In project quotas API test, pull images from goharbor namespace instead of library:
1. Replace image source in API test;
2. Modify criteria for verify project configuration modification.
Signed-off-by: danfengliu <danfengl@vmware.com>
- improve the status hook sending/resending approach
- improve the status compare and set approach
- simplify the relevant flow
- add reaper to fix the out of sync jobs
- fix#10244 , fix#9963
Signed-off-by: Steven Zou <szou@vmware.com>
1. Fix issue that test step descriton was mismatch with test step;
2. Wrong helm command was used in Helm3 test, replace helm with helm3;
3. In API test, images were pulled from docker-hub registry, images size changed sometime, so we like to use internal registry.
Signed-off-by: danfengliu <danfengl@vmware.com>
Before submit scan job the authorization computed and send to the scan
job and then scan job may in pending state for a long time before it
begins to run.
When the pending more than 30 min which is the default bearer token
expiration time, the authorization had been expired when execute scan
job.
This PR changes the time of computing authorization from before
submitting the scan job to executing the job.
Closes#10325
Signed-off-by: He Weiwei <hweiwei@vmware.com>
In Helm pipeline, harbor access address is by domain name instead of IP, so cert directory should be created by domain name.
Signed-off-by: danfengliu <danfengl@vmware.com>
In nightly test, images for tests were pulled from docker-hub, and sometime in an rare occasion, client will fail to contact docker-hub like timeout error, so we like to pull image from an internal harbor registry with no network issue invovled.
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
Add notary remove signature test case in nightly
1. Update E2E image Dockerfile for adding notary CLI;
2. Add test case of remove notary signature.
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
This commit disables XSRF check for "service/token" so that when
containerd sends `POST` it will not return 403 and containerd can
fallback to `GET` to complete the workflow.
Fixes#10305
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit will make the "tokenreview" security filter onboard
user if the request carries a valid token. If the "skipsearch" flag in
http_auth setting is set to false the onboard will fail.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
- list all the supported replicaiton adapters
- list all the verified OIDC providers including the ones verified by the end users
- list all the pluggable scanners
Signed-off-by: Steven Zou <szou@vmware.com>
statistic API use security Context to list project rather than calling
projectmanager directly, such that the group membership will be taken
into account.
fixes#10230
It should be cherry picked to 1.9.x and 1.10.x branches
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
