Commit Graph

9576 Commits

Author SHA1 Message Date
Wenkai Yin
54a1155140 Prevent copying artifact to a proxy cache project
Prevent copying artifact to a proxy cache project

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-07-17 15:24:18 +08:00
Wenkai Yin
9493611666 Don't return the error detail back to the client when adding registry
Don't return the error detail back to the client when adding registry to avoid security issue

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-07-17 11:58:08 +08:00
danfengliu
af3a638980
Merge pull request #12498 from danfengliu/add-push-based-replication-test
Add push-based replication test in nightly
2020-07-17 11:01:38 +08:00
danfengliu
aa43afb601 Add push-based replication test in nightly
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-07-16 19:50:42 +08:00
Ziming Zhang
e7c89ce1d9 fix SWR replication adapter pull-based
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-07-16 19:19:18 +08:00
Daniel Jiang
840aa86dfa Provide secret manager for proxy cache project
This commit provides the secret manager for proxy cache.
The secret is used for pushing blobs to local when it's proxied from
remote registry.
Each secret can be used only once and has a relatively short expiration
time.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-07-16 19:12:52 +08:00
Alvaro Iradier
81a7239c66 Better error handling
* Raise an internal error if username claim is not found, instead of just logging a warning
* Don't remove userInfoKey for session on error when it is not required
* Rename "OIDC Username Claim" to just "Username claim"

Signed-off-by: Alvaro Iradier <airadier@gmail.com>
2020-07-16 12:12:08 +02:00
Alvaro Iradier
6f88ff7429 Fix test suite and add test for userClaim
Signed-off-by: Alvaro Iradier <airadier@gmail.com>
2020-07-16 12:12:08 +02:00
Alvaro Iradier
714f989759 Add options for automatic onboarding and username claim
- Add an option in the UI to enable or disable the automatic user onboarding
- Add an option to specify the claim name where the username is retrieved from.

Signed-off-by: Alvaro Iradier <airadier@gmail.com>
2020-07-16 12:12:08 +02:00
Wang Yan
bad8f026fc
upgrade golang to v1.14.5 (#12489)
Signed-off-by: wang yan <wangyan@vmware.com>
2020-07-16 16:20:54 +08:00
Wang Yan
d73265d10d
revise gc job to align non blocking gc (#12439)
two phases:
1, mark, select the gc candidates bases on the DB and mark them as status delete.
2, sweep, select the candidate and mark it as status deleting and remove it from backend and database.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-07-16 14:35:54 +08:00
Steven Zou
4d4a04fad4
Merge pull request #12478 from steven-zou/feat/read_pro_config
feat(p2p):enhance policy enforcer
2020-07-16 11:40:29 +08:00
Qian Deng
bd26c294e8
Merge pull request #12341 from ninjadq/support_multi_down_version
Enhance: Support multi downversion in migration
2020-07-15 23:39:11 +08:00
Ted Guan
9e7edb7a6e
Fix for project metadata (#12410)
Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>
2020-07-15 18:46:45 +08:00
Steven Zou
fcfde5a588 feat(p2p):enhance policy enforcer
Read security settings from the project configurations and override the preheat policy settings if necessary.

Check the project security settings and override the related settings in the policy if necessary.
NOTES: if the security settings (relevant with signature and vulnerability) are set at the project configuration,
they will have the highest priority and override the related settings of the preheat policy.
 e.g (use signature as an example, similar case to vulnerability severity part):
   if policy.signature = false and project.config.signature = true; then policy.signature = true
   if policy.signature = true and project.config.signature = true; then policy.signature = true
   if policy.signature = true and project.config.signature = false; then policy.signature = true
   if policy.signature = false and project.config.signature = false; then policy.signature = false

Signed-off-by: Steven Zou <szou@vmware.com>

Signed-off-by: Steven Zou <szou@vmware.com>
2020-07-15 14:18:34 +08:00
He Weiwei
cadcd4b877
Merge pull request #12480 from heww/move-pkg-types
refactor(quota): move pkg/types to pkg/quota/types
2020-07-15 11:32:27 +08:00
Daniel Jiang
947eadaa72
Merge pull request #12440 from heww/remove-init-clair-db
refactor: remove initialization of clair db
2020-07-15 00:38:12 +08:00
He Weiwei
a22d803a95 refactor(quota): move pkg/types to pkg/quota/types
Closes #9664

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-07-14 14:28:53 +00:00
He Weiwei
c000608d55
Merge pull request #12437 from heww/db-max-connections
chore(db): change max_connections of postgres to 1024
2020-07-14 17:24:16 +08:00
stonezdj(Daojun Zhang)
00a5f215fb
Merge pull request #12404 from stonezdj/20200615_proxy_forbid_push
Add disable push for proxy project
2020-07-14 15:39:19 +08:00
He Weiwei
2a6fe801bc chore(db): change max_connections of postgres to 1024
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-07-14 07:34:37 +00:00
stonezdj
b9c861f3f1 Add disable push for proxy project
Add middleware for blob and manifest push operation

Signed-off-by: stonezdj <stonezdj@gmail.com>
2020-07-14 10:13:38 +08:00
疯魔慕薇
f187509a90
Merge pull request #12454 from chlins/feat/list-providers-at-project-level
feat(preheat): add list providers under project level handler
2020-07-14 08:17:53 +08:00
stonezdj(Daojun Zhang)
ae2a2683c9
Merge pull request #12274 from stonezdj/20200617_proxy_demo
Add proxy cache feature
2020-07-13 22:50:09 +08:00
chlins
7322d0ac7c feat(preheat): add list providers under project level handler
Signed-off-by: chlins <chlins.zhang@gmail.com>
2020-07-13 21:53:50 +08:00
stonezdj
3abe77d6cb Add proxy cache feature
Update route to add proxy related middleware
Add proxy controller

Signed-off-by: stonezdj <stonezdj@gmail.com>
2020-07-13 21:18:43 +08:00
疯魔慕薇
3b43162b6d
Merge pull request #12462 from chlins/feat/preheat-execution-api
Feat/preheat execution api
2020-07-13 20:55:12 +08:00
Daniel Jiang
e96165412d
Merge pull request #12432 from ywk253100/200709_allowlist
Rename "reuse_sys_cve_whitelist" to "reuse_sys_cve_allowlist"
2020-07-13 16:42:43 +08:00
chlins
08bd46e125 feat: add preheat execution api handler
Signed-off-by: chlins <chlins.zhang@gmail.com>
2020-07-13 13:14:08 +08:00
chlins
2863e68718 feat: add task controller
Signed-off-by: chlins <chlins.zhang@gmail.com>
2020-07-13 13:02:24 +08:00
Steven Zou
2efc4f230d
Merge pull request #12458 from kofj/add_rbac
Enable RBAC control in the preheat API
2020-07-13 12:38:08 +08:00
fanjiankong
a99aa21c8a Enable RBAC control in the preheat API
Signed-off-by: fanjiankong <fanjiankong@tencent.com>
2020-07-13 11:06:25 +08:00
Will Sun
85f53bbfc4
Merge pull request #12459 from AllForNothing/instance-name
Query preheat instance by name
2020-07-13 10:59:18 +08:00
AllForNothing
4ec919dfe6 Query preheat instance by name
Signed-off-by: AllForNothing <sshijun@vmware.com>
2020-07-11 17:41:56 +08:00
Will Sun
ec1ac6dbc8
Merge pull request #12344 from AllForNothing/p2p
Add P2p preheat distribution instance UI
2020-07-10 16:01:04 +08:00
Steven Zou
1dfc93c3f6
Merge pull request #12430 from kofj/preheat_and_healthcheck
Preheat and healthcheck
2020-07-10 15:17:34 +08:00
Steven Zou
fdff077ff0
Merge pull request #12445 from chlins/fix/preheat-instance-and-policy-name-validation
fix(preheat): validate instance/policy name and set unique name
2020-07-10 15:14:44 +08:00
chlins
38d14dff30 fix(preheat): validate instance/policy name, set unique filed and policy
manager adds parsePolicy

Signed-off-by: chlins <chlins.zhang@gmail.com>
2020-07-10 10:29:47 +08:00
fanjiankong
080afbfe1b Add preheat APIs, handlers.
1. Manual preheat.
2. Instance health check.

Signed-off-by: fanjiankong <fanjiankong@tencent.com>
2020-07-10 09:48:35 +08:00
He Weiwei
039aef5356 refactor: remove initialization of clair db
To fetch vulnerability database updated time of the Clair had moved to
the Clair adapter so removes the initialization of clair db in the core.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-07-09 15:26:14 +00:00
He Weiwei
9483559d18
Merge pull request #12433 from heww/fix-db-max-open-conns
fix(db): set max open conns of sql.DB manually
2020-07-09 17:58:14 +08:00
疯魔慕薇
5d7f757b7b
Merge pull request #12428 from mmpei/official-master-p2p-200708
Add P2P trigger event and handler
2020-07-09 15:54:24 +08:00
Steven Zou
82bdce19d6
Merge pull request #12415 from kofj/instance_handler
Instance handler.
2020-07-09 12:23:25 +08:00
Steven Zou
77ca209a98
chore(readme):add code scanning badge 2020-07-09 12:19:12 +08:00
He Weiwei
e095958a27 fix(db): set max open conns of sql.DB manually
Due to the issues of beego v1.12.1 and v1.12.2, we set the max open conns
ourselves.

Closes #12403

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-07-09 03:35:41 +00:00
peimingming
65c5561032 Add P2P trigger event and handler
Signed-off-by: peimingming <peimingming@corp.netease.com>
2020-07-09 11:20:22 +08:00
Wenkai Yin
cd6c1b8c31 Rename "reuse_sys_cve_whitelist" to "reuse_sys_cve_allowlist"
Rename "reuse_sys_cve_whitelist" to "reuse_sys_cve_allowlist" in project metadata

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-07-09 11:04:44 +08:00
fanjiankong
8a44ee400d Instance handler.
- Add logic of preheat instance methods without RBAC.

Signed-off-by: fanjiankong <fanjiankong@tencent.com>
2020-07-09 00:01:14 +08:00
Steven Zou
3b2934bf48
Merge pull request #12419 from chlins/feat/p2p-preheat-healthcheck-controller
feat(preheat): add healthcheck methods for p2p preheat controller
2020-07-08 23:49:26 +08:00
Steven Zou
d97569832c
Merge pull request #12408 from xaleeks/07072020_docs_create_webhook_permission
webhook related permissions correction
2020-07-08 22:20:07 +08:00