Containerd in e2e image was using native one in ubuntu, it should be updated to the latest release.
And add proxy cache py-tests including pull image/manifest list by docker and ctr CLI.
Signed-off-by: danfengliu <danfengl@vmware.com>
1. Verify LDAP group admin in UI;
2. Update LDAP group admin need to verify the AdminRoleInAuth, get current user will return this field as true.
Signed-off-by: danfengliu <danfengl@vmware.com>
LDAP group has different role, user in group has the same role, as groups with different roles were added in project
member list, user should act like in different roles. for admin and dev role, there should be checkpoints to verify priviledges of each own.
Signed-off-by: danfengliu <danfengl@vmware.com>
Robot tests have been always executed in docker container, but API pyt-test is not,
so rebuild Dockerfile for it. During that, some of tools have been upgraded, so API py-test
scripts need some modification.
Signed-off-by: danfengliu <danfengl@vmware.com>
1. Fix ldap script issue, test case name should be in lowercase;
2. Add manifest list checkout point for proxy cache issue;
3. Add P2P Preheat policy CRUD Test.
Signed-off-by: danfengliu <danfengl@vmware.com>
1.Separate Dockerfile to drone and nightly e2e, one Dockerfile should cover
both scenarios, it will be resolved later;
2.Fix docker api err type issue, API error has no message attibute;
3.Upgrade docker in nightly e2e images.
Signed-off-by: danfengliu <danfengl@vmware.com>
1. Upgrade robot-framework to 3.1 and Selenium library to 4.4.0.
2. Fix a registry issue for clear filter text input.
Signed-off-by: danfengliu <danfengl@vmware.com>
* add debugging env for GC time window
For debugging, the tester/users wants to run GC to delete the removed artifact immediately instead of waitting for two hours, add the env(GC_BLOB_TIME_WINDOW) to meet this.
Signed-off-by: wang yan <wangyan@vmware.com>
two phases:
1, mark, select the gc candidates bases on the DB and mark them as status delete.
2, sweep, select the candidate and mark it as status deleting and remove it from backend and database.
Signed-off-by: wang yan <wangyan@vmware.com>
1. Fix issue of keyword Go Into Repo, the verification logic could be more strict;
2. Add API E2E pytest of GC with untag flag enabled;
3. Add sleep in test_user_view_logs.py for delete log ocurred;
4. Test Case - Tag CRUD is not stable. Although add button was clicked, but the tag was'nt added successfully.
Signed-off-by: danfengliu <danfengl@vmware.com>
1. Add oras cli py-test;
2. Add env for notary url, allow to input different notary port instead of solid 4443;
3. Add retry for keyword Cannot Pull Image and make it longer during retry.
Signed-off-by: danfengliu <danfengl@vmware.com>
1. Manifest list can be pulled by ctr;
2. ui-test missing key checkpoint, fix it by add checking scan detail result;
3. add tag retension untag image test;
Signed-off-by: danfengliu <danfengl@vmware.com>
1. Enable `security` in the swagger.yaml.
2. Include `basic` auth in `security` to make the generated python
client by `swagger-codegen-cli` work with basic authorization.
3. Include `anonymous` auth in `security` to make APIs of v2.0 generated
by `goswagger` work with `security` middleware.
Closes#11771
Signed-off-by: He Weiwei <hweiwei@vmware.com>
1. Add docker prune cmd to release some space;
2. Add tag for pytest in case of debugging requirement;
3. Replace image to smaller size in robot account pytest;
Signed-off-by: danfengliu <danfengl@vmware.com>
Fixes#11241
1, remove count quota from quota manager
2, remove count in DB scheme
3, remove UI relates on quota
4, update UT, API test and UI UT.
Signed-off-by: wang yan <wangyan@vmware.com>
Docker CLI fails if it's not logged in upon seeing "basic" realm challenging while pinging the "/v2" endpoint. (#11266)
Some CLI will send HEAD to artifact endpoint before pushing (#11188)(#11271)
To fix such problems, this commit re-introduce the token auth flow to the CLIs.
For a HEAD request to "/v2/xxx" with no "Authoirzation" header, the v2_auth middleware populates the
"Www-Authenticate" header to redirect it to token endpoint with proper
requested scope.
It also adds security context to based on the content of the JWT which has the claims of the registry.
So a request from CLI carrying a token signed by the "/service/token" will have proper permissions.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Fixes#11225
As registry changes to basic auth, the push action lost the pull permission.
Add it in the robot security context.
Signed-off-by: wang yan <wangyan@vmware.com>
1, enable user view log api test case
2, update project logs api permission check
3, use project ctl instead in permission check base method
Signed-off-by: wang yan <wangyan@vmware.com>
use the tag controller to handle CRUD of tags, especially the delete scenario, it could validate
the immutable and signature. And move the code of tag handling from artifact controller to tag controller
Signed-off-by: wang yan <wangyan@vmware.com>
1. Add middleware to record the accepted blob size for stream blob
upload.
2. Add middleware to create blob and associate it with project after blob upload
complete.
3. Add middleware to sync blobs, create blob for manifest and associate blobs
with the manifest after put manifest.
4. Add middleware to associate blob with project after mount blob.
5. Cleanup associations for the project when artifact deleted.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
In project quotas API test, pull images from goharbor namespace instead of library:
1. Replace image source in API test;
2. Modify criteria for verify project configuration modification.
Signed-off-by: danfengliu <danfengl@vmware.com>
1. Fix issue that test step descriton was mismatch with test step;
2. Wrong helm command was used in Helm3 test, replace helm with helm3;
3. In API test, images were pulled from docker-hub registry, images size changed sometime, so we like to use internal registry.
Signed-off-by: danfengliu <danfengl@vmware.com>
1. Add basic authorizer for registry which modify the request
to add basic authorization header to request based on configuration.
2. Set basic auth header for proxy when accessing registry
3. Switche the registry to use basic auth by default and use the basic
authorizer to access Harbor.
4. Make necessary change to test cases, particularly
"test_robot_account.py" and "docker_api.py", because the error is
changed after siwtched to basic auth from token auth. #10604 is opened
to track the follow up work.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
When the registry shifts from token auth to basic auth, we'll use the middleware to check permission.
This commit add middlewares for populate the artifact info and check
permission based on request to /v2/* api via security context
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Seperate the HasAdminRole(In DB) with the privileges from external auth, and use user.HasAdminPrivilege to check
Signed-off-by: stonezdj <stonezdj@gmail.com>
- add scanners mgmt related API
- add scan related API
- trigger scan
- get report
- get log text stream
- get scan all metrics
- update the scan_overview in the tag getting API
- fix#9606
Signed-off-by: Steven Zou <szou@vmware.com>
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Push an image to project(PA) by user(UA), then check the project quota usage;
5. Check quota change
6. Delete image, the quota should be changed to 0.
Signed-off-by: wang yan <wangyan@vmware.com>
This commit update test case to cover project level CVE whitelist.
It also fixes the swagger doc to add missing attributes
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
* Refactor scan all api
This commit is to let scan all api using admin job to handle schedule
management. After the PR, GC and scan all share unified code path.
Signed-off-by: wang yan <wangyan@vmware.com>
* update admin job api code according to review comments
Signed-off-by: wang yan <wangyan@vmware.com>
* Update test code and comments per review
Signed-off-by: wang yan <wangyan@vmware.com>