stonezdj
16243cfbbc
Add LDAP remote certifcate validation
...
push test
Add unit test for ldap verify cert
remove common.VerifyRemoteCert
Update code with PR review comments
Add change ldaps config and add UT testcase for TLS feature
add ldap verfiy cert checkbox about #3513
Draft harbor ova install guide
Search and import ldap user when add project members
Add unit test case for SearchAndImportUser
ova guide
Add ova install guide
Add ova install guide 2
Add ova install guide 3
Call ValidateLdapConf before search ldap
trim space in username
Remove leading space in openLdap username
Remove doc change in this branch
Update unit test for ldap search and import user
Add test case about ldap verify cert checkbox
Modify ldap testcase
2017-11-24 12:41:51 +08:00
reasonerjt
074aa352ba
Bump up mariaDB's version
2017-11-21 06:42:41 -08:00
Tan Jiang
e60de3e39d
Update the log level of registry to info
2017-11-20 00:08:47 +08:00
Tan Jiang
6d7c028729
Refine the Dockerfile
...
Refine the Dockerfile to remove temporary workarounds.
Also fixes #3587 , to make sure the configuration files of rsyslog can be
read by uid 10000.
2017-11-13 18:04:17 +08:00
reasonerjt
19a13e8575
Deprivilege harbor-ui harbor-jobservice harbor-adminserver
...
Use non-root user to run the service within these docker images, and provide HEALTHCHECK
mechanism.
2017-11-09 03:09:09 -08:00
Wenkai Yin
66b9699ac2
Improve log rotation configurability
2017-11-09 14:33:05 +08:00
Daniel Jiang
8dfe5f0bfc
Merge pull request #3536 from ywk253100/171102_fail_earlier
...
Fail earlier when found database schema dismatch
2017-11-07 15:01:14 +08:00
Wenkai Yin
5293a9287b
Fail earlier when found database schema dismatch
2017-11-07 13:07:56 +08:00
reasonerjt
9382cac934
Remove the Dockerfile of rsyslog image
2017-11-05 21:52:23 -08:00
Tan Jiang
512384722a
Make the internal URL of UI and JobService configurable
2017-11-03 20:43:25 +08:00
root
6f335bdb1a
Deprivilege harobr-log, harbor-db, registry image.
...
This change involves using non-root user to run the process of the
docker images. Also made update in Dockerfile to make the containers
support "read-only" and introduce "HEALTHCHECK". Note the "read-only"
options are not enabled in docker-compose, to cover the very corner
case when user wants to update the container filesystem manually.
Remove read only option from docker-compose template by default
2017-11-02 23:35:06 -07:00
Daniel Jiang
6a9dc8a133
Merge pull request #3495 from ywk253100/171031_config
...
Add email_insecure and delete verify_remote_cert configuration item from harbor.cfg
2017-11-02 17:47:48 +08:00
Wenkai Yin
f3a4cecdcb
Add email_insecure and delete verify_remote_cert configuration item from harbor.cfg
2017-10-31 13:51:49 +08:00
Wenkai Yin
0ddca31355
Add column id to table project_metadagta as the primary key
2017-10-30 17:37:25 +08:00
Tan Jiang
5b12747761
Fix the bug to change permission of bootstrap scripts
2017-10-27 14:10:48 +08:00
Tan Jiang
2cedfff4b3
Rebuild Harbor DB docker image on top of Maria DB
...
This change reworked the vmware/harbor-db image to build it on top of
vmware/mariadb-photon.
Also made minor change in the entrypoint script of mariadb image to
execute upgrade script during bootstrap, and fix a file permission
issue in the bootstrap scripts.
2017-10-26 12:27:09 +08:00
Daniel Jiang
bda38bd72e
Merge pull request #3451 from reasonerjt/commit-message
...
Provide a template for git commit messages
2017-10-24 19:20:08 +08:00
Tan Jiang
aa84090587
Provide a template for git commit messages
...
Also removed some comment in the entrypoint script.
2017-10-24 17:54:06 +08:00
yixingjia
160c716d83
Merge pull request #3423 from yixingjia/ossrsyslog
...
Update OSS in rsyslog images
2017-10-23 21:11:51 -07:00
yixingj
20929350b1
Update OSS in rsyslog images
...
1> change to new photon base images
2> update OSS to latest
2017-10-23 16:37:28 +08:00
Daniel Jiang
cf5bcbebb9
Merge pull request #3415 from reasonerjt/mariadb-on-photon
...
Provide Dockerfile and artifacts for building mariadb on photon OS.
2017-10-23 12:19:04 +08:00
yixingj
535e7cadd5
Update OSS in rsyslog images
...
1> change to new photon base images
2> update OSS to latest
2017-10-23 12:02:22 +08:00
Wenkai Yin
2156750b04
Move certificate verification to target level
...
The certificate verification is on system level before this commit. Moving it
to target level makes the configuration more flexible for different targets.
2017-10-20 15:36:56 +08:00
Tan Jiang
1871011a5d
Provide Dockerfile and artifacts for building mariadb on photon OS.
...
Also update the docker-compose template such that the notary db instance
will be provisioned via the mariadb-photon image.
2017-10-20 14:41:36 +08:00
Wenkai Yin
66b2d0d3f3
Apply project level policies to standalone Harbor
...
The following features are only enabled in integration mode, this commit moves
these to standalone Harbor:
- Content trust policy: only signed images can be pulled
- Vulnerability policy: only images whose severity is below the threshold can be pulled
- Automatic scan policy: automatic scan pushed images
2017-10-19 17:33:28 +08:00
yixingjia
95743f9a81
Merge pull request #3373 from yixingjia/updatenginx
...
Update nginx images OSS to latest
2017-10-17 22:13:11 -07:00
Daniel Jiang
e6874cf9f1
Merge pull request #3383 from reasonerjt/uaa-integration
...
Make the root CA certificate of UAA configurable
2017-10-17 12:20:22 +08:00
Daniel Jiang
b5551af27f
Merge pull request #3382 from ywk253100/171013_rotate
...
Make log rotate days configurable
2017-10-17 11:22:46 +08:00
Tan Jiang
eab6b43d99
Make the root CA certificate of UAA should be configurable
2017-10-16 17:40:29 +08:00
Wenkai Yin
bc3d859571
make log rotate days configurable
2017-10-16 17:09:28 +08:00
yixingj
28b60bd197
Update nginx images OSS to latest
...
1>update nginx images OSS to latest
2>Fix nginx version issue
2017-10-13 15:25:19 +08:00
yixingj
3dc0f65fb3
Update OSS in postgresql image
...
1> update OSS in postgresql image
2> update postgresql to 9.6.5
2017-10-12 17:08:47 +08:00
Tan Jiang
51286d9baa
Provide UAA authenticator for password based authentication.
2017-10-07 00:16:53 +08:00
Wenkai Yin
e495357d98
implement the default project metadata manager
2017-09-28 16:17:51 +08:00
yixingj
357004fbf1
Make Harbor database configurable
2017-09-25 13:29:49 +08:00
yixingj
026e8e7f95
disable nginx buffer
...
When host in low disk status, enable the buffer will cause upload error.
2017-09-01 18:44:13 +08:00
yixingjia
8f34945d4b
Merge pull request #3112 from yixingjia/nginx_temp_path
...
Try to fix some wired permission error
2017-08-25 20:32:56 -07:00
yixingj
362bf1a83e
Try to fix some wired permission error
2017-08-24 15:42:20 +08:00
Tan Jiang
c1bbcb5bab
update the interval of clair updater to 12 hours, and update the interval for scan all to 2 hours
2017-08-21 13:45:23 +08:00
Wenkai Yin
7296bdc131
increase length of username in database to 256
2017-08-17 15:24:34 +08:00
Tan Jiang
885ddfddd0
enable buffer on nginx
2017-08-04 21:22:22 +08:00
Daniel Jiang
5c8be3502c
Merge pull request #2697 from yixingjia/rsyslog
...
Prepare rsyslog docker based on photon
2017-07-19 18:08:05 +08:00
Tan Jiang
629cf29850
The password to access clair db can be configured in harbor.cfg, skip auto-scan if clair-db is not ready
2017-07-17 15:25:47 +08:00
Tan Jiang
e1e975096c
add int id for scan overview and revoke the change in beego
2017-07-09 12:37:08 +08:00
Daniel Jiang
b96770b90a
Merge pull request #2693 from reasonerjt/clair-notification
...
Clair notification handler
2017-07-05 20:18:34 +08:00
Yan
d849c36e3f
Merge pull request #2570 from samifruit514/master
...
Allow 255 chars for Realname
2017-07-05 03:17:57 -07:00
Tan Jiang
8b31715b34
provide Clair notification handler
...
update the timestamp in DB, when handling the notification
2017-07-05 15:35:53 +08:00
yixingj
3d5cd32ee8
Base dockerfile for rsyslog
2017-07-04 17:57:37 +08:00
Yan
2638e3dc7d
Merge pull request #2682 from wy65701436/db-migrate
...
1.2.0 DB migrator
2017-07-03 22:51:31 -07:00
wangyan
c986c33a6c
1.2.0 DB migration
...
update
update
2017-06-30 03:01:56 -07:00
yixingj
fc50fd51d5
Move nginx to photon OS
2017-06-30 14:03:42 +08:00
yixingjia
b79b80c6ee
Merge pull request #2657 from yixingjia/clairofflinedata
...
Support include offline data on clair startup
2017-06-28 18:01:34 +08:00
yixingj
a23c6ee8c6
Support include offline data on clair startup
2017-06-28 15:45:16 +08:00
yixingj
27670742b4
Change version fromat and add init db sql directory
2017-06-26 15:31:34 +08:00
yixingj
e0af9c036f
Update clair postgresql to use photon os
2017-06-26 10:56:29 +08:00
Archambault, Samuel
18cea61121
Allow 255 chars for Realname
2017-06-19 13:54:21 -04:00
Tan Jiang
15384317e0
add with_clair flag in systeminfo
2017-06-15 16:15:46 +08:00
Tan Jiang
ae2d868fd4
handlers for image scan, store results overview in DB
2017-06-13 23:37:54 +08:00
Daniel Jiang
42984fe1c9
refactory for scan job service ( #2459 )
...
* refactory for scan job service and implement ScanJob.
2017-06-08 15:04:23 +08:00
Daniel Jiang
5892ef29c2
Merge pull request #2291 from reasonerjt/vulscan-job-refactory
...
add scan job table and dao functions
2017-05-12 02:45:55 -04:00
Tan Jiang
dcbfb4d309
add scan job table and dao functions
2017-05-11 21:41:57 +08:00
Wenkai Yin
1e28f01365
delete foreign key
2017-05-10 18:28:19 +08:00
Yan
8db1b2807e
Merge pull request #2197 from ywk253100/170502_change_userid
...
Delete column user_id from table access_log
2017-05-10 00:02:54 -07:00
Daniel Jiang
79903ca3f3
Merge pull request #2194 from reasonerjt/create-reverse-proxy
...
create reverse proxy
2017-05-03 15:09:11 +08:00
Wenkai Yin
3be9cca0f5
delete column user_id from table accesslog
2017-05-03 14:18:07 +08:00
Tan Jiang
785298e6b9
create reverseproxy
2017-05-02 20:27:45 +08:00
Wenkai Yin
4eca617916
Merge remote-tracking branch 'upstream/master' into 170427_delete_ownerid
2017-05-02 14:58:36 +08:00
Wenkai Yin
4f9d9ed5d8
delete owner_id column from table repository
2017-05-02 14:57:07 +08:00
Tan Jiang
83b9196925
use docker-compose to deploy clair with harbor
2017-04-27 19:13:53 +08:00
wy65701436
20458f88d2
fix mysql image to 5.6.35
2017-04-12 03:47:23 -07:00
Tan Jiang
0471c8ed2c
escape mysql root password
2017-04-11 12:50:13 +08:00
Tan Jiang
d527a543bd
enable gzip by default
2017-04-06 14:47:41 +08:00
Daniel Jiang
d49a307312
Merge pull request #1868 from reasonerjt/nginx-log-format
...
update nginx log format to include response time
2017-03-30 15:12:30 +08:00
Wenkai Yin
ec27e2dc07
remove compress js flag
2017-03-30 12:59:47 +08:00
Tan Jiang
7555dd9d48
update nginx log format to include response time
2017-03-30 12:46:13 +08:00
Tan Jiang
715d87dc80
fixes #1818
2017-03-28 10:11:13 +08:00
Tan Jiang
a33f4151e2
merge with dev branch
2017-03-24 14:40:34 +08:00
Tan Jiang
3e8d71538f
generate cert for notary signer in prepare,
...
update the default certificates so the subject is formal.
2017-03-24 13:33:49 +08:00
Tan Jiang
90bc280ea1
add a 4443 ssl server to nginx config
2017-03-24 13:16:48 +08:00
Tan Jiang
402a482bc6
generate cert for notary signer in prepare
2017-03-23 21:00:53 +08:00
Tan Jiang
3c16d6c1a1
restrict access to notary db
2017-03-22 18:15:16 +08:00
Tan Jiang
6e09ae89e3
Use notary images based on photon, migrate db in notary's images
2017-03-21 18:46:10 +08:00
Tan Jiang
098d7d5765
fix issue in location.conf
2017-03-17 19:44:54 +08:00
Tan Jiang
9d87279152
fix #1570 , #1628
2017-03-16 16:09:05 +08:00
Wenkai Yin
c3626edd42
reset config
2017-03-16 11:27:45 +08:00
Tan Jiang
ef906c96d0
provide systeminfo API for UI
2017-03-10 18:53:11 +08:00
Wenkai Yin
a4cb261df9
read some configs from env
2017-03-02 13:24:41 +08:00
Tan Jiang
6454ccfc3a
fix the 'v2' URL conflict issue, and remove the work around in token service code
2017-02-27 21:01:26 +08:00
Tan Jiang
7620cd3b86
refactor token service
2017-02-26 19:53:13 +08:00
Wenkai Yin
414e8a8bcf
Merge remote-tracking branch 'upstream/dev' into 170224_merge_config
...
Conflicts:
make/docker-compose.tpl
src/ui/service/token/authutils.go
2017-02-24 13:52:19 +08:00
Wenkai Yin
a1858098c5
using different secret to mark himself when communicates with other components
2017-02-23 18:24:32 +08:00
Tan Jiang
8cbfffa9c8
deploy notary within Harbor
2017-02-20 19:31:28 +08:00
Wenkai Yin
f1f78a5649
update
2017-01-19 17:56:08 +08:00
Wenkai Yin
75f660fa77
Merge remote-tracking branch 'upstream/dev' into 161228_config
...
Conflicts:
make/common/templates/ui/env
src/ui/auth/ldap/ldap.go
src/ui/config/config.go
2017-01-12 17:41:14 +08:00
Wenkai Yin
b62a958250
configure harbor
2017-01-12 17:15:32 +08:00
Ricardo Katz
160e22f0fe
Changes LDAP Library and other LDAP improvements ( #1277 )
...
* Changes LDAP library to go-ldap and creates new ldap timeout directive
* Add support for connection on LDAP using TLS
2016-12-30 16:03:30 +08:00
Wenkai Yin
d6d4711700
1.fix issue: deleting repo action will fall in deadlock between two Harbor if they are configured to sync to each other 2. Filter notification request in nginx
2016-12-09 18:10:20 +08:00
Tan Jiang
35407d12db
update TOKEN_URL to TOKEN_ENDPOINT
2016-11-18 16:37:46 +08:00
Tan Jiang
9d7a18a0a3
fix issue in golint, support project creation restriction at backend
2016-11-16 20:31:04 +08:00
Tan Jiang
0e3cb2e3f4
ui config refactory
2016-11-16 13:33:14 +08:00