Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-16 23:35:20 +01:00
Code Issues Projects Releases Wiki Activity
11,955 Commits 49 Branches 315 Tags 351 MiB
caee762b51
Commit Graph

898 Commits

Author SHA1 Message Date
Daniel Jiang
6f0b4a139a
Merge pull request #9838 from stonezdj/fix_review 
Fix review comments on PR9749
 2019-11-14 13:12:56 +08:00
Wang Yan
10850a06d8
Merge pull request #9859 from ywk253100/191113_subresource_1.10 
Refine the implementation of replication execution API
 2019-11-14 11:30:10 +08:00
wang yan
f8390c5ec1 add quota exceed event imple 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-11-14 10:27:18 +08:00
stonezdj
a3c298e9fd Refactor immutable tag rule 
Change implementation
Fix some nil pointer issue

Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-11-13 19:09:31 +08:00
Daniel Jiang
8933ab8074 Add configuration "case sensitive" to HTTP auth proxy 
This commit make case sensitivity configurable when the authentication
backend is auth proxy.
When the "http_authproxy_case_sensitive" is set to false, the name of
user/group will be converted to lower-case when onboarded to Harbor, so
as long as the authentication is successful there's no difference regardless
upper or lower case is used.  It will be mapped to one entry in Harbor's
User/Group table.
Similar to auth_mode, there is limitation that once there are users
onboarded to Harbor's DB this attribute is not configurable.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-11-13 15:00:05 +08:00
Wenkai Yin
54c5811974 Update the test cases of user API 
Update the test cases of user API

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-11-13 14:51:29 +08:00
Wenkai Yin
05ffb7a3c5 Refine the implementation of replication execution API 
Remove the duplicated code in replication execution API

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-11-13 14:26:57 +08:00
stonezdj
4d822e0a19 Fix review comments on PR9749 
Fix review comments on PR9749
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-11-12 13:05:11 +08:00
wang yan
c6fecf75d8 update immutable tag error message format 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-11-12 12:51:17 +08:00
Wang Yan
407417ce7b
Merge pull request #9810 from stonezdj/bug9479 
Populate group from auth provider to Harbor when user login
 2019-11-11 19:52:31 +08:00
stonezdj
0c011ae717 Populate group from auth provider to Harbor DB when user login 
Fix #9749, change include LDAP auth, OIDC auth, HTTP auth

Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-11-11 14:41:35 +08:00
Daniel Jiang
64dc5122e6 Add role list in project response 
This commit fixes #9771

It compares the roles to return the one with highest permission in the
response of `GET /api/projects`.
In addition to that, it adds the role list to the response, because a
user can have multiple roles in a project.
It also removes the togglable attribute as it's not used anywhere.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-11-11 14:03:50 +08:00
wang yan
415bdfa61f Disable policy check when pull without bearer token 
This commit is to fix https://github.com/goharbor/harbor/issues/9780.
To align with OCI spec, when a docker pull request without bearer token in header comes in, Harbor should not intecepte it(return a 412 if check fail)
when the policy check is enabled. As the 401 is expected by the docker/caller, and then to ask token service which url is in the 401 header.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-11-08 13:59:30 +08:00
Wenkai Yin(尹文开)
d60979cdd0
Merge pull request #9762 from steven-zou/fix/add_status_2_scan-call_metrics 
add status data in the scan all metrics
 2019-11-08 10:30:25 +08:00
Steven Zou
a1d8c01cea add status data in the scan all metrics 
Signed-off-by: Steven Zou <szou@vmware.com>

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-11-07 14:28:11 +08:00
Daniel Jiang
06e4e124d8
Refine request handle process (#9760) 
* Refine request handle process

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-11-07 13:02:17 +08:00
Steven Zou
ee31418e8e revoke scan permission from the developer role 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-11-06 17:57:48 +08:00
Steven Zou
ebc5d2482b do improvements to the scan all job 
- update scan all job to avoid sending too many HTTP requets
- update scan controller to support scan options
- update the db schema of the scan report to introduce requester
- introduce scan all metrics to report the overall progress of scan all job
- fix the status updating bug in scan report
- enhance the admin job status updats
- add duplicate checking before triggering generic admin job
- update the db scheme of admin job

fix #9705
fix #9722
fix #9670

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-11-05 15:12:07 +08:00
Steven Zou
a928928a43
Merge pull request #9686 from heww/fix-project-severity-mapping 
fix(policy-checker): add func to transform project severity to vuln.Severity
 2019-11-01 11:12:13 +08:00
Daniel Jiang
f2beee16b1
Merge pull request #9673 from steven-zou/fix/issue_#9668_status_conflicts 
return more clear error message for scan related API
 2019-11-01 11:08:43 +08:00
Wenkai Yin(尹文开)
2101d7125c
Merge pull request #9680 from heww/install-clair-adapter-imporvement 
fix(scanner): imporve clair adapter initializing
 2019-11-01 10:42:04 +08:00
He Weiwei
ae8931e816 fix(policy-checker): add func to transform project severity to vuln.Severity 
The severity saved in db is lowercase but the severities in vuln pkg
begin with upper letter, this fix use func to transform project severity
value from db to vuln.Severity.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-10-31 14:11:44 +00:00
Steven Zou
eb8ec49f4f add UT cases for the common error pkg 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-31 21:55:27 +08:00
Daniel Jiang
bc65609a10
Merge pull request #9657 from wy65701436/quota-sync-switcher 
add a switcher for quota sync on core launch
 2019-10-31 19:22:23 +08:00
wang yan
c46d7e856a add a switcher for quota sync on core launch 
As the quota sync is default called by harbor-core on every launch, and it will break the launch process if any failure throwed.

1, The commit is to provide an switcher for the system admin to bypass the quota sync.
2, In case Harbor goes into the restarting cycle.

Harbor already provides an internal API to sync quota data, in the failure case,
system admin can launch harbor and call the /api/internal/syncquota to sync quota.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-31 16:17:27 +08:00
He Weiwei
7170485a9b fix(scanner): imporve clair adapter initializing 
1. Remove ping action when initialize clair adapter installed by harbor.
2. Remvoe the `IsDefault` property when initialize clair adapter that
make it switch to auto detecting.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-10-31 08:03:37 +00:00
Steven Zou
afb46188b2 return more clear error message for scan related API 
- add a common error pkg to support error with code and AsError check
- replace some errors in scan with coded errors
- fix #9668

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-31 11:35:55 +08:00
wang yan
253e87d186 inject ldflags for harbor compiler and linker 
1, replace the UIVERSION file with ldflags, which is generarted by make to inject into the UI core.
2, inject additional ldflags for harbor compiler

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-30 18:31:42 +08:00
Steven Zou
cb8d4d0daf fix the bug of returning errors nothing is updated 
- bug details: #9629
- root cause: the preconditions for updating may not be matched

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-29 15:34:34 +08:00
Steven Zou
10c30fde3d
Merge pull request #9618 from steven-zou/fix/bug_#9608 
permission grant for scanner related actions are not correctly
 2019-10-28 22:12:56 +08:00
Steven Zou
5b2ab34e03 permission grant for scanner related actions are not correctly 
- add new endpoint for getting scanner candidates of specified project
- adjust the permission granting functions
- fix #9608

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-28 18:20:47 +08:00
Wang Yan
e0fd4cd609
Merge pull request #9599 from wy65701436/fix-quota-migration 
Fix quota sync crash on getting the unknown mainfest
 2019-10-28 17:47:46 +08:00
wang yan
fc347fc4eb Fix quota sync crash on getting the unknown mainfest 
1, eat the unknown manifest error, and log it. The migration process will not crashed on it.
2, enable to persist DB of sync quota API.
3, add empty project support.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-28 15:17:08 +08:00
He Weiwei
28e0c0693b Upgrade clair adapter to v1.0.0 
1. Upgrade clair adapter to v1.0.0.
2. Make the clair adapter which installed by harbor immutable and using internal registry address.
3. Add support to build clair adapter image from binary.
4. Switch to ScannerPull action when make authorization for the scan request.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-10-26 17:25:36 +00:00
Steven Zou
eba1a01ac2
Merge pull request #9595 from steven-zou/fix/update_scanner_failure 
property use_internal_addr can not be updated
 2019-10-25 17:39:34 +08:00
Steven Zou
9d0263fc9a property use_internal_addr can not be updated 
- pick up `use_internal_addr` in the update API

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-25 15:35:43 +08:00
wang yan
f9996663d8 update immutable rule API 
1, unify disable and enable
2, fix update rule error

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-25 14:11:07 +08:00
Steven Zou
868851cc51
Merge pull request #9571 from steven-zou/fix/support_internal_addr_scanner 
support using internal registry addr to perform scan
 2019-10-24 20:52:27 +08:00
Wang Yan
d18678a48d
Merge pull request #9506 from wy65701436/token-sevice 
Enable robot account to support scan pull case
 2019-10-24 19:52:33 +08:00
Steven Zou
cb59ba3bbc support using internal registry addr to perform scan 
- do changes to the sql schema
- add `UseInternalAddr` and `Immutable` properties to scanner registration
- support multiple authentication type
  - basic
  - bearer token

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-24 18:28:35 +08:00
wang yan
71c769ec97 remvoe bypass to scanner pull 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-24 17:49:20 +08:00
Ziming
eb6708ed76
Merge pull request #8174 from bitsf/refact_replication_info 
refact replication info to support special endpoints and credential
 2019-10-24 15:34:01 +08:00
Steven Zou
956d9db1d5
Merge pull request #9528 from steven-zou/fix/pluggable_scanner_improvments 
improve the scan controlling
 2019-10-24 15:17:06 +08:00
Wang Yan
4baa35bc17
Merge pull request #9520 from ywk253100/191022_health_check 
Remove the health checker for Clair in health check API
 2019-10-24 14:50:01 +08:00
Ziming Zhang
1801bac03d refact replication adapter 
Change-Id: Ic28854089b8dcfcbc7e42065df5c19c64d5b85e7
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-10-24 12:24:55 +08:00
Steven Zou
7fad103e46 - fix API test cases failures 
Signed-off-by: Steven Zou <szou@vmware.com>

- fix scan report dao bug
 2019-10-23 20:44:01 +08:00
wang yan
a6ad1b2db8 update code per review comments 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-23 20:05:51 +08:00
wang yan
2fa85aefca fix per comments 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-23 18:45:30 +08:00
wang yan
5996189bb0 update per comments and fix govet error 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-23 18:45:30 +08:00
wang yan
22b4ea0f89 Enable robot account bypass policy check 
1, the commit is for internal robot to bypass policy check, like vul and signature checking.
2, add a bool attribute into registry token, decode it in the harbor core and add the status into request context.
3, add a bool attribut for robot API controller, but API will not use it.y

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-23 18:45:30 +08:00
Ziming Zhang
5419e1a844 refact replication info to support special endpoints and credential 
Change-Id: I2f7a51d3aaf57bb6d1942526184f4e62ce3afeab
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-10-23 17:19:56 +08:00
Wenkai Yin(尹文开)
bd28ba43c0
Merge pull request #9478 from ywk253100/191018_test 
Populate public metadata into the event
 2019-10-23 15:21:53 +08:00
Steven Zou
38395e015c fix api test case failure 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-23 13:27:03 +08:00
wang yan
182e557bf2 update query in the immutable delete manifest middleware 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-23 13:26:19 +08:00
Wenkai Yin
9d896d4d72 Remove the health checker for Clair in health check API 
As we introduce the pluggable scanner, users can add the external scanners, so we remove the Clair from the health check API

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-10-23 12:55:03 +08:00
Steven Zou
962bafb7ce fix go imports order issues 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-23 09:34:47 +08:00
wang yan
3e826c4e80 update query in the immutable delete manifest middleware 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-22 19:37:20 +08:00
Steven Zou
370a364c29 fix code conflict and rebase with master 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-22 18:39:37 +08:00
Steven Zou
dff1ee07fc improve the scan controlling 
- add LCM control to the robot account generated for scanning
- improve the scan webhook
- remove reprots when related artifact is deleted
- update report manager/scan controller and other components to support above cases
- add artifact manager/comtroller to list artifacts

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-22 18:24:46 +08:00
wang yan
424f11e697 add immutable match in the repository/tag delete api 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-21 15:53:24 +08:00
Wang Yan
71bb8815bf
Merge pull request #9461 from reasonerjt/rm-validator-cve 
Remove validation for item in CVE whitelist
 2019-10-21 14:52:08 +08:00
He Weiwei
e254fe3095
fix(permissions): permissions checking for member and quota info (#9490) 
1. Only show project member info when has member list permission.
2. Only show quota info when has quota read permission.
3. Add quota read permission for all roles of project.
4. Refactor permission service in portoal.
5. Clear cache when clear session.

Closes #8697

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-10-21 14:03:52 +08:00
He Weiwei
bf6a14c9ad
feat(role): introduce a limited guest role (#9403) 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-10-20 14:21:28 +08:00
Wenkai Yin(尹文开)
f98196e5ba
Merge pull request #9435 from reasonerjt/oidc-refresh-refine 
Update OIDC token refresh process
 2019-10-18 19:43:34 +08:00
Wenkai Yin
db7025a504 Populate public metadata into the event 
Fixes #9455. Populate the public metadata into the event when doing the replication based on event

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-10-18 17:40:19 +08:00
Daniel Jiang
1a9cebd5e8 Remove validation for item in CVE whitelist 
To contain various vulnerabilities in the CVE whitelist, this commit
removes the validation.
Fixes #9242

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-10-18 15:08:32 +08:00
Wenkai Yin(尹文开)
5c5e475da4
Merge pull request #9415 from steven-zou/fix/pluggable_scanner_policy_check 
do changes to let the vul policy check compatible with new framework
 2019-10-18 09:39:20 +08:00
Wang Yan
51d3134e4f
Merge pull request #9427 from wy65701436/immutable-middleware 
add immutable tag middleware
 2019-10-17 20:28:34 +08:00
Steven Zou
0f16913635 rebase: resolve the code confilcts with master 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-17 17:42:41 +08:00
wang yan
da02b820ad add immutable tag middleware 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-17 16:58:11 +08:00
Wenkai Yin(尹文开)
97ddff2ac8
Merge pull request #9434 from heww/clair-adapter 
build(clair): internal clair adapter when install with clair
 2019-10-17 16:06:10 +08:00
He Weiwei
8964a8697a build(clair): internal clair adapter when install with clair 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-10-17 12:00:51 +08:00
Daniel Jiang
f0cb16cb86 Update OIDC token refresh process 
1) Disassociate id token from user session

2) Some OIDC providers do not return id_token in the response of refresh
request:
https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse
When validating the CLI secret it will not validate the id token,
instead it will check the expiration of the access token, and try to
refresh it.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-10-17 11:26:18 +08:00
Steven Zou
f18afc0a3f do changes to let the vul policy check compatiable with new framework 
- update the scan/scanner controller
- enhance the report summary generation
- do changes to the vulnerable handler
- remove the unused clair related code
- add more UT cases
- update the scan web hook event
- drop the unsed tables/index/triggers in sql schema

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-16 23:15:26 +08:00
Wenkai Yin(尹文开)
32a2c41c3b
Merge pull request #9273 from gavinfish/typo 
Fix typos in core package
 2019-10-16 17:10:35 +08:00
Wenkai Yin(尹文开)
372875ad64
Merge pull request #9393 from wy65701436/immutable-match 
add immutable match
 2019-10-15 18:51:43 +08:00
stonezdj(Daojun Zhang)
ff04b2c930
Merge pull request #9411 from wy65701436/fix-list-robot 
fix list robot account API return an internal error
 2019-10-15 17:47:38 +08:00
wang yan
288e4cc193 igonre the duplicate error when to insert project_blobs on quota syncing 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-15 14:14:58 +08:00
wang yan
5e8f7297f5 fix list robot account API return an internal error 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-15 12:29:44 +08:00
wang yan
a3546478eb add immutable match 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-14 16:21:32 +08:00
wang yan
25f638a989 Merge branch 'master' of https://github.com/goharbor/harbor into robot-invisiable 2019-10-14 14:35:45 +08:00
Wang Yan
17ad4aca55
Merge pull request #9343 from ywk253100/191009_bug_fix 
Check the existence of project before the next action
 2019-10-14 11:27:34 +08:00
Steven Zou
a86afd6ebc Merge branch 'master' into feature/pluggable_scanner_s3_merge 2019-10-12 15:18:06 +08:00
wang yan
3e81bd7f1d add visible attribute to robot account 
The commit is to make robot controller could create invisible robot account for internal use

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-12 00:51:48 +08:00
Wang Yan
40d80f82ba
Merge pull request #9368 from reasonerjt/set-cli-secret-api 
API for user to set the CLI secret
 2019-10-11 18:38:58 +08:00
Wang Yan
d7375992b5
Merge pull request #9363 from wy65701436/robot-refactor 
refactor robot api
 2019-10-11 18:16:28 +08:00
Steven Zou
9fd8b6306c refactor code to reflect code review comments 
- refactor the db schema \
- refactor  permission checking in API handlers \

to follow the latest code/interface changes

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-11 18:07:47 +08:00
wang yan
6f6f113f0f refactor robot api 
1, add API controller for robot account, make it callable internally
2, add Manager to handler dao releate operation

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-11 17:26:18 +08:00
Daniel Jiang
53a13e165d API for user to set the CLI secret 
This commit replace the API to generate CLI secret with a new API to
update the secret

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-10-11 14:15:08 +08:00
Steven Zou
58afd8e14b [stage3] support pluggable scanner 
- implement scan controller
- add scan resource and update role bindings
- update registration model and related interfaces

Signed-off-by: Steven Zou <szou@vmware.com>

- implement scan API to do scan/get report/get log
- update repository rest API to produce scan report summary
- update scan job hook handler
- update some UT cases

- update robot account making content
- hidden credential in the job log

Commnet scan related API test cases which will be re-activate later
fix #8985

fix the issues found by codacy

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-10-11 12:53:02 +08:00
wang yan
8c155e0c50 fix quota migration still execute on launch even data sync success 
This commit is to fix the issue for the following scenario:
1, user success migrate harbor to v1.9.0 from a previous version
2, add a project, push images into the project.
3, delete images and then to delete the project.
4, re-launch harbor.

After that, it still execute the quota migration as the condition doesn't consider the deleted projects usage.
And in this case, the harbor core crashes with a duplicate sql err, and unable to launch.

[Workaroud]
Clean table of project_blob with: TRUNCATE TABLE project_blob, and re-launch harbor, wait for quota sync success.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-11 01:25:21 +08:00
stonezdj(Daojun Zhang)
a2938c5d78
Merge pull request #9274 from wy65701436/immu-refatctor 
refactor immutable dao code to align the new structure under pkg
 2019-10-10 10:38:22 +08:00
wang yan
8317100cda continue refactor API 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-10-09 23:06:35 +08:00
Wenkai Yin
a61c928e34 Check the existence of project before the next action 
Fixes #8234, check the existence of project to avoid the panic

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-10-09 16:54:10 +08:00
He Weiwei
4ce72e37c4 fix(robot): robot account improvement for policies 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-09-27 03:07:58 +00:00
wang yan
7c4fd79b5c refactor immutable dao code to align the new structure under pkg 
1, add manager
2, move model dao to /pkg/dao

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-09-26 20:35:58 +08:00
Jie Shen
673f6e6068 Fix typos in core package 
Signed-off-by: Jie Shen <drfish.me@gmail.com>
 2019-09-26 19:56:27 +08:00
Wenkai Yin(尹文开)
cabe0b6243
Merge pull request #9253 from heww/patch-blob-upload-improvement 
Patch blob upload improvement
 2019-09-26 13:59:15 +08:00
stonezdj(Daojun Zhang)
ce824a6eb9
Merge pull request #9141 from stonezdj/immutable_tag_api 
Immutable tag api
 2019-09-25 19:01:14 +08:00
He Weiwei
3e515bfabb feat(quota): skip to save blob size when quota disabled 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-09-25 09:19:20 +00:00
He Weiwei
d8c2bf6f86 fix(quota): handle range header missing in response 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-09-25 09:17:22 +00:00
stonezdj
cc22a175b9 Add immutable tag API 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-09-25 15:53:56 +08:00
Wenkai Yin
83e7213d18 Make the username required when searching user 
Make the username required when searching user and remove the support for query email

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-09-25 13:32:29 +08:00
Wenkai Yin(尹文开)
360334991e
Merge pull request #9198 from ywk253100/190923_ping 
Return the common error message when testing the webhook endpoint
 2019-09-24 18:51:21 +08:00
Wenkai Yin(尹文开)
4192a692cd
Merge pull request #9200 from ywk253100/190923_oidc_ping 
Return a common error message when testing the oidc provider
 2019-09-24 18:49:23 +08:00
Steven Zou
a73f896f23
Merge pull request #9154 from steven-zou/feature/pluggable_scanner_s2 
[stage2]support pluggable scanner
 2019-09-23 21:12:27 +08:00
Steven Zou
d616bc3509 add scan report CRUD supporting and 
- change error collection in scan job
- add dead client checking in client pool
- change key word type to interface{} for q.Query
- update bearer authorizer
- add required UT cases

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-09-23 16:21:39 +08:00
Wenkai Yin
6efdfa5fb4 Return a common error message when testing the oidc provider 
Returning a common error when failed to test the oidc provider and printing the detail in the log

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-09-23 14:43:38 +08:00
Wenkai Yin
7056d6604b Return the common error message when testing the webhook endpoint 
This commit returns a common error message when testing the webhook endpoint and prints the detail in the log for debug

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-09-23 14:38:47 +08:00
Steven Zou
0c19eba8c2 [stage2]support pluggable scanner 
- add scanner rest API v1 spec
- implement v1 client which is used to talk to scanner adapter
- adjust data/orm models
- adjust code package structure

Signed-off-by: Steven Zou <szou@vmware.com>

- implement scan client which is used to talk to scanner adapter
- implement scan job which take the work of communicating with scanner
- update scanner mgmt API routes
- add corresponding UT cases
 2019-09-23 09:37:54 +08:00
Daniel Jiang
f491061b57
Merge pull request #8440 from gklp/gklp_issue_8197_wrong_header_content_type_after_redirection 
All redirect operations should have content-type as json
 2019-09-20 17:21:01 +08:00
Daniel Jiang
f1367064fb Address review comment 
Address review comments for commit
b21f9dc6f1

and resolve conflict

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-09-20 13:42:39 +08:00
Daniel Jiang
07dd14d3b5 Generate new session ID after login 
This commit mitigates the Session Fixation issue by making sure a new
session ID is generated each time user logs in to Harbor

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-09-19 20:51:50 +08:00
Daniel Jiang
b21f9dc6f1 Support OIDC groups 
This commit enable project admin to add group as project member when
Harbor is configured against OIDC as AuthN backend.

It populates the information of groups from ID Token based on the claim
that is set in OIDC settings.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-09-19 17:49:31 +08:00
Steven Zou
4c4897aef1
Merge pull request #9134 from steven-zou/feature/pluggable_scanners 
support pluggable scanner
 2019-09-19 16:08:24 +08:00
Steven Zou
e324a4d623 support pluggable scanner 
- add DAO layer for scanner registration
- add CURD manager for scanner registration
- add API controller for plug scanner
- add REST APIs for CURD of plug scanner
- add migration sql:0011_1.10.0
- add scan interface definition (no implementations)
- add related UT cases with testify

fix #8979 #8990

Signed-off-by: Steven Zou <szou@vmware.com>
 2019-09-18 21:56:45 +08:00
wang yan
5498b5719b remove filter redeclared as imported package name in base.go 
It's introduced by https://github.com/goharbor/harbor/pull/8976

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-09-17 16:36:59 +08:00
Wang Yan
f77ce4aa3a
Merge pull request #8976 from ninjadq/add_auth_for_project_head 
Fix: Add authenticate to projects head
 2019-09-17 14:02:45 +08:00
Daniel Jiang
f36efa4dcd Add groups claim to OIDC configuration 
This commit add the new setting "oidc_groups_claim" to Harbor's
configurations.
And add "group_claim" to OIDCSetting struct.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-09-16 15:54:14 +08:00
Daniel Jiang
753219834e
Merge pull request #8960 from ninjadq/upgrade_hash_alg_for_pswd 
Upgrade hash alg for pswd
 2019-09-12 11:22:39 +08:00
DQ
ea5c27fcd5 Enhance: Upgrade encrypt alg to sha256 
previous sha1 will still used for old password

Signed-off-by: DQ <dengq@vmware.com>
 2019-09-09 21:48:21 +08:00
Wenkai Yin
3b07be5a72 Check the status behind error when trying to update the scan schedule 
Check the status behind error when trying to update the scan schedule

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-09-09 13:31:10 +08:00
Ziming Zhang
722e45b20b add swagger for tag retention 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I0f3ed8085e231868de74c273ba85946826181d5b
 2019-09-06 17:27:20 +08:00
DQ
4ac145b45b Fix: Add authenticate to projects head 
Project head only allow authenticated user to call.

Signed-off-by: DQ <dengq@vmware.com>
 2019-09-06 14:50:47 +08:00
gklp
dee3defeff refactored 
Signed-off-by: gklp <gokalpkuscu@gmail.com>
 2019-09-03 21:46:52 +03:00
wang yan
d8e17b122e add read only for quota switcher 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-09-03 14:08:39 +08:00
Wang Yan
2194834b41
Merge pull request #8910 from heww/foreign-layers 
fix(quota): correct size quota for image with foreign layers
 2019-09-03 00:29:24 +08:00
He Weiwei
f44b75f398 fix(quota): correct size quota for image with foreign layers 
1. Sync blobs from manifest for image with foreign layers.
2. Ignore size of foreign layers when compute size quota.
3. Fix repo info of artifact when upgrade from 1.8 version.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-09-02 14:10:58 +00:00
Wenkai Yin(尹文开)
7d151946e0
Merge pull request #8917 from reasonerjt/fix-create-admin-user 
Disallow creating an admin user when registration
 2019-09-02 18:43:41 +08:00
Wenkai Yin(尹文开)
d762e0730a
Merge pull request #8843 from heww/fix-chart-builder 
fix(chart,quota): fix path regexp of chart creation and deletion
 2019-09-02 15:59:18 +08:00
Iradier, AlvaroJose
bf9ac08c89 Handle error on OIDC callback 
If wrong OIDC scopes are defined, or there are some configuration errors, the OIDC callback query string might contain "error=..." with an error message. Intercept this case and show an error to the user instead of trying to exchange the token with a missing "code" parameter.

Signed-off-by: Iradier, AlvaroJose <AlvaroJose.Iradier@adidas.com>

Change error variable name

Signed-off-by: Iradier, AlvaroJose <AlvaroJose.Iradier@adidas.com>
 2019-08-30 13:44:12 +02:00
Wenkai Yin(尹文开)
8c67f71b5e
Merge pull request #8902 from wy65701436/fix-8888 
fix #8888
 2019-08-30 18:09:56 +08:00
wang yan
dd9f028fe0 fix #8888 
the image may has the same blobs as the references, which causes the artifact & blobs
can not be inserted by unique constraint

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-30 15:30:05 +08:00
Wang Yan
240b718508
Merge pull request #8887 from wy65701436/fix-8886 
fix(quota/sync) #8886
 2019-08-30 15:06:35 +08:00
wang yan
16b910e1cf fix(quota/sync) #8886 
The foreign layer won't be counted into project quota
NOTE: the foreign layer will be dumped from the registry in the migration

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-29 17:29:40 +08:00
Ziming Zhang
8fb6e2f65b verify permission of GetRetentionExecTaskLog 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I4bf4ddf3d3ed6f07a4618e242e2f3774996716d6
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-08-29 15:01:53 +08:00
Wang Yan
db5781bf78
Merge pull request #8860 from wy65701436/fix-quota-sync 
fix quota sync issues
 2019-08-29 13:45:38 +08:00
wang yan
5decb56369 update code per review comments 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-29 12:46:42 +08:00
wang yan
942e793f20 fix quota sync issues 
1, fix #8858, add retry to ping backend service
2, fix #8859, split the blobs data when larger then 65535

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-28 18:59:25 +08:00
Daniel Jiang
b6db8a8a10 Disallow creating an admin user when registration 
This commit enhance the `POST /api/users` API to block request from non-admin to create
admin user.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-08-28 18:30:27 +08:00
Qian Deng
ed54b1da45
Merge pull request #8857 from wy65701436/fix-syne-readonly 
fix quota sync read only setting
 2019-08-28 17:04:02 +08:00
Ziming
94138137d5
add valid for rule (#8846) 
Change-Id: I82215a0cf1ec32a253c8db9bfafe7e25b26c9ad9
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-08-28 16:58:49 +08:00
wang yan
19a37282c1 fix quota sync read only setting 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-28 14:53:01 +08:00
Wang Yan
87893abc5e
Merge pull request #8829 from ywk253100/190822_retry_status 
Add status revision to handle retrying in replication task
 2019-08-28 10:55:13 +08:00
Qian Deng
ea33561d95
Merge pull request #8747 from 928234269/patch1 
fixt typo "an user" to "a user"
 2019-08-27 18:26:11 +08:00
Wang Yan
be1e702d9d
Merge pull request #8787 from cd1989/core-hunging 
Fix core hung when stop problem
 2019-08-27 15:56:21 +08:00
Wenkai Yin
7924f37d86 Add status revision to handle retrying in replication task 
Add status revision to handle retrying in replication task

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-08-27 14:17:11 +08:00
He Weiwei
1d8eac8cf4 fix(chart,quota): fix path regexp of chart creation and deletion 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-27 01:04:10 +00:00
wang yan
f343b2ec45 Revise quota errors to make it more readable 
1, fix #8802, update the error formet
2, fix #8807, raise the real retag error to UI
3, fix #8832, raise the real chart error to chart client & ut

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-26 17:00:31 +08:00
Wang Yan
e7488e37b6
Merge pull request #8788 from bitsf/tag_retention_validate_model 
add tag retention model test
 2019-08-23 13:57:51 +08:00
Ziming Zhang
39db65e90f add tag retention model test 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I3f8b06b994024fe6052b0dee87600ed932edaaff
 2019-08-23 13:24:28 +08:00
mmpei
d5f87063e4
Merge branch 'master' into official-wehook-events-20190811 2019-08-22 22:07:12 -05:00
Wang Yan
35e786e54c
Merge pull request #8794 from ywk253100/190822_retry_status 
Add status revision to retention task to handle retrying
 2019-08-23 10:54:35 +08:00
peimingming
599d12a04d Fix bugs by comments for webhook 
Signed-off-by: peimingming <peimingming@corp.netease.com>
 2019-08-23 09:44:51 +08:00
cd1989
4b59346423 Exist core when signal received 
Signed-off-by: cd1989 <chende@caicloud.io>
 2019-08-23 09:34:41 +08:00
Wang Yan
299032d602
Merge pull request #8771 from wy65701436/fix-manifest-dup 
fix quota count size for same manifest in different repo
 2019-08-23 08:37:03 +08:00
wang yan
2d569192ab fix quota count size for same manifest in different repo 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-23 00:56:45 +08:00
Wenkai Yin
661470e7bc Add status revision to retention task to handle retrying 
Add status revision to retention task to handle retrying

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-08-22 20:04:25 +08:00
wang yan
83a3274a96 fix #8688 
use the docker defined error to avoid retry pushing on quota overflow

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-22 19:19:43 +08:00
Wenkai Yin(尹文开)
21f8290110
Merge pull request #8777 from heww/issue-8635 
fix(rbac): NewProjectNamespace in rbac only accept projectID
 2019-08-22 17:52:27 +08:00
wang yan
dfa4301b21 fix deleted project error when to migrate quota 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-22 14:51:26 +08:00
Wenkai Yin(尹文开)
6198ed2634
Merge pull request #8758 from heww/issue-8681 
refactor(quota,middleware): skip overflow error when subtract resources
 2019-08-22 13:54:01 +08:00
He Weiwei
8effdc6f18 fix(rbac): NewProjectNamespace in rbac only accept projectID 
Closes #8635

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-21 19:37:28 +00:00
Ziming Zhang
06e9467b06 1. remove rule none 
2. change rule orders
3. remove laber selector

Change-Id: Idc18a27cb0267f5f5c80a04b381e4a5dc6998508
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-08-21 20:24:33 +08:00
Wang Yan
c1ad0518c9
Merge pull request #8582 from ethan-daocloud/patch-1 
core/main.go: logging message correction
 2019-08-21 13:49:00 +08:00
928234269
7a4fde5ec9
fixt typo "an user" to "a user" 
Signed-off-by: 928234269 <longfei.shang@daocloud.io>
 2019-08-21 10:20:35 +08:00
He Weiwei
c22bf2539e refactor(quota,middleware): skip overflow error when subtract resources 
1. Skip overflow error when subtract resources
2. Take up resources before handle request and put it back when handle
failed for add action in quota interceptor
3. Free resources only after handle success for subtract action in quota
interceptor

Closes #8681

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-20 14:41:55 +00:00
Steven Zou
217252a097
Merge pull request #8675 from ywk253100/190814_retention_task 
Handle the retention task status updating in concurrency
 2019-08-20 17:07:21 +08:00
Steven Zou
f6067d5474
Merge pull request #8708 from bitsf/tag_retention_rule_conflict 
fix rule conflict, id error
 2019-08-20 16:45:21 +08:00
Wang Yan
92fa01d6cd
Merge pull request #8733 from ywk253100/190819_label 
Fix bug of listing tags filtered by label
 2019-08-20 14:17:41 +08:00
Wenkai Yin(尹文开)
29ab93ad9c
Merge pull request #8714 from ywk253100/190816_scheduler 
Fix bug found in scheduler
 2019-08-20 14:11:04 +08:00
Wenkai Yin(尹文开)
0086d1b211
Merge pull request #8586 from ethan-daocloud/patch-2 
project_test.go: many typos "respose" fixup
 2019-08-20 13:54:37 +08:00
Wang Yan
f930786050
Merge pull request #8725 from heww/issue-8701 
fix(quota): fix computeResources method of qutoa interceptor
 2019-08-20 11:29:59 +08:00
Daniel Jiang
f10fb67d6d
Merge pull request #8662 from stonezdj/email_sec2 
Set default email to null if not provided
 2019-08-20 09:01:50 +08:00
Wenkai Yin
a5d292c9c6 Fix bug of listing tags filtered by label 
Fixes #8249

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-08-19 16:10:16 +08:00
stonezdj
5fa8eb7854 Set default email to null if not provided 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-08-19 15:20:44 +08:00
Daniel Jiang
b3abd0316b
Merge pull request #8713 from reasonerjt/fix-8702 
Avoid overwriting system CVE whitelist by mistake
 2019-08-19 01:42:58 +08:00
He Weiwei
1bbfc023f1 fix(quota): fix computeResources method of qutoa interceptor 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-18 16:14:36 +00:00
wang yan
b9d6108624 add ping for adapter to wait for service ready 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-16 16:03:12 +08:00
wang yan
6e11ecc6fc Update codes per review comments 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-16 14:58:52 +08:00
Wang Yan
7a41d89ac8 Add quota sync api toi to sync quota data with backend storage 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-16 14:55:46 +08:00
Daniel Jiang
022d4e6ae8
Merge pull request #7462 from cd1989/enable-tags-detail-param 
List simple tags when detail set to false
 2019-08-16 14:25:29 +08:00
Wenkai Yin
5c286d799f Fix bug found in scheduler 
The scheduler hook handler doesn't parse the job status struct when handling the hook. This commit fixes it.

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-08-16 13:54:57 +08:00
Daniel Jiang
30bb2ddcdf Avoid overwriting system CVE whitelist by mistake 
Fixes #8702
Also enforce the code to mitigate the potential risk.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-08-16 13:28:16 +08:00
Ziming
c279b7f3e9
fix retention rule compute error (#8664) 
Change-Id: I16d7284b17508885e136f2d9ea5651978ba4a6d8
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-08-15 20:12:59 +08:00
Ziming Zhang
4dc6f12784 fix rule conflict, id error 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I379f3c29cee742d346fb57ade397be64fd76f59d
 2019-08-15 20:11:30 +08:00
Wenkai Yin
48b067f596 Handle the retention task status updating in concurrency 
Compare the status code when updating retention task status to avoid the concurrent issue

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-08-15 18:36:18 +08:00
Ziming Zhang
f854d4a25d add always rule again 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I34bac3b73e693b89e0b9debb28617352656ed1d9
 2019-08-15 15:26:22 +08:00
Ziming
4944799f70
Merge pull request #8651 from bitsf/remove_tagretention_always 
remove tag retention rule always
 2019-08-15 14:35:26 +08:00
Wang Yan
bf0b5a3fd0
Merge pull request #8663 from wy65701436/fix-quota-api 
Fix quota switch fail to get project size
 2019-08-15 10:49:49 +08:00
Qian Deng
4611630ab6
Merge pull request #8616 from heww/db-connection-pool 
feat(configuration,db): connection pool configs for db
 2019-08-15 09:48:20 +08:00
Daniel Jiang
b0c8561b54
Merge pull request #8189 from mmpei/8162-optimize-manifest-wait 
Optimize fetch manifest loop when handling notification
 2019-08-15 00:29:53 +08:00
Daniel Jiang
d9e1b90c5b
Merge pull request #8653 from vmlaguna/vmlaguna/template-fix 
Close <a> tag in error template
 2019-08-15 00:11:28 +08:00
wang yan
a947a4259d Fix quota switch fail to get project size 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-14 22:32:32 +08:00
Wang Yan
54cb39b7a7
Merge pull request #8655 from wy65701436/log-size 
Add log in quota size handler
 2019-08-14 16:09:45 +08:00
Pedro Laguna
3c34675e0f Close <a> tag in error template 
The error template is missing a closing <a> tag in the link to the harbor portal.

Signed-off-by: Pedro Laguna <44469313+vmlaguna@users.noreply.github.com>
 2019-08-14 08:37:44 +01:00
He Weiwei
98e1f68468 feat(configuration,db): connection pool configs for db 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-14 14:30:34 +08:00
wang yan
9601c9f206 Add log in quota size handler 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-14 14:10:09 +08:00
wang yan
838a923d23 fix code by review 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-14 12:47:12 +08:00
wang yan
9e0addee55 Enable usage sync when switch quota setting 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-08-14 12:47:12 +08:00
Ziming Zhang
d7e9924a01 remove tag retention rule always 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: Ide98d58f64596e8110fbb9eb0d73df6ccbd99c80
 2019-08-13 21:10:57 +08:00
Steven Zou
1adc3a9469
Merge pull request #8606 from ywk253100/190807_stuck 
Fix replication tasks stuck in "InProgress" issue
 2019-08-13 15:59:20 +08:00
cd1989
da370bb331 List simple tags when detail set to false 
Signed-off-by: cd1989 <chende@caicloud.io>
 2019-08-12 15:16:19 +08:00
He Weiwei
c1cea42089 feat(quota,middleware): enable or disable quota per project by config 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-12 00:02:26 +00:00
peimingming
222c47142a Add chart and scanning event for webhook 
Signed-off-by: peimingming <peimingming@corp.netease.com>
 2019-08-11 18:01:07 +08:00
Wang Yan
54a39c7159
Merge pull request #8597 from heww/size-quota 
refactor(quota,middleware): implement size quota by quota interceptor
 2019-08-09 15:44:33 +08:00
Steven Zou
d2fbb98a8d
Merge pull request #8592 from bitsf/tag_retention_conflict_rule 
check rule conflict
 2019-08-09 13:59:46 +08:00
He Weiwei
e62c29123d refactor(quota,middleware): implement size quota by quota interceptor 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-08 23:55:54 +00:00
Wenkai Yin
8777c07d47 Fix replication tasks stuck in "InProgress" issue 
Fix replication tasks stuck in "InProgress" issue

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-08-08 15:42:42 +08:00
Ziming Zhang
fb5acdc64b check rule conflict 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: Iea8c9ff4702873cb4ab3ebd943deec22bec418e6
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-08-08 14:23:53 +08:00
guanxiatao
e7fafd1941 webhook policy, job, event support 
Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>
 2019-08-07 20:30:26 +08:00
Ziming Zhang
730d95edc8 check rule conflict 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I95f7e683b30fa6059b5bb49a2fc8f78dd7276079
 2019-08-07 17:52:47 +08:00
Steven Zou
f3ba25f656
Merge pull request #8536 from bitsf/tag_retention_task_num 
add task retain num
 2019-08-07 17:39:39 +08:00
Ziming Zhang
3b62addc76 check rule conflict 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I8af648f22aa3fe76024240d322a7fdae560e3fbd
 2019-08-07 15:38:21 +08:00
ethan
f463b7c449 project_test.go: many typos "respose" fixup 
Signed-off-by: Guangming Wang <guangming.wang@daocloud.io>
 2019-08-07 13:39:05 +08:00
Wenkai Yin
216ef269b3 Populate pull/push time properties to the returning data when listing tags 
Populate pull/push time properties to the returning data when listing tags

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-08-07 11:47:05 +08:00
Wenkai Yin(尹文开)
556e07f0c4
Merge pull request #8551 from nlowe/feat/retention/GH-8548-Pulled-in-the-last-N-Days 
Retention: New Evaluator: Pulled within the last N Days
 2019-08-07 11:37:46 +08:00
Qian Deng
635066da92
Merge pull request #8466 from reasonerjt/remove-clair-notification 
Remove clair notifier
 2019-08-07 10:53:35 +08:00
Nathan Lowe
9a7df265ce
Retention: New Evaluator: Pulled within the last N Days 
Signed-off-by: Nathan Lowe <public@nlowe.me>
 2019-08-06 22:28:28 -04:00
Wenkai Yin(尹文开)
ec4fa753d7
Merge pull request #8552 from nlowe/feat/retention/GH-8549-Pushed-in-the-last-N-Days 
Retention: New Evaluator: Retain Images pushed within N days
 2019-08-07 09:55:05 +08:00
ethan
edd102c3b7
core/main.go: logging message correction 
Signed-off-by: ethan <guangming.wang@daocloud.io>
 2019-08-06 21:56:18 +08:00
Ziming Zhang
498a813299 retain nothing rule 
Change-Id: I4e7a4ecb40fe39b80e41a6d9bf8b5fb3968a41af
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-08-06 15:10:27 +08:00
Nathan Lowe
756352d271
Add metadata for daysps to the API for the UI 
Signed-off-by: Nathan Lowe <public@nlowe.me>
 2019-08-05 20:08:34 -04:00
Daniel Jiang
eec4fc2798 Remove clair notifier 
The way Harbor handles notification is problematic.
It currently triggers rescan, which will cause problem when there are
lot of images in the registry.
Such as #7316
This commit removes the notifier and we need to revisit the notification
to figure out how to map the notification to a particular image if need
the notification mechanism in future.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-08-06 01:58:15 +08:00
Ziming Zhang
3a80123a82 1. remove rule always 
2. update i18n

Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I0e2394f0a6b283d0efef7a44ed2d4afb9745eabd
 2019-08-05 17:59:00 +08:00
Ziming Zhang
026aee75d9 add task retain num 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I2f8b89454fe3bb9b56af237048c9e2b90783f434
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-08-05 17:57:09 +08:00
Ziming Zhang
decffdd6a4 add total page num for tag retention 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I58a250dbb643f6949c1e34aa3a84a01dc3e0b285
 2019-08-02 14:43:52 +08:00
He Weiwei
9778954852 feat(quota,middleware): image count quota support 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-01 14:48:59 +08:00
He Weiwei
8cc9314984
feat(helm-chart,quota): count quota support for helm chart (#8439) 
* feat(helm-chart,quota): count quota support for helm chart

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-07-31 16:48:40 +08:00
wang yan
4410cc93f9 add internal reg request handler chain 
this is for internal registry api call, the request should be intercpeted by quota middlerwares, like retag and delete.
Note: The api developer has to know that if the internal registry call in your api, please consider to use
NewRepositoryClientForLocal() to init the repository client, which can handle quota change.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-30 19:39:56 +08:00
Ziming
a5c31d7160
Merge pull request #8456 from ywk253100/190729_scheduler 
Register the scheduler job and fix bugs
 2019-07-30 08:57:10 +08:00
Steven Zou
4bf7f7b3e4
Merge pull request #8445 from steven-zou/fix/tag_retention 
refactor index registering processes
 2019-07-30 07:58:14 +08:00
Wenkai Yin
94c1cf8ac9 Register the scheduler job and fix bugs 
1. Register the scheduler job
2. Fix retention bugs

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-07-30 07:37:47 +08:00
Wenkai Yin(尹文开)
c99f12fe33
Merge pull request #8444 from bitsf/tag_retention_exec_status 
get execution status on the fly
 2019-07-29 17:08:37 +08:00
Wang Yan
ca20281b35
Merge pull request #8438 from wy65701436/fix-quota-bug 
Fix logic error in quota middlewware on handling failure response
 2019-07-29 16:02:57 +08:00
Ziming Zhang
ba47b4c00f get execution status on the fly 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: Iefcf8946d7a2c7a27bc22bd326ee9723b4b79c66
 2019-07-29 14:48:39 +08:00
Steven Zou
6479a22a08 refacor index registering processes 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-07-29 14:01:47 +08:00
wang yan
1975f4a71d Fix logic error in quota middlewware on handling failure response 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-28 12:37:58 +08:00
wang yan
a23ff4e448 Update pull time in artifact table for docker image pull 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-28 12:30:20 +08:00
Ziming Zhang
83b045f5ec add ut for tag retention controller 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
Change-Id: I1469ee13675537ec389a068e4bc29e457b402fa4
 2019-07-26 17:55:11 +08:00
Wenkai Yin(尹文开)
d45674960f
Merge pull request #8417 from goharbor/project-quota-dev 
Add feature project quota dev
 2019-07-26 15:41:09 +08:00
wang yan
54101180ae Update log level for init proxy 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-26 13:39:06 +08:00
He Weiwei
c566a48880 fix(api,project): fix repo, chart count missing in project summary 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-07-26 13:15:44 +08:00
wang yan
676b922c95 merge with latest master code with quota branch 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-26 01:32:45 +08:00
Wang Yan
b9ea3731f7
Merge pull request #8350 from wy65701436/blob-flow-dev 
Add size middleware to support quota
 2019-07-26 01:25:40 +08:00
Wang Yan
1dfc47d24e Add size middleware to support quota 
[Add]:
1, size middleware for quota size
2, count middleware for quota artifact count

[Support]:
1, put, patch, mount blob
2, put manifest

[Refactor]:
1, Add handle response for middlerware
2, Remove the modifyResponse for registry proxy
3, Use the custom response writer to recored status

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-26 00:28:36 +08:00
Wenkai Yin
2e9521ad45 Support to stop one execution of retention 
Support to stop one execution of retention

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-07-25 16:48:00 +08:00
He Weiwei
f3a2280033
Merge pull request #8384 from heww/quota-apis 
feat(quota,api): APIs for quotas
 2019-07-25 15:19:46 +08:00
He Weiwei
e625f2aa11 feat(quota,api): APIs for quotas 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-07-25 13:40:26 +08:00
Steven Zou
584dcd8571 support dry run of retention 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-07-25 12:53:19 +08:00
wang yan
4763864dae merge with latest master code with quota feature branch 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-24 08:47:05 -07:00
Steven Zou
c44747fd3c merge code from master and fix conflicts 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-07-24 17:27:37 +08:00
Wenkai Yin(尹文开)
cd411f6588
Merge pull request #8385 from ywk253100/190724_task_hook 
Implement the webhook handler for retention task
 2019-07-24 17:22:57 +08:00
Ziming
43c2af9857 map retention with policy (#8313) 
Signed-off-by: Ziming Zhang <zziming@vmware.com>

Implement the API and controller of tag retention
 - API handler
 - retention controller
 - dao
 2019-07-24 17:22:26 +08:00
Wenkai Yin
e2808f12cf Implement the webhook handler for retention task 
Implement the webhook handler for retention task

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-07-24 14:32:05 +08:00
He Weiwei
ce58c58c01 feat(quota,api): quota support for create project API 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-07-24 01:02:51 +08:00
Wenkai Yin
7362fae7cc Implement a common scheduler 
Implement a common scheduler that can be used globally

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-07-23 17:20:31 +08:00
wang yan
2292954a31 Merge branch 'master' of https://github.com/goharbor/harbor into project-quota-dev 2019-07-22 15:46:09 +08:00
Wang Yan
e8565a4539
Merge pull request #8335 from reasonerjt/add-oidc-ping-api 
Add API to ping OIDC endpoint
 2019-07-22 14:30:24 +08:00
Wang Yan
834e604ec0
Merge pull request #8246 from ninjadq/fix_chart_museum_500_error 
Fix: Internal server error with messy code when chartmuseum not work
 2019-07-22 11:07:55 +08:00
Steven Zou
deb021eb48 rebase and fix name conflicts among packages and vars 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-07-19 22:37:54 +08:00
Wenkai Yin
ddbde72d2e Move the pkg manager/controller declaration to the api package 
Move the pkg manager/controller declaration to the api package to avoid the dependency cycle

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-07-19 17:21:58 +08:00
Steven Zou
f0ea62caa9 Merge branch 'feature/tag_retention' into feature/tag_retention-performer 2019-07-19 16:00:13 +08:00
Steven Zou
c2b5d95e02 implement retain action performer 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-07-19 15:59:21 +08:00
Wenkai Yin
5f1d2bd644 Fix package import cycle issue 
Fix package import cycle issue

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-07-19 13:50:55 +08:00
He Weiwei
9c9b8d3a6d Merge branch 'master' into project-quota-dev 2019-07-19 10:02:51 +08:00
Daniel Jiang
96e2e0b145 Add API to ping OIDC endpoint 
This commit adds an API to help admin verify the OIDC endpoint is a
valid one.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-07-18 19:32:12 +08:00
stonezdj
13772b859e Fix OnBoardGroup issue 
Signed-off-by: stonezdj <stonezdj@gmail.com>

Fix issue when adding a HTTP user group to a project member, returns HTTP 500 error.
 2019-07-18 19:19:09 +08:00
Steven Zou
746d082e2e Merge branch 'master' into feature/tag_retention 2019-07-18 10:40:49 +08:00
Wenkai Yin(尹文开)
a64e089773
Merge pull request #8210 from stonezdj/http_group_dao2 
Add HTTP group support
 2019-07-17 15:22:36 +08:00
DQ
af58195a29 Fix: Internal server error with messy code when chartmuseum not work 
log err when doesn't get data from chart museum

Signed-off-by: DQ <dengq@vmware.com>
 2019-07-17 15:14:50 +08:00
Wenkai Yin
d6c6231e08 Implement the retention client 
Implement the retention client

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-07-17 14:04:29 +08:00
stonezdj
bb2ae7c093 Add HTTP group feature 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-07-16 15:38:46 +08:00
Ziming Zhang
c22c38994a retention api 
Change-Id: I70f2c34d6bb96ecf4cb5359e2b1ab2dbb99fdbf9
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-07-16 15:06:37 +08:00
Wang Yan
8ac6bdbbb0 Add quota workflow for quota 
1, apply count for manifest if it's a new image
2, insert data for artifact and artifact_blob

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-16 14:48:05 +08:00
wang yan
f066d986b9 merge with latest master code 2019-07-11 20:21:15 +08:00
Wenkai Yin
91b050a01b Implement the launcher 
The commit implements the launcher for tag retention

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-07-11 17:18:46 +08:00
Wenkai Yin(尹文开)
3bebf7bc64
Merge pull request #8238 from reasonerjt/project-cve-whitelist 
Enable project level CVE whitelist
 2019-07-10 14:41:01 +08:00
wang yan
6d0271ee5c Merge branch 'master' of https://github.com/goharbor/harbor into project-quota-dev 2019-07-10 10:57:10 +08:00
wang yan
7b38389898 update codes per review comments 
Signed-off-by: wang yan <wangyan@vmware.com>

fix middlewares per review comments
1, add scheme1 and scheme2 check
2, change MustCompile to Compile

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-09 11:08:19 +08:00
wang yan
b3c5137a2f add copyright and fix codecy 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-09 11:08:19 +08:00
wang yan
57821b1b4c Refactor interceptors code with chain 
1, add a blob inteceptors for quota usage
2, add a manifest inteceptors for quota usage

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-07-09 11:08:11 +08:00
Daniel Jiang
8f5f0031c7 Enable project level CVE whitelist 
This commit update the project API to support "reuse_sys_cve_whitelist"
setting in project metadata and "cve_whitelist" in project request.
Also modify the interceptor to support project level CVE whitelist if
the reuse flag is false.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-07-08 18:55:54 +08:00
Daniel Jiang
c296f0ddfb
Merge pull request #8176 from stonezdj/http_group 
Refactor LDAP usergroup
 2019-07-08 09:54:31 +08:00
stonezdj
c0ed55445d Refactor LDAP group 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-07-05 14:44:18 +08:00
Daniel Jiang
8a9d352f54 Handle helm push in OIDC filter 
Fixes #8130
Enable OIDC filter to handle requests to /api/chartrepo/*

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-07-03 17:29:37 +08:00
Daniel Jiang
5d887ad0d8
Merge pull request #8179 from reasonerjt/interceptor-use-whitelist 
Apply CVE white list in interceptor
 2019-07-03 15:12:33 +08:00
Daniel Jiang
bba4b2a6a4 Apply CVE white list in interceptor 
Interceptor will filter the vulnerability in whitelist while calculating
the serverity of an image and determine whether or not to block client
form pulling it.

It will use the system level whitelist in this commit, another commit
will switch to project level whitelist based on setting in a project.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-07-03 14:13:00 +08:00
Daniel Jiang
6f166bc02c
Merge pull request #8154 from markpeek/markpeek-registry-health-check 
Switch registry health check to a 200 response url
 2019-07-03 10:29:35 +08:00
He Weiwei
720dcc72bd Fix read permission of project member read api 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-07-02 14:40:46 +08:00
mmpei
5dfc3f2402 Optimize fetch manifest loop when handling notification 
Signed-off-by: mmpei <peimingming@corp.netease.com>
 2019-07-01 17:54:52 +08:00
Steven Zou
5521b7b7ad
Merge pull request #7915 from bitsf/replication_ecr_1.9 
aws driver for replication
 2019-06-27 11:24:54 +08:00
Wenkai Yin(尹文开)
fce920bbee
Merge pull request #8075 from reasonerjt/sys-vuln-whitelist-api 
API for system level vulnerability whitelist
 2019-06-27 10:53:09 +08:00
Mark Peek
3cae31da54 Switch registry health check to a 200 response url 
The health check for the registry was using "/v2" which returned an
unauthorized response and put additional errors in the logs. Switch
to using "/" which returns an OK response with reduced logging.

Signed-off-by: Mark Peek <markpeek@vmware.com>
 2019-06-26 14:23:08 -07:00
Daniel Jiang
4aca812ff2 API for system level vulnerability whitelist 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-06-26 23:35:40 +08:00
Ziming Zhang
072bdd101b aws driver for replication 
Change-Id: I8792ffce2eaa5975359bb6159a1ba7b85926a925
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-06-25 19:11:27 +08:00
guanxiatao
b40ee6edc9 Set Event.Type value to event.EventTypeImageDelete instead of event.EventTypeImagePush when deleting 
Signed-off-by: guanxiatao <guanxiatao@corp.netease.com>
 2019-06-20 09:39:45 +08:00
Steven Zou
9bac5e602d
Merge pull request #8030 from ywk253100/190605_replication_bugfix 
Fix replication bug
 2019-06-13 19:12:29 +08:00
Wenkai Yin
5fef7585c7 Fix replication bug 
Fixes #7875, fixes #7968

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-06-13 17:17:29 +08:00
Daniel Jiang
c928924fa5
Merge pull request #8003 from reasonerjt/bump-up-go112 
Bump up to go 1.12.5 enable go.mod
 2019-06-11 13:21:32 +08:00
wang yan
a4b202d656 remove the id in the post body when to create a robot account 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-06-11 10:47:56 +08:00
Daniel Jiang
737eaa396c Bump up to go 1.12.5 enable go.mod 
This commit bumps up the version of Go to compile the code to v1.12.5,
and shifts to go.mod for managing depedency.
Some code from "harbor/tests" to "harbor/src/testing" to avoid depedency
loop of modules.

Note that in short term we will still vendor the dependency.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-06-11 00:42:20 +08:00
Qian Deng
592e40bacf
Merge pull request #7859 from wy65701436/return-robot-id 
Return account id when to issue a robot
 2019-05-29 10:55:20 +08:00
wang yan
15ca9bfb81 Add ensure settings when to search user in auth proxy 
This issue is regresssion that introduced by f92bc8076d (diff-42381e6df5f17ebd3d9165a325d5d8f4), the a.ensure() was removed from SearchUser(), which leads to the alwaysonboard cannot be updated.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-05-22 17:16:16 +08:00
wang yan
056cfc7e31 Return account id when to issue a robot 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-05-22 10:39:26 +08:00
wang yan
2068732eef add validation for robot account registration 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-05-15 15:03:35 +08:00
Wang Yan
3be14b7997
fix issue7793: ping ldap server is always success (#7795) 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-05-15 11:35:57 +08:00
Wenkai Yin
e399ffca54
Merge pull request #7799 from reasonerjt/oidc-onboard-user-name 
Set the real name of OIDC user when onboarding
 2019-05-15 11:35:42 +08:00
Daniel Jiang
5f11dbe675 Set the real name of OIDC user when onboarding 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-05-15 00:44:51 +08:00
stonezdj
99c0a5a498 fix issue7793: ping ldap server is always success 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-05-14 19:20:54 +08:00
Qian Deng
f607c5177d Fix frontend failure caused by absolute path 
Fix failures because front downlowd chart using relative path

Signed-off-by: Qian Deng <dengq@vmware.com>
 2019-05-14 13:22:06 +08:00
Qian Deng
cd6c5a9f10 Enable absolute url in helm chart 
assign public_url to chart-url
remove namespace merge in index.yaml

Signed-off-by: Qian Deng <dengq@vmware.com>
 2019-05-14 12:56:20 +08:00
Daniel Jiang
e963ee88c7 Update login controller to return 403 for redirection 
As the UI cannot handle 302, update the login controller to return 403
and put the redirection URL in a json response body.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-05-13 18:16:06 +08:00
Daniel Jiang
d81afe274c Add filter to handle request with ID token (#7759) 
This commit allows request with a valid ID token to access the API.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-05-10 16:58:25 +08:00
Wenkai Yin
8348c1fa4b
Merge pull request #7635 from heww/validation-failed-status-code 
Return 400 status code for validation failed
 2019-05-10 14:22:05 +08:00
He Weiwei
58cbaaace8 Return 400 status code for validation failed 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-05-10 10:35:25 +08:00
Wang Yan
774a9f8d75
Remove unused configure item cfg_expiration (#7744) 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-05-09 22:07:18 +08:00
wang yan
5c12c7713d Return 200 when to post an none schedule 
1, Throw the error of job service to UI when to create job schedule.
2, Return 200 when to save none without schedule.

Fixed #7675

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-05-09 13:32:46 +08:00
Daniel Jiang
cbbf2ea973 Redirect regular user to OIDC login page (#7717) 
When the auth mode is OIDC, when a user login via Harbor's login form.
If the user does not exist or the user is onboarded via OIDC, he will be
redirected to the OIDC login page.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-05-09 10:53:40 +08:00
Wang Yan
095f7b2ff7
add scan all and gc schedule migration (#7628) 
* add scan all and gc schedule migration

Signed-off-by: wang yan <wangyan@vmware.com>

* Fix gofmt errors

Signed-off-by: wang yan <wangyan@vmware.com>

* Update code according to review comments

Signed-off-by: wang yan <wangyan@vmware.com>

* remove convertschedule return name just return value

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-05-08 19:11:33 +08:00
Daniel Jiang
58aed3dde9
Merge pull request #7707 from renmaosheng/harbor-6838 
Don't display password when calling api/users API.
 2019-05-08 12:50:39 +08:00
Steven Ren
8311ff729a Don't display password when calling api/users API. 
This change fixes github issue 6838

Signed-off-by: Steven Ren <stevenr@stevenr-a01.vmware.com>
 2019-05-07 18:40:36 +08:00
wang yan
ab08a576e4 add multiple manifest intercepetor handler 
1, Add a interceptor to block request to upload manifest list
2, Discard notiification without tag.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-05-07 16:10:09 +08:00
Wenkai Yin
d27a6c0335 Fix a few bugs of replication (#7619) 
1. handle the public/private property when creating the projects
2. extend the length of access_secret
3. update the task status by using orm functions

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-05-07 10:47:14 +08:00
stonezdj(Daojun Zhang)
86bfd7a733 fix issue7637: /api/systeminfo cannot return 500 when DB is down (#7650) 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-05-07 10:36:10 +08:00
Qian Deng
210081604c
Merge pull request #7648 from reasonerjt/rm-index-controller 
Remove IndexController
 2019-05-06 18:29:14 +08:00
Daniel Jiang
45210f7c40 Fix condition for OIDC security filter (#7645) 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-05-06 16:30:09 +08:00
Daniel Jiang
28871b78ae Remove IndexController 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-05-06 14:04:06 +08:00
Daniel Jiang
6c3df3c8ce Disable CA download when hosted via HTTP 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-05-06 11:14:39 +08:00
Wenkai Yin
12d58370ad
Merge pull request #7503 from ywk253100/190424_stop_execution 
Check the task status of execution whose status is running when deleting the policy
 2019-04-30 11:28:49 +08:00
wang yan
02c7cbeec2 Fix get log issue of Periodic job 
Use the latest error or success execution as the periodic job log

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-29 15:30:05 +08:00
Wenkai Yin
7e4c227318 Check the task status of execution whose status is running when deleting the policy 
Check the task status of execution whose status is running when deleting the policy

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-29 15:04:41 +08:00
Daniel Jiang
56c7d55c73
Merge pull request #7593 from reasonerjt/ext-url-systeminfo 
Add Ext URL to response of systeminfo API
 2019-04-29 14:51:40 +08:00
Wenkai Yin
c53d73775a
Merge pull request #7590 from reasonerjt/oidc-wrong-secret-err 
Return more details for error in exchange token
 2019-04-29 14:22:37 +08:00
Daniel Jiang
02cf75c142 Add Ext URL to response of systeminfo API 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-29 13:31:52 +08:00
wang yan
2b99e148d9 Add gc parameters when to update gc schedule 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-28 18:17:08 +08:00
Wang Yan
c26f655bce
add periodic job UUID to upstream job id and use execution log as the… (#7530) 
* add periodic job UUID to upstream job id and use execution log as the periodic log

Signed-off-by: wang yan <wangyan@vmware.com>

* add comments to fix codacy

Signed-off-by: wang yan <wangyan@vmware.com>

* Update code per comments

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-28 15:09:56 +08:00
Wenkai Yin
7af679af7e
Merge pull request #7567 from reasonerjt/oidc-google-refresh-token 
Persist the new token in DB after login
 2019-04-28 14:12:25 +08:00
Daniel Jiang
80176cc354 Check whether user is nil in Prepare() of users API (#7507) 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-28 14:06:35 +08:00
Daniel Jiang
15626fcae0 Return more details for error in exchange token 
This commit update the response off OIDC callback when there's error in exchange token.
Additionally add comments to clarify that by default 500 error will not
contain any details.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-28 13:41:53 +08:00
Wenkai Yin
2a463016a9 Upgrade the distribution and notary library (#7516) 
* Return 404 when the log of task doesn't exist

Return 404 when the log of task doesn't exist

Signed-off-by: Wenkai Yin <yinw@vmware.com>

* Upgrade the distribution and notary library

Upgrade the distribution library to 2.7.1, the notary library to 0.6.1

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-28 12:00:26 +08:00
Daniel Jiang
473fed5689 Persist the new token in DB after login 
This commit make sure the token is persist to DB after every time after
a user logs in via OIDC provider, to make sure the secret is usable for
the OIDC providers that don't provide refresh token.

It also updates the authorize URL for google to make sure the refresh
token will be returned.

Also some misc refinement included, including add comment to the
OIDC onboarded user, preset the username in onboard dialog.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-27 23:03:59 +08:00
Daniel Jiang
b9f5f1027c
Merge pull request #7504 from reasonerjt/reload-auth-proxy-cert-verify 
Update Transport of HTTP cient in auth proxy client
 2019-04-26 23:24:33 +08:00
Daniel Jiang
07d15a8553 Update Transport of HTTP cient in auth proxy client 
This commit ensures that the TLS config of the HTTP client for auth
proxy is updated when the configuration is changed.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-26 18:39:28 +08:00
Wenkai Yin
6511417ba6
Merge pull request #7495 from stonezdj/const_debts 
Replace string with const in metadatalist.go
 2019-04-25 17:41:04 +08:00
stonezdj
504eab56c3 Replace string with const in metadatalist.go 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-04-25 17:01:43 +08:00
Wenkai Yin
66087aac82
Merge pull request #7493 from stonezdj/tech_debts 
Remove adminserver in sourcecode
 2019-04-24 16:24:59 +08:00
Steven Zou
9bd2de3e35
Merge pull request #7452 from steven-zou/fix_issues_for_jobservice 
Fix issues for jobservice
 2019-04-24 16:15:43 +08:00
Wenkai Yin
d8310cc708 Fix replication bugs (#7470) 
1. Only return the event based trigger for local Harbor
2. Valid the trigger pattern and cron string when creating/updating policies
3. Set the schema as "http" if it isn't specified when creating/updating registries

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-23 19:34:29 +08:00
Steven Zou
823d9c04a9
Merge pull request #7497 from wy65701436/fix-replc-500 
refine chart clint http response
 2019-04-23 19:30:36 +08:00
wang yan
0d563fda9c refine chart clint http response 
Chart client eats the http error if not status ok, after refactor, the
real http response will be catched in core api.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-23 18:22:23 +08:00
Steven Zou
69d9a28860
Merge pull request #7482 from wy65701436/chart-upload 
Fix chart upload issue on event based
 2019-04-23 17:33:08 +08:00
stonezdj(Daojun Zhang)
e4506604e2 fix error message (#7459) 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-04-23 15:53:34 +08:00
stonezdj
d7798a12d2 Remove adminserver in sourcecode 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-04-23 15:05:29 +08:00
wang yan
a3763466b3 Update err message to general information 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-23 10:57:31 +08:00
wang yan
1b4c75af25 Add event into upload ctx 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-23 10:57:31 +08:00
wang yan
df6e0600c9 Fix chart upload issue on event based 
Use chart API to load the uploaded chart file to get the name and version

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-23 10:57:31 +08:00
Steven Zou
3937c8b0dc Merge branch 'master' into fix_issues_for_jobservice 2019-04-22 19:26:51 +08:00
Daniel Jiang
1fdc2e6ba9 Provide API to generate CLI secret 
This commit provide an API to allow a user that is onboarded via OIDC
authn update his CLI secret.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-22 13:34:12 +08:00
Steven Zou
8e734407c0 Merge branch 'master' into fix_issues_for_jobservice 2019-04-19 21:15:21 +08:00
Steven Zou
e92164c886
Merge pull request #7442 from ywk253100/190418_replication_bug_fix 
Fix bug in replication
 2019-04-19 17:04:34 +08:00
stonezdj(Daojun Zhang)
36d13e8243
Merge pull request #7328 from stonezdj/debts 
Fix issue 6450 Test LDAP server error without save configuration
 2019-04-19 16:51:57 +08:00
Daniel Jiang
6b45b5ef7c
Merge pull request #7451 from reasonerjt/oidc-logout 
Skip verifying OIDC token for local user
 2019-04-19 14:55:26 +08:00
Steven Zou
f8feaa192e add get scheduled and periodic executions APIs 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-04-19 13:54:23 +08:00
Wenkai Yin
cf5cd5902f Fix bug in replication 
1. Fix bug when creating the namespace
2. Keep the same logic for hiding access secret
3. Filter only push mode policies for event trigger

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-19 13:34:04 +08:00
Daniel Jiang
5292aea89e Skip verifying OIDC token for local user 
If a user does not have OIDC meta data in DB, it means he's not
onboarded via OIDC authn, hence, we should not check the token.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-19 13:07:06 +08:00
Wenkai Yin
059b75e97c
Merge pull request #7392 from reasonerjt/oidc-logout 
Handle OIDC user invalidation from OIDC provider.
 2019-04-19 12:46:36 +08:00
Daniel Jiang
239b33c5fb Handle OIDC user invalidation from OIDC provider. 
Ths commmit ensures that when user's token is invalidated OIDC provider, he
cannot access protected resource in Harbor with the user info in his session.
We share the code path with secret verification b/c the refresh token
can be used only once, so it has to be stored in one place.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-19 01:27:31 +08:00
Steven Zou
1f481e492c Refactor job servcie primary logic to fix related bugs 
Signed-off-by: Steven Zou <szou@vmware.com>
 2019-04-18 16:02:49 +08:00
stonezdj
41a574e55c Fix issue 6450 Test LDAP server error without save configuration 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2019-04-18 14:24:21 +08:00
Wenkai Yin
a5cc228781
Merge pull request #7420 from ywk253100/190417_revert_local_harbor 
Update the migration sql
 2019-04-17 19:58:31 +08:00
wang yan
ddec7bd645 fix error handlering in job notification 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-17 18:19:01 +08:00
wang yan
e017294f71 merge with master latest 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-17 17:52:39 +08:00
Wenkai Yin
547c2337de Update the migration sql 
1. Update the migration sql
2. Rename the ResourceRepository from repository to image

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-17 17:18:03 +08:00
Wang Yan
a6af9e9972
Support well-formatted error returned from the REST APIs. (#6957) 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-17 16:43:06 +08:00
Wenkai Yin
6e0d892963 Support creating project with service account 
This commit introduces a solution to workaround the restriction of project creation API: only normal users can create projects

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-17 14:50:32 +08:00
Wenkai Yin
3f7884d9d2 Revert "Add new registry type: LocalHarbor" 
This reverts commit 94cacf762a.

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-17 14:50:24 +08:00
Wenkai Yin
94cacf762a Add new registry type: LocalHarbor 
The "LocalHarbor" is the type of registry where the replication service is running on

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-16 11:42:36 +08:00
Wenkai Yin
2f1d2257d5 Remove the namespace concept in replication 
Update the replication logic to remove the "namespace"

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-16 08:36:42 +08:00
wang yan
7a373c2eed Add event trigger to helm upload/deletion replication 
Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-15 19:02:33 +08:00
Wenkai Yin
ba038eb883 Support replication all projects in Harbor 
Support replication all projects in Harbor

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-13 20:23:19 +08:00
Wenkai Yin
c222f18fa7 Update replication 
1. Refine the health check of docker hub
2. Remove the GetNamespace method from adapter interface

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-13 15:20:06 +08:00
Daniel Jiang
f92bc8076d "Skip verify cert" to "verify cert" 
This commit tweaks the attribute for auth proxy mode and OIDC auth mode.
To change it from "Skip verify cert" to "verify cert" so they are more
consistent with other modes.
Additionally it removes a workaround in `SearchUser` in auth proxy
authenticator.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-12 23:25:54 +08:00
Wenkai Yin
1d16e18dff Remove "ng" from source code 
Remove "ng" from source code

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-12 22:42:27 +08:00
cd1989
8ca5e17c58 Correct some typos and do some small adjustments 
Signed-off-by: cd1989 <chende@caicloud.io>
 2019-04-12 21:17:33 +08:00
cd1989
a9fa22269c Check health status when add/update registry 
Signed-off-by: cd1989 <chende@caicloud.io>
 2019-04-12 17:29:05 +08:00
Wenkai Yin
188d66d875
Merge pull request #7350 from ywk253100/190411_bugfix 
Fix bug of replication
 2019-04-12 08:22:59 +08:00
Wenkai Yin
bc0123662b Fix bug of replication 
1. check the disable/enable status before starting the replication
2. process the support_namespace property

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-12 07:59:57 +08:00
Wenkai Yin
1f574e7d10
Merge pull request #7354 from wy65701436/replication_ng_namespace 
Add api to get namespaces of registry
 2019-04-11 23:44:24 +08:00
wang yan
117c36d52c Add api to get namespaces of registry 
To query the namespace of the registry according to its ID.

Signed-off-by: wang yan <wangyan@vmware.com>
 2019-04-11 23:17:33 +08:00
Wenkai Yin
a2fcb41b31 Fix bug in ping registry API 
Fix bug in ping registry API: accept both ID and other properties

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-11 18:00:44 +08:00
Daniel Jiang
763c5df010 Add UT 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-11 15:30:19 +08:00
Wenkai Yin
b73acde051 Support the migration for scheduled replication rule from previous version of Harbor 
Support the migration for scheduled replication rule from previous version of Harbor

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-11 13:14:32 +08:00
Wenkai Yin
5a047a7eb6 Update the adapter interface 
Add ConvertResourceMetadata and PrepareForPush methods

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-10 23:37:11 +08:00
Daniel Jiang
0d18e6c82f Update according to comments 
For more context see PR #7335

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-10 19:38:12 +08:00
Daniel Jiang
0a2343f542 Support secret for docker CLI 
As CLI does not support oauth flow, we'll use secret for help OIDC user
to authenticate via CLI.
Add column to store secret and token, and add code to support
verify/refresh token associates with secret.  Such that when the user is
removed from OIDC provider the secret will no longer work.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-10 19:38:11 +08:00
Daniel Jiang
08e00744be Fix misc bugs for e2e OIDC user onboard process 
This commit adjust the code and fix some bugs to make onboard process
work.
Only thing missed is that the UI will need to initiate the redirection,
because the request of onboarding a user was sent via ajax call and didn't
handle the 302.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-04-10 19:38:11 +08:00
Wenkai Yin
5a65480594 Handle the policy from previous versions 
Handle the policy from previous versions

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-04-09 17:43:07 +08:00
Wenkai Yin
7ff46acd25
Merge pull request #7289 from cd1989/add-registry-ping 
Add registry ping API
 2019-04-08 14:08:53 +08:00
cd1989
5a2d03593f Add helth check method to registry adapter 
Signed-off-by: cd1989 <chende@caicloud.io>
 2019-04-08 10:03:28 +08:00