Commit Graph

3518 Commits

Author SHA1 Message Date
Daniel Jiang
1c29f39e93 Refresh notary test data for 1.10 branch
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-03-23 11:17:06 +08:00
Yogi_Wang
917497eef4 Fix xsrf error status bug when after beego update
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2020-03-02 10:13:33 +08:00
wang yan
5f8ad4f490 upgrade beego to version v1.12.1
Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-09 17:08:20 +08:00
Wang Yan
b0342d1fd5
Merge pull request #10649 from steven-zou/cherry/job_hung_issue
[CHERRY-PICK] fix[jobservice]:job status is hung after restart
2020-02-06 13:17:56 +08:00
Steven Zou
5a24fdcd58 fix[jobservice]:job status is hung after restart
- improve the status hook sending/resending approach
- improve the status compare and set approach
- simplify the relevant flow
- add reaper to fix the out of sync jobs
- fix #10244 , fix #9963

Signed-off-by: Steven Zou <szou@vmware.com>
2020-02-06 10:35:45 +08:00
wang yan
58bb56f1f7 remove the expirations field from the robot test code in cherry pick
Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-05 15:19:23 +08:00
wang yan
5c657f0216 fix issue on listing robot accounts
Update the query FuzzyMatch when to list robot accounts per project

Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-05 13:34:50 +08:00
Wenkai Yin(尹文开)
5dd1395450
Merge pull request #10439 from pivotal/global-logs-for-limited-guest
Remove project logs access for Limited Guest role
2020-01-21 19:28:53 +08:00
He Weiwei
6d942e4520
fix(scan-job): fetch bearer token for scanner adapter in scan job (#10461)
Before submit scan job the authorization computed and send to the scan
job and then scan job may in pending state for a long time before it
begins to run.
When the pending more than 30 min which is the default bearer token
expiration time, the authorization had been expired when execute scan
job.
This PR changes the time of computing authorization from before
submitting the scan job to executing the job.

Closes #10325

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-01-21 19:10:50 +08:00
Mark Huang
c2257d49b8 Hide projects in global logs where user has limited guest role
Signed-off-by: Mark Huang <mhuang@pivotal.io>
2020-01-17 11:34:46 -05:00
Ziming Zhang
8e1f7bbd9f fix(replication): aws ecr delete image
Change-Id: I5e38b813c2840e0270973c38680cb8f815e5ece9
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-01-13 11:05:17 +08:00
He Weiwei
dc2d950172 fix(scanner): use new created ormer for transaction
Use new created ormer for transaction in SetDefaultRegistration

Closes #10284

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-01-03 02:19:53 +00:00
Daniel Jiang
dd80db67c1
Merge pull request #10364 from reasonerjt/disable-token-service-xsrf-1.10
Disable XSRF check for /service/token - cherry pick to 1.10
2019-12-28 00:05:41 +08:00
Daniel Jiang
1d0c61a6da Disable XSRF check for /service/token
This commit disables XSRF check for "service/token" so that when
containerd sends `POST` it will not return 403 and containerd can
fallback to `GET` to complete the workflow.

Fixes #10305

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-27 14:25:17 +08:00
Daniel Jiang
94a3da33e6 Onboard user when doing token review
This commit will make the "tokenreview" security filter onboard
user if the request carries a valid token.  If the "skipsearch" flag in
http_auth setting is set to false the onboard will fail.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-27 13:29:21 +08:00
Yogi_Wang
c937e0a6bf Translation modification of replication and tag in Chinese mode
1.replicaiton ==> 复制
2.tag ==> tag
3.retag ==> tag拷贝
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-12-18 16:13:31 +08:00
Daniel Jiang
3cc9b42b68 Stastics API should handle group members
statistic API use security Context to list project rather than calling
projectmanager directly, such that the group membership will be taken
into account.
fixes #10230

It should be cherry picked to 1.9.x and 1.10.x branches

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-13 17:55:21 +08:00
sshijun
890c6ac6c8 Add links to view doc for scanners ui
Signed-off-by: sshijun <sshijun@vmware.com>
2019-12-11 13:23:33 +08:00
sshijun
414bc1a8cc Improve ui for project config page
Signed-off-by: sshijun <sshijun@vmware.com>
2019-12-06 13:54:10 +08:00
Wang Yan
2e2c849aa6
Merge pull request #10165 from ywk253100/191205_sort_1.10
Sort the tag before returning the list when calling API
2019-12-06 11:37:51 +08:00
Wenkai Yin(尹文开)
6287a9f26e
Merge pull request #10152 from wy65701436/fix-10092
improve pulling vulnerable images warning message
2019-12-06 11:18:16 +08:00
stonezdj(Daojun Zhang)
5da568cf12
Merge pull request #10156 from reasonerjt/rm-authproxy-case-sensitive-v1.10
Get rid of case-sensitivity in authproxy setting -- Cherrypick to v1.10
2019-12-06 10:40:03 +08:00
jwangyangls
9f66682fa0
Merge pull request #10151 from jwangyangls/fix-bug-1.10-issue
[cherry-pick]Fix bug in master about 1.10
2019-12-06 10:07:35 +08:00
Will Sun
46e004b167
Merge pull request #10144 from AllForNothing/release-1.10.0
Modify ui to fix some bugs(cherry-pick #10143)
2019-12-06 09:09:39 +08:00
Wenkai Yin
0e821a9237 Sort the tag before returning the list when calling API
Sort the tag before returning the list when calling API list tag API

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-12-05 19:54:11 +08:00
sshijun
ef8041511d Modify ui to fix some bugs
Signed-off-by: sshijun <sshijun@vmware.com>
2019-12-05 18:28:01 +08:00
Yogi_Wang
3071926f75 Fix bug in master about 1.10
Signed-off-by: Yogi_Wang <yawang@vmware.com>

Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-12-05 16:41:31 +08:00
Daniel Jiang
8d3df218d9 Get rid of case-sensitivity in authproxy setting
This commit removes the attribute to control case-sensitivity from
authproxy setting.
The result in token review status will be used as the single source of
truth, regardless the case of the letters in group names and user names.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-05 14:49:41 +08:00
wang yan
1ea5ed0381 improve pulling vulnerable images warning message
To make the message more friendly and readable for the end-user

Signed-off-by: wang yan <wangyan@vmware.com>
2019-12-05 11:36:04 +08:00
Daniel Jiang
8329c209db Support pinning to authproxy server's cert
This commit add an attribute to configurations, whose value is the
certificate of authproxy server.  When this attribute is set Harbor will
pin to this cert when connecting authproxy.
This value will also be part of the response of systemInfo API.

This commit will be cherrypicked to 1.10 and 1.9 branch.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-04 16:10:45 +08:00
stonezdj(Daojun Zhang)
98d932cd57
Merge pull request #10051 from reasonerjt/groups-review-token-filter-1.10
populate group list when doing token review - cherrypick to 1.10
2019-12-03 11:07:26 +08:00
Daniel Jiang
cfff4d6d59 populate group list when doing token review
This commit fixes #9869
It has some refactor to make sure the group is populated when user is
authenticated via tokenreview workflow.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-29 20:09:32 +08:00
Daniel Jiang
3a6e7433e7 Update minimum length of project name
This commit fixes #9946, that when creating a project the minimum length
should be 1, not 2.

This commit should be cherry picked to 1.9.x and 1.10.x branch .

We need to double check if this change impacts the creation of replication
rule.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-29 19:33:23 +08:00
Daniel Jiang
798059aed5
Merge pull request #10013 from heww/permission-checking-improvement
perf(rbac): add permission evaluator to improve performance
2019-11-29 11:23:56 +08:00
sshijun
ac6545c784 Fix tag-retention ui bug and disable scan button
Signed-off-by: sshijun <sshijun@vmware.com>
2019-11-28 17:53:27 +08:00
He Weiwei
8738e61a42 perf(rbac): add permission evaluator to improve performance
1. Introduce Evaluator interface which do the permission checking.
2. Do permission checking in security context by `Evaluator`.
3. Cache the regexp in keyMatch for casbin.
4. Cache rbac evaluator in namespace evaluator to improve performance.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-28 05:16:26 +00:00
Yogi_Wang
096c7189c2 Reslove the token expired
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-11-27 15:08:10 +08:00
Yogi_Wang
c0b3c9f9c5 Modify the style of language and modify variable name
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-11-25 10:26:08 +08:00
Bastian Hofmann
c0343db0e1 Fix broken about dialog on sign in page
Signed-off-by: Bastian Hofmann <bashofmann@gmail.com>
2019-11-22 16:27:37 +08:00
Will Sun
96b22948dd
Merge pull request #9948 from AllForNothing/filter
Fix filter bug for registries and labels datagrid
2019-11-22 10:05:28 +08:00
He Weiwei
fec76c3d57
fix(limited-guest): fix limited guest info missing in summary page (#9957)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-22 10:03:02 +08:00
Yogi_Wang
5b6e1d9f88 Fix ui issue about the third round test
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-11-21 14:56:53 +08:00
sshijun
3777bbab39 Fix filter bug for registries and labels datagrid
Signed-off-by: sshijun <sshijun@vmware.com>
2019-11-21 10:53:24 +08:00
Will Sun
f3f481dd12
Merge pull request #9938 from jwangyangls/fix-retag-issue
FIx the tag list is not refreshed when the target refills the current repository when the retag is operated.
2019-11-20 16:34:31 +08:00
Yogi_Wang
aa925876c3 FIx the tag list is not refreshed when the target refills the current repository when the retag is operated.
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-11-20 13:20:57 +08:00
jwangyangls
cd8a8105e3
Merge pull request #9921 from jwangyangls/fix-select-words
Fix version info in about dialog can not select and copy
2019-11-20 10:02:47 +08:00
Daniel Jiang
4e1bac4b82
Merge pull request #9820 from reasonerjt/oidc-cli-secret-group
Populate user groups during OIDC CLI secret verification
2019-11-19 03:03:38 -08:00
Yogi_Wang
6416aa4025 Fix version info in about dialog can not select and copy
fix 9854
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-11-19 16:39:43 +08:00
Daniel Jiang
70a2930330
Merge pull request #9919 from wy65701436/fix-9880
add empter result to list immutable rules
2019-11-19 00:01:41 -08:00
Daniel Jiang
64af09d52b Populate user groups during OIDC CLI secret verification
This commit refactors the flow to populate user info and verify CLI
secret in OIDC authentication.

It will call the `userinfo` backend of OIDC backend and fallback to
using the ID token if userinfo is not supported by the backend.

It also makes sure the token will be persisted if it's refreshed during
this procedure.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-18 23:53:05 -08:00