Fix issue #5776, LDAP servers are case insensitive. because only LDAP
group DN is used to compare/equal operation, lowercase all LDAP group DN
when retrieves it from LDAP server, and lowercase them before save in DB
Signed-off-by: stonezdj <stonezdj@gmail.com>
This commit moves the database schema upgrading after database initialization. The init will test TCP connection.
Signed-off-by: Wenkai Yin <yinw@vmware.com>
append chart server related config options to the supporting list of adminserver
provide chart server related config access method in the API layer
update prepare script and ui env template file to enable cache driver config for chart server API
append flag info in the systeminfo API to indicate if chart server is deployed with Harbor
refactor the response rewriting logic to return structual error object
add api init method to initilizing objects required in API handlers
chage owner of the storage folder
update offline/online package scripts in Harbor-Util.robot
It supports Harbor admin to trigger job either manual or
schedule. The job will be populated to job service to execute.
The api includes:
1. POST /api/system/gc
2, GET /api/system/gc/:id
3, GET /api/system/gc/:id/log
4, PUT/GET/POST /api/system/gc/schedule
Add SafeCastString, SafeCastInt, SafeCastFloat64, SafeCastBool function to check
the type matched and avoid panic in runtime
Add default value to configure settings to avoid cannot save configure
issue
docker regsitry. This version has the API to call regsitry GC with jobservice
secret. Seprates it into a standalone container as do not want to invoke two
processes in one container.
It needs to mount the registry storage into this container in order to do GC,
and needs to copy the registry binary into it.
This commit make update to remove the code from ui container to init the
DB schema. As UI has dependency on admin server, so it's safe to assume
adminserver has to be ready first. Regardless the setting of the config
store of admin server, it will try to access and intialize the schema of
database.
This commit fixes#5040, the harbor-db image will only contain empty
databases, and harbor ui container will use migrate tool to run initial
SQL scripts to do initialization. This is helpful for the case to
configure Harbor against external DB or DBaaS like RDS for HA deployment
However, this change will results some confusion as there are two tables
to track schema versions have been using alembic for migration, for this
release we'll try to use alembic to mock a `migration` table during
upgrade so the migrator will be bypassed, in future we'll consider to
consolidate to the golang based migrator.
Another issue is that the UI and adminserver containers will access DB
after start up in different congurations, can't ensure the sequence, so
both of them will try to update the schema when started up.
The location header returned by the remote registry contains no scheme and host parts if "relativeurls" is enabled,
this commit fix it by adding them at the beginning of location.
Fix the following issues.
1) GroupList is not found in SecurityContext user info
2) Retrieve multiple memberof information from LDAP.
3) If user is in two groups with guest, administrator role separately, display the max privilege role.
The project list will contain all public projects, user is a member of this project, or user is in the group which is a member of this projects.
Change the behaviour of user roles, if the user is not a member of this project, then return the user's groups role of current project
Currently "Critical" vulnerablity is treated as "Unknown" in Harbor.
This commit provides a quickfix that it will be interpret as "High". In
future, we should consider introduce "Critical" and enable UI to handle
it to be more consistent with CVSS spec.
This commit fixes a recently discovered issue on Kubernetes #4496
It make necessary to avoid calling `chown` to config files during the
bootstrap of the containers.
1) Remove the previous /api/projects/?:project_id/members/:userid
2) Move the /api/projects/:project_id/projectmembers/?:pmid to
/api/projects/:project_id/members/?:pmid
3) Change the project member maintain ui to call new REST API
Will call the userinfo API of UAA to get user info and generage user
model based on the response. Also this commit include a change that
whenever the UAA Client is to be used it will update the configuraiton,
this is needed as we enable user to update the configuration of UAA via
UI.
This is to provide a workaround for very corner case that in user's
authentication backend (LDAP, UAA) has a user called "admin" and because
Harbor's super user is hard coded to "admin" it's not possible to login
the "admin" with credentials in LDAP or UAA.
To minimize the impact, we'll provide an internal API for user to update
the super user's username from "admin" to "admin@harbor.local", this API
can be called by "admin" only, and is not reversible.
Enable configuring the path of root cert of UAA in harbor.cfg. It only
takes effects if the verify_cert is set to "true" If the file does not
exist, the configuration is skipped.
The intention for this commit is to support integration with nested UAA
in PAS or PKS, we don't expect user to manually configure this value,
though he can do it if he wants.
Remove the attribute "uaa_ca_root" from harbor.cfg and introduce
"uaa_verify_cert". Similar to LDAP settings, this allow user to
explicitly turn of the cert verification against UAA server, such that
the code will work with self-signed certificate.
Simplified the code when checking if a user is modiable in different
auth modes.
Also add restriction in password, such that when the auth mode is not DB
auth, only the super user can choose to reset his password.
Refactor LDAP code
Changes include:
1. Use session to manage the lifecycle of LDAP connections
2. Abstract common AuthenticateHelper interface for db_auth, ldap_auth, uaa_auth
Changes include:
1. Use Session to manage the lifecycle of ldap connections
2. Abstract common AuthenticateHelper interface for db_auth, ldap_auth,
uaa_auth mode
push test
Add unit test for ldap verify cert
remove common.VerifyRemoteCert
Update code with PR review comments
Add change ldaps config and add UT testcase for TLS feature
add ldap verfiy cert checkbox about #3513
Draft harbor ova install guide
Search and import ldap user when add project members
Add unit test case for SearchAndImportUser
ova guide
Add ova install guide
Add ova install guide 2
Add ova install guide 3
Call ValidateLdapConf before search ldap
trim space in username
Remove leading space in openLdap username
Remove doc change in this branch
Update unit test for ldap search and import user
Add test case about ldap verify cert checkbox
Modify ldap testcase