The permission api targets to return the full set of permissons for robot to use.
And only system and project admin have the access
Signed-off-by: wang yan <wangyan@vmware.com>
In certain cases, the OCI client may push the subject artifact and accessory in either order.
Therefore, it is necessary to handle situations where the client pushes the accessory ahead of the subject artifact.
Signed-off-by: wang yan <wangyan@vmware.com>
For better performance when query cve information, add summary information to scan_report
Extract cve_score from vendor attribute in vulnerability_record
SQL migrate script for the update
Signed-off-by: stonezdj <daojunz@vmware.com>
1. Change the query for listing tasks of scan which can use the db
index.
2. Add the gin index for task.extra_attrs.report_uuids
Fixes: #18013
Signed-off-by: chlins <chenyuzh@vmware.com>
refactor: refact the notification job API and life process
1. Introduce new APIs for webhook jobs management.
2. Refact legacy APIs for backforward compatible.
3. Migrate the webhook jobs process to unified execution/task framework.
Closes: #18210
Signed-off-by: chlins <chenyuzh@vmware.com>
Remove the project filter in the scan data export job as they have been
validated by API handler, fix the oidc or ldap group users cannot export
cve.
Fixes: #18112
Signed-off-by: chlins <chenyuzh@vmware.com>
Add queue manager and redis client
Update scheduler to add count and list
Signed-off-by: stonezdj <daojunz@vmware.com>
Signed-off-by: stonezdj <daojunz@vmware.com>
Add REST API to list job pool, worker, stop running task
Add jobservice handler to retrieve configuration
Add RBAC for jobservice monitoring dashboard
Add REST API to list pool, worker and stop running task
Signed-off-by: stonezdj <stonezdj@gmail.com>
Signed-off-by: stonezdj <stonezdj@gmail.com>
1. Add sql migration to alter replication policy table
2. Implement the PullBlobChunk and PushBlobChunk for the underlying v2 registry client
3. Update image transfer logic to support copy by chunk
4. Update the replication policy API handler
Signed-off-by: chlins <chenyuzh@vmware.com>
1. Refact the scan export FilterProcessor interface
2. Optmize the sql template for export cve report
3. Update the process of cve export job
Signed-off-by: chlins <chenyuzh@vmware.com>
fix: fix cache layer issues (#16995,#16997,#16996,#17038)
1. Load config and initialize cache layer in jobservice(for GC)
2. Cache artifact by digest the key should contains repository name
3. Repository cache cleanup error when update
4. Skip save cache when request ctx in transaction
Signed-off-by: chlins <chenyuzh@vmware.com>
Fixes#16269, exclude the admin account by default
Add excludeDefaultAdmin method -- exclude default admin by option
Update authModeCanBeModified method -- the user count should be 0 without admin
Signed-off-by: stonezdj <stonezdj@gmail.com>
Implement cache layer for resource manifest, it will read manifest
from cache instead of proxying to distribution if enabled.
Signed-off-by: chlins <chenyuzh@vmware.com>
fixes#15332, for the dry run mode, gc job should not remove the untagged candidates.
To fix it, use the simulate untagged artifact deletion for dry-run.
Signed-off-by: Wang Yan <wangyan@vmware.com>
Define user.Email as sql.NullString to avoid unique constraint when email is empty in LDAP/OIDC
Separate the common/models/User with the pkg/user/dao/User
Fixes#10400
Signed-off-by: stonezdj <stonezdj@gmail.com>
1, for admin only, the system level robot should contains the project creation access.
2, for not admin only, the system level robot can create project.
3, for the project that created by system level robot, use the admin ID as the ownerID.
No path for project level robot to create project.
Signed-off-by: wang yan <wangyan@vmware.com>
The following information should cleanup before delete user:
Delete project member of this user.
Delete oidc_user when auth_mode is oidc_auth.
Fixes#8424
It also removes the deleted user from project member and the deleted condition in the project member query for consistency
Signed-off-by: stonezdj <stonezdj@gmail.com>
