1. add oidc group claim in configration page
2. add oidc group-page in user page,you can go to it through clicking add-group button;
3. add oidc list page in administrator ,admin can go to this page
Signed-off-by: Yogi_Wang <yawang@vmware.com>
This commit modifies nginx configuration file to make sure the secure
flag is added to "Set-Cookie" header when Harbor is serving https
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit mitigates the Session Fixation issue by making sure a new
session ID is generated each time user logs in to Harbor
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit enable project admin to add group as project member when
Harbor is configured against OIDC as AuthN backend.
It populates the information of groups from ID Token based on the claim
that is set in OIDC settings.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
- add DAO layer for scanner registration
- add CURD manager for scanner registration
- add API controller for plug scanner
- add REST APIs for CURD of plug scanner
- add migration sql:0011_1.10.0
- add scan interface definition (no implementations)
- add related UT cases with testify
fix#8979#8990
Signed-off-by: Steven Zou <szou@vmware.com>
* Adding docs about webhooks
* Fixed title
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Comments from Alex
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Adding placeholder for tag retentionl correct # of endpoints
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Added doc for tag retention
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Added JSON example for webhooks
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Added global webhook setting and error handling
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Comments from mmpei
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Comment from Alex
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Comment about concurrency from Alex
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Comment from steven about ** wildcard
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Comments from Steven on examples
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Added screen cap to edit retention rule
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Fixing indentation
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Clarified quotas
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Added doc for quotas
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Removing fullstops
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Fixed image links
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Documenting CVE whitelists
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Fix cut n paste error
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Adding images `
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Another cut n paste error
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Typos
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Tidied the language somewhat
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Comments from Wang Yan
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Completed unfinished sentence.
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Comments from Alex
Signed-off-by: Stuart Clements <sclements@vmware.com>
* Comment from Alex on artifact counts
* Replaced "artifact" with "tag" as appropriate
* Updated CVE whitelist button label
* Comments from He Weiwei
* Review comments
* Documented how to configure Syslog connection in harbor.yml
* Documenting DB connection pool
* Removed extraneous character
* Comments from Qian.
* Comment from Weiwei
* Another comment from Weiwei
* Added max_open_conns and max_idle_conns to the external DB
* Corrected defaults for max_open_conns and max_idle_conns
This commit add the new setting "oidc_groups_claim" to Harbor's
configurations.
And add "group_claim" to OIDCSetting struct.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Push an image to project(PA) by user(UA), then check the project quota usage;
5. Check quota change
6. Delete image, the quota should be changed to 0.
Signed-off-by: wang yan <wangyan@vmware.com>