wang yan
424f11e697
add immutable match in the repository/tag delete api
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-21 15:53:24 +08:00
stonezdj
b148ffe6a8
Remove the nested group search
...
Remove the code change in #8378 , because the previous code change caused issues: #9092 , #9110 , #9326
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-10-21 14:34:53 +08:00
He Weiwei
e254fe3095
fix(permissions): permissions checking for member and quota info ( #9490 )
...
1. Only show project member info when has member list permission.
2. Only show quota info when has quota read permission.
3. Add quota read permission for all roles of project.
4. Refactor permission service in portoal.
5. Clear cache when clear session.
Closes #8697
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-21 14:03:52 +08:00
He Weiwei
bf6a14c9ad
feat(role): introduce a limited guest role ( #9403 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-20 14:21:28 +08:00
Wenkai Yin(尹文开)
f98196e5ba
Merge pull request #9435 from reasonerjt/oidc-refresh-refine
...
Update OIDC token refresh process
2019-10-18 19:43:34 +08:00
Steven Zou
0f16913635
rebase: resolve the code confilcts with master
...
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-17 17:42:41 +08:00
Wenkai Yin(尹文开)
97ddff2ac8
Merge pull request #9434 from heww/clair-adapter
...
build(clair): internal clair adapter when install with clair
2019-10-17 16:06:10 +08:00
He Weiwei
8964a8697a
build(clair): internal clair adapter when install with clair
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-17 12:00:51 +08:00
Daniel Jiang
f0cb16cb86
Update OIDC token refresh process
...
1) Disassociate id token from user session
2) Some OIDC providers do not return id_token in the response of refresh
request:
https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse
When validating the CLI secret it will not validate the id token,
instead it will check the expiration of the access token, and try to
refresh it.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-17 11:26:18 +08:00
Steven Zou
f18afc0a3f
do changes to let the vul policy check compatiable with new framework
...
- update the scan/scanner controller
- enhance the report summary generation
- do changes to the vulnerable handler
- remove the unused clair related code
- add more UT cases
- update the scan web hook event
- drop the unsed tables/index/triggers in sql schema
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-16 23:15:26 +08:00
stonezdj(Daojun Zhang)
2973ddcf6b
Merge pull request #9428 from stonezdj/disable_self_reg
...
Update default self_registration=false
2019-10-16 17:41:21 +08:00
stonezdj
3636a1afa5
Update default self_registration=false
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-10-16 01:33:48 -07:00
He Weiwei
d9a539807b
perf(test): speed up TestAddBlobsToProject test in dao pkg
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-14 16:46:01 +00:00
Daniel Jiang
ee9e92b6dd
Merge pull request #9157 from phin1x/master
...
Escape user dn in ldap group search filter
2019-10-14 16:41:27 +08:00
Wenkai Yin(尹文开)
7d0505593f
Merge pull request #8556 from chlins/feat/image-replication-adapter-for-quay.io
...
Feat/image replication adapter for quay.io
2019-10-14 09:16:45 +08:00
Steven Zou
a86afd6ebc
Merge branch 'master' into feature/pluggable_scanner_s3_merge
2019-10-12 15:18:06 +08:00
wang yan
6f6f113f0f
refactor robot api
...
1, add API controller for robot account, make it callable internally
2, add Manager to handler dao releate operation
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-11 17:26:18 +08:00
Steven Zou
58afd8e14b
[stage3] support pluggable scanner
...
- implement scan controller
- add scan resource and update role bindings
- update registration model and related interfaces
Signed-off-by: Steven Zou <szou@vmware.com>
- implement scan API to do scan/get report/get log
- update repository rest API to produce scan report summary
- update scan job hook handler
- update some UT cases
- update robot account making content
- hidden credential in the job log
Commnet scan related API test cases which will be re-activate later
fix #8985
fix the issues found by codacy
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-11 12:53:02 +08:00
chlins
4ab3b864ae
feat: add image replication adapter for quay.io
...
Signed-off-by: chlins <chlins.zhang@gmail.com>
2019-10-11 10:00:07 +08:00
stonezdj(Daojun Zhang)
a2938c5d78
Merge pull request #9274 from wy65701436/immu-refatctor
...
refactor immutable dao code to align the new structure under pkg
2019-10-10 10:38:22 +08:00
He Weiwei
4ce72e37c4
fix(robot): robot account improvement for policies
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-09-27 03:07:58 +00:00
wang yan
7c4fd79b5c
refactor immutable dao code to align the new structure under pkg
...
1, add manager
2, move model dao to /pkg/dao
Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-26 20:35:58 +08:00
stonezdj
cc22a175b9
Add immutable tag API
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-09-25 15:53:56 +08:00
stonezdj(Daojun Zhang)
ec559b0585
Merge pull request #9123 from stonezdj/immutable_tags
...
Add DAO for immutable tags
2019-09-23 21:46:07 +08:00
stonezdj
29d2bcce99
Add DAO for immutable tags
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-09-23 16:45:07 +08:00
Fabian
1467f4bbb1
Escape User DN
...
Signed-off-by: Fabian Weber <fa.weber@enbw.com>
2019-09-19 14:29:09 +02:00
Daniel Jiang
b21f9dc6f1
Support OIDC groups
...
This commit enable project admin to add group as project member when
Harbor is configured against OIDC as AuthN backend.
It populates the information of groups from ID Token based on the claim
that is set in OIDC settings.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 17:49:31 +08:00
Daniel Jiang
f36efa4dcd
Add groups claim to OIDC configuration
...
This commit add the new setting "oidc_groups_claim" to Harbor's
configurations.
And add "group_claim" to OIDCSetting struct.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-16 15:54:14 +08:00
Daniel Jiang
753219834e
Merge pull request #8960 from ninjadq/upgrade_hash_alg_for_pswd
...
Upgrade hash alg for pswd
2019-09-12 11:22:39 +08:00
Wenkai Yin
089eb4c449
Add the port 8080 to the default URL of portal to avoid the health check API failure
...
We changed the listenning port of portal from 80 to 8080 to run the process as non-root user, but the change didn't update the default URL of portal in source code, this causes the health check API fail.
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-09-11 10:45:55 +08:00
DQ
ea5c27fcd5
Enhance: Upgrade encrypt alg to sha256
...
previous sha1 will still used for old password
Signed-off-by: DQ <dengq@vmware.com>
2019-09-09 21:48:21 +08:00
Wenkai Yin
3b07be5a72
Check the status behind error when trying to update the scan schedule
...
Check the status behind error when trying to update the scan schedule
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-09-09 13:31:10 +08:00
Wang Yan
2194834b41
Merge pull request #8910 from heww/foreign-layers
...
fix(quota): correct size quota for image with foreign layers
2019-09-03 00:29:24 +08:00
He Weiwei
f44b75f398
fix(quota): correct size quota for image with foreign layers
...
1. Sync blobs from manifest for image with foreign layers.
2. Ignore size of foreign layers when compute size quota.
3. Fix repo info of artifact when upgrade from 1.8 version.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-09-02 14:10:58 +00:00
wang yan
d3f7d01a69
fix int out of range when to set usage in GC job
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-02 18:48:10 +08:00
wang yan
c28920c84f
fix #8807
...
Format the error of mount blob, return a http error so that the core can parse it.
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-30 16:29:47 +08:00
wang yan
16b910e1cf
fix(quota/sync) #8886
...
The foreign layer won't be counted into project quota
NOTE: the foreign layer will be dumped from the registry in the migration
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-29 17:29:40 +08:00
Wang Yan
db5781bf78
Merge pull request #8860 from wy65701436/fix-quota-sync
...
fix quota sync issues
2019-08-29 13:45:38 +08:00
wang yan
5decb56369
update code per review comments
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-29 12:46:42 +08:00
Wenkai Yin(尹文开)
5da4286ef4
Hard delete project metadata ( #8856 )
...
Hard delete project metadata
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-29 12:14:39 +08:00
wang yan
942e793f20
fix quota sync issues
...
1, fix #8858 , add retry to ping backend service
2, fix #8859 , split the blobs data when larger then 65535
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-28 18:59:25 +08:00
He Weiwei
2c1c816941
fix(database): generate db url by url.URL for schema upgrade ( #8852 )
...
Closes #7948
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-28 16:59:22 +08:00
Ziming
94138137d5
add valid for rule ( #8846 )
...
Change-Id: I82215a0cf1ec32a253c8db9bfafe7e25b26c9ad9
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-08-28 16:58:49 +08:00
wang yan
19f543a025
fix sql in remove blob from project
...
the project id is missing in the method, that makes GC to clean all of items,
and if quota will not compute twice for the existing manifest.
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-28 00:38:11 +08:00
Wenkai Yin(尹文开)
7262cc4c1a
Merge pull request #8836 from wy65701436/update-quota-error
...
Revise quota errors to make it more readable
2019-08-27 11:34:36 +08:00
wang yan
f343b2ec45
Revise quota errors to make it more readable
...
1, fix #8802 , update the error formet
2, fix #8807 , raise the real retag error to UI
3, fix #8832 , raise the real chart error to chart client & ut
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-26 17:00:31 +08:00
wang yan
e3155e00d6
fix #8815 :add remove untagged blob record in table project_blob
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-26 15:57:19 +08:00
mmpei
d5f87063e4
Merge branch 'master' into official-wehook-events-20190811
2019-08-22 22:07:12 -05:00
wang yan
2d569192ab
fix quota count size for same manifest in different repo
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-23 00:56:45 +08:00
Wenkai Yin(尹文开)
21f8290110
Merge pull request #8777 from heww/issue-8635
...
fix(rbac): NewProjectNamespace in rbac only accept projectID
2019-08-22 17:52:27 +08:00
Wenkai Yin(尹文开)
6198ed2634
Merge pull request #8758 from heww/issue-8681
...
refactor(quota,middleware): skip overflow error when subtract resources
2019-08-22 13:54:01 +08:00
He Weiwei
8effdc6f18
fix(rbac): NewProjectNamespace in rbac only accept projectID
...
Closes #8635
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-21 19:37:28 +00:00
wang yan
e91ded65cb
fix quota size usage in gc job, issue # https://github.com/goharbor/harbor/issues/8699
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-21 16:51:31 +08:00
Wang Yan
4bccb17236
Merge pull request #8749 from heww/issue-8493
...
fix(quota-driver): owner name of project quota reference object
2019-08-21 13:47:17 +08:00
He Weiwei
c22bf2539e
refactor(quota,middleware): skip overflow error when subtract resources
...
1. Skip overflow error when subtract resources
2. Take up resources before handle request and put it back when handle
failed for add action in quota interceptor
3. Free resources only after handle success for subtract action in quota
interceptor
Closes #8681
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-20 14:41:55 +00:00
He Weiwei
8eb17be13c
fix(quota-driver): owner name of project quota reference object
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-20 07:03:11 +00:00
stonezdj
7c7b6d2710
Normalize LDAP filter for user filter and group filter
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-08-20 10:55:30 +08:00
Daniel Jiang
f10fb67d6d
Merge pull request #8662 from stonezdj/email_sec2
...
Set default email to null if not provided
2019-08-20 09:01:50 +08:00
He Weiwei
75772aae11
refactor(quota): new error types for quota checking ( #8726 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-19 19:00:29 +08:00
stonezdj
5fa8eb7854
Set default email to null if not provided
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-08-19 15:20:44 +08:00
Daniel Jiang
b3abd0316b
Merge pull request #8713 from reasonerjt/fix-8702
...
Avoid overwriting system CVE whitelist by mistake
2019-08-19 01:42:58 +08:00
Daniel Jiang
504202ecfd
Merge pull request #8378 from Typositoire/ldap/nested-groups
...
Search for LDAP_MATCHING_RULE_IN_CHAIN groups
2019-08-18 16:07:16 +08:00
Wang Yan
7a41d89ac8
Add quota sync api toi to sync quota data with backend storage
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-16 14:55:46 +08:00
Daniel Jiang
30bb2ddcdf
Avoid overwriting system CVE whitelist by mistake
...
Fixes #8702
Also enforce the code to mitigate the potential risk.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-08-16 13:28:16 +08:00
Qian Deng
89aed1a1ea
Merge pull request #8672 from ywk253100/190815_content_length
...
Set content length when pushing blobs
2019-08-15 12:45:35 +08:00
Wenkai Yin
b94a99dded
Set content length when pushing blobs
...
Set content length when pushing blobs
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-15 10:52:08 +08:00
Wang Yan
bf0b5a3fd0
Merge pull request #8663 from wy65701436/fix-quota-api
...
Fix quota switch fail to get project size
2019-08-15 10:49:49 +08:00
wang yan
a947a4259d
Fix quota switch fail to get project size
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-14 22:32:32 +08:00
He Weiwei
98e1f68468
feat(configuration,db): connection pool configs for db
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-14 14:30:34 +08:00
wang yan
9e0addee55
Enable usage sync when switch quota setting
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-14 12:47:12 +08:00
wang yan
76c52c2332
append commit to fix core compile error introduced by pr #8606
...
Signed-off-by: wang yan <wangyan@vmware.com>
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-14 00:22:55 +08:00
Steven Zou
1adc3a9469
Merge pull request #8606 from ywk253100/190807_stuck
...
Fix replication tasks stuck in "InProgress" issue
2019-08-13 15:59:20 +08:00
stonezdj(Daojun Zhang)
3e0191be5a
Merge pull request #8621 from stonezdj/project_sort
...
Sort project by name
2019-08-13 14:13:29 +08:00
He Weiwei
c1cea42089
feat(quota,middleware): enable or disable quota per project by config
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-12 00:02:26 +00:00
peimingming
222c47142a
Add chart and scanning event for webhook
...
Signed-off-by: peimingming <peimingming@corp.netease.com>
2019-08-11 18:01:07 +08:00
stonezdj
65dc665717
Sort project by name
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-08-09 16:22:55 +08:00
Wang Yan
54a39c7159
Merge pull request #8597 from heww/size-quota
...
refactor(quota,middleware): implement size quota by quota interceptor
2019-08-09 15:44:33 +08:00
He Weiwei
e62c29123d
refactor(quota,middleware): implement size quota by quota interceptor
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-08 23:55:54 +00:00
Wang Yan
9cbcc93e8a
Merge pull request #8602 from goharbor/webhook-dev-20190807
...
Add feature webhook implementation
2019-08-08 16:01:39 +08:00
Wenkai Yin
8777c07d47
Fix replication tasks stuck in "InProgress" issue
...
Fix replication tasks stuck in "InProgress" issue
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-08 15:42:42 +08:00
Yann David
6435f32bc5
Prevent duplicated entries
...
Signed-off-by: Yann David <davidyann88@gmail.com>
2019-08-07 13:16:43 -04:00
guanxiatao
e7fafd1941
webhook policy, job, event support
...
Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>
2019-08-07 20:30:26 +08:00
cd1989
870d7115c4
Refactor code to extract a common task runner
...
Signed-off-by: cd1989 <chende@caicloud.io>
2019-08-07 17:14:10 +08:00
cd1989
e2e540233b
Use context for concurrency control
...
Signed-off-by: cd1989 <chende@caicloud.io>
2019-08-07 17:14:10 +08:00
cd1989
1f541c890c
Improve performance for other registry adapters
...
Signed-off-by: cd1989 <chende@caicloud.io>
2019-08-07 17:14:10 +08:00
Wenkai Yin(尹文开)
6c0c75743e
Merge pull request #8571 from ywk253100/190806_retention_time
...
Populate pull/push time properties to the returning data when listing tags
2019-08-07 12:41:23 +08:00
Wang Yan
305242e993
Merge pull request #8573 from stonezdj/change_trace_level
...
Change trace level of missing configure metadata
2019-08-07 12:41:00 +08:00
Wenkai Yin
216ef269b3
Populate pull/push time properties to the returning data when listing tags
...
Populate pull/push time properties to the returning data when listing tags
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-07 11:47:05 +08:00
stonezdj
05f9920e62
Change trace level of missing metadata
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-08-06 14:09:54 +08:00
Daniel Jiang
eec4fc2798
Remove clair notifier
...
The way Harbor handles notification is problematic.
It currently triggers rescan, which will cause problem when there are
lot of images in the registry.
Such as #7316
This commit removes the notifier and we need to revisit the notification
to figure out how to map the notification to a particular image if need
the notification mechanism in future.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-08-06 01:58:15 +08:00
stonezdj(Daojun Zhang)
12fb643f0a
Merge pull request #8557 from stonezdj/merge_user_group_roles
...
Merge user roles and group roles
2019-08-05 17:07:35 +08:00
stonezdj
35a49568ce
Merge user roles and group roles
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-08-05 15:10:06 +08:00
Steven Zou
97c812a1e8
Merge pull request #8359 from nlowe/bugfix/logging-line-call-outside-repo-root
...
Fix logger line() call if built outside of the repo root
2019-08-05 14:49:06 +08:00
He Weiwei
9778954852
feat(quota,middleware): image count quota support
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-01 14:48:59 +08:00
He Weiwei
8cc9314984
feat(helm-chart,quota): count quota support for helm chart ( #8439 )
...
* feat(helm-chart,quota): count quota support for helm chart
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-07-31 16:48:40 +08:00
Wang Yan
0a92e61d97
Merge pull request #8485 from wy65701436/internal-reg-quota
...
add internal reg request handler chain
2019-07-30 20:47:21 +08:00
wang yan
4410cc93f9
add internal reg request handler chain
...
this is for internal registry api call, the request should be intercpeted by quota middlerwares, like retag and delete.
Note: The api developer has to know that if the internal registry call in your api, please consider to use
NewRepositoryClientForLocal() to init the repository client, which can handle quota change.
Signed-off-by: wang yan <wangyan@vmware.com>
2019-07-30 19:39:56 +08:00
Wenkai Yin(尹文开)
9e6b022ce1
Merge pull request #8425 from ywk253100/190726_acr
...
Fix #8319 , got error when replicating image with Azure container registry
2019-07-30 15:19:12 +08:00
Wenkai Yin
4dac036013
Fix #8319 , got error when replicating image with Azure container registry
...
Fix #8319 , got error when replicating image with Azure container registry
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-30 12:58:22 +08:00
Daniel Jiang
2211be7a80
Merge pull request #8446 from reasonerjt/group-perm-merge
...
Update GetRolesByGroupID
2019-07-29 19:11:51 +08:00