Steven Zou
f18afc0a3f
do changes to let the vul policy check compatiable with new framework
...
- update the scan/scanner controller
- enhance the report summary generation
- do changes to the vulnerable handler
- remove the unused clair related code
- add more UT cases
- update the scan web hook event
- drop the unsed tables/index/triggers in sql schema
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-16 23:15:26 +08:00
stonezdj(Daojun Zhang)
0fa4934679
Merge pull request #8596 from JakubOnderka/patch-4
...
nginx: Remove TLSv1.1 support
2019-10-16 11:39:55 +08:00
wang yan
25f638a989
Merge branch 'master' of https://github.com/goharbor/harbor into robot-invisiable
2019-10-14 14:35:45 +08:00
wang yan
3e81bd7f1d
add visible attribute to robot account
...
The commit is to make robot controller could create invisible robot account for internal use
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-12 00:51:48 +08:00
Steven Zou
9fd8b6306c
refactor code to reflect code review comments
...
- refactor the db schema \
- refactor permission checking in API handlers \
to follow the latest code/interface changes
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-11 18:07:47 +08:00
Steven Zou
58afd8e14b
[stage3] support pluggable scanner
...
- implement scan controller
- add scan resource and update role bindings
- update registration model and related interfaces
Signed-off-by: Steven Zou <szou@vmware.com>
- implement scan API to do scan/get report/get log
- update repository rest API to produce scan report summary
- update scan job hook handler
- update some UT cases
- update robot account making content
- hidden credential in the job log
Commnet scan related API test cases which will be re-activate later
fix #8985
fix the issues found by codacy
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-11 12:53:02 +08:00
Daniel Jiang
49f12d0b16
Merge pull request #8786 from reasonerjt/fix-8622
...
Extract shared func for checkenv and install scripts
2019-10-10 16:53:51 +08:00
He Weiwei
6fbb77d65a
build(portal): npm registry configurable and build cache support ( #9356 )
...
1. Introduce NPM_REGISTRY in Makefile to support npm registry
configuration when build portal image.
2. Install npm pkgs before copy portal src so that build cache works for
npm install in portal image.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-10 15:29:50 +08:00
Daniel Jiang
b9154a858b
Extract shared func for checkenv and install scripts
...
This commit fixes #8622 by extract shared func into common.sh to avoid
inconsistency in future.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-10 15:07:09 +08:00
Wang Yan
7e73dfb754
Merge pull request #9221 from wy65701436/fix-9186
...
patch registry fix of issue 2553
2019-09-26 19:34:18 +08:00
wang yan
3cf7e702be
patch regsitry fix of issue 2553
...
This commit is target to fix harbor issue #9186 , which root cause is mentioned by
https://github.com/docker/distribution/issues/2553 , and fixed by https://github.com/docker/distribution/pull/2879 .
As the latest distribution release(v2.7.1) does not contain this fix, but it will break the quota migraion process on S3 storage, we have to path this fix into Harbor regsitry binary.
[Tag Version]
It uses the issue number(2553) as the tag naming convention, like v2.7.1-patch-2553, means that we patch the fix of issue 2553 into v2.7.1.
[Note]
So far, this fix is only targets on docker regsitry v2.7.1. If the registry has this fix in new release, we'll move on.
Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-26 18:27:53 +08:00
Qian Deng
578adaa064
Merge pull request #9240 from ninjadq/add_extra_headers_in_nginx
...
Add headers in nginx config file
2019-09-26 10:27:08 +08:00
DQ
2bc11200d6
Move db change to new migration file
...
DB should move to new migration file cause 1.9 is already released
Signed-off-by: DQ <dengq@vmware.com>
2019-09-25 15:57:03 +08:00
DQ
e7394041ab
Add headers in nginx config file
...
extra headered added in https and http config
Signed-off-by: DQ <dengq@vmware.com>
2019-09-24 17:50:40 +08:00
stonezdj(Daojun Zhang)
ec559b0585
Merge pull request #9123 from stonezdj/immutable_tags
...
Add DAO for immutable tags
2019-09-23 21:46:07 +08:00
Steven Zou
a73f896f23
Merge pull request #9154 from steven-zou/feature/pluggable_scanner_s2
...
[stage2]support pluggable scanner
2019-09-23 21:12:27 +08:00
stonezdj
29d2bcce99
Add DAO for immutable tags
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-09-23 16:45:07 +08:00
Steven Zou
d616bc3509
add scan report CRUD supporting and
...
- change error collection in scan job
- add dead client checking in client pool
- change key word type to interface{} for q.Query
- update bearer authorizer
- add required UT cases
Signed-off-by: Steven Zou <szou@vmware.com>
2019-09-23 16:21:39 +08:00
Steven Zou
0c19eba8c2
[stage2]support pluggable scanner
...
- add scanner rest API v1 spec
- implement v1 client which is used to talk to scanner adapter
- adjust data/orm models
- adjust code package structure
Signed-off-by: Steven Zou <szou@vmware.com>
- implement scan client which is used to talk to scanner adapter
- implement scan job which take the work of communicating with scanner
- update scanner mgmt API routes
- add corresponding UT cases
2019-09-23 09:37:54 +08:00
Daniel Jiang
3e5973fc6e
Add Secure flag to cookie
...
This commit modifies nginx configuration file to make sure the secure
flag is added to "Set-Cookie" header when Harbor is serving https
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 21:04:37 +08:00
Steven Zou
4c4897aef1
Merge pull request #9134 from steven-zou/feature/pluggable_scanners
...
support pluggable scanner
2019-09-19 16:08:24 +08:00
Steven Zou
e324a4d623
support pluggable scanner
...
- add DAO layer for scanner registration
- add CURD manager for scanner registration
- add API controller for plug scanner
- add REST APIs for CURD of plug scanner
- add migration sql:0011_1.10.0
- add scan interface definition (no implementations)
- add related UT cases with testify
fix #8979 #8990
Signed-off-by: Steven Zou <szou@vmware.com>
2019-09-18 21:56:45 +08:00
jwangyangls
6dd2ae90a0
Merge pull request #9011 from jwangyangls/upgrade_clarity-2.1
...
Upgrade angular from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
2019-09-18 10:45:40 +08:00
Yogi_Wang
a7c7a8e675
Upgrade angualr from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
...
Signed-off-by: Yogi_Wang <yawang@vmware.com>
Signed-off-by: Meina Zhou <meinaz@vmware.com>
Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-18 10:12:20 +08:00
Daniel Jiang
753219834e
Merge pull request #8960 from ninjadq/upgrade_hash_alg_for_pswd
...
Upgrade hash alg for pswd
2019-09-12 11:22:39 +08:00
DQ
ea5c27fcd5
Enhance: Upgrade encrypt alg to sha256
...
previous sha1 will still used for old password
Signed-off-by: DQ <dengq@vmware.com>
2019-09-09 21:48:21 +08:00
stonezdj(Daojun Zhang)
ca97c85279
Merge pull request #8927 from ninjadq/fix_config_with_components
...
Add logic to read clair and notary config
2019-09-09 15:50:09 +08:00
DQ
495a257ab5
Add logic to read clair and notary config
...
Signed-off-by: DQ <dengq@vmware.com>
2019-09-05 12:49:32 +08:00
Daniel Jiang
b75cbe1a7e
Merge pull request #8912 from ninjadq/no_cache_index_html
...
Add no-cache to index.html
2019-09-03 13:01:55 +08:00
Qian Deng
97c40df40f
Merge pull request #8593 from ninjadq/fix_wording_in_doc
...
Update config file names
2019-09-03 10:53:23 +08:00
DQ
d50df0f0db
Add no-cache to index.html
...
shouldn't cache index.html for access fresh page after upgrade.
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:48:02 +08:00
DQ
aef93af21f
Fix docker-compose version to 1.18.0
...
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:37:42 +08:00
DQ
377739204b
Update config file names
...
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:19:06 +08:00
stonezdj(Daojun Zhang)
469018ae9e
Merge pull request #8891 from ninjadq/fix_prepare_file_permission
...
Fix: prepare permission issue
2019-09-02 18:07:14 +08:00
Qian Deng
86f2bb26a3
Fix docker-compose file permmission
...
non-root user can see the content
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-09-02 13:57:18 +08:00
DQ
6ed3d52615
Fix: prepare permission issue
...
1. recursivele change ownership for all prepare dir
2. database file permission fix
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 10:04:38 +08:00
Wang Yan
6e462baa0d
Merge pull request #8837 from ninjadq/disable_redis_n_db_container_if_use_exeternal
...
Disable redis and db containers if external db enabled
2019-09-01 17:47:28 +08:00
He Weiwei
e2a19d8ab9
fix(build): max idle and open conn settings for external db ( #8854 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-29 15:04:10 +08:00
Wenkai Yin(尹文开)
5da4286ef4
Hard delete project metadata ( #8856 )
...
Hard delete project metadata
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-29 12:14:39 +08:00
Wang Yan
87893abc5e
Merge pull request #8829 from ywk253100/190822_retry_status
...
Add status revision to handle retrying in replication task
2019-08-28 10:55:13 +08:00
Wang Yan
39f78ae768
Merge pull request #7872 from cd1989/config-redis-pool-idletimeout
...
Config idle timeout for redis pool to avoid jobservice restarting
2019-08-27 14:46:01 +08:00
Wenkai Yin
7924f37d86
Add status revision to handle retrying in replication task
...
Add status revision to handle retrying in replication task
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-27 14:17:11 +08:00
wang yan
28f7b7a64e
fix #8839 : update bolb size type to bigint
...
and extend the length of content type to 1024
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-27 10:43:29 +08:00
DQ
fe3c71094b
Disable redis and db containers if external db enabled
...
If depend on external redis or pg. local db and redis should not start. Therefore can save some resources.
Signed-off-by: DQ <dengq@vmware.com>
2019-08-26 17:59:13 +08:00
Wang Yan
35e786e54c
Merge pull request #8794 from ywk253100/190822_retry_status
...
Add status revision to retention task to handle retrying
2019-08-23 10:54:35 +08:00
Wang Yan
c9dc262540
Merge pull request #8773 from ninjadq/Feat--migration_scritp_180_2_190
...
Feat: Add migration script for 1.9
2019-08-22 23:51:14 +08:00
Wenkai Yin
661470e7bc
Add status revision to retention task to handle retrying
...
Add status revision to retention task to handle retrying
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-22 20:04:25 +08:00
Wenkai Yin(尹文开)
a9d77f5c2c
Merge pull request #8589 from ninjadq/upgrade_docker-compose_checker
...
Update docker-compose checker
2019-08-22 20:00:42 +08:00
DQ
fd7b867fe3
Add config template
...
Add upgrade script
Update latest version
Signed-off-by: DQ <dengq@vmware.com>
2019-08-22 17:23:33 +08:00
He Weiwei
a2c8536d37
fix(build): install tzdata pkg for core and jobservice images
...
Closes #8314
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-21 14:40:29 +00:00
cd1989
db9b52d827
Config idle timeout for redis pool
...
Signed-off-by: cd1989 <chende@caicloud.io>
2019-08-20 17:23:32 +08:00
Steven Zou
217252a097
Merge pull request #8675 from ywk253100/190814_retention_task
...
Handle the retention task status updating in concurrency
2019-08-20 17:07:21 +08:00
Daniel Jiang
f674bb4e6c
Merge pull request #8590 from ninjadq/fix_registry_log_level
...
Fix: registry log level rendering issue
2019-08-20 09:11:56 +08:00
Daniel Jiang
f10fb67d6d
Merge pull request #8662 from stonezdj/email_sec2
...
Set default email to null if not provided
2019-08-20 09:01:50 +08:00
Daniel Jiang
b34fda173c
Bump up Clair to v2.0.9
...
Fixes #8584
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-08-19 16:19:29 +08:00
stonezdj
5fa8eb7854
Set default email to null if not provided
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-08-19 15:20:44 +08:00
Daniel Jiang
b15c6bcdc7
Merge pull request #8259 from amritanshu-pandey/feature/fix-typos
...
fix typos in prepare script
2019-08-19 15:09:24 +08:00
wang yan
6e11ecc6fc
Update codes per review comments
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-16 14:58:52 +08:00
Wenkai Yin
48b067f596
Handle the retention task status updating in concurrency
...
Compare the status code when updating retention task status to avoid the concurrent issue
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-08-15 18:36:18 +08:00
He Weiwei
98e1f68468
feat(configuration,db): connection pool configs for db
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-14 14:30:34 +08:00
Daniel Jiang
ca585f8b9c
Merge pull request #8640 from ninjadq/fix_permission_of_nginx_cert
...
Fix permission of nginx cert
2019-08-14 14:23:40 +08:00
Wenkai Yin(尹文开)
a6445c1ebe
Merge pull request #8472 from kofj/feature/proxy
...
Proxy
2019-08-13 12:27:19 +08:00
Qian Deng
b4975d8601
Fix nginx permission issue
...
* mount root of host
* copy file to data dir and change ownership and permission
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-13 02:59:27 +00:00
jwangyangls
fd6a422bf8
Merge pull request #8605 from jwangyangls/fix-Link-to-license-hardcoded
...
Fix issue width Link to license in the about dialog should not be hardcoded to master
2019-08-12 10:50:18 +08:00
疯魔慕薇
3e8a73ca1e
Proxy
...
1. Global proxy config for components.
2. Prepare proxy configure for clair, core and jobservice.
Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com>
2019-08-11 00:24:18 +08:00
Wang Yan
54a39c7159
Merge pull request #8597 from heww/size-quota
...
refactor(quota,middleware): implement size quota by quota interceptor
2019-08-09 15:44:33 +08:00
Yogi_Wang
53bd4d7897
Fix issue width Link to license in the about dialog should not be hardcoded to master
...
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-08-09 13:26:43 +08:00
He Weiwei
e62c29123d
refactor(quota,middleware): implement size quota by quota interceptor
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-08 23:55:54 +00:00
Qian Deng
a935823e3d
Merge pull request #8362 from ninjadq/non-root-contaienr
...
Non root contaienr
2019-08-08 17:34:25 +08:00
DQ
131d26c0f8
Docker compose check function need updated to 1.23.0+
...
Signed-off-by: DQ <dengq@vmware.com>
2019-08-08 14:22:03 +08:00
Jakub Onderka
8f83310022
nginx: Remove TLSv1.1 support
...
Signed-off-by: Jakub Onderka <jakub.onderka@gmail.com>
2019-08-07 17:51:31 +02:00
guanxiatao
7e40e335b7
add sql schema
...
Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>
Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>
2019-08-07 21:35:46 +08:00
王添
94d4f9c6b6
add webhook job
...
Signed-off-by: 王添 <wangtian@corp.netease.com>
2019-08-07 20:56:31 +08:00
Steven Zou
f3ba25f656
Merge pull request #8536 from bitsf/tag_retention_task_num
...
add task retain num
2019-08-07 17:39:39 +08:00
DQ
057bc34703
Fix: registry log level rendering issue
...
when log level is warning, the actual value of registry should be warn
Signed-off-by: DQ <dengq@vmware.com>
2019-08-07 14:35:36 +08:00
Qian Deng
dacb1fc79e
Add healthcheck in Dockerfile* redis* jobservice
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 13:16:12 +00:00
Qian Deng
89d6370201
Remove ruby dependency while build portal
...
Python is already intalled in node image. so we can use python to parse yaml file
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
303471563f
DB container run as non-root
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
8b7f1ae4c0
Add proxy nginx container as non-root user
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
f8a8040c8f
Add notary as non-root user
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
29727148b3
Running job service with non-root container
...
job-service running with 10000:10000 user
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Qian Deng
e62a9f1e18
Running redis using non-root user
...
redis running with user redis
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Qian Deng
904f04fac1
Enhance: Running contaienr with non-root user
...
* core
* portal
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Qian Deng
96b62e5741
Make core container to non-root user
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Daniel Jiang
eec4fc2798
Remove clair notifier
...
The way Harbor handles notification is problematic.
It currently triggers rescan, which will cause problem when there are
lot of images in the registry.
Such as #7316
This commit removes the notifier and we need to revisit the notification
to figure out how to map the notification to a particular image if need
the notification mechanism in future.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-08-06 01:58:15 +08:00
Ziming Zhang
026aee75d9
add task retain num
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I2f8b89454fe3bb9b56af237048c9e2b90783f434
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-08-05 17:57:09 +08:00
Daniel Jiang
bd32787813
Merge pull request #8540 from JakubOnderka/patch-2
...
nginx.https.conf.jinja template indention fix
2019-08-02 17:52:51 +08:00
Jakub Onderka
53b5dcfece
nginx.https.conf.jinja template indention fix
...
Signed-off-by: Jakub Onderka <jakub.onderka@gmail.com>
2019-08-01 22:24:19 +02:00
wang yan
6987825ffd
Delete the nono scan all schedule in migration
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-08-01 16:59:13 +08:00
wang yan
4410cc93f9
add internal reg request handler chain
...
this is for internal registry api call, the request should be intercpeted by quota middlerwares, like retag and delete.
Note: The api developer has to know that if the internal registry call in your api, please consider to use
NewRepositoryClientForLocal() to init the repository client, which can handle quota change.
Signed-off-by: wang yan <wangyan@vmware.com>
2019-07-30 19:39:56 +08:00
Wenkai Yin(尹文开)
7fd06edccf
Merge pull request #8451 from ywk253100/190729_retention_task
...
Add property "repository" to retention task
2019-07-29 17:18:42 +08:00
Ziming Zhang
ba47b4c00f
get execution status on the fly
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: Iefcf8946d7a2c7a27bc22bd326ee9723b4b79c66
2019-07-29 14:48:39 +08:00
Wenkai Yin
a55860d2df
Add property "repository" to retention task
...
Add property "repository" to retention task
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-29 13:47:18 +08:00
Wenkai Yin(尹文开)
d45674960f
Merge pull request #8417 from goharbor/project-quota-dev
...
Add feature project quota dev
2019-07-26 15:41:09 +08:00
Wenkai Yin
2e9521ad45
Support to stop one execution of retention
...
Support to stop one execution of retention
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-25 16:48:00 +08:00
wang yan
4763864dae
merge with latest master code with quota feature branch
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-07-24 08:47:05 -07:00
Ziming
43c2af9857
map retention with policy ( #8313 )
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Implement the API and controller of tag retention
- API handler
- retention controller
- dao
2019-07-24 17:22:26 +08:00
He Weiwei
ce58c58c01
feat(quota,api): quota support for create project API
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-07-24 01:02:51 +08:00
Wenkai Yin
03cc8046eb
Implement the task management in retention manager
...
Implement the task management in retention manager
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-23 19:23:04 +08:00
Wenkai Yin
7362fae7cc
Implement a common scheduler
...
Implement a common scheduler that can be used globally
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-07-23 17:20:31 +08:00