* feat: update to golang-jwt v5.2.0
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: module issues and robot claims
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: add missing time import
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: set jwt validation leeway to 60s
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: update leeways that were still set to 10s
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: update go.sum
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: add two leeway related test cases
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: correct jwt audience validation
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: gofmt v2_token.go
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: take into account review comments
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: use a common constant to store JWT leeway
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
---------
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
Signed-off-by: Antoine Jouve <an-toine@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
Habor doesnot support POST /service/token endpoint,
put this request into a transaction will consume
extra database resources and generate many logs.
Signed-off-by: bin liu <liubin0329@gmail.com>
1. Increase the default beego max memory and upload size from 32GB to
128GB.
2. Support customize the two beego configs from env.
Signed-off-by: chlins <chenyuzh@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Check username when creating user by API
Replace comma with underscore in username for OnboardUser
Fixes#19356
Signed-off-by: stonezdj <daojunz@vmware.com>
Support to configure the customized redis db for cache layer and other
misc business for core, by default the behavior is same with
previous(stored in db 0).
Signed-off-by: chlins <chenyuzh@vmware.com>
1. Change some logs level to reduce the noise.
2. Wrap the go-redis.Nil error as ErrNotFound to avoid confusing
Signed-off-by: chlins <chenyuzh@vmware.com>
Recognize nydus image(with subject) as a kind of accessory and built the releationship with subject manifest
Signed-off-by: wang yan <wangyan@vmware.com>
Since harbor deprecates notary since v2.9.0, this pull request targets to remove the code related with notary.
Signed-off-by: Wang Yan <wangyan@vmware.com>
At the time of making this commit, the package `github.com/ghodss/yaml`
is no longer actively maintained.
`sigs.k8s.io/yaml` is a permanent fork of `ghodss/yaml` and is actively
maintained by Kubernetes SIG.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Co-authored-by: MinerYang <yminer@vmware.com>
Refactor the logic for updating the status of execution when receiving
the hook from jobservice, avoid the optimistic lock due to the multiple
tasks update one execution by refreshing the status asynchronously. But
still retain the old way by specifying the flag from ENV.
Fixes: #17584
Signed-off-by: chlins <chenyuzh@vmware.com>
Wrap orm tx when the scheduler try to create the task because submit job
maybe failure depends on the jobservice.
Fixes: #18452
Signed-off-by: chlins <chenyuzh@vmware.com>
refactor: refactor the old goroutine execution sweep to global execution sweep job
1. Delete the old goroutine execution sweeper when create execution.(in the case of high concurrency can cause goroutine backlogs, affect the performance of core)
2. Introduce the new way to sweep executions, a global scheduled job will take the work.
Signed-off-by: chlins <chenyuzh@vmware.com>
As for the distribution spec 1.1, it supports client to push an manifest with subject field. By leverging this fidle, harbor could build up the linkage between the subject artifact and it's accessories.
Signed-off-by: wang yan <wangyan@vmware.com>
refactor: refact the notification job API and life process
1. Introduce new APIs for webhook jobs management.
2. Refact legacy APIs for backforward compatible.
3. Migrate the webhook jobs process to unified execution/task framework.
Closes: #18210
Signed-off-by: chlins <chenyuzh@vmware.com>
fixes#17887
enhance the timeout to 5m to avoid system artifact failed to schedule in the helm base installation.
Signed-off-by: Wang Yan <wangyan@vmware.com>
Signed-off-by: Wang Yan <wangyan@vmware.com>
Add configuration session_timeout for API, then user can customize the
timeout from system config page or API. The timeout is 60 minutes by
default.
Signed-off-by: chlins <chenyuzh@vmware.com>
Signed-off-by: chlins <chenyuzh@vmware.com>
Scheduling of system artifact depends on the jobservice, where gorountine is used to avoid the circular dependencies between core and jobservice.
Signed-off-by: Wang Yan <wangyan@vmware.com>