* registryctl/api/registry/blob: fix dropped test error (#19721)
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
* Remove robot account update quota permission (#19819)
Signed-off-by: Yang Jiao <yang.jiao@broadcom.com>
Co-authored-by: Yang Jiao <yang.jiao@broadcom.com>
* Cache image list with digest key (#19801)
fixes#19429
Signed-off-by: stonezdj <daojunz@vmware.com>
Co-authored-by: stonezdj <daojunz@vmware.com>
* Add quota permissions testcase (#19822)
Signed-off-by: Yang Jiao <yang.jiao@broadcom.com>
Co-authored-by: Yang Jiao <yang.jiao@broadcom.com>
* deprecate gosec in makefile (#19828)
remove the unused the part from makefile
Signed-off-by: wang yan <wangyan@vmware.com>
* Add verification that robot account duration is not 0 (#19829)
Signed-off-by: Yang Jiao <yang.jiao@broadcom.com>
* fix artifact page bug (#19807)
* fix artifact page bug
* update testcase
* Upgrade to distribution (registry) v3 alpha
This includes all the benefits of the v3 distribution, but also all breaking changes.
Most notably, Image Manifest v2 Schema v1 support has been dropped, as well as the `oss` and `swift` storage drivers.
Currently, this still relies on v2's github.com/docker/distribution/registry/client/auth/challenge, because that code has been removed from the public API in v3.
Signed-off-by: Aaron Dewes <aaron.dewes@protonmail.com>
---------
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
Signed-off-by: Yang Jiao <yang.jiao@broadcom.com>
Signed-off-by: stonezdj <daojunz@vmware.com>
Signed-off-by: wang yan <wangyan@vmware.com>
Signed-off-by: Aaron Dewes <aaron.dewes@protonmail.com>
Co-authored-by: Lars Lehtonen <lars.lehtonen@gmail.com>
Co-authored-by: Yang Jiao <72076317+YangJiao0817@users.noreply.github.com>
Co-authored-by: Yang Jiao <yang.jiao@broadcom.com>
Co-authored-by: stonezdj(Daojun Zhang) <stonezdj@gmail.com>
Co-authored-by: stonezdj <daojunz@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Co-authored-by: ShengqiWang <124650040+ShengqiWang@users.noreply.github.com>
* add permission validation for robot creating and updating.
It is not allowed to create an new robot with the access outside the predefined scope.
Signed-off-by: wang yan <wangyan@vmware.com>
* Fix robot testcase and update robot permission metadata (#167)
1. Fix robot testcase
2. update robot permission metadata
Signed-off-by: Yang Jiao <jiaoya@vmware.com>
Signed-off-by: wang yan <wangyan@vmware.com>
---------
Signed-off-by: wang yan <wangyan@vmware.com>
Signed-off-by: Yang Jiao <jiaoya@vmware.com>
Co-authored-by: Yang Jiao <72076317+YangJiao0817@users.noreply.github.com>
The permission api targets to return the full set of permissons for robot to use.
And only system and project admin have the access
Signed-off-by: wang yan <wangyan@vmware.com>
Check username when creating user by API
Replace comma with underscore in username for OnboardUser
Fixes#19356
Signed-off-by: stonezdj <daojunz@vmware.com>
The format of ScannerRegistration.properties.url should be
`uri` but not `url`.
Fixes: #18798
Signed-off-by: bin liu <liubin0329@gmail.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Fix the scanAll cannot be stopped in case of large number of artifacts,
add the checkpoint before submit scan tasks, mark the scanAll stopped
flag in the redis.
Fixes: #18044
Signed-off-by: chlins <chenyuzh@vmware.com>
Since harbor deprecates notary since v2.9.0, this pull request targets to remove the code related with notary.
Signed-off-by: Wang Yan <wangyan@vmware.com>
1. Add migration SQL to handle the lost payload format for old policies.
2. Set payload format to 'Default' if not specified for http webhook in the API handler.
3. Fix the migration sql of notification_job
Fixes: #18401, #18453
Signed-off-by: chlins <chenyuzh@vmware.com>
refactor: refactor the old goroutine execution sweep to global execution sweep job
1. Delete the old goroutine execution sweeper when create execution.(in the case of high concurrency can cause goroutine backlogs, affect the performance of core)
2. Introduce the new way to sweep executions, a global scheduled job will take the work.
Signed-off-by: chlins <chenyuzh@vmware.com>
refactor: refact the notification job API and life process
1. Introduce new APIs for webhook jobs management.
2. Refact legacy APIs for backforward compatible.
3. Migrate the webhook jobs process to unified execution/task framework.
Closes: #18210
Signed-off-by: chlins <chenyuzh@vmware.com>
Fixes#18121
Refactor job name with VendorType prefix, make sure job queue name and vendor type in execution and task are identical
Signed-off-by: stonezdj <daojunz@vmware.com>
Remove the project filter in the scan data export job as they have been
validated by API handler, fix the oidc or ldap group users cannot export
cve.
Fixes: #18112
Signed-off-by: chlins <chenyuzh@vmware.com>
Remove job parameters from job
Remove extra attribute and cron type from schedule
fixes#17866
Signed-off-by: stonezdj <daojunz@vmware.com>
Signed-off-by: stonezdj <daojunz@vmware.com>
1. Skip to push system artifact to the distribution when the exported CSV file is empty.
2. Add status message for cve export execution.
Signed-off-by: chlins <chenyuzh@vmware.com>
Add queue manager and redis client
Update scheduler to add count and list
Signed-off-by: stonezdj <daojunz@vmware.com>
Signed-off-by: stonezdj <daojunz@vmware.com>