Commit Graph

832 Commits

Author SHA1 Message Date
Daniel Jiang
08f9ffa000 Reenable token auth for cli
Docker CLI fails if it's not logged in upon seeing "basic" realm challenging while pinging the "/v2" endpoint. (#11266)
Some CLI will send HEAD to artifact endpoint before pushing (#11188)(#11271)

To fix such problems, this commit re-introduce the token auth flow to the CLIs.

For a HEAD request to "/v2/xxx" with no "Authoirzation" header, the v2_auth middleware populates the
"Www-Authenticate" header to redirect it to token endpoint with proper
requested scope.

It also adds security context to based on the content of the JWT which has the claims of the registry.
So a request from CLI carrying a token signed by the "/service/token" will have proper permissions.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-04-04 00:05:58 +08:00
Yogi_Wang
2610fe530f [Test Case] Add nightly case for CVE
1. add nightly case for cve
2. change translate words
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2020-04-03 16:59:45 +08:00
jwangyangls
4ea7b13215
Merge pull request #11385 from jwangyangls/nightly-case-trivy-2
[Nightly] Project Level Image Serverity Policy
2020-04-02 11:14:21 +08:00
danfengliu
aa26e624b9
Merge pull request #11379 from danfengliu/add-nightly-test-of-push-helm-chart
Add nightly test of push helm chart
2020-04-02 10:29:21 +08:00
Yogi_Wang
01f8291bb7 [Nightly] Project Level Image Serverity Policy
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2020-04-02 10:16:57 +08:00
danfengliu
e3b31bb8dd Add nightly test of push helm chart
1. Add push helm chart oci test in nightly;
2. Modify archive icon locator xpath;

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-04-01 18:53:19 -07:00
danfengliu
f11e713ada
Merge pull request #11380 from jwangyangls/nightly-case-trivy-1
[Nightly] add case about trivy
2020-04-01 22:45:40 +08:00
Qian Deng
b1284da96b
Merge pull request #11360 from ninjadq/rever_chart_api_change
Rever chart api change
2020-04-01 18:58:57 +08:00
Yogi_Wang
24b57715ab [Night] add case about trivy
`
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2020-04-01 17:06:34 +08:00
AllForNothing
e6e3f0a6af Fix nightly cases for webhook
Signed-off-by: AllForNothing <sshijun@vmware.com>
2020-04-01 16:27:40 +08:00
danfengliu
7ad3b500ac
Merge pull request #11356 from danfengliu/add-nightly-test-of-push-manifest-list
Add nightly test case of push docker manifest list
2020-04-01 15:21:05 +08:00
danfengliu
8f9822d168 Add nightly test case of push docker manifest list
1. Add notary tool in E2E Dockerfile;
2. Add push docker manifest list test in nightly;
3. Modify document for e2e user guide;
4. Add CNAB tool  in E2E Dockerfile;

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-04-01 06:51:13 +00:00
Daniel Jiang
eebcc8fc9a
Merge pull request #11184 from bitsf/fix_build_base_image
feat(cicd) fix build base image
2020-04-01 12:28:14 +08:00
DQ
cd69339014 Fix API TEST for chart Version
Fix api test for chart b/c revert the api

Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 11:55:22 +08:00
Wenkai Yin(尹文开)
4faff18b2d
Merge pull request #11339 from ywk253100/200328_limit_offset
Add "order by" clause to avoid the duplicat rows
2020-03-30 17:14:44 +08:00
Wenkai Yin
fb975d902c Add "order by" clause to avoid the duplicat rows
Add "order by" clause to avoid the duplicat rows: https://www.postgresql.org/docs/9.6/queries-limit.html

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-30 16:42:43 +08:00
Ren Maosheng
759c759b58 Adding tests for native docker registry APIs exposed by Harbor
Adding a test for listing repositories
Adding a test for list image tags for specified repo.

Signed-off-by: Ren Maosheng <renmaosheng@gmail.com>
2020-03-29 08:27:13 -07:00
danfengliu
77e3b0d828 Fix nightly ldap test cases
1. Modify robot account test, checkout "Never Expired" button;
2. Modify OIDC get user API;
3. Modify verification for docker pull command;

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-27 20:24:43 +08:00
Wang Yan
eccb8aa708
append pull permission for push policy (#11303)
Fixes #11225
As registry changes to basic auth, the push action lost the pull permission.
Add it in the robot security context.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-27 17:10:04 +08:00
Yogi_Wang
1f3e00c782 [Nightly] Add case for trivy
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2020-03-27 15:20:39 +08:00
Ziming
9440df1090
feat(cicd) fix redis container version for test (#11105)
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-27 10:54:52 +08:00
jwangyangls
96572c3c86
Merge pull request #11254 from jwangyangls/nightly-case-3
[Fix]   Fix issue 2.0
2020-03-26 12:14:37 +08:00
Yogi_Wang
cba4490a5a [Fixed] Fix bug for 2.0 and add case for trivy
Signed-off-by: Yogi_Wang <yawang@vmware.com>
1.add case for trivy
2.vunerbility refresh bug
3.scan mutiple artifact
4.fix global search bug
5.disable delete tag btn when remove immutable tag
6.cancel selectRow when add label or remove label;fix #11195
7.fix cron tootip
2020-03-26 11:39:57 +08:00
Ziming Zhang
ae7834af0b feat(cicd) fix build base image
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-26 10:55:40 +08:00
danfengliu
6ccaaf1efa Remove some content of verification for artifact addtion
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-26 10:03:30 +08:00
danfengliu
08a070a124 Modify nightly test case for user view logs and other
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-23 14:19:13 +08:00
danfengliu
deb225b0f2 Modify elements locator in nightly tests
1. Modify get signature API in sign image test;
2. Modify locator for tag in artifact list;

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-22 20:48:37 +08:00
danfengliu
35786e8efd Analyze nightly failed cases
1. Modify delete repo button locator;
2. Modify verifcation for GC log result message;
3. Modify locator for tag retention.
4. Add empty Trivy pipeline.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-21 11:30:15 +08:00
Yogi_Wang
13ae4482ab [OCI] Change nightly case and change delete artifact words
1.nightly: fix tag retention and immutable tag case xpath
2.nightly: fix the part of delete repo button xpath
3.nightly: fix the api version when GC
4.nightly: fix add label of artifact xpath
5.text:   change delete artifact show words
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2020-03-20 15:59:16 +08:00
danfengliu
3de8175d1b
Merge pull request #11145 from danfengliu/debug-nighlty-keyword-go-into-repo
Modify Nightly popular Keyword Go-Into-Repo
2020-03-19 17:41:49 +08:00
danfengliu
fedfae71ff Modify Nightly popular Keyword Go-Into-Repo
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-19 17:09:16 +08:00
Wang Yan
dc6eec8a73
Enable API logs test case (#11142)
1, enable user view log api test case
2, update project logs api permission check
3, use project ctl instead in permission check base method

Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-19 14:56:37 +08:00
Qian Deng
cf90ec27f2
Merge pull request #10706 from ninjadq/enable_tls_on_all_components
Enable tls on all components
2020-03-18 21:25:40 +08:00
jwangyangls
1d435bc246
Merge pull request #11086 from danfengliu/add-api-test-of-add-addition
Modify api test for test step of add addition
2020-03-18 20:12:46 +08:00
DQ
b93092e012 Add tls for trivy
Add trivy tls cert files
Add tivey tls env and config
enhance gencert

Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
c5d73e6a0c Add switch to https
use switch to make decision whether mTLS or server TLS

Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
02dea3ad2c Add: mTLS configuration on CI
Add internal_tls on ci
generate certs for ci

Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
Wang Yan
b4e941e961
drop table access log in migration (#11118)
Use the audit log instead, the access log table should be dropped after migration

Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-18 19:04:38 +08:00
danfengliu
77e9fc38c7 Modify api test for test step of add addition
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-18 17:32:10 +08:00
Wenkai Yin(尹文开)
b0e87b46e4
Merge pull request #11003 from danfengliu/modify_api_test_scan_image_2
Modify API test for scan image since harbor v2 API presented
2020-03-18 11:00:55 +08:00
danfengliu
995ce30c58 Modify API test for scan image since harbor v2 API presented
1. System level Scan All;
2. Scan An Image Artifact

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-18 10:15:07 +08:00
Wenkai Yin
3aca33acde Clean up some TODO items
1. Remove blob fetcher and cache

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-17 19:01:38 +08:00
Wenkai Yin
e33b2984ce Add create/delete tag API test case
Add create/delete tag API test case

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-16 21:32:34 +08:00
danfengliu
843b05c2d3 Add script of push cnab bunlde API test
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-16 17:37:16 +08:00
danfengliu
42956c74bb
Merge pull request #11018 from danfengliu/add-verification-for-helm-api-test
Add verfication for helm API test
2020-03-16 10:17:37 +08:00
Wenkai Yin
c6940e8184 United error response format for management APIs (legacy and v2.0 APIs)
United error response format for management APIs (legacy and v2.0 APIs)

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-13 22:00:08 +08:00
He Weiwei
28dcb5ad59
test(quota): enable quota test case in API robot (#11039)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-03-12 11:50:30 +08:00
danfengliu
f8811102da Add verfication for helm API test
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-11 15:05:16 +08:00
Wang Yan
bd7940217a
upgrade golang version to v1.13.8 (#11006)
The vesrion contains two security bug fix - CVE-2020-0601, CVE-2020-7919

More details, see the golang milestone:

https://github.com/golang/go/issues?q=milestone%3AGo1.13.8+label%3ACherryPickApproved

Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-11 12:20:06 +08:00
Wang Yan
f49994d81d
enable garbage colloection api test case (#11000)
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-11 11:19:29 +08:00
Daniel Jiang
e4ad35a655
Merge pull request #10924 from bitsf/fix_version_tag
use unified version as tag name
2020-03-09 23:48:23 +08:00
Ziming
b0c9ec7855
feat(ci) enable trivy in CI test (#10992)
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 22:20:11 +08:00
Ziming Zhang
200c352c35 feat(cicd) use unified version as tag name
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 15:30:03 +08:00
wang yan
1b84bfde23 add trivy into offline/online package
Package trivy adapter image into offline image and ship dev to hub

Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-09 13:56:49 +08:00
Daniel Jiang
0f0e27179b Remove dependency on travis-ci
Github actions work fine, we no longer needs travi-ci to trigger the
tests.
This commit removes it.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-03-09 01:30:38 +08:00
danfengliu
e49ac2f9e9 Add API test python script - Push chart file by Helm3 chart command line
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-05 14:58:36 +08:00
danfengliu
2d6e18a895 Add API test case of pushing index by docker manifest
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-02 06:31:59 +00:00
wang yan
79cf21f82f add tag controller
use the tag controller to handle CRUD of tags, especially the delete scenario, it could validate
the immutable and signature. And move the code of tag handling from artifact controller to tag controller

Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-28 11:42:10 +08:00
danfengliu
6709dfb13f
Merge pull request #10833 from danfengliu/update-repository-and-artifact-api-test-cases
Update existing API tests for API V2.0
2020-02-27 10:38:27 +08:00
danfengliu
c283a02e5f Update existing API tests for API V2.0
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-26 21:38:39 +08:00
Ziming Zhang
94230b5e19 feat(cicd) fix some build problem
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-02-25 12:05:39 +08:00
danfengliu
4933bb634f Upgrade repository API tests to V2.0
Enable _xsrf in cookies in swagger.yaml, so that scripts don't have to handle it.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-24 18:15:25 +08:00
Wenkai Yin
bd204464f3 Remove dead code
Remove dead code

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-23 17:11:46 +08:00
He Weiwei
88fcacd4b7
feat(middleware): add blob middlewares (#10710)
1. Add middleware to record the accepted blob size for stream blob
upload.
2. Add middleware to create blob and associate it with project after blob upload
complete.
3. Add middleware to sync blobs, create blob for manifest and associate blobs
with the manifest after put manifest.
4. Add middleware to associate blob with project after mount blob.
5. Cleanup associations for the project when artifact deleted.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-02-20 23:20:34 +08:00
Ziming
0bc32410f3
Merge pull request #10742 from bitsf/oci_tag_retention
requirement(oci) implement tag retention for oci
not include ChartClient yet
2020-02-20 20:31:49 +08:00
danfengliu
03668ad372 Build python swagger client for V2.0
Add v2 swagger.yaml python library.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-20 18:06:54 +08:00
Yogi_Wang
99d02a14f5 Fix issue from louis and improve artifact list
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2020-02-20 10:15:33 +08:00
Ziming Zhang
94e23dc954 requirement(oci) implement tag retention for oci
Change-Id: Ib36660835d2666b35124e66254c33b5fc19aaf77
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-02-20 00:43:20 +08:00
Wenkai Yin
94787ea60d Bump up the version of legacy APIs to v2.0
Bump up the version of legacy APIs to v2.0

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-14 13:16:30 +08:00
Wenkai Yin(尹文开)
d66c1a4a21
Merge pull request #10612 from ywk253100/200202_replication_basic_auth
Do enhancement for the registry authorizer
2020-02-11 22:09:40 +08:00
Wenkai Yin
a4ebbc6ecf Do enhancement for the registry authorizer
This commit introduces a new wrapper authorizer which can authorize the request according to the auth scheme automatically

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-11 21:21:49 +08:00
danfengliu
d1b5bd5d9c Fix project quotas API test issue
In project quotas API test, pull images from goharbor namespace instead of library:
1. Replace image source in API test;
2. Modify criteria for verify project configuration modification.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-06 16:43:08 +08:00
danfengliu
a7472a7a66
Merge pull request #10614 from danfengliu/fix-test-steps-desc-in-robot-account-api-test
Fix description of test in robot account API test
2020-02-04 20:07:14 +08:00
danfengliu
66eff99c7f Fix description issue of test in robot account API test and issue of Helm3 test
1. Fix issue that test step descriton was mismatch with test step;
2. Wrong helm command was used in Helm3 test, replace helm with helm3;
3. In API test, images were pulled from docker-hub registry, images size changed sometime, so we like to use internal registry.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-04 17:26:52 +08:00
Wenkai Yin
ef3af85a5b Register registry handler with the new methods of Route
Register registry handler with the new methods of Route

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-03 16:55:08 +08:00
Daniel Jiang
2064a1cd6d Switch to basic authentication for registry
1. Add basic authorizer for registry which modify the request
to add basic authorization header to request based on configuration.
2. Set basic auth header for proxy when accessing registry
3. Switche the registry to use basic auth by default and use the basic
authorizer to access Harbor.
4. Make necessary change to test cases, particularly
"test_robot_account.py" and "docker_api.py", because the error is
changed after siwtched to basic auth from token auth.  #10604 is opened
to track the follow up work.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-01-31 21:46:47 +09:00
Wenkai Yin(尹文开)
a1b25e1fec
Switch to new registry API handlers (#10596)
Switch to new registry API handlers

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-01-30 21:21:07 +08:00
Daniel Jiang
5f8acc3896 Add middlewares for permission checking for v2 API
When the registry shifts from token auth to basic auth, we'll use the middleware to check permission.
This commit add middlewares for populate the artifact info and check
permission based on request to /v2/* api via security context

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-01-27 12:53:15 +08:00
Ziming Zhang
9f1d538b5f feat(cicd): try fix sometimes docker push time out
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I67193a7c5b80d169237a884895627f68a1f65933
2020-01-20 11:57:03 +08:00
Daniel Jiang
c4dd6c077e
Merge pull request #10456 from bitsf/stop_travis
feat(cicd):stop use travis
2020-01-18 02:59:41 +08:00
Ziming Zhang
45113ea8e1 feat(cicd) use a smaller docker image for test
Change-Id: Ie8f365e7271bfda24ae965aaca0e55d1099c1d68
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-01-17 13:09:31 +08:00
Danfeng Liu (c)
d9c0a4ae67 Switch registry from docker-hub ot internal harbor registry
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
:q
2020-01-17 10:43:20 +08:00
Ziming Zhang
e4eec83e21 feat(cicd):stop use travis
Change-Id: I8a979e4c63801c70ea0b520c864131901ab39506
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-01-15 18:16:03 +08:00
Ziming Zhang
a8e99ef7be fix(cicd) Use fixed golang version 1.13.4 and fail early
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: Ic6a5930c879e3d344ce8a747e226514b4500324c
2020-01-14 16:35:26 +08:00
Danfeng Liu (c)
d02f15fb0f Add retry for prject list display
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2020-01-13 15:44:31 +08:00
Danfeng Liu (c)
ea01a236a5 Add retry when fail to find replication
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2020-01-08 17:08:42 +08:00
danfengliu
7edac6d8e8
Merge pull request #10403 from danfengliu/add-test-case-tag-immutability
Add nightly test case for tag immutability
2020-01-07 14:04:19 +08:00
Daniel Jiang
a5f8111fd0
Merge pull request #10329 from wy65701436/expir-robot
add expiration data time when to create a robot account
2020-01-06 17:30:48 +08:00
Danfeng Liu (c)
9d651128d6 Add nightly test case for tag immutability
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2020-01-06 15:54:08 +08:00
Danfeng Liu (c)
07b005bcda add checkpoint and retry for click add member button
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2020-01-03 15:40:46 +08:00
wang yan
a0f3709b3c add expiration data time when to create a robot account
Update API of creating robot accout, user can specify expiration time per account.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-01-03 13:47:06 +08:00
Danfeng Liu (c)
1cdf7253cd Repull image when error
Docker pull command was enclosed to one keyword, in this keyword,
there're retry and log record.

Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2019-12-31 14:30:26 +08:00
danfengliu
bbe40a551e
Merge pull request #10374 from danfengliu/refresh-project-quotas-list
Refresh project quotas list at regular time
2019-12-30 17:03:53 +08:00
danfengliu
79f93af471
Merge pull request #10333 from danfengliu/add-time-waiting-for-tag-switch
Replace keyword without waiting to one which had waiting
2019-12-30 14:45:24 +08:00
Danfeng Liu (c)
9dbb04925c Refresh project quotas list at regular time
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2019-12-30 14:11:19 +08:00
danfengliu
de2ec7d063 Replace keyword without waiting to one which had waiting
1. Replace all keywords without using waiting;
2. Add a debug line in Go Into Repo for UI hung trouble shooting.

Signed-off-by: danfengliu <danfengl@vmware.com>
2019-12-27 17:13:25 +08:00
danfengliu
933dc91ba5 Notary test failed in Helm Pipeline
In Helm pipeline, harbor access address is by domain name instead of IP, so cert directory should be created by domain name.

Signed-off-by: danfengliu <danfengl@vmware.com>
2019-12-27 17:02:28 +08:00
danfengliu
d46b663778 Remove whitelist verifcation since it's not ready
Signed-off-by: danfengliu <danfengl@vmware.com>
2019-12-27 10:24:45 +08:00
Danfeng Liu (c)
76cbcfcbb9 Refect upgrade script, population will be distinguished by harbor version.
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2019-12-26 14:08:47 +08:00
danfengliu
95ddf6d9b3 Refect keyword of Go Into Reop
Signed-off-by: danfengliu <danfengl@vmware.com>
2019-12-24 16:39:37 +08:00