1. Add two indexes to database migrations.
2. Skip refresh quota in middleware for requests from jobservice.
3. Refresh quota by self in the end of tag retention job.
Closes: #14708
Signed-off-by: chlins <chenyuzh@vmware.com>
fix: fix cache layer issues (#16995,#16997,#16996,#17038)
1. Load config and initialize cache layer in jobservice(for GC)
2. Cache artifact by digest the key should contains repository name
3. Repository cache cleanup error when update
4. Skip save cache when request ctx in transaction
Signed-off-by: chlins <chenyuzh@vmware.com>
Implement cache layer for resource artifact and define common
cache manager and workflow. Also add cache related options to
configuration yaml.
Signed-off-by: chlins <chenyuzh@vmware.com>
When user enables the cosign policy and triggers the replication, the harbor adapter will try to pull the cosign siguature if it has to do the further push.
In this case, it has to skip policy check.
Signed-off-by: wang yan <wangyan@vmware.com>
Cosign client will generate the same signature to the same manifest, ignore the conflict error in middleware
Signed-off-by: Wang Yan <wangyan@vmware.com>
* Move request id to requestid middleware
* fix span pass to child ctx on orm
* fix typos
* remove unused code
* add operation name to Transaction
Signed-off-by: Qian Deng <dengq@vmware.com>
* use lib trace helper function
* add gracefull shutdown
* Add commens for new added exposed function
* Add licence on top of new created files
* Update trace library
* Update configs
* Add attribute and namespance in config
Signed-off-by: Qian Deng <dengq@vmware.com>
1. Use ctx from http request for the readonly middleware.
2. Refactor the AuthenticateHelper to let it get orm from ctx of the http request.
3. Change to use ctx from http request for oidc and authproxy http handlers.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
1, add permission check for API of List Projects
2, add permission check for API of List Repositories
3, use the self defined query to handle both names and public query
Signed-off-by: wang yan <wangyan@vmware.com>
1, deprecate support for version 1 robot support, the robotv1 cannot be used anymore.
2, reserve the /project/{id_or_name}/robots api.
After the PR, user cannot use the robotv1 to login, and do any interaction with Harbor,
but still can view & delete them with UI or API.
Signed-off-by: Wang Yan <wangyan@vmware.com>
The robotv1 context uses the robot$ as a hardcoded prefix to identify robot account, it will raise error
for a valid robotv2 account with this prefix.
Update the log level to avoid the redundant logs for the default installation.
Signed-off-by: Wang Yan <wangyan@vmware.com>
There are code in the core component to conditionally execute code based
on the pattern of url path, and different ingress controller or reverse
proxy may handle the dup slashes in the url path differently.
This commit merge dup slashes in the url paths to make things more
consistent.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit enhances the v2auth middleware, such that any un-recognized
request sent to /v2/ will be blocked.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Fixes#14822
When upstream registry not working, but status might stay healthy because the health check interval is 5 minutes, if a pull request comes before registry status turns to unhealthy, the proxy cache middleware might proxy the request to the upstream registry and get a 401 error and this 401 error might translate to a http 500 error to the client eventually.
To solve this issue, it fall back all error to local registry when proxying manifest except the NotFoundError from the local registry.
Signed-off-by: stonezdj <stonezdj@gmail.com>
This commit moves more user related funcs, such as ChangePassword,
Login, ChangeUserProfile from common/dao to rely on /pkg/user and
pkg/oidc.
It also removes the code for resetting user's password as it's disabled.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
