Commit Graph

7742 Commits

Author SHA1 Message Date
Daniel Jiang
f1367064fb Address review comment
Address review comments for commit
b21f9dc6f1

and resolve conflict

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-20 13:42:39 +08:00
Michael Michael
64e60fe9cc
Update SECURITY.md 2019-09-19 21:30:37 -07:00
Wenkai Yin(尹文开)
20262d70bb
Merge pull request #9155 from reasonerjt/gen-session-id
Generate new session ID after login
2019-09-20 11:22:44 +08:00
Michael Michael
3d9dc4e734
Update SECURITY.md 2019-09-19 19:08:22 -07:00
Michael Michael
e908e1c588
Update SECURITY.md
updating to include cncf lists for public disclosure

Signed-off-by: Michael Michael michmike@cs.stanford.edu
2019-09-19 15:29:27 -07:00
Michael Michael
0300a804c4
Update SECURITY.md 2019-09-19 15:07:20 -07:00
Michael Michael
34093e73c4
Update SECURITY.md 2019-09-19 14:22:04 -07:00
Michael Michael
e80d208192
Update SECURITY.md 2019-09-19 14:08:49 -07:00
Michael Michael
daec26a5f9
moving the doc to the top of the repo 2019-09-19 10:37:40 -07:00
Wang Yan
adc9878e65
Merge pull request #9165 from xaleeks/xaleeks-security-disclosure-process
security disclosure process
2019-09-20 01:09:01 +08:00
xaleeks
9b4e3fa5c4 security disclosure process
Signed-off-by: xaleeks <xalex@vmware.com>
2019-09-20 00:02:34 +08:00
Daniel Jiang
3e5973fc6e Add Secure flag to cookie
This commit modifies nginx configuration file to make sure the secure
flag is added to "Set-Cookie" header when Harbor is serving https

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 21:04:37 +08:00
Daniel Jiang
07dd14d3b5 Generate new session ID after login
This commit mitigates the Session Fixation issue by making sure a new
session ID is generated each time user logs in to Harbor

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 20:51:50 +08:00
Fabian
1467f4bbb1 Escape User DN
Signed-off-by: Fabian Weber <fa.weber@enbw.com>
2019-09-19 14:29:09 +02:00
wang yan
cab07f71cd Merge branch 'master' of https://github.com/goharbor/harbor into immutable-selector 2019-09-19 17:55:29 +08:00
Daniel Jiang
b21f9dc6f1 Support OIDC groups
This commit enable project admin to add group as project member when
Harbor is configured against OIDC as AuthN backend.

It populates the information of groups from ID Token based on the claim
that is set in OIDC settings.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 17:49:31 +08:00
danfengliu
c360e71d51
Merge pull request #9148 from AllForNothing/add-member-nightly
Improve project name validator when adding new project
2019-09-19 17:13:31 +08:00
Steven Zou
4c4897aef1
Merge pull request #9134 from steven-zou/feature/pluggable_scanners
support pluggable scanner
2019-09-19 16:08:24 +08:00
sshijun
6b2ba60c1e Improve project name validator when adding new project
Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-19 13:53:36 +08:00
jwangyangls
e505ba53f0
Merge pull request #9147 from jwangyangls/add-id-edit-rep
Add id in repo info button
2019-09-19 13:03:06 +08:00
Yogi_Wang
450184c4ec Add id in repo info button
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-09-19 12:21:07 +08:00
jwangyangls
5ffba4a6f5
Merge pull request #9069 from danfengliu/script-project-quotas-nightly-test-case
Script test case for project quotas
2019-09-19 10:27:22 +08:00
Steven Zou
e324a4d623 support pluggable scanner
- add DAO layer for scanner registration
- add CURD manager for scanner registration
- add API controller for plug scanner
- add REST APIs for CURD of plug scanner
- add migration sql:0011_1.10.0
- add scan interface definition (no implementations)
- add related UT cases with testify

fix #8979 #8990

Signed-off-by: Steven Zou <szou@vmware.com>
2019-09-18 21:56:45 +08:00
Steven Zou
ae0c129b27
Merge pull request #9125 from wy65701436/refactor-selector
refactor selector of retention
2019-09-18 18:27:16 +08:00
Danfeng Liu (c)
5d1913842c Script test case for project quotas, there will be 2 or 3 test cases in this PR, like project quota edit, prject quota functionality.
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2019-09-18 17:55:25 +08:00
jwangyangls
e226f0a258
Merge pull request #9137 from jwangyangls/fix-group-clarity-ui
Supplement group ui
2019-09-18 17:45:24 +08:00
wang yan
42a5db83b2 refactor selector of retention
extract select from pkg/retention, move it to pkg/artselector to make it usable by immutable tag

Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-18 16:38:41 +08:00
Will Sun
81a143855e
Merge pull request #9136 from AllForNothing/css-modify
Modify css for add-memeber page and project-config page
2019-09-18 16:29:20 +08:00
Yogi_Wang
069f884a7c Supplement group ui
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-09-18 16:02:58 +08:00
sshijun
e7b2b4bb03 Modify css for add-memeber page and project-config page. Format
global.scss file

Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-18 14:58:44 +08:00
Will Sun
de550c4073
Merge pull request #8901 from phantooom/master
fix portal Chinese translate
2019-09-18 14:18:46 +08:00
jwangyangls
6dd2ae90a0
Merge pull request #9011 from jwangyangls/upgrade_clarity-2.1
Upgrade angular from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
2019-09-18 10:45:40 +08:00
Yogi_Wang
a7c7a8e675 Upgrade angualr from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
Signed-off-by: Yogi_Wang <yawang@vmware.com>

Signed-off-by: Meina Zhou <meinaz@vmware.com>
Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-18 10:12:20 +08:00
xaleeks
460756c293
Merge pull request #9130 from xaleeks/xaleeks-permissions-updates
added permissions for 1.9 features
2019-09-18 09:14:17 +08:00
xaleeks
8ae4c78214 fixed cve whitelist permissions
Signed-off-by: xaleeks <xalex@vmware.com>
2019-09-18 00:47:30 +08:00
xaleeks
bf3416cbf7 added permissions for 1.9 features
Signed-off-by: xaleeks <xalex@vmware.com>
2019-09-17 22:55:24 +08:00
stonezdj(Daojun Zhang)
1d16fcfd93
Merge pull request #9118 from wy65701436/fix-redeclared
remove filter redeclared as imported package name in base.go
2019-09-17 18:11:54 +08:00
wang yan
5498b5719b remove filter redeclared as imported package name in base.go
It's introduced by https://github.com/goharbor/harbor/pull/8976

Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-17 16:36:59 +08:00
wang yan
b603f8ab62 Add quota switcher swagger doc
Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-17 14:48:54 +08:00
Wang Yan
f77ce4aa3a
Merge pull request #8976 from ninjadq/add_auth_for_project_head
Fix: Add authenticate to projects head
2019-09-17 14:02:45 +08:00
stonezdj(Daojun Zhang)
0aa51a568d
Merge pull request #9101 from reasonerjt/oidc-groups-config
Add groups claim to OIDC configuration
2019-09-17 10:38:43 +08:00
Stuart Clements
0470b334c6
Adding docs about webhooks, tag retention, CVE whitelists and project quotas (#8869)
* Adding docs about webhooks

* Fixed title

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from Alex

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Adding placeholder for tag retentionl correct # of endpoints

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added doc for tag retention

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added JSON example for webhooks

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added global webhook setting and error handling

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from mmpei

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comment from Alex

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comment about concurrency from Alex

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comment from steven about ** wildcard

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from Steven on examples

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added screen cap to edit retention rule

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Fixing indentation

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Clarified quotas

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Added doc for quotas

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Removing fullstops

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Fixed image links

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Documenting CVE whitelists

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Fix cut n paste error

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Adding images `

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Another cut n paste error

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Typos

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Tidied the language somewhat

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from Wang Yan

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Completed unfinished sentence.

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comments from Alex

Signed-off-by: Stuart Clements <sclements@vmware.com>

* Comment from Alex on artifact counts

* Replaced "artifact" with "tag" as appropriate

* Updated CVE whitelist button label

* Comments from He Weiwei

* Review comments
2019-09-16 14:54:40 +02:00
Stuart Clements
0f4cf89253
Documented how to configure Syslog and DB connection pool in harbor.yml (#9005)
* Documented how to configure Syslog connection in harbor.yml

* Documenting DB connection pool

* Removed extraneous character

* Comments from Qian.

* Comment from Weiwei

* Another comment from Weiwei

* Added max_open_conns and max_idle_conns to the external DB

* Corrected defaults for max_open_conns and max_idle_conns
2019-09-16 11:53:16 +02:00
Daniel Jiang
f36efa4dcd Add groups claim to OIDC configuration
This commit add the new setting "oidc_groups_claim" to Harbor's
configurations.
And add "group_claim" to OIDCSetting struct.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-16 15:54:14 +08:00
Daniel Jiang
89b8dfc508
Merge pull request #9004 from stuclem/robot-helm
Documented that Robo accounts can push/pull helm charts
2019-09-16 11:34:16 +08:00
Wang Yan
bd6bd6e749
Merge pull request #9053 from wy65701436/quota-e2e
Quota e2e case
2019-09-16 01:00:16 +08:00
Wang Yan
6b5fd36bb3 add e2e test case for project quota
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Push an image to project(PA) by user(UA), then check the project quota usage;
5. Check quota change
6. Delete image, the quota should be changed to 0.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-15 22:16:11 +08:00
xaleeks
76f1580634
Merge pull request #8994 from stuclem/replication-improvements
Documenting new registry providers as replication endpoints
2019-09-13 19:09:49 +08:00
xaleeks
81a25f2d6e
Merge pull request #9045 from stuclem/upgrade
Updated upgrade and migration guide for 1.9
2019-09-13 19:02:52 +08:00
Stuart Clements
f14411dcab Comments from Alex 2019-09-12 17:06:37 +02:00