Commit Graph

96 Commits

Author SHA1 Message Date
Daniel Jiang
db10720e80
Merge pull request #11406 from reasonerjt/reenable-token-auth-for-cli-new
Reenable token auth for cli
2020-04-07 08:55:25 +08:00
He Weiwei
80027c3b86
Merge pull request #11397 from ywk253100/200402_chart_api
Add a seperated swagger file for chart API
2020-04-07 00:05:49 +08:00
wang yan
44825e819e deprecate quota count on artifact
Fixes #11241

1, remove count quota from quota manager
2, remove count in DB scheme
3, remove UI relates on quota
4, update UT, API test and UI UT.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-04-06 16:56:11 +08:00
Wenkai Yin
8f8b4d5e8d Add a seperated swagger file for chart API
Add a seperated swagger file for chart API as these APIs have no version

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-04-06 16:30:26 +08:00
Daniel Jiang
08f9ffa000 Reenable token auth for cli
Docker CLI fails if it's not logged in upon seeing "basic" realm challenging while pinging the "/v2" endpoint. (#11266)
Some CLI will send HEAD to artifact endpoint before pushing (#11188)(#11271)

To fix such problems, this commit re-introduce the token auth flow to the CLIs.

For a HEAD request to "/v2/xxx" with no "Authoirzation" header, the v2_auth middleware populates the
"Www-Authenticate" header to redirect it to token endpoint with proper
requested scope.

It also adds security context to based on the content of the JWT which has the claims of the registry.
So a request from CLI carrying a token signed by the "/service/token" will have proper permissions.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-04-04 00:05:58 +08:00
DQ
cd69339014 Fix API TEST for chart Version
Fix api test for chart b/c revert the api

Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 11:55:22 +08:00
Wenkai Yin(尹文开)
4faff18b2d
Merge pull request #11339 from ywk253100/200328_limit_offset
Add "order by" clause to avoid the duplicat rows
2020-03-30 17:14:44 +08:00
Wenkai Yin
fb975d902c Add "order by" clause to avoid the duplicat rows
Add "order by" clause to avoid the duplicat rows: https://www.postgresql.org/docs/9.6/queries-limit.html

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-30 16:42:43 +08:00
Ren Maosheng
759c759b58 Adding tests for native docker registry APIs exposed by Harbor
Adding a test for listing repositories
Adding a test for list image tags for specified repo.

Signed-off-by: Ren Maosheng <renmaosheng@gmail.com>
2020-03-29 08:27:13 -07:00
danfengliu
77e3b0d828 Fix nightly ldap test cases
1. Modify robot account test, checkout "Never Expired" button;
2. Modify OIDC get user API;
3. Modify verification for docker pull command;

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-27 20:24:43 +08:00
Wang Yan
eccb8aa708
append pull permission for push policy (#11303)
Fixes #11225
As registry changes to basic auth, the push action lost the pull permission.
Add it in the robot security context.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-27 17:10:04 +08:00
danfengliu
6ccaaf1efa Remove some content of verification for artifact addtion
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-26 10:03:30 +08:00
Wang Yan
dc6eec8a73
Enable API logs test case (#11142)
1, enable user view log api test case
2, update project logs api permission check
3, use project ctl instead in permission check base method

Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-19 14:56:37 +08:00
jwangyangls
1d435bc246
Merge pull request #11086 from danfengliu/add-api-test-of-add-addition
Modify api test for test step of add addition
2020-03-18 20:12:46 +08:00
Wang Yan
b4e941e961
drop table access log in migration (#11118)
Use the audit log instead, the access log table should be dropped after migration

Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-18 19:04:38 +08:00
danfengliu
77e9fc38c7 Modify api test for test step of add addition
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-18 17:32:10 +08:00
danfengliu
995ce30c58 Modify API test for scan image since harbor v2 API presented
1. System level Scan All;
2. Scan An Image Artifact

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-18 10:15:07 +08:00
Wenkai Yin
e33b2984ce Add create/delete tag API test case
Add create/delete tag API test case

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-16 21:32:34 +08:00
danfengliu
843b05c2d3 Add script of push cnab bunlde API test
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-16 17:37:16 +08:00
danfengliu
42956c74bb
Merge pull request #11018 from danfengliu/add-verification-for-helm-api-test
Add verfication for helm API test
2020-03-16 10:17:37 +08:00
Wenkai Yin
c6940e8184 United error response format for management APIs (legacy and v2.0 APIs)
United error response format for management APIs (legacy and v2.0 APIs)

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-03-13 22:00:08 +08:00
He Weiwei
28dcb5ad59
test(quota): enable quota test case in API robot (#11039)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-03-12 11:50:30 +08:00
danfengliu
f8811102da Add verfication for helm API test
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-11 15:05:16 +08:00
Wang Yan
f49994d81d
enable garbage colloection api test case (#11000)
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-11 11:19:29 +08:00
danfengliu
e49ac2f9e9 Add API test python script - Push chart file by Helm3 chart command line
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-05 14:58:36 +08:00
danfengliu
2d6e18a895 Add API test case of pushing index by docker manifest
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-03-02 06:31:59 +00:00
wang yan
79cf21f82f add tag controller
use the tag controller to handle CRUD of tags, especially the delete scenario, it could validate
the immutable and signature. And move the code of tag handling from artifact controller to tag controller

Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-28 11:42:10 +08:00
danfengliu
c283a02e5f Update existing API tests for API V2.0
Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-26 21:38:39 +08:00
danfengliu
4933bb634f Upgrade repository API tests to V2.0
Enable _xsrf in cookies in swagger.yaml, so that scripts don't have to handle it.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-24 18:15:25 +08:00
He Weiwei
88fcacd4b7
feat(middleware): add blob middlewares (#10710)
1. Add middleware to record the accepted blob size for stream blob
upload.
2. Add middleware to create blob and associate it with project after blob upload
complete.
3. Add middleware to sync blobs, create blob for manifest and associate blobs
with the manifest after put manifest.
4. Add middleware to associate blob with project after mount blob.
5. Cleanup associations for the project when artifact deleted.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-02-20 23:20:34 +08:00
Ziming
0bc32410f3
Merge pull request #10742 from bitsf/oci_tag_retention
requirement(oci) implement tag retention for oci
not include ChartClient yet
2020-02-20 20:31:49 +08:00
danfengliu
03668ad372 Build python swagger client for V2.0
Add v2 swagger.yaml python library.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-20 18:06:54 +08:00
Ziming Zhang
94e23dc954 requirement(oci) implement tag retention for oci
Change-Id: Ib36660835d2666b35124e66254c33b5fc19aaf77
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-02-20 00:43:20 +08:00
Wenkai Yin
94787ea60d Bump up the version of legacy APIs to v2.0
Bump up the version of legacy APIs to v2.0

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-14 13:16:30 +08:00
danfengliu
d1b5bd5d9c Fix project quotas API test issue
In project quotas API test, pull images from goharbor namespace instead of library:
1. Replace image source in API test;
2. Modify criteria for verify project configuration modification.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-06 16:43:08 +08:00
danfengliu
66eff99c7f Fix description issue of test in robot account API test and issue of Helm3 test
1. Fix issue that test step descriton was mismatch with test step;
2. Wrong helm command was used in Helm3 test, replace helm with helm3;
3. In API test, images were pulled from docker-hub registry, images size changed sometime, so we like to use internal registry.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-02-04 17:26:52 +08:00
Daniel Jiang
2064a1cd6d Switch to basic authentication for registry
1. Add basic authorizer for registry which modify the request
to add basic authorization header to request based on configuration.
2. Set basic auth header for proxy when accessing registry
3. Switche the registry to use basic auth by default and use the basic
authorizer to access Harbor.
4. Make necessary change to test cases, particularly
"test_robot_account.py" and "docker_api.py", because the error is
changed after siwtched to basic auth from token auth.  #10604 is opened
to track the follow up work.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-01-31 21:46:47 +09:00
Daniel Jiang
5f8acc3896 Add middlewares for permission checking for v2 API
When the registry shifts from token auth to basic auth, we'll use the middleware to check permission.
This commit add middlewares for populate the artifact info and check
permission based on request to /v2/* api via security context

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-01-27 12:53:15 +08:00
Ziming Zhang
9f1d538b5f feat(cicd): try fix sometimes docker push time out
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I67193a7c5b80d169237a884895627f68a1f65933
2020-01-20 11:57:03 +08:00
Ziming Zhang
45113ea8e1 feat(cicd) use a smaller docker image for test
Change-Id: Ie8f365e7271bfda24ae965aaca0e55d1099c1d68
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-01-17 13:09:31 +08:00
wang yan
a0f3709b3c add expiration data time when to create a robot account
Update API of creating robot accout, user can specify expiration time per account.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-01-03 13:47:06 +08:00
stonezdj
6313a55219 Fix admin permission not revoked when removed from LDAP admin group
Seperate the HasAdminRole(In DB) with the privileges from external auth, and use user.HasAdminPrivilege to check

Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-12-20 13:12:22 +08:00
Steven Zou
4b335b79d5
Merge pull request #9693 from steven-zou/fix/issue_#9606_update_API_swagger
update API swagger file
2019-11-06 11:06:02 +08:00
Steven Zou
0ebeaa10df update API swagger file
- add scanners mgmt related API
- add scan related API
  - trigger scan
  - get report
  - get log text stream
  - get scan all metrics
- update the scan_overview in the tag getting API
- fix #9606

Signed-off-by: Steven Zou <szou@vmware.com>
2019-11-05 22:20:14 +08:00
Wenkai Yin
e20b538141 Add e2e test case for health check API
Add e2e test case for health check API

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-10-29 13:48:06 +08:00
wang yan
3e826c4e80 update query in the immutable delete manifest middleware
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-22 19:37:20 +08:00
He Weiwei
8964a8697a build(clair): internal clair adapter when install with clair
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-17 12:00:51 +08:00
He Weiwei
4ce72e37c4 fix(robot): robot account improvement for policies
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-09-27 03:07:58 +00:00
Ziming Zhang
afe81a8b3b adjust wait job timeout
Change-Id: I8f32f814158d4a7418c39edb7a781879db17a4d7
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-09-20 16:18:03 +08:00
Wang Yan
6b5fd36bb3 add e2e test case for project quota
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Push an image to project(PA) by user(UA), then check the project quota usage;
5. Check quota change
6. Delete image, the quota should be changed to 0.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-15 22:16:11 +08:00