* add scan all and gc schedule migration
Signed-off-by: wang yan <wangyan@vmware.com>
* Fix gofmt errors
Signed-off-by: wang yan <wangyan@vmware.com>
* Update code according to review comments
Signed-off-by: wang yan <wangyan@vmware.com>
* remove convertschedule return name just return value
Signed-off-by: wang yan <wangyan@vmware.com>
* add periodic job UUID to upstream job id and use execution log as the periodic log
Signed-off-by: wang yan <wangyan@vmware.com>
* add comments to fix codacy
Signed-off-by: wang yan <wangyan@vmware.com>
* Update code per comments
Signed-off-by: wang yan <wangyan@vmware.com>
This commit update the response off OIDC callback when there's error in exchange token.
Additionally add comments to clarify that by default 500 error will not
contain any details.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
* Return 404 when the log of task doesn't exist
Return 404 when the log of task doesn't exist
Signed-off-by: Wenkai Yin <yinw@vmware.com>
* Upgrade the distribution and notary library
Upgrade the distribution library to 2.7.1, the notary library to 0.6.1
Signed-off-by: Wenkai Yin <yinw@vmware.com>
This commit make sure the token is persist to DB after every time after
a user logs in via OIDC provider, to make sure the secret is usable for
the OIDC providers that don't provide refresh token.
It also updates the authorize URL for google to make sure the refresh
token will be returned.
Also some misc refinement included, including add comment to the
OIDC onboarded user, preset the username in onboard dialog.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Ths commmit ensures that when user's token is invalidated OIDC provider, he
cannot access protected resource in Harbor with the user info in his session.
We share the code path with secret verification b/c the refresh token
can be used only once, so it has to be stored in one place.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit tweaks the attribute for auth proxy mode and OIDC auth mode.
To change it from "Skip verify cert" to "verify cert" so they are more
consistent with other modes.
Additionally it removes a workaround in `SearchUser` in auth proxy
authenticator.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
As CLI does not support oauth flow, we'll use secret for help OIDC user
to authenticate via CLI.
Add column to store secret and token, and add code to support
verify/refresh token associates with secret. Such that when the user is
removed from OIDC provider the secret will no longer work.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit adjust the code and fix some bugs to make onboard process
work.
Only thing missed is that the UI will need to initiate the redirection,
because the request of onboarding a user was sent via ajax call and didn't
handle the 302.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>