Commit Graph

144 Commits

Author SHA1 Message Date
Soumik Majumder
861ca553df
Add autoescape parameter to jinja environments (#15770)
Signed-off-by: Soumik Majumder <soumikm@vmware.com>

Signed-off-by: Soumik Majumder <soumikm@vmware.com>
2022-08-23 11:02:16 +08:00
Wang Yan
ef8b8f0be7
resolve the cve export volumn permission (#17157)
See the right uid and gid for the scandata_exports in the prepare

Signed-off-by: Wang Yan <wangyan@vmware.com>
2022-07-12 14:52:18 +08:00
chlins
8c223135e7 feat: add cache layer for artifact (#16739)
Implement cache layer for resource artifact and define common
cache manager and workflow. Also add cache related options to
configuration yaml.

Signed-off-by: chlins <chenyuzh@vmware.com>
2022-04-25 18:01:45 +08:00
MinerYang
6c97d3f0c7
rollback to delete external redis username (#16353)
Signed-off-by: yminer <yminer@vmmware.com>

Co-authored-by: yminer <yminer@vmmware.com>
2022-02-11 17:28:10 +08:00
MinerYang
1a2dd256b5
Add external redis username for AUTH (#16336)
* add external redis username for AUTH

* update harbor.yml.tmpl

* add external redis username for AUTH

update harbor.yml.tmpl

Co-authored-by: yminer <yminer@vmmware.com>
2022-02-09 22:06:28 +08:00
Shengwen Yu
46f97ecf6c feat: bump TRIVYVERSION to v0.22.0 and bump TRIVYADAPTERVERSION to v0.25.0
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2022-01-21 09:14:07 +08:00
stonezdj
17d8b7b813 Add upload purge config to registry/config.yml
Enable the uploadpurging by default
  Fixes #15641

Signed-off-by: stonezdj <stonezdj@gmail.com>
2022-01-04 11:15:51 +08:00
Qian Deng
69a194b2b4 Fix: using traditional PKCS#1 format RSA key
The openssl 3.0.0 using newer `PKCS#8` format.
But it's not compatitable with harbor core
So using tradictional format instead

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-12-10 11:34:12 +08:00
Rolf Ahrenberg
5f3972f86d
Add configurable timeout for Trivy scans (#15796)
Signed-off-by: Rolf Ahrenberg <Rolf.Ahrenberg@saunalahti.fi>
2021-10-22 14:36:12 +08:00
Qian Deng
3c23926bdc Add validation for tracing
* add  validation of tracing in validating process

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-09-27 13:10:55 +00:00
Qian Deng
bad913cf6d Refactor trace code
* use lib trace helper function
* add gracefull shutdown
* Add commens for new added exposed function
* Add licence on top of new created files
* Update trace library
* Update configs
* Add attribute and namespance in config

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-09-18 10:58:52 +00:00
Qian Deng
14095fb10b Add trace to registryctl
* Add trace init to main
* Add trace for http server
* Add trace for gc
* Add env template trace

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-09-18 10:58:52 +00:00
Qian Deng
b812a300be Add trace related configs
* Update harbor config template
* Update python config parsing
* Update env template

Signed-off-by: Qian Deng <dengq@vmware.com>
2021-09-18 10:58:52 +00:00
DQ
fbe9cd88f8 Enabled Prometheus for Jobservice
* Add prom server on jobservice
* Enabeld configs in templates
* Enabeld jobservice metrics in nginx

Signed-off-by: DQ <dengq@vmware.com>
2021-03-30 08:52:59 +00:00
DQ
051b5f289d Add sen existed check for internal cert
fali ealier when there is no san

Signed-off-by: DQ <dengq@vmware.com>
2021-01-28 08:22:07 +00:00
DQ
489f31d8fe Add upgrade scirpt for 2.2
1. add metrics config item in config
2. upgrade version in template

Signed-off-by: DQ <dengq@vmware.com>
2021-01-22 16:15:06 +08:00
DQ
a61e9b0e2e Add san for notary upgrading
if san not exists then remove that cert, prepare will regenerate one

Signed-off-by: DQ <dengq@vmware.com>
2021-01-18 21:00:35 +08:00
Qian Deng
642d56041d
Add san for notary cert (#13928)
Signed-off-by: DQ <dengq@vmware.com>
2021-01-08 01:00:34 +08:00
Qian Deng
31138f12b0
Merge pull request #13806 from ninjadq/fix_python_yaml_load
Fix pythom yaml load to safe_load
2020-12-21 16:04:12 +08:00
DQ
234b29e170 Fix pythom yaml load to safe_load
Signed-off-by: DQ <dengq@vmware.com>
2020-12-16 14:59:06 +08:00
DQ
19e8527cc1 Fix log level issue in registry
1. fix level issue in registry.jinja
2. add log level to registryctl

Signed-off-by: DQ <dengq@vmware.com>
2020-12-14 11:52:42 +08:00
DQ
f0db193895 Add prepare file for exporter
prepare env for exporter

Signed-off-by: DQ <dengq@vmware.com>
2020-12-09 21:22:13 +08:00
DQ
0c9faea294 Clean up Clair in prepare script
Signed-off-by: DQ <dengq@vmware.com>
2020-11-10 11:39:18 +08:00
DQ
eb470501be Add metrics to Harbor Core
1. Add configs in prepare
 2. Add models and config items in Core
 3. Encapdulate getting metric in commom package
 4. Add a middleware for global request to collect 3 metrics

Signed-off-by: DQ <dengq@vmware.com>
2020-11-03 14:33:10 +08:00
DQ
d3ab9d7c6b Add internal tls configs for portal
add related file, config, command to enabled https for portal

Signed-off-by: DQ <dengq@vmware.com>
2020-07-31 12:10:47 +08:00
DQ
d7618a6274 Fix: beego app config port hardcode
the port should be flexible depend on the internal tls

Signed-off-by: DQ <dengq@vmware.com>
2020-07-27 15:35:43 +08:00
Ziming Zhang
8857e89e40 feature(redis) support redis sentinel
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-07-19 21:19:03 +08:00
DQ
4617e0ff38 Enhance: Support multi downversion in migration
1. Change down version to list to accept multi verstion value
2. Update search function use BFS to find migration path
2. Add test case

Signed-off-by: DQ <dengq@vmware.com>
2020-07-07 21:36:58 +08:00
Qian Deng
9469252e85
Merge pull request #11745 from ninjadq/mount_ca_bundle
Enhance: Create shared to store shared ca
2020-04-28 10:19:26 +08:00
DQ
f70339870a Enhance: Create shared to store shared ca
this shared ca will mount to all harbor components

Signed-off-by: DQ <dengq@vmware.com>
2020-04-28 02:58:11 +08:00
DQ
026e37e777 Fix chart museum absolute url issue
if absolute url is enabled return true else set it to false

Signed-off-by: DQ <dengq@vmware.com>
2020-04-26 13:04:29 +08:00
DQ
599ca98c09 Hidden veriify client cert verfiy option
Remove to avoid replication access core from external_url issue

Signed-off-by: DQ <dengq@vmware.com>
2020-04-23 10:14:36 +08:00
Daniel Pacak
5c3abee135 chore(trivy): Bump up trivy adapter to 0.9.0
- Vendor the latest Trivy release 0.6.0
- Configure TLS 1.2 as min version when TLS is enabled
- Add more tracing to adapter config to facilitate troubleshooting

Resolves: #11544

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-04-16 08:40:27 +02:00
He Weiwei
77a8c3205f fix(prepare): not accpet items of false value in external_redis
Item in yaml without value will be as None in python, which will make
the password of redis as `None` in `get_redis_configs`. This fix will
not accept items of `false value` in `external_redis` configurations.

Closes #11367

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-04-03 04:09:26 +00:00
DQ
b2e1905e7a Enhance: Stop upgrade when input version less then 1.9.0
The migration script should failure early when version is not supported

Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 15:35:49 +08:00
Qian Deng
9e101b73a4
Merge pull request #11156 from ninjadq/migrate_config_to_harbor2
Migrate config to harbor2
2020-03-25 16:02:18 +08:00
DQ
85ec0e7820 Enhance: Refactor the migration structure
1. Refactor structure of migrate file
2. fix some previous bugs

Signed-off-by: DQ <dengq@vmware.com>
2020-03-23 21:26:28 +08:00
Steven Zou
2859cd8b69
Merge pull request #11134 from danielpacak/feat/issue_11090/trivy_skip_update_flag
feat(trivy): Configure Trivy to skip database updates
2020-03-19 18:13:08 +08:00
DQ
f18a546429 Fix: return error when internal_tls_not_provided
When iinternal_tls is empty, prepare should works as usual

Signed-off-by: DQ <dengq@vmware.com>
2020-03-19 10:37:58 +08:00
Daniel Pacak
7325105714 feat(trivy): Configure Trivy to skip database updates
Resolves: #11090

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-18 17:11:47 +01:00
DQ
6e8d44101f Enhance: User can generate cert by their own ca key pair
User can put their ca key pair on internal cert dir and name them to `harbor_internal_ca.key` and `harbor_internal_ca.crt` we wil use them to generate other certs

Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
b93092e012 Add tls for trivy
Add trivy tls cert files
Add tivey tls env and config
enhance gencert

Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
c5d73e6a0c Add switch to https
use switch to make decision whether mTLS or server TLS

Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
454382149f TLS update for chart, clairadapter, registry
Remove trustca in chartmuseum
Remove trustca in registry
Add tls in clair-adapter

Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
dcc6950af7 Feat: auto install ca in registry
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
b852605193 Feat: enable mtls in harbor replication
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
40e67f3b14 Feat: Enable mtls for registry
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
da359f609f Feat: enable mtls in core
add mtls related code in core

Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
a4855cca36 Feat: update prepare to support tls
update makefile
add model for prepare
update jinja template for prepare

Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
Daniel Pacak
46fb43bc25 chore: Bump up Trivy adapter to v0.4.0
Allows configuring SCANNER_TRIVY_GITHUB_TOKEN environment variable,
which is passed to trivy executable binary when it starts scanning
a given artifact.

This is to increase GitHub requests rate limit from 60 per hours
(for anonymous requests) to 5000 when Trivy download its
vulnerabilities database.

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-16 09:53:16 +01:00