Commit Graph

153 Commits

Author SHA1 Message Date
Daniel Jiang
0699980924 Add Scan All job to job service (#5934)
This commit adds the job to scan all images on registry.
It also makes necessary change to Secret based security context, to
job service has higher permission to call the API of core service.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-09-22 13:07:32 +08:00
clouderati
587459df15 Replacing copyright notices with "Copyright Project Harbor Authors".
Signed-off-by: clouderati <35942204+clouderati@users.noreply.github.com>
2018-09-19 16:59:36 +00:00
Qian Deng
7873a0312a Rename harbor-ui to harbor-core
1. Update the nginx.conf
2. Update Makefile
3. Update docker-compose
4. Update image name
5. Rename folder ui to core
6. Change the harbor-ui's package name to core
7. Remove unused static file on harbor-core
8. Remove unused code for harbor-portal

Signed-off-by: Qian Deng <dengq@vmware.com>
2018-09-19 16:35:13 +08:00
陈德
0582db9a82 Apply consistent format for comments
Signed-off-by: 陈德 <chende@caicloud.io>
2018-09-05 16:16:31 +08:00
Steven Zou
1636b138f2 Return more data of the job when reporting status info via webhook
- update the status report func `RedisJobStatsManager.reportStatus`
- update the UT case for the above change

Signed-off-by: Steven Zou <szou@vmware.com>
2018-08-30 14:28:12 +08:00
wang yan
aab761ac8a Fix gofmt check results
Signed-off-by: wang yan <wangyan@vmware.com>
2018-08-29 11:50:00 +08:00
Yan
fca2bb3a6b
Fix misspell checking results (#5749)
Signed-off-by: wang yan <wangyan@vmware.com>
2018-08-29 10:25:42 +08:00
Daniel Jiang
dcf4e2ee78 Update import path in go code
vmware -> goharbor

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-08-23 17:50:53 +08:00
Daniel Jiang
65cf02a1d7 Validate job ID when getting job log
Add validation to job ID in the API to get job log in job service, to
prevent file path traversal attack.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-08-15 15:33:13 +08:00
wangyan
29d0d51403 Signed-off-by: wangyan <wangyan@vmware.com>
Add clean registry cache to gc job

To workaround the issue: https://github.com/docker/distribution/issues/2094
GC needs to clean cache before to call the docker reigstry api to delete blobs.
Otherwise, the following docker push will not be performed as docker registry
does not clean cache in GC, it thinks the image is still there, and the new
blobs will be uploaded.
2018-08-13 02:58:27 -07:00
wangyan
9a95f14918 Cherry-pick -- Fix security issue found by gas 2018-08-03 01:16:53 -07:00
Wenkai Yin
2a40068d75 Fix cross slot issue of redis
This commit upgrdes the github.com/gocraft/work package to 0.5.1 and updates the namespace value
to fix the redis cross slot issue mentioned in #4633
2018-07-27 14:23:39 +08:00
Yan
efdb57548f
add admin job api (#5344)
It supports Harbor admin to trigger job either manual or
schedule. The job will be populated to job service to execute. 
The api includes:
1. POST /api/system/gc
2, GET /api/system/gc/:id 
3, GET /api/system/gc/:id/log
4, PUT/GET/POST /api/system/gc/schedule
2018-07-20 19:22:37 +08:00
Yan
9e65499c10
Add garbage collection job implemention, this job could (#5268)
be triggered by manual and schedule. It calls registrtctl
to do the GC job, and log the output.
2018-07-16 18:08:40 +08:00
Steven Zou
4db708096b Add retry for getting configs from admin server when doing job conetxt initialization 2018-05-10 15:26:59 +08:00
Steven Zou
f7bc467c99 Return none zero code when job service exit with error
replace fmt.Println/logger.Errorf with logger.Fatal(f)
2018-05-10 14:44:04 +08:00
Yan
ae257433cc
Fully migrate harbor db to postgresql (#4689)
* Merge harbor db to postgres
2018-04-27 02:27:12 -07:00
Steven Zou
e1b509e3f3 Fix the issue of intermittent restarting of job service
github issue: #4712
ping redis server before pool starting

Let worker pool to restart the message server if message server exits with error (controlled by max retries)
2018-04-25 17:02:16 +08:00
Steven Zou
a17436962f Return the logger.Interface instead of the pointer of logger to avoid nil checking issue 2018-04-20 14:59:28 +08:00
Steven Zou
ca8d3bdcc9
Merge pull request #4638 from vmware/use_redis_url_addr
Use redis URL address to replace host:port when connecting to redis server
2018-04-17 10:12:51 +08:00
Steven Zou
adc2f8f124 Use redis URL address to replace host:port when connecting to redis server
replace tcp host:port with
'redis://arbitrary_usrname:password@ipaddress:port/database_index'

update prepare to generate config yaml file of job service based on harbor.cfg

update harbor.cfg default values
2018-04-13 19:19:56 +08:00
Steven Zou
b5b728bee3 Fix the vulnerability issues in the job service code
'Errors unhandled' in 'jobservice/job/impl/logger/job_logger.go'
'TLS InsecureSkipVerify set true' in 'jobservice/opm/hook_client.go'
2018-04-12 15:12:39 +08:00
Steven Zou
85ae40f5ec Apply auth checking to all the incoming requests 2018-04-08 18:12:13 +08:00
Steven Zou
529ad3e079
Merge pull request #4593 from vmware/add_more_log_2_js
Fix issue: failed to update the status of job if runtme error occurred
2018-04-08 14:03:34 +08:00
Steven Zou
233692c127 fix issue: job context may be nil pointer when trying to be closed in defer func 2018-04-08 13:03:23 +08:00
Steven Zou
1cb40368f5 Fix issue: failed to update the status of job if runtme error occurred 2018-04-08 10:38:47 +08:00
Tan Jiang
ff06ec05c3 Store secret in header instead of cookie 2018-04-07 22:02:06 +08:00
Tan Jiang
15580a5e8c Read the system properties from scan job context 2018-04-04 19:58:54 +08:00
Steven Zou
6c69a8cd05 Fix issue of stopping periodic job
improve op command by using cache
return 404 if no job found to stop
2018-04-02 18:08:03 +08:00
Steven Zou
fee7f6ddef Merge branch 'job_service' into switch_job_service 2018-04-02 12:06:23 +08:00
Steven Zou
250360307b Modify docker compose file template and make file to enable new job service
Fix typo in Makefile under photon

Fix version tag issue of redis container

Assign container name for redis container

Update docker compose template to enable network for redis

Remove exposed ports of redis from compose yaml tpl
2018-03-30 16:52:55 +08:00
Steven Zou
013028ef4a Replace old job service package with V2 (rename packages) 2018-03-30 11:22:29 +08:00
Steven Zou
bfbb949034 Use the new job service(v2) to replace the old one 2018-03-29 23:30:03 +08:00
yixingj
cb64ad96ff Make endpoint configurable
Move all the endpoint to harbor.cfg
2018-03-26 10:50:18 +08:00
Wenkai Yin
9022abfc13 Fix code issues found by Gas 2018-01-29 15:17:03 +08:00
Wenkai Yin
4070ed5152 Provide a mechanism to stop pending and retrying jobs 2018-01-12 15:29:20 +08:00
Wenkai Yin
3be1d5a7fd Assign read-only privilege of replication policy to project admin and add stopping replication jobs API. 2017-12-25 23:49:21 +08:00
Wenkai Yin
260ef561c4 Update the HTTP client for easy use by add more util functions 2017-12-16 06:45:59 +08:00
Wenkai Yin
a736cb7b09 Update the HTTP client according to the comments 2017-12-15 09:40:31 +08:00
Wenkai Yin
b5e7de331e Delete enabled and start_time properties of replication rule 2017-12-15 09:40:31 +08:00
Wenkai Yin
fe10c2e7f5 Create replicator to submit replication job to jobservice 2017-12-15 09:40:31 +08:00
Daniel Jiang
cdadc94d0f
Merge pull request #3804 from ywk253100/171215_jobservice
Print stack trace when recover from panic and print warning message rather than returning an error when updating 0 records
2017-12-18 16:36:20 +08:00
stonezdj
9393d26fdc Fix ldap ping issue #3653 2017-12-15 14:47:54 +08:00
Wenkai Yin
43489c2b67 Print stack trace when recover from panic and print warning message rather than returning an error when updating 0 records 2017-12-14 13:48:45 +08:00
Tan Jiang
b3e0af2382 Fix permission issue in job_log directory 2017-11-21 19:31:15 +08:00
Daniel Jiang
a2f20801c0
Merge pull request #3597 from ywk253100/171110_bug_fix
Add content-type header to the request when creating project during replication
2017-11-12 22:54:15 -06:00
Wenkai Yin
9889896e8a Add content-type header to the request when creating project during replication 2017-11-10 16:08:13 +08:00
reasonerjt
19a13e8575 Deprivilege harbor-ui harbor-jobservice harbor-adminserver
Use non-root user to run the service within these docker images, and provide HEALTHCHECK
mechanism.
2017-11-09 03:09:09 -08:00
Tan Jiang
512384722a Make the internal URL of UI and JobService configurable 2017-11-03 20:43:25 +08:00
Wenkai Yin
2156750b04 Move certificate verification to target level
The certificate verification is on system level before this commit. Moving it
to target level makes the configuration more flexible for different targets.
2017-10-20 15:36:56 +08:00
Wenkai Yin
66b2d0d3f3 Apply project level policies to standalone Harbor
The following features are only enabled in integration mode, this commit moves
these to standalone Harbor:
 - Content trust policy: only signed images can be pulled
 - Vulnerability policy: only images whose severity is below the threshold can be pulled
 - Automatic scan policy: automatic scan pushed images
2017-10-19 17:33:28 +08:00
Wenkai Yin
f0946b63cf fix code style issues reported by golint 2017-09-19 17:16:54 +08:00
Tan Jiang
2ffcf10eaa restart scan jobs when jobservice is started 2017-08-16 17:24:41 +08:00
Tan Jiang
882683ae6f Do not throw error if the scan result is unchanged 2017-08-10 17:26:39 +08:00
Wenkai Yin
7fedca3a4a remove useless codes 2017-08-09 15:13:51 +08:00
Daniel Jiang
6bd622196e Merge pull request #2972 from reasonerjt/master
Fix perf issue and connection leak in Clair.
2017-08-04 19:48:26 +08:00
Tan Jiang
fa0cb8731c Fix performance issue and connection leakage 2017-08-04 19:22:52 +08:00
Wenkai Yin
8963a15520 remove useless insecure flag 2017-07-31 13:45:49 +08:00
Wenkai Yin
eb9a4dfff9 update 2017-07-28 13:21:34 +08:00
Wenkai Yin
71e4c3c447 Merge remote-tracking branch 'upstream/master' into 170724_registry
Conflicts:
	src/ui/utils/utils.go
2017-07-26 18:46:41 +08:00
Wenkai Yin
cc264f85e7 do not ping if using raw token authorizer 2017-07-26 18:41:36 +08:00
Tan Jiang
97b334c3c0 fix #1953 2017-07-25 21:12:03 +08:00
Tan Jiang
ea25c3cfe5 provide api to show log of scan job 2017-07-20 19:32:27 +08:00
Wenkai Yin
2e427bffe2 fix replicate issue 2017-07-20 16:47:14 +08:00
Tan Jiang
92258cd012 enable security on jobservice scan api 2017-07-11 21:22:27 +08:00
Tan Jiang
ca805759d9 update scan overview in notification handler, and return clair vuln timestamp in system info 2017-07-07 17:47:52 +08:00
Wenkai Yin
4770aeba90 provide a method to get token from token service 2017-06-28 12:23:14 +08:00
Tan Jiang
ed296812f0 small refinement to clair client 2017-06-25 11:44:56 +08:00
Wenkai Yin
0b55ce6e80 add GetAll support in PMS project manager 2017-06-23 16:53:59 +08:00
Wenkai Yin
6fe175550b update 2017-06-22 15:50:24 +08:00
Wenkai Yin
bdd49e51d5 call ui API to get project 2017-06-22 14:01:17 +08:00
Wenkai Yin
3522332430 Merge pull request #2550 from ywk253100/170616_replication
Fix bug: can not replicate repository with multiple namespaces
2017-06-20 16:41:53 +08:00
Tan Jiang
7a57cb4c87 State machine recover from panic and set job state to error 2017-06-16 19:08:59 +08:00
Wenkai Yin
ec02cf54f0 fix #2508 2017-06-16 18:37:34 +08:00
Tan Jiang
41346fe8c0 provide POST api/repostitores/xxx/tags/xxx/scan to trigger image scan 2017-06-15 20:23:55 +08:00
Tan Jiang
ae2d868fd4 handlers for image scan, store results overview in DB 2017-06-13 23:37:54 +08:00
Tan Jiang
58c4993974 add handlers in statemachine 2017-06-09 14:55:15 +08:00
Daniel Jiang
42984fe1c9 refactory for scan job service (#2459)
* refactory for scan job service and implement ScanJob.
2017-06-08 15:04:23 +08:00
Daniel Jiang
c099ccf02e fix #2382 (#2422)
* fix #2382
2017-06-05 21:51:50 +08:00
Wenkai Yin
0e237d8cab fix bug 2017-05-23 16:28:10 +08:00
Daniel Jiang
1c441b17be refactor job service (#2348) 2017-05-22 22:33:20 -07:00
Wenkai Yin
e1c1b8ec34 refactor project api 2017-05-16 15:02:37 +08:00
Daniel Jiang
b9b7e2f5e1 Merge pull request #2244 from vmware/release-1.1.0
Merge latest code from release-1.1.0 branch
2017-05-07 22:48:08 -04:00
Wenkai Yin
017e650b5b fix bug 2017-05-05 18:11:16 +08:00
wangyan
045b5a1c63 Fix permission issue catched by GAS Scanner 2017-05-05 00:20:35 -07:00
wy65701436
53f7cfb967 replace go header 2017-04-13 03:54:58 -07:00
Wenkai Yin
cd86c50e29 donot dump response to log, fix #1950 2017-04-07 18:14:22 +08:00
Daniel Jiang
e02dd11703 Merge pull request #1684 from ywk253100/170320_adminserver_client
Abstract adminserver client into a single package
2017-03-21 16:08:31 +08:00
Wenkai Yin
67612aa2e3 abstract adminserver client into a single package 2017-03-21 01:00:26 +08:00
Wenkai Yin
108aa21499 upgrade registry to 2.6.0 2017-03-16 13:44:16 +08:00
Wenkai Yin
a4cb261df9 read some configs from env 2017-03-02 13:24:41 +08:00
Wenkai Yin
a1858098c5 using different secret to mark himself when communicates with other components 2017-02-23 18:24:32 +08:00
Wenkai Yin
40eb6bb7d3 encrypt passwords enhancement 2017-02-22 16:59:28 +08:00
Wenkai Yin
385d76e6f2 Merge remote-tracking branch 'upstream/configuration' into 170214_encryption
Conflicts:
	src/common/utils/registry/auth/tokenauthorizer.go
	src/common/utils/test/adminserver.go
	src/jobservice/replication/transfer.go
	src/ui/api/config.go
2017-02-20 12:21:56 +08:00
Wenkai Yin
390f89ee0a encrypt passwords and secret 2017-02-17 18:23:21 +08:00
Wenkai Yin
2e3174f404 update 2017-02-15 15:28:50 +08:00
Wenkai Yin
06519bb3f2 update 2017-02-13 17:17:46 +08:00
Wenkai Yin
1fbb28ad8c update 2017-02-09 15:25:52 +08:00
Wenkai Yin
f113f4a54f update 2017-02-08 14:58:21 +08:00
Wenkai Yin
f1f78a5649 update 2017-01-19 17:56:08 +08:00