Commit Graph

597 Commits

Author SHA1 Message Date
He Weiwei
b594861658 feat(middleware): add transaction middleware for v2 and v2.0 APIs
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-01-22 05:00:39 +00:00
Wenkai Yin
8aeabc7717 Wrap the beego router and provide a unified view for users to register routes
Wrap the beego router and provide a unified view for users to register routes

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-01-21 17:26:20 +08:00
He Weiwei
33dfa1ea11
feat(beego): upgrade beego to v1.12 which support middleware (#10524)
1. Upgrade beego to v1.12.0
2. Add RequestID middleware to all HTTP requests.
3. Add Orm middleware to v2 and v2.0 APIs.
4. Remove OrmFilter from all HTTP requests.
5. Fix some test cases which cause panic in API controllers.
6. Enable XSRF for test cases of CommonController.
7. Imporve ReadOnly middleware.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-01-20 16:41:49 +08:00
Wenkai Yin
ff1a03cccc Get the ormer from context instead of creating a new one
This commit updates the dao methods with the ormer got from context

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-01-14 16:35:36 +08:00
He Weiwei
c729e3b9e0 feat(swagger): generate apis v2.0 from swagger.yaml
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-01-14 02:20:18 +00:00
Wenkai Yin(尹文开)
1ea9e68178
Merge pull request #10366 from ywk253100/191219_manager
Implement tag/artifact manager and artifact controller
2020-01-08 21:24:52 +08:00
Wenkai Yin
400a47a5c5 Implement tag/artifact manager and artifact controller
1. Implement tag/artifact manager
2. Implement artifact controller
3. Onboard the artifact when pushing artifacts

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-01-08 20:19:48 +08:00
wang yan
a0f3709b3c add expiration data time when to create a robot account
Update API of creating robot accout, user can specify expiration time per account.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-01-03 13:47:06 +08:00
He Weiwei
7a4cb17450
feat(orm): add orm support with context (#10337)
1. Get and set orm from context.
2. Add WithTransaction decorator make func run in transaction.
3. Support nested transaction by Savepoint.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-12-31 18:30:52 +08:00
Daniel Jiang
99e052aeb0
Merge pull request #10369 from reasonerjt/registry-basic-auth
Populate basic auth information for registry
2019-12-31 17:56:57 +08:00
Wenkai Yin(尹文开)
6571135cbf
Merge pull request #10367 from ywk253100/191227_list
Remove the manifest list middleware
2019-12-31 14:53:21 +08:00
Daniel Jiang
a087ba02e3 Populate basic auth information for registry
This commit updates `prepare` and templates to populate the credential
for registry for basic authentication.

A temporary flag `registry_use_basic_auth` was added to avoid breakage.
It MUST be removed before the release.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-31 14:50:46 +08:00
stonezdj(Daojun Zhang)
8ceb0e5eff
Merge pull request #10350 from reasonerjt/tokenreview-onboard
Onboard user when doing token review
2019-12-27 17:18:47 +08:00
Wenkai Yin
190a5f2ee6 Remove the manifest list middleware
We'll support manifest list, so this commit removes the manifest list middleware who blocks the manifest list pushing

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-12-27 16:04:04 +08:00
Daniel Jiang
cc63fa7b7a Disable XSRF check for /service/token
This commit disables XSRF check for "service/token" so that when
containerd sends `POST` it will not return 403 and containerd can
fallback to `GET` to complete the workflow.

Fixes #10305

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-27 14:01:40 +08:00
Daniel Jiang
f3fcc37244 Onboard user when doing token review
This commit will make the "tokenreview" security filter onboard
user if the request carries a valid token.  If the "skipsearch" flag in
http_auth setting is set to false the onboard will fail.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-25 19:32:41 +08:00
Wenkai Yin(尹文开)
56dc0bb71f
Merge pull request #10324 from wy65701436/common-error-13
add OCI error format support
2019-12-25 17:44:35 +08:00
wang yan
ebe5bb68b9 add OCI error format support
1, Leverage go v1.13 new error feature
2, Define genernal error OCI format, so that /v2 API could return a OCI compatible error

Signed-off-by: wang yan <wangyan@vmware.com>
2019-12-25 17:07:26 +08:00
Wenkai Yin(尹文开)
c1522d3c36
Merge pull request #10261 from stonezdj/20191211_ldap_group_admin_dn
Fix admin permission not revoked when removed from LDAP admin group(Do Not Merge)
2019-12-24 14:37:28 +08:00
stonezdj
6313a55219 Fix admin permission not revoked when removed from LDAP admin group
Seperate the HasAdminRole(In DB) with the privileges from external auth, and use user.HasAdminPrivilege to check

Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-12-20 13:12:22 +08:00
Ziming
e32649adb4 enhance[cicd] introduce github action for CICD
In order to replace travis.
Implement 5 CI jobs
- UTTEST
- APITEST_DB
- APITEST_LDAP
- OFFLINE
- UI_UT

Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-12-17 18:36:33 +08:00
Daniel Jiang
7bd19f497c Stastics API should handle group members
statistic API use security Context to list project rather than calling
projectmanager directly, such that the group membership will be taken
into account.
fixes #10230

It should be cherry picked to 1.9.x and 1.10.x branches

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-11 18:52:43 +08:00
Wenkai Yin(尹文开)
dda6f638a9
Merge pull request #10154 from wy65701436/fix-10092-cp
[cherry-pick] improve pulling vulnerable images warning message
2019-12-06 13:56:13 +08:00
Wenkai Yin
4043ef8aa9 Sort the tag before returning the list when calling API
Sort the tag before returning the list when calling API list tag API

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-12-05 19:50:45 +08:00
wang yan
317149160d improve pulling vulnerable images warning message
To make the message more friendly and readable for the end-user

Signed-off-by: wang yan <wangyan@vmware.com>
2019-12-05 14:32:34 +08:00
Wang Yan
2fb1cc89d9
Merge pull request #10031 from ywk253100/191128_config
Fix bug when trying to get the external URL
2019-12-05 14:26:54 +08:00
Wang Yan
9016c427b9
Merge pull request #10136 from reasonerjt/rm-authproxy-case-sensitive
Get rid of case-sensitivity in authproxy setting
2019-12-05 14:26:18 +08:00
Daniel Jiang
d58f5e4bdc Get rid of case-sensitivity in authproxy setting
This commit removes the attribute to control case-sensitivity from
authproxy setting.
The result in token review status will be used as the single source of
truth, regardless the case of the letters in group names and user names.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-04 21:39:40 +08:00
Wenkai Yin(尹文开)
d145f4baf4
Merge pull request #10034 from ywk253100/191128_clean
Clean up admiral-related code
2019-12-04 17:33:31 +08:00
Daniel Jiang
902598fabd Support pinning to authproxy server's cert
This commit add an attribute to configurations, whose value is the
certificate of authproxy server.  When this attribute is set Harbor will
pin to this cert when connecting authproxy.
This value will also be part of the response of systemInfo API.

This commit will be cherrypicked to 1.10 and 1.9 branch.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-03 07:31:26 +08:00
Wenkai Yin
dd2bc0ecef Clean up admiral-related code
Clean up admiral-related code as it's useless

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-11-28 17:28:54 +08:00
Wenkai Yin
2498d597b4 Fix bug when trying to get the external URL
Fix bug when trying to get the external URL

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-11-28 10:51:42 +08:00
Daniel Jiang
030637efbf
Merge pull request #10002 from reasonerjt/groups-review-token-filter
populate group list when doing token review
2019-11-27 15:18:03 +08:00
Daniel Jiang
3664bf36d2 populate group list when doing token review
This commit fixes #9869
It has some refactor to make sure the group is populated when user is
authenticated via tokenreview workflow.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-26 13:31:42 +08:00
Daniel Jiang
b2b531d3af Update minimum length of project name
This commit fixes #9946, that when creating a project the minimum length
should be 1, not 2.

This commit should be cherry picked to 1.9.x and 1.10.x branch .

We need to double check if this change impacts the creation of replication
rule.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-26 12:41:51 +08:00
He Weiwei
fec76c3d57
fix(limited-guest): fix limited guest info missing in summary page (#9957)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-22 10:03:02 +08:00
Daniel Jiang
4e1bac4b82
Merge pull request #9820 from reasonerjt/oidc-cli-secret-group
Populate user groups during OIDC CLI secret verification
2019-11-19 03:03:38 -08:00
Daniel Jiang
64af09d52b Populate user groups during OIDC CLI secret verification
This commit refactors the flow to populate user info and verify CLI
secret in OIDC authentication.

It will call the `userinfo` backend of OIDC backend and fallback to
using the ID token if userinfo is not supported by the backend.

It also makes sure the token will be persisted if it's refreshed during
this procedure.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-18 23:53:05 -08:00
Wang Yan
bc0ff095c3
Merge pull request #9899 from heww/fix-9767
fix(scanner): process scenario reinstall without clair flag
2019-11-19 13:17:28 +08:00
Wang Yan
eab974419c
Merge pull request #9825 from stonezdj/bug_9681
Avoid to create duplicated immutable tag rules in the same project
2019-11-18 17:26:22 +08:00
He Weiwei
0c068d81f5
feat(vuln-severity): map negligible to none to match CVSS v3 ratings (#9885)
BREAKING CHANGE: the value negligible of severity in project metadata will change to none in the responses of project APIs

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-18 14:36:51 +08:00
He Weiwei
0246ca7aa4 fix(scanner): process scenario reinstall without clair flag
1. Fix name conflict when install internal clair adapter.
2. Remove all internal adapters when reinstall harbor without --with-clair flag

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-15 09:47:30 +00:00
Wang Yan
6e03c8a54e
Merge pull request #9896 from heww/owner-check-for-project-member-robot-account
fix(robot,project-member): check owner of member, robot when update, …
2019-11-15 16:53:22 +08:00
stonezdj
15898f2069 Avoid to create duplicated immutable tag rules in the same project
Fix #9681, add constraint on immutable_tag_rule and catch the error

Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-11-15 14:46:23 +08:00
Wang Yan
88773436c9
Merge pull request #9865 from wy65701436/quota-event
add quota exceed event imple
2019-11-15 11:37:19 +08:00
Wang Yan
4bec9bbfc6
Merge pull request #9875 from wy65701436/middleware-policy-checker
enable policy checker in response handler
2019-11-14 18:31:50 +08:00
wang yan
a39e1a2a34 enable policy checker in response handler
Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-14 15:39:29 +08:00
He Weiwei
5bd1cfdbf2 fix(robot,project-member): check owner of member, robot when update, delete
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-14 07:00:44 +00:00
Wang Yan
29be93725d
Merge pull request #9860 from reasonerjt/authproxy-case-sensitive-master
Authproxy case sensitive master
2019-11-14 14:03:53 +08:00
Daniel Jiang
6f0b4a139a
Merge pull request #9838 from stonezdj/fix_review
Fix review comments on PR9749
2019-11-14 13:12:56 +08:00