'master' into fix_issues_for_jobservice 2019-04-22 19:26:51 +08:00
Daniel Jiang
1fdc2e6ba9 Provide API to generate CLI secret 
This commit provide an API to allow a user that is onboarded via OIDC
authn update his CLI secret.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-22 13:34:12 +08:00
Steven Zou
8e734407c0 Merge branch 'master' into fix_issues_for_jobservice 2019-04-19 21:15:21 +08:00
stonezdj(Daojun Zhang)
36d13e8243
Merge pull request #7328 from stonezdj/debts 
Fix issue 6450 Test LDAP server error without save configuration
 2019-04-19 16:51:57 +08:00
Steven Zou
f8feaa192e add get scheduled and periodic executions APIs 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-04-19 13:54:23 +08:00
Wenkai Yin
059b75e97c
Merge pull request #7392 from reasonerjt/oidc-logout 
Handle OIDC user invalidation from OIDC provider.
 2019-04-19 12:46:36 +08:00
Daniel Jiang
239b33c5fb Handle OIDC user invalidation from OIDC provider. 
Ths commmit ensures that when user's token is invalidated OIDC provider, he
cannot access protected resource in Harbor with the user info in his session.
We share the code path with secret verification b/c the refresh token
can be used only once, so it has to be stored in one place.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-19 01:27:31 +08:00
Steven Zou
16f97326ad
Merge pull request #7433 from goharbor/replication_ng 
Merge the replication ng branch to master
 2019-04-18 16:35:45 +08:00
Steven Zou
1f481e492c Refactor job servcie primary logic to fix related bugs 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-04-18 16:02:49 +08:00
stonezdj
41a574e55c Fix issue 6450 Test LDAP server error without save configuration 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-04-18 14:24:21 +08:00
wang yan
ba76550d14 Disable throw internal error to UI 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-18 00:04:19 +08:00
wang yan
e017294f71 merge with master latest 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-17 17:52:39 +08:00
Wang Yan
a6af9e9972
Support well-formatted error returned from the REST APIs. (#6957) 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-17 16:43:06 +08:00
wang yan
7a373c2eed Add event trigger to helm upload/deletion replication 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-15 19:02:33 +08:00
Wenkai Yin
c222f18fa7 Update replication 
1. Refine the health check of docker hub
2. Remove the GetNamespace method from adapter interface

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-13 15:20:06 +08:00
Daniel Jiang
f92bc8076d "Skip verify cert" to "verify cert" 
This commit tweaks the attribute for auth proxy mode and OIDC auth mode.
To change it from "Skip verify cert" to "verify cert" so they are more
consistent with other modes.
Additionally it removes a workaround in `SearchUser` in auth proxy
authenticator.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-12 23:25:54 +08:00
Daniel Jiang
763c5df010 Add UT 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-11 15:30:19 +08:00
Wenkai Yin
b73acde051 Support the migration for scheduled replication rule from previous version of Harbor 
Support the migration for scheduled replication rule from previous version of Harbor

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-11 13:14:32 +08:00
Daniel Jiang
0d18e6c82f Update according to comments 
For more context see PR #7335

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-10 19:38:12 +08:00
Daniel Jiang
0a2343f542 Support secret for docker CLI 
As CLI does not support oauth flow, we'll use secret for help OIDC user
to authenticate via CLI.
Add column to store secret and token, and add code to support
verify/refresh token associates with secret.  Such that when the user is
removed from OIDC provider the secret will no longer work.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-10 19:38:11 +08:00
Daniel Jiang
08e00744be Fix misc bugs for e2e OIDC user onboard process 
This commit adjust the code and fix some bugs to make onboard process
work.
Only thing missed is that the UI will need to initiate the redirection,
because the request of onboarding a user was sent via ajax call and didn't
handle the 302.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-10 19:38:11 +08:00
Wenkai Yin
580674f3da Merge remote-tracking branch 'upstream/master' into 190409_sync 2019-04-09 17:01:09 +08:00
Wenkai Yin
855c0a2a6e
Merge pull request #7194 from stonezdj/remove_error_msg 
Remove error message of saving system setting to db
 2019-04-09 12:02:17 +08:00
Wenkai Yin
d72a53aa0c
Merge pull request #7318 from ywk253100/190408_upgrade 
Upgrade the replication_job table
 2019-04-08 22:43:40 +08:00
Wenkai Yin
4ffa0c3da0 Upgrade the replication_job table 
This commit migrates the replication_job table, add one execution record and one task record for each job

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-08 22:23:53 +08:00
stonezdj
e8ab7156bc Remove error message of saving system setting to db 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-04-08 18:16:18 +08:00
cd1989
5a2d03593f Add helth check method to registry adapter 
Signed-off-by: cd1989 <chende@caicloud.io>
 2019-04-08 10:03:28 +08:00
Wenkai Yin
e8fe2aa60c Upgrade the registry and replication policy tables 
Upgrade the registry and replication tables in database

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-05 13:25:00 +08:00
Wenkai Yin
4116433de8
Merge pull request #7306 from ywk253100/190404_cleanup 
Remove the useless replication code
 2019-04-04 21:18:04 +08:00
Wenkai Yin
c2f702be2a Remove the useless replication code 
This commit removes the useless replication code

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-04 20:56:25 +08:00
Wenkai Yin
b66b1f341e Merge remote-tracking branch 'upstream/master' into 190404_sync 2019-04-04 14:55:09 +08:00
Yan
da0e20ec60
Add controller to onboard oidc user (#7286) 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-03 20:47:22 +08:00
wang yan
dcf1d704e6 fix dao UT issue and refine the error of onboard OIDC user 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-03 14:05:18 +08:00
wang yan
41018041f7 remove oidc controller and add more UTs 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-03 09:54:21 +08:00
Yan
0de5999f52 add the controller for ocdi onboard user 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-03 09:52:22 +08:00
Wenkai Yin
74efee569e Update the registry client to support pulling public images from docker hub without login 
Only add the authentication info when the username is provided to support pulling public images from docker hub without login

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-01 19:15:07 +08:00
Daniel Jiang
587acd33ad Add callback controller for OIDC 
This commit add callback controller to handle the redirection from
successful OIDC authentication.
For E2E case this requires callback controller to kick off onboard
process, which will be covered in subsequent commits.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-01 12:35:31 +08:00
Wenkai Yin
8c7b63bac2
Merge pull request #7248 from ywk253100/190326_event 
Add event based trigger and scheduled trigger
 2019-03-29 14:58:09 +08:00
Wenkai Yin
4f8e283e8e Add event based trigger and scheduled trigger 
This commit implements the event based trigger and scheduled trigger in replilcation

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-03-29 13:48:34 +08:00
Daniel Jiang
9ce98f4acd Add controller to handle oidc login 
The controller will redirect user to the OIDC login page based on
configuration.
Additionally this commit add some basic code to wrap `oauth2` package
and `provider` in `go-oidc`, and fixed an issue in UT to make
InMemoryDriver for config management thread-safe.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-03-28 11:29:05 +08:00
Yan
03709e4ec1
add authn proxy (#7199) 
* add authn proxy docker login support

User could use the web hook token issued by k8s api server to login to harbor.
The username should add a specific prefix.

Signed-off-by: wang yan <wangyan@vmware.com>

* update code per review comments

Signed-off-by: wang yan <wangyan@vmware.com>

* Add UT for auth proxy modifier

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-03-27 12:37:54 +08:00
Wenkai Yin
017bba8dc1 Merge remote-tracking branch 'upstream/master' into 190327_sync 2019-03-27 11:43:51 +08:00
Daniel Jiang
49aae76205 Onbard settings for OIDC provider (#7204) 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-03-25 12:24:39 +08:00
Yan
8d3946a0e2
Refactor scan all api (#7120) 
* Refactor scan all api

This commit is to let scan all api using admin job to handle schedule
management. After the PR, GC and scan all share unified code path.

Signed-off-by: wang yan <wangyan@vmware.com>

* update admin job api code according to review comments

Signed-off-by: wang yan <wangyan@vmware.com>

* Update test code and comments per review

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-03-22 17:52:21 +08:00
Wenkai Yin
49cf50adb1 Merge remote-tracking branch 'upstream/master' into 190324_sync 
Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-03-22 15:55:52 +08:00
Meina Zhou
130e132f86 Merge branch 'master' into replication_ng 
Signed-off-by: Meina Zhou <meinaz@vmware.com>
 2019-03-21 14:16:33 +08:00
He Weiwei
79235fffd1 Fix pagination for users and users search apis 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-03-21 13:03:30 +08:00
Wenkai Yin
fb394c2c7a Replicate helm charts 
This commit provides the capability for Harbor to replicate helm charts

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-03-20 00:35:15 +08:00
stonezdj(Daojun Zhang)
7060747d5b ldap_url and ldap_base_dn not exist in user config (#7115) 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-03-15 15:20:12 +08:00
wang yan
73d68903d6 update robot account return attribute 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-03-14 13:57:50 +08:00
Wenkai Yin
258b22a9a5 Fix bug in replication 
This commit fixes bugs found in the implement of replciation NG

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-03-10 20:57:59 +08:00
Wenkai Yin
cabef73980 Add Harbor adapter for replication 
Implement the replication adapter for Harbor registry

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-03-13 21:39:39 +08:00
peimingming
4efad287ce Add execution and hooks 
Signed-off-by: peimingming <peimingming@corp.netease.com>
 2019-03-13 09:35:01 +08:00
Wenkai Yin
772367498f Merge remote-tracking branch 'upstream/master' into 190311_sync 2019-03-11 20:34:49 +08:00
Frank Kung
5bd5d59a4f 1. Define ng persist replication policy model. 
2. Add ng replication policy CURD methods.
3. Implement ng policy manger.

Signed-off-by: Frank Kung <kfanjian@gmail.com>
Signed-off-by: 慕薇疯魔 <kfanjian@gmail.com>
 2019-03-11 11:13:10 +08:00
Wenkai Yin
ec2a7f9239 Implement replication operation API 
This commit implements the replication operation related APIs

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-03-08 10:06:33 +08:00
stonezdj(Daojun Zhang)
f7745baf30
Merge pull request #6599 from stonezdj/pr6161 
Add new parameter ldap_group_membership_attribute (PR#6161)
 2019-03-07 13:26:26 +08:00
De Chen
2bc2a44db8
Merge branch 'replication_ng' into registries-management 2019-03-05 16:22:34 +08:00
cd1989
b00098d492 Add unit tests and fix CI 
Signed-off-by: cd1989 <chende@caicloud.io>
 2019-03-05 15:37:36 +08:00
stonezdj
4dfee0c1f0 Remove verify_remote_cert 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-03-05 14:04:10 +08:00
stonezdj
cf134bc80e Add new parameter ldap_group_membership_attribute 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-03-03 10:03:22 +08:00
Daniel Jiang
321874c815 Move Settings of HTTP auth proxy (#7047) 
Previously the settings of HTTP authproxy were set in environment
variable.
This commit move them to the configuration API

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-03-01 14:11:14 +08:00
cd1989
8732a20709 Rewrite registry manager with new interface 
Signed-off-by: cd1989 <chende@caicloud.io>
 2019-02-27 11:54:04 +08:00
cd1989
6bdf3053a7 Implement registries manager 
Signed-off-by: cd1989 <chende@caicloud.io>
 2019-02-27 11:54:04 +08:00
Wenkai Yin
95888b3dc2
Merge branch 'replication_ng' into 190130_transfer_repo 2019-02-27 11:00:42 +08:00
wang yan
91aa67a541 Update expiration variable name to expiresat/tokenduration 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-02-25 11:55:42 +08:00
wang yan
36a778b482 Update expiration schema to bigint and default unit to minute 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-02-22 18:42:43 +08:00
wang yan
47a09b5891 add expiration of robot account 
This commit is to make the expiration of robot account configurable

1, The expiration could be set by system admin in the configuation page or
by /api/config with robot_token_expiration=60, the default value is 30 days.
2, The expiration could be shown in the robot account infor both on UI and API.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-02-22 18:42:34 +08:00
stonezdj(Daojun Zhang)
4cb49e5388
Merge pull request #6963 from stonezdj/remove_container 
Remove everything of adminserver container
 2019-02-22 18:27:43 +08:00
stonezdj
0cba36d79f Remove everything of adminserver 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-02-22 16:34:39 +08:00
Nguyen Quang Huy
eda6c47b3e add signoff for DCO gate (#6981) 
Some variable name, function name is colliding with builtin function.

Signed-off-by: Nguyen Quang Huy <huynq0911@gmail.com>
 2019-02-22 15:00:18 +08:00
Daniel Jiang
321adc8362
Merge pull request #6941 from ywk253100/190213_replication_policy 
Fix #6698: cannot create a same name replication policy after deleting it
 2019-02-21 16:03:55 +08:00
stonezdj
7a5fbf718f Revise code with review comments 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-02-18 15:20:54 +08:00
stonezdj
36e1c13a43 fix ut error in systeminfo_test.go 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-02-18 14:06:19 +08:00
stonezdj
1ae5126bb4 Refactor adminserver stage 3: replace config api and change ut settings 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-02-18 14:06:19 +08:00
Wenkai Yin
f0f2e77fb4 Implement the repository transfer 
This commit implements the Transfer interface for resource repository

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-02-15 17:49:35 +08:00
Wenkai Yin
530ba1d27b Fix #6698 
This commit fixes the issue #6698: cannot create a same name replication policy after deleting it

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-02-15 15:17:48 +08:00
Daniel Jiang
81639e2110
Merge pull request #6865 from wy65701436/remove-token 
Remove the token attribute from robot table
 2019-02-13 19:23:06 +08:00
Yan
e9556a4cec
Add post response for robot account API (#6906) 
This commit is to do:
1, Add post response on creating robot account
2, Lower-case the attribute of response

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-02-13 14:40:04 +08:00
He Weiwei
1c4b9aa346 Protect API using rbac 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-02-01 18:55:06 +08:00
wang yan
5d6a28d73e Remove the token attribute for robot table 
This commit is to remove the token attribute as harbor doesn't store the token in DB.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-01-30 23:56:23 +08:00
wang yan
f4f4535304 Fix action and resouce of RBAC change 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-01-29 17:05:15 +08:00