* feat: update to golang-jwt v5.2.0
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: module issues and robot claims
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: add missing time import
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: set jwt validation leeway to 60s
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: update leeways that were still set to 10s
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: update go.sum
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: add two leeway related test cases
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: correct jwt audience validation
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* fix: gofmt v2_token.go
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: take into account review comments
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
* feat: use a common constant to store JWT leeway
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
---------
Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
Signed-off-by: Antoine Jouve <an-toine@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
1. Add db index for subject_artifact_id in table artifact_accessory.
2. Optimize the SQL of excluding the accessory for artifact count.
Signed-off-by: chlins <chenyuzh@vmware.com>
The permission api targets to return the full set of permissons for robot to use.
And only system and project admin have the access
Signed-off-by: wang yan <wangyan@vmware.com>
Check username when creating user by API
Replace comma with underscore in username for OnboardUser
Fixes#19356
Signed-off-by: stonezdj <daojunz@vmware.com>
In certain cases, the OCI client may push the subject artifact and accessory in either order.
Therefore, it is necessary to handle situations where the client pushes the accessory ahead of the subject artifact.
Signed-off-by: wang yan <wangyan@vmware.com>
Remove job status track information from redis after stop the job in the queue
After stop in the queue:
Remove key in {harbor_job_service_namespace}:job_track:inprogress
Remove {harbor_job_service_namespace}:job_stats:<job_id>
fixes#19211
Signed-off-by: stonezdj <daojunz@vmware.com>
Support to configure the customized redis db for cache layer and other
misc business for core, by default the behavior is same with
previous(stored in db 0).
Signed-off-by: chlins <chenyuzh@vmware.com>
1. Change some logs level to reduce the noise.
2. Wrap the go-redis.Nil error as ErrNotFound to avoid confusing
Signed-off-by: chlins <chenyuzh@vmware.com>
fix: add storage_limit check (add ValidateQuotaLimit as a general method to validate quota limit value)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
Check it is referred by a scan_report
Add index to report_vulnerability_record to improve performance
Fixes#19014#19028
Signed-off-by: stonezdj <daojunz@vmware.com>
Quote the project name when listing projects in the replication, resolve
the issue of pure number name of project.
Signed-off-by: chlins <chenyuzh@vmware.com>
For better performance when query cve information, add summary information to scan_report
Extract cve_score from vendor attribute in vulnerability_record
SQL migrate script for the update
Signed-off-by: stonezdj <daojunz@vmware.com>
Since harbor deprecates notary since v2.9.0, this pull request targets to remove the code related with notary.
Signed-off-by: Wang Yan <wangyan@vmware.com>
1. Change the query for listing tasks of scan which can use the db
index.
2. Add the gin index for task.extra_attrs.report_uuids
Fixes: #18013
Signed-off-by: chlins <chenyuzh@vmware.com>
Update the stopped execution status immediately becasue the user
experience is not good if wait long time when stop or reschedule a job.
Fixes: #18526
Signed-off-by: chlins <chenyuzh@vmware.com>
