Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-01-09 09:27:42 +01:00
Code Issues Projects Releases Wiki Activity
9,621 Commits 56 Branches 321 Tags 344 MiB
9ce29c9dc8
Commit Graph

232 Commits

Author SHA1 Message Date
Wang Yan
9ce29c9dc8
update time format of audit log (#12629) 
fixes #11522

use the format: date-time as the format of audit op_time, then it could be rendered by FF and Chrome.

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-07-30 17:29:25 +08:00
stonezdj(Daojun Zhang)
518a1721a7
Merge pull request #12571 from ywk253100/200723_proxy_cache_secret 
Limit the permission of secret used by proxy cache service
 2020-07-30 14:04:54 +08:00
Daniel Jiang
0a9219dcd6
Merge pull request #12615 from wy65701436/update-logs 
revise the blob logs
 2020-07-30 09:10:07 +08:00
Daniel Jiang
1ee4b3dc82
Refine request checking for OIDC CLI secret (#12596) 
This commit makes OIDC CLI secret filter allow more URLs so that the
OIDC CLI secret can be used for replication

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-07-30 00:21:27 +08:00
wang yan
20df844d5a revise the blob logs 
1, update typo in the update blob status sql, the typo will not impact the sql result.
2, correct blob status in the middleware & GC job log.

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-07-29 12:45:30 +08:00
fanjiankong
3653d3cdef Schedule preheat policy. 
Signed-off-by: fanjiankong <fanjiankong@tencent.com>
 2020-07-29 00:36:34 +08:00
Wenkai Yin
ced7b73322 Limit the permission of secret used by proxy cache service 
Limit the permission of secret used by proxy cache service, fixes #12257

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2020-07-27 10:15:00 +08:00
Wang Yan
eeb8fca255
add debugging env for GC time window (#12528) 
* add debugging env for GC time window

For debugging, the tester/users wants to run GC to delete the removed artifact immediately instead of waitting for two hours, add the env(GC_BLOB_TIME_WINDOW) to meet this.

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-07-22 11:09:01 +08:00
He Weiwei
6db1a1cb91 perf(db): skip tx for get blob, patch/put blob upload apis 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-07-20 16:42:16 +00:00
Steven Zou
ee35e1ecc6
Merge pull request #12507 from chlins/fix/preheat-update-instance 
fix(preheat): fix preheat handler PingInstance and UpdateInstance
 2020-07-20 17:45:24 +08:00
Steven Zou
46d7434d0b
Merge pull request #12473 from ywk253100/200706_scheduler 
Refactor the scheduler with the task manager mechanism
 2020-07-20 15:53:14 +08:00
chlins
78927af032 fix(preheat): fix preheat handler PingInstance and UpdateInstance 
Signed-off-by: chlins <chlins.zhang@gmail.com>
 2020-07-20 15:42:24 +08:00
Wenkai Yin
4dc4b6728c Refactor the scheduler with the task manager mechanism 
Refactor the scheduler with the task manager mechanism, this will reduce the duplicate code

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2020-07-20 14:03:15 +08:00
Wang Yan
24ed52112e
fix blob deleting status issue (#12481) 
1, The update blob status method should udpate the blob version of the blob object as well, otherwise the GC job cannot handle the blob status transform(none - delete - deleting - deletefailed)
as the method is using version equals as the query condition.
2, For the deleting blob which marked for more than 2 hours, it should be set to delete failed in head blob & put manifest request

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-07-20 11:44:29 +08:00
Wenkai Yin(尹文开)
5a898c1661
Merge pull request #12510 from ywk253100/200717_copy_proxy 
Prevent copying artifact to a proxy cache project
 2020-07-20 11:10:46 +08:00
wang yan
3345b8aae2 fix get manifest return code 
When to call,
~~~ REQUEST ~~~
GET  /v2/conformance/testrepo/manifests/.INVALID_MANIFEST_NAME

Per OCI distribution spec, it has to return 404, instead of 400 (project name required)

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-07-17 15:40:52 +08:00
Wenkai Yin
54a1155140 Prevent copying artifact to a proxy cache project 
Prevent copying artifact to a proxy cache project

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2020-07-17 15:24:18 +08:00
He Weiwei
a22d803a95 refactor(quota): move pkg/types to pkg/quota/types 
Closes #9664

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-07-14 14:28:53 +00:00
stonezdj
b9c861f3f1 Add disable push for proxy project 
Add middleware for blob and manifest push operation

Signed-off-by: stonezdj <stonezdj@gmail.com>
 2020-07-14 10:13:38 +08:00
疯魔慕薇
f187509a90
Merge pull request #12454 from chlins/feat/list-providers-at-project-level 
feat(preheat): add list providers under project level handler
 2020-07-14 08:17:53 +08:00
chlins
7322d0ac7c feat(preheat): add list providers under project level handler 
Signed-off-by: chlins <chlins.zhang@gmail.com>
 2020-07-13 21:53:50 +08:00
stonezdj
3abe77d6cb Add proxy cache feature 
Update route to add proxy related middleware
Add proxy controller

Signed-off-by: stonezdj <stonezdj@gmail.com>
 2020-07-13 21:18:43 +08:00
chlins
08bd46e125 feat: add preheat execution api handler 
Signed-off-by: chlins <chlins.zhang@gmail.com>
 2020-07-13 13:14:08 +08:00
fanjiankong
a99aa21c8a Enable RBAC control in the preheat API 
Signed-off-by: fanjiankong <fanjiankong@tencent.com>
 2020-07-13 11:06:25 +08:00
Steven Zou
1dfc93c3f6
Merge pull request #12430 from kofj/preheat_and_healthcheck 
Preheat and healthcheck
 2020-07-10 15:17:34 +08:00
chlins
38d14dff30 fix(preheat): validate instance/policy name, set unique filed and policy 
manager adds parsePolicy

Signed-off-by: chlins <chlins.zhang@gmail.com>
 2020-07-10 10:29:47 +08:00
fanjiankong
080afbfe1b Add preheat APIs, handlers. 
1. Manual preheat.
2. Instance health check.

Signed-off-by: fanjiankong <fanjiankong@tencent.com>
 2020-07-10 09:48:35 +08:00
fanjiankong
8a44ee400d Instance handler. 
- Add logic of preheat instance methods without RBAC.

Signed-off-by: fanjiankong <fanjiankong@tencent.com>
 2020-07-09 00:01:14 +08:00
chlins
37a00912b7 feat: add p2p preheat swagger yaml and implement preheat api policy handler 
Signed-off-by: chlins <chlins.zhang@gmail.com>
 2020-07-06 21:05:22 +08:00
Steven Zou
f3fcb96570
Merge pull request #12335 from kofj/p2p_preheat_api 
feat(preheat):add preheat api, controller and manager
 2020-07-03 13:47:04 +08:00
fanjiankong
a0c2d0ac9e feat(preheat):add preheat api, controller and manager 
- define instance's api
- define extension models for api
- implement preheat controller
- implement preheat manager
- most code are picked up from the original P2P feat branch

Signed-off-by: fanjiankong <fanjiankong@tencent.com>
 2020-07-03 11:25:42 +08:00
wang yan
7d1507feaa update code arrording to the review comments 
Signed-off-by: wang yan <wangyan@vmware.com>
 2020-07-02 14:57:04 +08:00
wang yan
67be511a85 add middlware for put manifest 
The middleware is to handle manifest(blob) status in different push manifest situation, similar with blob

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-07-02 14:57:04 +08:00
Wang Yan
468ba50a7e
handle blob status chanage in put blob middlware (#12315) 
* handle blob status chanage in put blob middlware

After blob is uploaded success, the middleware will update the blob status accordingly.

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-06-29 16:38:47 +08:00
AllForNothing
fff6f7529a Replace all whitelist with allowlist 
Signed-off-by: AllForNothing <sshijun@vmware.com>
 2020-06-24 16:17:17 +08:00
Wenkai Yin(尹文开)
202916e396
Merge pull request #12280 from ywk253100/200616_task_manager 
Implement task and execution manager
 2020-06-23 18:44:44 +08:00
Wenkai Yin
ea20690264 Implement task and execution manager 
Implement task and execution manager

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2020-06-23 17:10:58 +08:00
wang yan
0e175017aa continue updating code per review comments 
Signed-off-by: wang yan <wangyan@vmware.com>
 2020-06-23 14:42:28 +08:00
wang yan
446739f967 rebase with latest source code 
Signed-off-by: wang yan <wangyan@vmware.com>
 2020-06-23 13:10:57 +08:00
wang yan
c10467eb36 continue refactor 
Signed-off-by: wang yan <wangyan@vmware.com>
 2020-06-23 13:10:57 +08:00
Wang Yan
58b7242a25
move send error to source lib (#12175) 
* move send error to source lib

Move the sendError into library in case the cycle dependency as regsitry and core are now the consumers.

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-06-19 01:04:50 +08:00
Wang Yan
dec8397c21
Add api to delete blob and manifest (#12006) 
* Add api to delete blob and manifest

Enable the capability of registry controller to delete blob and manifest

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-06-06 01:34:23 +08:00
Daniel Jiang
9a9e7d61fc Remove the API to test a webhook 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-06-05 13:16:18 +08:00
wang yan
f0fabb9ef8 fix conformance issue on deleting manifest 
fixes #11949
When to call delete manifest API with a tag as the reference, Harbor should give a unsupported error code.

Reference: Note that a manifest can only be deleted by digest. https://github.com/opencontainers/distribution-spec/blob/master/spec.md#delete-manifest

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-05-19 15:58:33 +08:00
Wang Yan
b1793e795c
fix conformance test ErrorsCodes failure (#11961) 
fixes #11945
When client calls PUT with an invalid digtest, Harbor has to give a 400 instead of 500.

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-05-18 17:20:23 +08:00
He Weiwei
5c5ba0b764
Merge pull request #11765 from heww/quota-webhook-enhancement 
feat(quota,webhook): send quota webhook for put and mount blob
 2020-04-28 09:35:57 +08:00
He Weiwei
b1c9d452ce feat(quota,webhook): send quota webhook for put and mount blob 
Closes #11712

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-04-28 00:59:16 +00:00
Daniel Jiang
87f006d3a9
Merge pull request #11755 from reasonerjt/token-service-core-url 
v2 auth middleware handles the ping request from internal
 2020-04-27 15:04:10 +08:00
Daniel Jiang
fe587d0cc8 v2 auth middleware handles the ping request from internal 
When scanner like trivy handles the auth flow to pull image, it pings
the /v2 and access the token service url in response body, by default it
will be external endpoint of Harbor.
There will be problem when Harbor is deployed on a single node with hairpinning not
supported.

This commit makes sure the address of token service in the challenge is
internal url of core component when the request is from internal.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-04-27 00:54:49 +08:00
wang yan
c4c279089a fix return code on getting non exist manifest 
It's found by conformance test, it should be 404 instead of 500 when to get a non exist manifest

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-04-26 23:31:11 +08:00