* registryctl/api/registry/blob: fix dropped test error (#19721)
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
* Remove robot account update quota permission (#19819)
Signed-off-by: Yang Jiao <yang.jiao@broadcom.com>
Co-authored-by: Yang Jiao <yang.jiao@broadcom.com>
* Cache image list with digest key (#19801)
fixes#19429
Signed-off-by: stonezdj <daojunz@vmware.com>
Co-authored-by: stonezdj <daojunz@vmware.com>
* Add quota permissions testcase (#19822)
Signed-off-by: Yang Jiao <yang.jiao@broadcom.com>
Co-authored-by: Yang Jiao <yang.jiao@broadcom.com>
* deprecate gosec in makefile (#19828)
remove the unused the part from makefile
Signed-off-by: wang yan <wangyan@vmware.com>
* Add verification that robot account duration is not 0 (#19829)
Signed-off-by: Yang Jiao <yang.jiao@broadcom.com>
* fix artifact page bug (#19807)
* fix artifact page bug
* update testcase
* Upgrade to distribution (registry) v3 alpha
This includes all the benefits of the v3 distribution, but also all breaking changes.
Most notably, Image Manifest v2 Schema v1 support has been dropped, as well as the `oss` and `swift` storage drivers.
Currently, this still relies on v2's github.com/docker/distribution/registry/client/auth/challenge, because that code has been removed from the public API in v3.
Signed-off-by: Aaron Dewes <aaron.dewes@protonmail.com>
---------
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
Signed-off-by: Yang Jiao <yang.jiao@broadcom.com>
Signed-off-by: stonezdj <daojunz@vmware.com>
Signed-off-by: wang yan <wangyan@vmware.com>
Signed-off-by: Aaron Dewes <aaron.dewes@protonmail.com>
Co-authored-by: Lars Lehtonen <lars.lehtonen@gmail.com>
Co-authored-by: Yang Jiao <72076317+YangJiao0817@users.noreply.github.com>
Co-authored-by: Yang Jiao <yang.jiao@broadcom.com>
Co-authored-by: stonezdj(Daojun Zhang) <stonezdj@gmail.com>
Co-authored-by: stonezdj <daojunz@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Co-authored-by: ShengqiWang <124650040+ShengqiWang@users.noreply.github.com>
* add permission validation for robot creating and updating.
It is not allowed to create an new robot with the access outside the predefined scope.
Signed-off-by: wang yan <wangyan@vmware.com>
* Fix robot testcase and update robot permission metadata (#167)
1. Fix robot testcase
2. update robot permission metadata
Signed-off-by: Yang Jiao <jiaoya@vmware.com>
Signed-off-by: wang yan <wangyan@vmware.com>
---------
Signed-off-by: wang yan <wangyan@vmware.com>
Signed-off-by: Yang Jiao <jiaoya@vmware.com>
Co-authored-by: Yang Jiao <72076317+YangJiao0817@users.noreply.github.com>
The permission api targets to return the full set of permissons for robot to use.
And only system and project admin have the access
Signed-off-by: wang yan <wangyan@vmware.com>
Check username when creating user by API
Replace comma with underscore in username for OnboardUser
Fixes#19356
Signed-off-by: stonezdj <daojunz@vmware.com>
Nydus images are compatible with both docker scheme v2 and OCI image spec v1
types of config media type:
- application/vnd.oci.image.config.v1+json
- application/vnd.docker.container.image.v1+json
The patch fixes the media type recognition on the accessory type check.
Signed-off-by: Yan Song <yansong.ys@antgroup.com>
Co-authored-by: MinerYang <yminer@vmware.com>
In certain cases, the OCI client may push the subject artifact and accessory in either order.
Therefore, it is necessary to handle situations where the client pushes the accessory ahead of the subject artifact.
Signed-off-by: wang yan <wangyan@vmware.com>
1. Change some logs level to reduce the noise.
2. Wrap the go-redis.Nil error as ErrNotFound to avoid confusing
Signed-off-by: chlins <chenyuzh@vmware.com>
Recognize nydus image(with subject) as a kind of accessory and built the releationship with subject manifest
Signed-off-by: wang yan <wangyan@vmware.com>
The format of ScannerRegistration.properties.url should be
`uri` but not `url`.
Fixes: #18798
Signed-off-by: bin liu <liubin0329@gmail.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
fixes#18865
the response header OCI-Subject to indicate to the client that the registry processed the request's subject.
Signed-off-by: wang yan <wangyan@vmware.com>
Co-authored-by: System Administrator <root@wangyanCQFQY.vmware.com>
Fix the scanAll cannot be stopped in case of large number of artifacts,
add the checkpoint before submit scan tasks, mark the scanAll stopped
flag in the redis.
Fixes: #18044
Signed-off-by: chlins <chenyuzh@vmware.com>
Since harbor deprecates notary since v2.9.0, this pull request targets to remove the code related with notary.
Signed-off-by: Wang Yan <wangyan@vmware.com>
feat: log trace ID
Implements #18029
If the Trace ID is sent to the Harbor in HTTP header or the tracing
is enabled (and the Trace ID is generated), the Trace ID will be
added to the log lines as a new field.
Signed-off-by: Peter Gillich <pgillich@gmail.com>
To enable the middleware to save the project_blob data, make sure to set the accessories options to true when handling the artifact copy.
Signed-off-by: Wang Yan <wangyan@vmware.com>
1. Add migration SQL to handle the lost payload format for old policies.
2. Set payload format to 'Default' if not specified for http webhook in the API handler.
3. Fix the migration sql of notification_job
Fixes: #18401, #18453
Signed-off-by: chlins <chenyuzh@vmware.com>
1, add fitler artifactType to header when the api is called with filter
2, give an empty json body on non aritfact scenario
3, give an empty array on non accessory scenario
4, fix the artifact type filter issue
Signed-off-by: Wang Yan <wangyan@vmware.com>
refactor: refactor the old goroutine execution sweep to global execution sweep job
1. Delete the old goroutine execution sweeper when create execution.(in the case of high concurrency can cause goroutine backlogs, affect the performance of core)
2. Introduce the new way to sweep executions, a global scheduled job will take the work.
Signed-off-by: chlins <chenyuzh@vmware.com>
As for the distribution spec 1.1, it supports client to push an manifest with subject field. By leverging this fidle, harbor could build up the linkage between the subject artifact and it's accessories.
Signed-off-by: wang yan <wangyan@vmware.com>