refactor: refact the notification job API and life process
1. Introduce new APIs for webhook jobs management.
2. Refact legacy APIs for backforward compatible.
3. Migrate the webhook jobs process to unified execution/task framework.
Closes: #18210
Signed-off-by: chlins <chenyuzh@vmware.com>
Fixes#18121
Refactor job name with VendorType prefix, make sure job queue name and vendor type in execution and task are identical
Signed-off-by: stonezdj <daojunz@vmware.com>
Remove the project filter in the scan data export job as they have been
validated by API handler, fix the oidc or ldap group users cannot export
cve.
Fixes: #18112
Signed-off-by: chlins <chenyuzh@vmware.com>
Convert the redis range result into struct and extract job id from it
Add more log when get redis config fails
Signed-off-by: stonezdj <daojunz@vmware.com>
Signed-off-by: stonezdj <daojunz@vmware.com>
1. Skip to push system artifact to the distribution when the exported CSV file is empty.
2. Add status message for cve export execution.
Signed-off-by: chlins <chenyuzh@vmware.com>
Add queue manager and redis client
Update scheduler to add count and list
Signed-off-by: stonezdj <daojunz@vmware.com>
Signed-off-by: stonezdj <daojunz@vmware.com>
Check the notification enable before in the artifact webhook handler,
avoid additional db query cost for notification_policy.
Signed-off-by: chlins <chenyuzh@vmware.com>
Add REST API to list job pool, worker, stop running task
Add jobservice handler to retrieve configuration
Add RBAC for jobservice monitoring dashboard
Add REST API to list pool, worker and stop running task
Signed-off-by: stonezdj <stonezdj@gmail.com>
Signed-off-by: stonezdj <stonezdj@gmail.com>
Add human friendly when export CVE in the condition of empty CSV file,
because this file will be stored as system artifact and pushed to
distribution, but it will leads to error when push empty blob to S3
storage driver.
Signed-off-by: chlins <chenyuzh@vmware.com>
1. Add sql migration to alter replication policy table
2. Implement the PullBlobChunk and PushBlobChunk for the underlying v2 registry client
3. Update image transfer logic to support copy by chunk
4. Update the replication policy API handler
Signed-off-by: chlins <chenyuzh@vmware.com>
This commit replaces `os.Setenv` with `t.Setenv` in tests. The
environment variable is automatically restored to its original value
when the test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.Setenv
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Fix the replication webhook notification lost when the rule is
pull-based and src namespace different with dest.
Closes: #17298
Signed-off-by: chlins <chenyuzh@vmware.com>
1. Add two indexes to database migrations.
2. Skip refresh quota in middleware for requests from jobservice.
3. Refresh quota by self in the end of tag retention job.
Closes: #14708
Signed-off-by: chlins <chenyuzh@vmware.com>
1. Add resource permission check for API handler
2. Validate export cve params project
3. Optimize friendly human message when execution status is error
Signed-off-by: chlins <chenyuzh@vmware.com>
Fixed#17145
1, Filter out the accessory from the artifact list.
2, Disable the display func of the accessory interface, currently this will not impact any kind of accessory, like signature and nydus. If we'd like to introduce it, it needs to resolve the pagiation issue of artifact list.
Signed-off-by: Wang Yan <wangyan@vmware.com>
In some cases, the robot automatically generates passwords that do not meet confidentiality requirements.
The fix adds retry for auto generating passwords, and the timeout is 1 minute.
The requirement: the secret must longer than 8 chars with at least 1 uppercase letter, 1 lowercase letter and 1 number
Signed-off-by: Wang Yan <wangyan@vmware.com>
Fixes#16269, exclude the admin account by default
Add excludeDefaultAdmin method -- exclude default admin by option
Update authModeCanBeModified method -- the user count should be 0 without admin
Signed-off-by: stonezdj <stonezdj@gmail.com>
If the artifact has more than one signaure, it will currently copy the last one. After the fix, all accessories can be copied to the target project.
Signed-off-by: wang yan <wangyan@vmware.com>
Attach labels for replication event, list labels by artifact ID so for
event-based replication rule filter by label can work as expect.
Closes: #17014
Signed-off-by: chlins <chenyuzh@vmware.com>
