This commit include 2 changes to mitigate and remediate the problem
described in #15241
1. When the token is to be updated in the "oidc_user" table, make sure
only the column "token" will be udpated.
2. Restore the subiss column for the record that has this column cleared
by mistake, by decoding the persisted token.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
If build base images is needed in a unexpected situation, build base images action will be triggered by making a modification of .buildbaselog.
Signed-off-by: danfengliu <danfengl@vmware.com>
This updates support matrix to make it up to date.
It also update the upgrade path section to use 2.x as examples.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1, deprecate support for version 1 robot support, the robotv1 cannot be used anymore.
2, reserve the /project/{id_or_name}/robots api.
After the PR, user cannot use the robotv1 to login, and do any interaction with Harbor,
but still can view & delete them with UI or API.
Signed-off-by: Wang Yan <wangyan@vmware.com>
The following information should cleanup before delete user:
Delete project member of this user.
Delete oidc_user when auth_mode is oidc_auth.
Fixes#8424
It also removes the deleted user from project member and the deleted condition in the project member query for consistency
Signed-off-by: stonezdj <stonezdj@gmail.com>
fixes#15273
set the cross mount namespace for conformance test, the default vaule cannot pass the reponame validation.
Signed-off-by: Wang Yan <wangyan@vmware.com>
Fixes#15171
Cannot use q.Query because ldap_group_dn contains comma(,) and equal(=), which are reserved characters in q.Query
Signed-off-by: stonezdj <stonezdj@gmail.com>
Fixes#14932
Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration.
[Root cause]
Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15.
[References]
https://github.com/dvsekhvalnov/jose2go/issues/26https://github.com/golang/go/issues/41089
[Resolve]
To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above.
[Break change]
If you pushed and signed image using Harbor v2.2.0 ~ v2.2.2 and created new repository key in notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario.
The influence path of the particular case:
Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above)
Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above)
The non influence path of the paticular case:
Harbor v2.1.0(or lower) --> v2.2.3(or above)
Harbor v2.1.0(or lower) --> v2.3.1(or above)
[Fix in Version]
Harbor v2.2.3 or above
Harbor v2.3.1 or above
[Note]
If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead.
Signed-off-by: Wang Yan <wangyan@vmware.com>
This version of the adapter service wraps Trivy v0.18.3
that supports Go dependency scanning and various other
improvements.
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
