This commit tweaks the attribute for auth proxy mode and OIDC auth mode.
To change it from "Skip verify cert" to "verify cert" so they are more
consistent with other modes.
Additionally it removes a workaround in `SearchUser` in auth proxy
authenticator.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
adding token review endpoint to the configuration page allows users to edit token review endpoint when logging in through http auth.
Signed-off-by: Yogi_Wang <yawang@vmware.com>
user could copy the CLI secret when login through oidc, and using this cli secret as password when using docker/helm cli to access Harbor.
Signed-off-by: Yogi_Wang <yawang@vmware.com>
As CLI does not support oauth flow, we'll use secret for help OIDC user
to authenticate via CLI.
Add column to store secret and token, and add code to support
verify/refresh token associates with secret. Such that when the user is
removed from OIDC provider the secret will no longer work.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit adjust the code and fix some bugs to make onboard process
work.
Only thing missed is that the UI will need to initiate the redirection,
because the request of onboarding a user was sent via ajax call and didn't
handle the 302.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
1.when we are the first time we login harbor page when we login from OIDC ,we add the url in onboard-add-username page.
2.fix the part of issue that we cannot redirect to de origin page when we login
Signed-off-by: Yogi_Wang <yawang@vmware.com>
Solve the problem that when we log on to the harbor page, the automation test will click on an incorrect button, which results in the test page being unable to log in.
Signed-off-by: Yogi_Wang <yawang@vmware.com>
When a user logs in to Harbor for the first time through OIDC, the user will enter an onboard page, prompting the user to add the user name of Harbor. After the user name is entered, click save, and the user successfully logs in to Harbor through OIDC.
Signed-off-by: Yogi_Wang <yawang@vmware.com>
In the configration auth mode section, we add an option, OIDC.When the user logs in using OIDC mode, the system defaults to auth mode to select OIDC, where the user can modify the name, endpoint, scope, clientId, clientSecret and skipCertVerify of the OIDC. After the modification, the user clicks the Save button to save the changes
Signed-off-by: Yogi_Wang <yawang@vmware.com>
This commit add callback controller to handle the redirection from
successful OIDC authentication.
For E2E case this requires callback controller to kick off onboard
process, which will be covered in subsequent commits.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
The controller will redirect user to the OIDC login page based on
configuration.
Additionally this commit add some basic code to wrap `oauth2` package
and `provider` in `go-oidc`, and fixed an issue in UT to make
InMemoryDriver for config management thread-safe.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
* add authn proxy docker login support
User could use the web hook token issued by k8s api server to login to harbor.
The username should add a specific prefix.
Signed-off-by: wang yan <wangyan@vmware.com>
* update code per review comments
Signed-off-by: wang yan <wangyan@vmware.com>
* Add UT for auth proxy modifier
Signed-off-by: wang yan <wangyan@vmware.com>
* Refactor scan all api
This commit is to let scan all api using admin job to handle schedule
management. After the PR, GC and scan all share unified code path.
Signed-off-by: wang yan <wangyan@vmware.com>
* update admin job api code according to review comments
Signed-off-by: wang yan <wangyan@vmware.com>
* Update test code and comments per review
Signed-off-by: wang yan <wangyan@vmware.com>
