This commit is to make the expiration of robot account configurable
1, The expiration could be set by system admin in the configuation page or
by /api/config with robot_token_expiration=60, the default value is 30 days.
2, The expiration could be shown in the robot account infor both on UI and API.
Signed-off-by: wang yan <wangyan@vmware.com>
An HTTP authenticator verifies the credentials by sending a POST request
to an HTTP endpoint. After successful authentication he will be
onboarded to Harbor's local DB and assigned a role in a project.
This commit provides the initial implementation.
Currently one limitation is that we don't have clear definition about
how we would "search" a user via this HTTP authenticator, a flag for
"alway onboard" is provided to skip the search, otherwise, a user has
to login first before he can be assigned a role in Harbor.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
* Support master role for project member create and update apis
Signed-off-by: He Weiwei <hweiwei@vmware.com>
* Fix description for role_id in swagger.yaml
Signed-off-by: He Weiwei <hweiwei@vmware.com>
* Add Can method to securty.Context interface
Signed-off-by: He Weiwei <hweiwei@vmware.com>
* Improve mockSecurityContext Can method
Signed-off-by: He Weiwei <hweiwei@vmware.com>
Add API implementation of robot account
1. POST /api/project/pid/robots
2, GET /api/project/pid/robots/id?
3, PUT /api/project/pid/robots/id
4, DELETE /api/project/pid/robots/id
Signed-off-by: wang yan <wangyan@vmware.com>
There are two different types to represent http error in the current code. This commit updates the codes to keep only one.
Signed-off-by: Wenkai Yin <yinw@vmware.com>
Return a meaningful error message when changing password but the a wrong old password is provided to render on UI
Signed-off-by: Wenkai Yin <yinw@vmware.com>
* Return 409 when user trigger another "scan all"
This commit fixes#6418, that when multiple "scan all" jobs are
triggered, the API should not return 500.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
* Update swagger to add 409 to scanAll API
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Previously there was a in-memory marker to prevent user from frequently
calling the "scan all" API. This has become problematic in HA
deployment, and is no longer needed after enhancement in jobservice.
This commit removes the marker for "scan all" api, however, we need to
review the mechanism and rework to make it stateless.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1. Fix#5102 by checking the existence of name when creating/editing replication rule
2. Add unique constraint to the name of replication policy and target
3. Fix bugs of testing library
Signed-off-by: Wenkai Yin <yinw@vmware.com>
There's an issue in registry 2.6.x, that when the webhook is sent the
manifest of the image may not be written.
For details: https://github.com/docker/distribution/issues/2625
This will cause issue in "scan on push" or replication.
This commit mitigates the issue by adding retries in notification
handler.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
