Daniel Jiang
0699980924
Add Scan All job to job service ( #5934 )
...
This commit adds the job to scan all images on registry.
It also makes necessary change to Secret based security context, to
job service has higher permission to call the API of core service.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-09-22 13:07:32 +08:00
clouderati
587459df15
Replacing copyright notices with "Copyright Project Harbor Authors".
...
Signed-off-by: clouderati <35942204+clouderati@users.noreply.github.com>
2018-09-19 16:59:36 +00:00
Qian Deng
7873a0312a
Rename harbor-ui to harbor-core
...
1. Update the nginx.conf
2. Update Makefile
3. Update docker-compose
4. Update image name
5. Rename folder ui to core
6. Change the harbor-ui's package name to core
7. Remove unused static file on harbor-core
8. Remove unused code for harbor-portal
Signed-off-by: Qian Deng <dengq@vmware.com>
2018-09-19 16:35:13 +08:00
陈德
0582db9a82
Apply consistent format for comments
...
Signed-off-by: 陈德 <chende@caicloud.io>
2018-09-05 16:16:31 +08:00
Steven Zou
1636b138f2
Return more data of the job when reporting status info via webhook
...
- update the status report func `RedisJobStatsManager.reportStatus`
- update the UT case for the above change
Signed-off-by: Steven Zou <szou@vmware.com>
2018-08-30 14:28:12 +08:00
wang yan
aab761ac8a
Fix gofmt check results
...
Signed-off-by: wang yan <wangyan@vmware.com>
2018-08-29 11:50:00 +08:00
Yan
fca2bb3a6b
Fix misspell checking results ( #5749 )
...
Signed-off-by: wang yan <wangyan@vmware.com>
2018-08-29 10:25:42 +08:00
Daniel Jiang
dcf4e2ee78
Update import path in go code
...
vmware -> goharbor
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-08-23 17:50:53 +08:00
Daniel Jiang
65cf02a1d7
Validate job ID when getting job log
...
Add validation to job ID in the API to get job log in job service, to
prevent file path traversal attack.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-08-15 15:33:13 +08:00
wangyan
29d0d51403
Signed-off-by: wangyan <wangyan@vmware.com>
...
Add clean registry cache to gc job
To workaround the issue: https://github.com/docker/distribution/issues/2094
GC needs to clean cache before to call the docker reigstry api to delete blobs.
Otherwise, the following docker push will not be performed as docker registry
does not clean cache in GC, it thinks the image is still there, and the new
blobs will be uploaded.
2018-08-13 02:58:27 -07:00
wangyan
9a95f14918
Cherry-pick -- Fix security issue found by gas
2018-08-03 01:16:53 -07:00
Wenkai Yin
2a40068d75
Fix cross slot issue of redis
...
This commit upgrdes the github.com/gocraft/work package to 0.5.1 and updates the namespace value
to fix the redis cross slot issue mentioned in #4633
2018-07-27 14:23:39 +08:00
Yan
efdb57548f
add admin job api ( #5344 )
...
It supports Harbor admin to trigger job either manual or
schedule. The job will be populated to job service to execute.
The api includes:
1. POST /api/system/gc
2, GET /api/system/gc/:id
3, GET /api/system/gc/:id/log
4, PUT/GET/POST /api/system/gc/schedule
2018-07-20 19:22:37 +08:00
Yan
9e65499c10
Add garbage collection job implemention, this job could ( #5268 )
...
be triggered by manual and schedule. It calls registrtctl
to do the GC job, and log the output.
2018-07-16 18:08:40 +08:00
Steven Zou
4db708096b
Add retry for getting configs from admin server when doing job conetxt initialization
2018-05-10 15:26:59 +08:00
Steven Zou
f7bc467c99
Return none zero code when job service exit with error
...
replace fmt.Println/logger.Errorf with logger.Fatal(f)
2018-05-10 14:44:04 +08:00
Yan
ae257433cc
Fully migrate harbor db to postgresql ( #4689 )
...
* Merge harbor db to postgres
2018-04-27 02:27:12 -07:00
Steven Zou
e1b509e3f3
Fix the issue of intermittent restarting of job service
...
github issue: #4712
ping redis server before pool starting
Let worker pool to restart the message server if message server exits with error (controlled by max retries)
2018-04-25 17:02:16 +08:00
Steven Zou
a17436962f
Return the logger.Interface instead of the pointer of logger to avoid nil checking issue
2018-04-20 14:59:28 +08:00
Steven Zou
ca8d3bdcc9
Merge pull request #4638 from vmware/use_redis_url_addr
...
Use redis URL address to replace host:port when connecting to redis server
2018-04-17 10:12:51 +08:00
Steven Zou
adc2f8f124
Use redis URL address to replace host:port when connecting to redis server
...
replace tcp host:port with
'redis://arbitrary_usrname:password@ipaddress:port/database_index'
update prepare to generate config yaml file of job service based on harbor.cfg
update harbor.cfg default values
2018-04-13 19:19:56 +08:00
Steven Zou
b5b728bee3
Fix the vulnerability issues in the job service code
...
'Errors unhandled' in 'jobservice/job/impl/logger/job_logger.go'
'TLS InsecureSkipVerify set true' in 'jobservice/opm/hook_client.go'
2018-04-12 15:12:39 +08:00
Steven Zou
85ae40f5ec
Apply auth checking to all the incoming requests
2018-04-08 18:12:13 +08:00
Steven Zou
529ad3e079
Merge pull request #4593 from vmware/add_more_log_2_js
...
Fix issue: failed to update the status of job if runtme error occurred
2018-04-08 14:03:34 +08:00
Steven Zou
233692c127
fix issue: job context may be nil pointer when trying to be closed in defer func
2018-04-08 13:03:23 +08:00
Steven Zou
1cb40368f5
Fix issue: failed to update the status of job if runtme error occurred
2018-04-08 10:38:47 +08:00
Tan Jiang
ff06ec05c3
Store secret in header instead of cookie
2018-04-07 22:02:06 +08:00
Tan Jiang
15580a5e8c
Read the system properties from scan job context
2018-04-04 19:58:54 +08:00
Steven Zou
6c69a8cd05
Fix issue of stopping periodic job
...
improve op command by using cache
return 404 if no job found to stop
2018-04-02 18:08:03 +08:00
Steven Zou
fee7f6ddef
Merge branch 'job_service' into switch_job_service
2018-04-02 12:06:23 +08:00
Steven Zou
250360307b
Modify docker compose file template and make file to enable new job service
...
Fix typo in Makefile under photon
Fix version tag issue of redis container
Assign container name for redis container
Update docker compose template to enable network for redis
Remove exposed ports of redis from compose yaml tpl
2018-03-30 16:52:55 +08:00
Steven Zou
013028ef4a
Replace old job service package with V2 (rename packages)
2018-03-30 11:22:29 +08:00
Steven Zou
bfbb949034
Use the new job service(v2) to replace the old one
2018-03-29 23:30:03 +08:00
yixingj
cb64ad96ff
Make endpoint configurable
...
Move all the endpoint to harbor.cfg
2018-03-26 10:50:18 +08:00
Wenkai Yin
9022abfc13
Fix code issues found by Gas
2018-01-29 15:17:03 +08:00
Wenkai Yin
4070ed5152
Provide a mechanism to stop pending and retrying jobs
2018-01-12 15:29:20 +08:00
Wenkai Yin
3be1d5a7fd
Assign read-only privilege of replication policy to project admin and add stopping replication jobs API.
2017-12-25 23:49:21 +08:00
Wenkai Yin
260ef561c4
Update the HTTP client for easy use by add more util functions
2017-12-16 06:45:59 +08:00
Wenkai Yin
a736cb7b09
Update the HTTP client according to the comments
2017-12-15 09:40:31 +08:00
Wenkai Yin
b5e7de331e
Delete enabled and start_time properties of replication rule
2017-12-15 09:40:31 +08:00
Wenkai Yin
fe10c2e7f5
Create replicator to submit replication job to jobservice
2017-12-15 09:40:31 +08:00
Daniel Jiang
cdadc94d0f
Merge pull request #3804 from ywk253100/171215_jobservice
...
Print stack trace when recover from panic and print warning message rather than returning an error when updating 0 records
2017-12-18 16:36:20 +08:00
stonezdj
9393d26fdc
Fix ldap ping issue #3653
2017-12-15 14:47:54 +08:00
Wenkai Yin
43489c2b67
Print stack trace when recover from panic and print warning message rather than returning an error when updating 0 records
2017-12-14 13:48:45 +08:00
Tan Jiang
b3e0af2382
Fix permission issue in job_log directory
2017-11-21 19:31:15 +08:00
Daniel Jiang
a2f20801c0
Merge pull request #3597 from ywk253100/171110_bug_fix
...
Add content-type header to the request when creating project during replication
2017-11-12 22:54:15 -06:00
Wenkai Yin
9889896e8a
Add content-type header to the request when creating project during replication
2017-11-10 16:08:13 +08:00
reasonerjt
19a13e8575
Deprivilege harbor-ui harbor-jobservice harbor-adminserver
...
Use non-root user to run the service within these docker images, and provide HEALTHCHECK
mechanism.
2017-11-09 03:09:09 -08:00
Tan Jiang
512384722a
Make the internal URL of UI and JobService configurable
2017-11-03 20:43:25 +08:00
Wenkai Yin
2156750b04
Move certificate verification to target level
...
The certificate verification is on system level before this commit. Moving it
to target level makes the configuration more flexible for different targets.
2017-10-20 15:36:56 +08:00
Wenkai Yin
66b2d0d3f3
Apply project level policies to standalone Harbor
...
The following features are only enabled in integration mode, this commit moves
these to standalone Harbor:
- Content trust policy: only signed images can be pulled
- Vulnerability policy: only images whose severity is below the threshold can be pulled
- Automatic scan policy: automatic scan pushed images
2017-10-19 17:33:28 +08:00
Wenkai Yin
f0946b63cf
fix code style issues reported by golint
2017-09-19 17:16:54 +08:00
Tan Jiang
2ffcf10eaa
restart scan jobs when jobservice is started
2017-08-16 17:24:41 +08:00
Tan Jiang
882683ae6f
Do not throw error if the scan result is unchanged
2017-08-10 17:26:39 +08:00
Wenkai Yin
7fedca3a4a
remove useless codes
2017-08-09 15:13:51 +08:00
Daniel Jiang
6bd622196e
Merge pull request #2972 from reasonerjt/master
...
Fix perf issue and connection leak in Clair.
2017-08-04 19:48:26 +08:00
Tan Jiang
fa0cb8731c
Fix performance issue and connection leakage
2017-08-04 19:22:52 +08:00
Wenkai Yin
8963a15520
remove useless insecure flag
2017-07-31 13:45:49 +08:00
Wenkai Yin
eb9a4dfff9
update
2017-07-28 13:21:34 +08:00
Wenkai Yin
71e4c3c447
Merge remote-tracking branch 'upstream/master' into 170724_registry
...
Conflicts:
src/ui/utils/utils.go
2017-07-26 18:46:41 +08:00
Wenkai Yin
cc264f85e7
do not ping if using raw token authorizer
2017-07-26 18:41:36 +08:00
Tan Jiang
97b334c3c0
fix #1953
2017-07-25 21:12:03 +08:00
Tan Jiang
ea25c3cfe5
provide api to show log of scan job
2017-07-20 19:32:27 +08:00
Wenkai Yin
2e427bffe2
fix replicate issue
2017-07-20 16:47:14 +08:00
Tan Jiang
92258cd012
enable security on jobservice scan api
2017-07-11 21:22:27 +08:00
Tan Jiang
ca805759d9
update scan overview in notification handler, and return clair vuln timestamp in system info
2017-07-07 17:47:52 +08:00
Wenkai Yin
4770aeba90
provide a method to get token from token service
2017-06-28 12:23:14 +08:00
Tan Jiang
ed296812f0
small refinement to clair client
2017-06-25 11:44:56 +08:00
Wenkai Yin
0b55ce6e80
add GetAll support in PMS project manager
2017-06-23 16:53:59 +08:00
Wenkai Yin
6fe175550b
update
2017-06-22 15:50:24 +08:00
Wenkai Yin
bdd49e51d5
call ui API to get project
2017-06-22 14:01:17 +08:00
Wenkai Yin
3522332430
Merge pull request #2550 from ywk253100/170616_replication
...
Fix bug: can not replicate repository with multiple namespaces
2017-06-20 16:41:53 +08:00
Tan Jiang
7a57cb4c87
State machine recover from panic and set job state to error
2017-06-16 19:08:59 +08:00
Wenkai Yin
ec02cf54f0
fix #2508
2017-06-16 18:37:34 +08:00
Tan Jiang
41346fe8c0
provide POST api/repostitores/xxx/tags/xxx/scan to trigger image scan
2017-06-15 20:23:55 +08:00
Tan Jiang
ae2d868fd4
handlers for image scan, store results overview in DB
2017-06-13 23:37:54 +08:00
Tan Jiang
58c4993974
add handlers in statemachine
2017-06-09 14:55:15 +08:00
Daniel Jiang
42984fe1c9
refactory for scan job service ( #2459 )
...
* refactory for scan job service and implement ScanJob.
2017-06-08 15:04:23 +08:00
Daniel Jiang
c099ccf02e
fix #2382 ( #2422 )
...
* fix #2382
2017-06-05 21:51:50 +08:00
Wenkai Yin
0e237d8cab
fix bug
2017-05-23 16:28:10 +08:00
Daniel Jiang
1c441b17be
refactor job service ( #2348 )
2017-05-22 22:33:20 -07:00
Wenkai Yin
e1c1b8ec34
refactor project api
2017-05-16 15:02:37 +08:00
Daniel Jiang
b9b7e2f5e1
Merge pull request #2244 from vmware/release-1.1.0
...
Merge latest code from release-1.1.0 branch
2017-05-07 22:48:08 -04:00
Wenkai Yin
017e650b5b
fix bug
2017-05-05 18:11:16 +08:00
wangyan
045b5a1c63
Fix permission issue catched by GAS Scanner
2017-05-05 00:20:35 -07:00
wy65701436
53f7cfb967
replace go header
2017-04-13 03:54:58 -07:00
Wenkai Yin
cd86c50e29
donot dump response to log, fix #1950
2017-04-07 18:14:22 +08:00
Daniel Jiang
e02dd11703
Merge pull request #1684 from ywk253100/170320_adminserver_client
...
Abstract adminserver client into a single package
2017-03-21 16:08:31 +08:00
Wenkai Yin
67612aa2e3
abstract adminserver client into a single package
2017-03-21 01:00:26 +08:00
Wenkai Yin
108aa21499
upgrade registry to 2.6.0
2017-03-16 13:44:16 +08:00
Wenkai Yin
a4cb261df9
read some configs from env
2017-03-02 13:24:41 +08:00
Wenkai Yin
a1858098c5
using different secret to mark himself when communicates with other components
2017-02-23 18:24:32 +08:00
Wenkai Yin
40eb6bb7d3
encrypt passwords enhancement
2017-02-22 16:59:28 +08:00
Wenkai Yin
385d76e6f2
Merge remote-tracking branch 'upstream/configuration' into 170214_encryption
...
Conflicts:
src/common/utils/registry/auth/tokenauthorizer.go
src/common/utils/test/adminserver.go
src/jobservice/replication/transfer.go
src/ui/api/config.go
2017-02-20 12:21:56 +08:00
Wenkai Yin
390f89ee0a
encrypt passwords and secret
2017-02-17 18:23:21 +08:00
Wenkai Yin
2e3174f404
update
2017-02-15 15:28:50 +08:00
Wenkai Yin
06519bb3f2
update
2017-02-13 17:17:46 +08:00
Wenkai Yin
1fbb28ad8c
update
2017-02-09 15:25:52 +08:00
Wenkai Yin
f113f4a54f
update
2017-02-08 14:58:21 +08:00
Wenkai Yin
f1f78a5649
update
2017-01-19 17:56:08 +08:00