Commit Graph

980 Commits

Author SHA1 Message Date
stonezdj
60478f4990 Move common config api to lib/config
Register all config managers, and get it by getConfigManger()

Signed-off-by: stonezdj <stonezdj@gmail.com>
2021-04-13 19:43:33 +08:00
Daniel Jiang
1d01db3d3c
Merge pull request #14604 from reasonerjt/users-api-refact-2
API for users to new model
2021-04-13 16:21:51 +08:00
Daniel Jiang
d4cd2b87bd API for users to new model
This commit moves the legacy apis related to users to new model.
Some funcs under common/dao are left b/c they are used by other module,
which should also be shifted to leverage managers.
We'll handle them separately.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-04-13 11:11:50 +08:00
Wenkai Yin(尹文开)
e4678dc7db
Merge pull request #14578 from ywk253100/210318_replication
Improve the performance of replication
2021-04-12 10:44:32 +08:00
Wenkai Yin
09c3d042ea Improve the performance of replication
Improve the performance of replication by introducing a new API to check whether the blob can be mounted directly

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2021-04-12 09:54:25 +08:00
stonezdj
ac5e908597 Refactor user group to new programming model
Add context to required methods
Add pkg/usergroup/dao
Add pkg/usergroup/manager
Add controller/usergroup/controller

Signed-off-by: stonezdj <stonezdj@gmail.com>
2021-04-09 14:40:48 +08:00
stonezdj
107e468b60 Refactor configure api to new programming model
Changes include:
1. Move core/config to controller/config
2. Change the job_service and gcreadonly to depends on lib/config instead of core/config
3. Move the config related dao, manager and driver to pkg/config
4. Adjust the invocation of the config API, most of then should provide a context parameter, when accessing system config, you can call it with background context, when accessing user config, the context should provide orm.Context

Signed-off-by: stonezdj <stonezdj@gmail.com>
2021-04-09 08:10:11 +08:00
Daniel Jiang
ad8eee8623 Add attribute admin username for authproxy
This commit adds the attribute "http_authproxy_admin_usernames", which
is string that contains usernames separated by comma, when a user logs
in and the username in the tokenreview status matches the setting of
this attribute, the user will have administrator permission.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-04-07 18:14:59 +08:00
Wang Yan
9ef50ed430
refactor notification (#14406)
* Refactor webhook

refactor notification to new programming model

Signed-off-by: wang yan <wangyan@vmware.com>
2021-03-22 17:27:23 +08:00
He Weiwei
a2b08446d7
refactor: generate search API by go-swagger (#14422)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-03-22 14:35:44 +08:00
Daniel Jiang
0d4992a41e
API for system CVE allowlist to new model (#14412)
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-03-12 10:23:48 +08:00
Wenkai Yin(尹文开)
4ef93565f3
Merge pull request #14369 from ywk253100/210303_sort
Introduce "sort" in query to provide a general solution for sorting
2021-03-11 09:28:34 +08:00
Wenkai Yin
506d1ad465 Introduce "sort" in query to provide a general solution for sorting
Introduce "sort" in query to provide a general solution for sorting

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2021-03-11 08:25:49 +08:00
stonezdj
5a35b7a9c4 Move ldap API to new program model
Fix some issue with the LDAP connection test

Signed-off-by: stonezdj <stonezdj@gmail.com>
2021-03-10 16:26:45 +08:00
Daniel Jiang
e96c1cbced Switch API to ping OIDC endpoint to new model
This commit updates the API POST /api/v2.0/system/oidc/ping to new
programming model, in which the code will be generated by go-swagger.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-03-04 15:44:11 +08:00
He Weiwei
4b033c266a refactor: generate quota APIs by go-swagger
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-02-25 08:19:55 +00:00
piotrekfilip
db47cf7f46
Add support for http proxy in oidc insecureTransport
Signed-off-by: piotrekfilip <43957913+piotrekfilip@users.noreply.github.com>
2021-02-06 12:42:38 +01:00
Daniel Jiang
ea76594469 Improve the way config store transforms a value to string
This commit provide a better way to transform the value to string when
they are loaded from the driver.
Fixes #14074
However the way the config driver loaded config values and configstore
stores it back and forth seems repetitive and should be optimized.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-01-27 08:41:49 +00:00
Daniel Jiang
5ea43abc67 Fix a potential nil pointer issue
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-01-22 19:02:45 +08:00
Sven Haardiek
b2fe254974
Username from /userinfo (#14038)
This patch enabled Harbor to receive the username from the /userinfo endpoint
instead of only from the ID Token.

Closes #14037

Signed-off-by: Sven Haardiek <sven@haardiek.de>
2021-01-22 18:48:53 +08:00
Wang Yan
2d4456c630
refractor project rbac (#13924)
As the system rbac introduced, move the code of project rbac into project directory

Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-01-11 11:27:26 +08:00
Ziming Zhang
39fb500318 feat(retention) refactor to use go swagger api
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2021-01-08 07:09:28 +00:00
He Weiwei
755c6490f9
feat: remove duplicate CVE in scan report and summary (#13918)
1. Remove the duplicate CVE records in the report/summary for the image
index.
2. Add scanner field in the scan overview for the API.

Closes #13913

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-01-08 11:00:43 +08:00
Wang Yan
0cf43d766c
enable system resource access (#13826)
1, introduce & define the system resources.
2, replace the IsSysAdmin judge method.
3, give the robot the system access capability.

Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-01-07 15:45:04 +08:00
Daniel Jiang
06e993ff76
Remove scanner-pull from system admin's permission (#13901)
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-01-06 12:35:58 +08:00
Daniel Jiang
d0152cb446
Merge pull request #13872 from reasonerjt/token-scope
Refine the token scope generation
2021-01-04 11:16:59 +08:00
Wang Yan
0271efd3f7
enable visible when to list/create robot (#13840)
1, enable the visible attribute when to create/list robots
2, rename package name from robot2 to robot

Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-01-04 10:24:31 +08:00
Daniel Jiang
eb75123638 Refine the token scope generation
This commit directly maps the actoin permission in security context to
the scope generated by the token service in harbor-core.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-01-03 23:12:04 +08:00
Daniel Jiang
c660727877
Merge pull request #13800 from reasonerjt/authproxy-redirect
Add handler to handle redirect via authproxy
2020-12-23 03:00:18 +08:00
stonezdj(Daojun Zhang)
bc0b6b43ed
Merge pull request #13791 from reasonerjt/oidc-redirect-extra-parm
Add extra parms when forming redirect URI for OIDC
2020-12-22 21:45:53 +08:00
Daniel Jiang
7321e3547d Add handler to handle redirect via authproxy
This commit add a handler to handle the request to
"/c/authproxy/redirect".  Harbor is configured to authenticate against
an authproxy, if a request with query string `?token=xxxx`
is sent to this URI, the handler will do tokenreview according to the
setting of authproxy and simulate a `login` workflow based on the result
of token review.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-12-22 18:59:17 +08:00
He Weiwei
3831e82b20
refactor: remove code of admin job (#13819)
Remove code of admin job as it's not needed by scan all/gc now.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-12-22 11:48:16 +08:00
Wang Yan
9bc6f3cee4
fix robot account update issue (#13741)
* fix robot account update issue

enable the update method to support both v1 & v2 robot update

Signed-off-by: Wang Yan <wangyan@vmware.com>

* resolve review comments

Signed-off-by: Wang Yan <wangyan@vmware.com>
2020-12-18 20:01:26 +08:00
He Weiwei
18b850782e fix: fix errors detected by codeql
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-12-17 06:15:34 +00:00
Daniel Jiang
c1c55d0cee Add extra parms when forming redirect URI for OIDC
Fixes #13092

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-12-16 19:41:13 +08:00
Daniel Jiang
3b04d2f8f5
Escape the values to contains operator in dao packages (#13774)
fixes #13018

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-12-16 14:19:20 +08:00
Wenkai Yin(尹文开)
43104ab0b9
Merge pull request #13724 from reasonerjt/http-auth-admin-grp
Support admin group in http authproxy
2020-12-11 13:06:26 +08:00
Daniel Jiang
60e3668d43 Support admin group in http authproxy
This commit adds admin_groups into the configuration of http_auth
settings, it's a string in the form of "group1, group2".  If the token
review result shows the user is in one of the groups in the setting he
will have the administrator role in Harbor.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-12-10 15:57:15 +08:00
DQ
ade69e20ef Fix typo
Signed-off-by: DQ <dengq@vmware.com>
2020-12-09 20:42:21 +08:00
He Weiwei
e92674a42a
feat: add cache library and enable it in config manager (#13525)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-12-08 17:40:03 +08:00
Daniel Jiang
fef5317aef
Merge pull request #13382 from flaviodsr/fix_core_init
Fix deadlock on harbor-core initialization
2020-12-04 19:51:56 +08:00
Wenkai Yin(尹文开)
ddb29f2243
Set timezone as UTC for database connection (#13661)
Set timezone as UTC for database connection

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-12-03 08:55:48 +08:00
Daniel Jiang
34d776b062 Bump up go-ldap to v3.2.4
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-12-02 15:28:54 +08:00
Qian Deng
b80b1a7abf
Merge pull request #13617 from ninjadq/remove_clair_in_harbor_code
Remove clair code in harbor
2020-11-30 15:28:02 +08:00
Daniel Jiang
db8ce49133
Rework systeminfo API. (#13606)
This commit rework the systeminfo API under new programming model.
Also fixes #9149

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-11-30 14:15:18 +08:00
DQ
590212b485 Remove clair related code
- clair code in harbor core
- clair code in frontend
- clair code in robotcase

Signed-off-by: DQ <dengq@vmware.com>
2020-11-27 14:01:04 +08:00
stonezdj(Daojun Zhang)
dec12308a1
Merge pull request #13621 from stonezdj/201127_fail_to_add_ldap_group
Lowercase the LDAP DN in UnderBaseDN
2020-11-27 11:45:07 +08:00
stonezdj(Daojun Zhang)
5a34f4e8fa
Merge pull request #13548 from wy65701436/robot2-swagger-api-dev
add robot account 2 api handler
2020-11-27 11:32:24 +08:00
stonezdj
ca245d3545 Lowercase the LDAP DN in UnderBaseDN
Fixes #13362: Unable to add LDAP group with different letter case in DN

Signed-off-by: stonezdj <stonezdj@gmail.com>
2020-11-27 10:30:19 +08:00
Daniel Jiang
fd54a568d0
Merge pull request #13500 from thechristschn/fix-searchgroupbyname
Fix api ldap group search by name
2020-11-26 16:38:13 +08:00