harbor

mirror of https://github.com/goharbor/harbor.git synced 2024-10-01 06:47:33 +02:00

Author	SHA1	Message	Date
Wang Yan	a6af9e9972	Support well-formatted error returned from the REST APIs. (#6957 ) Signed-off-by: wang yan <wangyan@vmware.com>	2019-04-17 16:43:06 +08:00
wang yan	7a373c2eed	Add event trigger to helm upload/deletion replication Signed-off-by: wang yan <wangyan@vmware.com>	2019-04-15 19:02:33 +08:00
Wenkai Yin	c222f18fa7	Update replication 1. Refine the health check of docker hub 2. Remove the GetNamespace method from adapter interface Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-04-13 15:20:06 +08:00
Daniel Jiang	f92bc8076d	"Skip verify cert" to "verify cert" This commit tweaks the attribute for auth proxy mode and OIDC auth mode. To change it from "Skip verify cert" to "verify cert" so they are more consistent with other modes. Additionally it removes a workaround in `SearchUser` in auth proxy authenticator. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-04-12 23:25:54 +08:00
Daniel Jiang	763c5df010	Add UT Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-04-11 15:30:19 +08:00
Wenkai Yin	b73acde051	Support the migration for scheduled replication rule from previous version of Harbor Support the migration for scheduled replication rule from previous version of Harbor Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-04-11 13:14:32 +08:00
Daniel Jiang	0d18e6c82f	Update according to comments For more context see PR #7335 Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-04-10 19:38:12 +08:00
Daniel Jiang	0a2343f542	Support secret for docker CLI As CLI does not support oauth flow, we'll use secret for help OIDC user to authenticate via CLI. Add column to store secret and token, and add code to support verify/refresh token associates with secret. Such that when the user is removed from OIDC provider the secret will no longer work. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-04-10 19:38:11 +08:00
Daniel Jiang	08e00744be	Fix misc bugs for e2e OIDC user onboard process This commit adjust the code and fix some bugs to make onboard process work. Only thing missed is that the UI will need to initiate the redirection, because the request of onboarding a user was sent via ajax call and didn't handle the 302. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-04-10 19:38:11 +08:00
Wenkai Yin	580674f3da	Merge remote-tracking branch 'upstream/master' into 190409_sync	2019-04-09 17:01:09 +08:00
Wenkai Yin	855c0a2a6e	Merge pull request #7194 from stonezdj/remove_error_msg Remove error message of saving system setting to db	2019-04-09 12:02:17 +08:00
Wenkai Yin	d72a53aa0c	Merge pull request #7318 from ywk253100/190408_upgrade Upgrade the replication_job table	2019-04-08 22:43:40 +08:00
Wenkai Yin	4ffa0c3da0	Upgrade the replication_job table This commit migrates the replication_job table, add one execution record and one task record for each job Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-04-08 22:23:53 +08:00
stonezdj	e8ab7156bc	Remove error message of saving system setting to db Signed-off-by: stonezdj <stonezdj@gmail.com>	2019-04-08 18:16:18 +08:00
cd1989	5a2d03593f	Add helth check method to registry adapter Signed-off-by: cd1989 <chende@caicloud.io>	2019-04-08 10:03:28 +08:00
Wenkai Yin	e8fe2aa60c	Upgrade the registry and replication policy tables Upgrade the registry and replication tables in database Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-04-05 13:25:00 +08:00
Wenkai Yin	4116433de8	Merge pull request #7306 from ywk253100/190404_cleanup Remove the useless replication code	2019-04-04 21:18:04 +08:00
Wenkai Yin	c2f702be2a	Remove the useless replication code This commit removes the useless replication code Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-04-04 20:56:25 +08:00
Wenkai Yin	b66b1f341e	Merge remote-tracking branch 'upstream/master' into 190404_sync	2019-04-04 14:55:09 +08:00
Yan	da0e20ec60	Add controller to onboard oidc user (#7286 ) Signed-off-by: wang yan <wangyan@vmware.com>	2019-04-03 20:47:22 +08:00
wang yan	dcf1d704e6	fix dao UT issue and refine the error of onboard OIDC user Signed-off-by: wang yan <wangyan@vmware.com>	2019-04-03 14:05:18 +08:00
wang yan	41018041f7	remove oidc controller and add more UTs Signed-off-by: wang yan <wangyan@vmware.com>	2019-04-03 09:54:21 +08:00
Yan	0de5999f52	add the controller for ocdi onboard user Signed-off-by: wang yan <wangyan@vmware.com>	2019-04-03 09:52:22 +08:00
Wenkai Yin	74efee569e	Update the registry client to support pulling public images from docker hub without login Only add the authentication info when the username is provided to support pulling public images from docker hub without login Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-04-01 19:15:07 +08:00
Daniel Jiang	587acd33ad	Add callback controller for OIDC This commit add callback controller to handle the redirection from successful OIDC authentication. For E2E case this requires callback controller to kick off onboard process, which will be covered in subsequent commits. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-04-01 12:35:31 +08:00
Wenkai Yin	8c7b63bac2	Merge pull request #7248 from ywk253100/190326_event Add event based trigger and scheduled trigger	2019-03-29 14:58:09 +08:00
Wenkai Yin	4f8e283e8e	Add event based trigger and scheduled trigger This commit implements the event based trigger and scheduled trigger in replilcation Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-03-29 13:48:34 +08:00
Daniel Jiang	9ce98f4acd	Add controller to handle oidc login The controller will redirect user to the OIDC login page based on configuration. Additionally this commit add some basic code to wrap `oauth2` package and `provider` in `go-oidc`, and fixed an issue in UT to make InMemoryDriver for config management thread-safe. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-03-28 11:29:05 +08:00
Yan	03709e4ec1	add authn proxy (#7199 ) * add authn proxy docker login support User could use the web hook token issued by k8s api server to login to harbor. The username should add a specific prefix. Signed-off-by: wang yan <wangyan@vmware.com> * update code per review comments Signed-off-by: wang yan <wangyan@vmware.com> * Add UT for auth proxy modifier Signed-off-by: wang yan <wangyan@vmware.com>	2019-03-27 12:37:54 +08:00
Wenkai Yin	017bba8dc1	Merge remote-tracking branch 'upstream/master' into 190327_sync	2019-03-27 11:43:51 +08:00
Daniel Jiang	49aae76205	Onbard settings for OIDC provider (#7204 ) Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-03-25 12:24:39 +08:00
Yan	8d3946a0e2	Refactor scan all api (#7120 ) * Refactor scan all api This commit is to let scan all api using admin job to handle schedule management. After the PR, GC and scan all share unified code path. Signed-off-by: wang yan <wangyan@vmware.com> * update admin job api code according to review comments Signed-off-by: wang yan <wangyan@vmware.com> * Update test code and comments per review Signed-off-by: wang yan <wangyan@vmware.com>	2019-03-22 17:52:21 +08:00
Wenkai Yin	49cf50adb1	Merge remote-tracking branch 'upstream/master' into 190324_sync Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-03-22 15:55:52 +08:00
Meina Zhou	130e132f86	Merge branch 'master' into replication_ng Signed-off-by: Meina Zhou <meinaz@vmware.com>	2019-03-21 14:16:33 +08:00
He Weiwei	79235fffd1	Fix pagination for users and users search apis Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-03-21 13:03:30 +08:00
Wenkai Yin	fb394c2c7a	Replicate helm charts This commit provides the capability for Harbor to replicate helm charts Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-03-20 00:35:15 +08:00
stonezdj(Daojun Zhang)	7060747d5b	ldap_url and ldap_base_dn not exist in user config (#7115 ) Signed-off-by: stonezdj <stonezdj@gmail.com>	2019-03-15 15:20:12 +08:00
wang yan	73d68903d6	update robot account return attribute Signed-off-by: wang yan <wangyan@vmware.com>	2019-03-14 13:57:50 +08:00
Wenkai Yin	258b22a9a5	Fix bug in replication This commit fixes bugs found in the implement of replciation NG Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-03-10 20:57:59 +08:00
Wenkai Yin	cabef73980	Add Harbor adapter for replication Implement the replication adapter for Harbor registry Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-03-13 21:39:39 +08:00
peimingming	4efad287ce	Add execution and hooks Signed-off-by: peimingming <peimingming@corp.netease.com>	2019-03-13 09:35:01 +08:00
Wenkai Yin	772367498f	Merge remote-tracking branch 'upstream/master' into 190311_sync	2019-03-11 20:34:49 +08:00
Frank Kung	5bd5d59a4f	1. Define ng persist replication policy model. 2. Add ng replication policy CURD methods. 3. Implement ng policy manger. Signed-off-by: Frank Kung <kfanjian@gmail.com> Signed-off-by: 慕薇疯魔 <kfanjian@gmail.com>	2019-03-11 11:13:10 +08:00
Wenkai Yin	ec2a7f9239	Implement replication operation API This commit implements the replication operation related APIs Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-03-08 10:06:33 +08:00
stonezdj(Daojun Zhang)	f7745baf30	Merge pull request #6599 from stonezdj/pr6161 Add new parameter ldap_group_membership_attribute (PR#6161)	2019-03-07 13:26:26 +08:00
De Chen	2bc2a44db8	Merge branch 'replication_ng' into registries-management	2019-03-05 16:22:34 +08:00
cd1989	b00098d492	Add unit tests and fix CI Signed-off-by: cd1989 <chende@caicloud.io>	2019-03-05 15:37:36 +08:00
stonezdj	4dfee0c1f0	Remove verify_remote_cert Signed-off-by: stonezdj <stonezdj@gmail.com>	2019-03-05 14:04:10 +08:00
stonezdj	cf134bc80e	Add new parameter ldap_group_membership_attribute Signed-off-by: stonezdj <stonezdj@gmail.com>	2019-03-03 10:03:22 +08:00
Daniel Jiang	321874c815	Move Settings of HTTP auth proxy (#7047 ) Previously the settings of HTTP authproxy were set in environment variable. This commit move them to the configuration API Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-03-01 14:11:14 +08:00
cd1989	8732a20709	Rewrite registry manager with new interface Signed-off-by: cd1989 <chende@caicloud.io>	2019-02-27 11:54:04 +08:00
cd1989	6bdf3053a7	Implement registries manager Signed-off-by: cd1989 <chende@caicloud.io>	2019-02-27 11:54:04 +08:00
Wenkai Yin	95888b3dc2	Merge branch 'replication_ng' into 190130_transfer_repo	2019-02-27 11:00:42 +08:00
wang yan	91aa67a541	Update expiration variable name to expiresat/tokenduration Signed-off-by: wang yan <wangyan@vmware.com>	2019-02-25 11:55:42 +08:00
wang yan	36a778b482	Update expiration schema to bigint and default unit to minute Signed-off-by: wang yan <wangyan@vmware.com>	2019-02-22 18:42:43 +08:00
wang yan	47a09b5891	add expiration of robot account This commit is to make the expiration of robot account configurable 1, The expiration could be set by system admin in the configuation page or by /api/config with robot_token_expiration=60, the default value is 30 days. 2, The expiration could be shown in the robot account infor both on UI and API. Signed-off-by: wang yan <wangyan@vmware.com>	2019-02-22 18:42:34 +08:00
stonezdj(Daojun Zhang)	4cb49e5388	Merge pull request #6963 from stonezdj/remove_container Remove everything of adminserver container	2019-02-22 18:27:43 +08:00
stonezdj	0cba36d79f	Remove everything of adminserver Signed-off-by: stonezdj <stonezdj@gmail.com>	2019-02-22 16:34:39 +08:00
Nguyen Quang Huy	eda6c47b3e	add signoff for DCO gate (#6981 ) Some variable name, function name is colliding with builtin function. Signed-off-by: Nguyen Quang Huy <huynq0911@gmail.com>	2019-02-22 15:00:18 +08:00
Daniel Jiang	321adc8362	Merge pull request #6941 from ywk253100/190213_replication_policy Fix #6698: cannot create a same name replication policy after deleting it	2019-02-21 16:03:55 +08:00
stonezdj	7a5fbf718f	Revise code with review comments Signed-off-by: stonezdj <stonezdj@gmail.com>	2019-02-18 15:20:54 +08:00
stonezdj	36e1c13a43	fix ut error in systeminfo_test.go Signed-off-by: stonezdj <stonezdj@gmail.com>	2019-02-18 14:06:19 +08:00
stonezdj	1ae5126bb4	Refactor adminserver stage 3: replace config api and change ut settings Signed-off-by: stonezdj <stonezdj@gmail.com>	2019-02-18 14:06:19 +08:00
Wenkai Yin	f0f2e77fb4	Implement the repository transfer This commit implements the Transfer interface for resource repository Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-02-15 17:49:35 +08:00
Wenkai Yin	530ba1d27b	Fix #6698 This commit fixes the issue #6698: cannot create a same name replication policy after deleting it Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-02-15 15:17:48 +08:00
Daniel Jiang	81639e2110	Merge pull request #6865 from wy65701436/remove-token Remove the token attribute from robot table	2019-02-13 19:23:06 +08:00
Yan	e9556a4cec	Add post response for robot account API (#6906 ) This commit is to do: 1, Add post response on creating robot account 2, Lower-case the attribute of response Signed-off-by: wang yan <wangyan@vmware.com>	2019-02-13 14:40:04 +08:00
He Weiwei	1c4b9aa346	Protect API using rbac Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-02-01 18:55:06 +08:00
wang yan	5d6a28d73e	Remove the token attribute for robot table This commit is to remove the token attribute as harbor doesn't store the token in DB. Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-30 23:56:23 +08:00
wang yan	f4f4535304	Fix action and resouce of RBAC change Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-29 17:05:15 +08:00
Daniel Jiang	bf663df0e7	Merge pull request #6820 from wy65701436/robot-service Add robot account authn & authz implementation	2019-01-29 16:08:25 +08:00
He Weiwei	6e95b98108	Standard actions for rbac Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-01-29 11:59:11 +08:00
He Weiwei	1da0a66fe5	Merge pull request #6781 from heww/user-permissions-api Implement api for get current user permissions	2019-01-29 01:58:51 +08:00
He Weiwei	0ab7c93e16	Replace casbin builtin keyMatch2 with custom match func Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-01-29 01:26:38 +08:00
wang yan	2d7ea9c383	update codes per review comments Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-28 21:26:06 +08:00
He Weiwei	8b5e68073d	Implement api for get current user permissions Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-01-28 18:06:52 +08:00
Yan	71f37fb820	* Add robot account authn & authz implementation. This commit is to add the jwt token service, and do the authn & authz for robot account. Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-28 17:39:57 +08:00
Daniel Jiang	20db0e737b	Provide HTTP authenticator An HTTP authenticator verifies the credentials by sending a POST request to an HTTP endpoint. After successful authentication he will be onboarded to Harbor's local DB and assigned a role in a project. This commit provides the initial implementation. Currently one limitation is that we don't have clear definition about how we would "search" a user via this HTTP authenticator, a flag for "alway onboard" is provided to skip the search, otherwise, a user has to login first before he can be assigned a role in Harbor. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-01-28 15:43:44 +08:00
He Weiwei	3f8e06a8bc	Support master role for project member create and update apis (#6780 ) * Support master role for project member create and update apis Signed-off-by: He Weiwei <hweiwei@vmware.com> * Fix description for role_id in swagger.yaml Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-01-23 14:56:23 +08:00
He Weiwei	ae061482ae	Add Can method to securty.Context interface (#6779 ) * Add Can method to securty.Context interface Signed-off-by: He Weiwei <hweiwei@vmware.com> * Improve mockSecurityContext Can method Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-01-23 14:32:37 +08:00
wang yan	903e15235e	Update validation and error message per comments	2019-01-17 15:33:05 +08:00
wang yan	4cde11892a	update the conflict check with DB unique constrain error message Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-17 13:13:55 +08:00
Yan	1af0f3c3b9	Add API implementation of robot account Add API implementation of robot account 1. POST /api/project/pid/robots 2, GET /api/project/pid/robots/id? 3, PUT /api/project/pid/robots/id 4, DELETE /api/project/pid/robots/id Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-17 13:13:55 +08:00
He Weiwei	8dab10bbed	Merge pull request #6765 from heww/rename-ram Rename ram to rbac	2019-01-17 11:50:14 +08:00
He Weiwei	bacfe64979	Rename ram to rbac Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-01-16 18:20:30 +08:00
Wenkai Yin	f8d9653419	Merge pull request #6737 from ywk253100/190109_health_check Implement the unified health check API	2019-01-16 18:14:14 +08:00
He Weiwei	76bee7a9fc	Merge pull request #6710 from heww/security-by-ram Implement current security interfaces using ram	2019-01-16 17:47:13 +08:00
Wenkai Yin	be4455ec1b	Implement the unified health check API The commit implements an unified health check API for all Harbor services Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-01-16 17:21:04 +08:00
He Weiwei	ebd26c0105	Implement current security interfaces using ram Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-01-16 16:08:17 +08:00
Steven Zou	464bdf71cd	Merge pull request #6727 from wy65701436/robot-dao Add dao of robot account	2019-01-14 19:34:23 +08:00
wang yan	d349c256e8	add support for query nil Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-11 16:19:42 +08:00
Daniel Jiang	a1d4bfd332	Merge pull request #6344 from reasonerjt/bump-up-golang Bump up golang to 1.11.2	2019-01-11 16:15:59 +08:00
Daniel Jiang	5d59d6fab8	Bump up golang to 1.11.2 Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2019-01-11 14:44:32 +08:00
wang yan	6bd6fbd4ad	Add fuzzy match and delete funt per review comments Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-11 14:26:49 +08:00
wang yan	c6ae1388ec	Add dao of robot account Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-10 14:51:33 +08:00
Daniel Jiang	80af81154c	Merge pull request #6702 from wy65701436/robot-db-scheme Add DB table for robot account	2019-01-10 14:25:58 +08:00
wang yan	db09f9f101	Update token length and upper case the sql key words Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-09 10:00:54 +08:00
wang yan	362a0638d0	Add DB table for robot account This commit is to add DB scheme for robot account and update the db orm releated. Signed-off-by: wang yan <wangyan@vmware.com>	2019-01-08 18:46:16 +08:00
Daniel Jiang	b5788f0695	Merge pull request #6671 from heww/ram Add ram pkg	2019-01-08 15:39:36 +08:00
He Weiwei	79f786ecbe	Add ram pkg Signed-off-by: He Weiwei <hweiwei@vmware.com>	2019-01-04 13:17:13 +08:00
Wenkai Yin	75d45ebd9d	Merge pull request #6547 from cd1989/retag-input-validation Validate repo and tag names in retag	2019-01-03 17:45:44 +08:00
cd1989	c117a23133	Validate repo and tag names in retag Signed-off-by: cd1989 <chende@caicloud.io>	2018-12-24 16:49:39 +08:00
Daniel Jiang	93c0a18b06	Merge pull request #6537 from stonezdj/ref_admin_driver Refactor config settings stage2	2018-12-21 15:12:56 +08:00
stonezdj	2446878f6b	Refactor config settings stage2 Signed-off-by: stonezdj <stonezdj@gmail.com>	2018-12-21 10:59:11 +08:00
Wenkai Yin	b28bca7af4	Merge pull request #6541 from salkin/proxy-transport Add support for http proxy in transport	2018-12-18 15:46:29 +08:00
Niklas Wik	138bc69f0f	Add support for http proxy in transport Signed-off-by: Niklas Wik <niklas.wik@nokia.com>	2018-12-17 10:35:27 +02:00
stonezdj(Daojun Zhang)	13511d74ed	Refactor config settings encrypt + metadata (#6387 ) Signed-off-by: stonezdj <stonezdj@gmail.com>	2018-12-12 12:14:33 +08:00
Wenkai Yin	f7a28ee2a2	Remove the duplicate http error struct (#6516 ) There are two different types to represent http error in the current code. This commit updates the codes to keep only one. Signed-off-by: Wenkai Yin <yinw@vmware.com>	2018-12-12 11:51:19 +08:00
cd1989	caf07a96fe	Give meaningful messages when retag forbided Signed-off-by: cd1989 <chende@caicloud.io>	2018-12-06 16:25:21 +08:00
Daniel Jiang	ae240df031	Remove the Scan all in-memory marker (#6399 ) Previously there was a in-memory marker to prevent user from frequently calling the "scan all" API. This has become problematic in HA deployment, and is no longer needed after enhancement in jobservice. This commit removes the marker for "scan all" api, however, we need to review the mechanism and rework to make it stateless. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2018-12-02 15:40:50 +08:00
Steven Zou	ec2ad4d0b8	Merge pull request #6093 from cd1989/replication-record-id Add op uuid to image replication	2018-11-30 14:54:43 +08:00
Wenkai Yin	9d5cf57373	Check the existence of name when creating replication rule and fix bugs in testing library (#6381 ) 1. Fix #5102 by checking the existence of name when creating/editing replication rule 2. Add unique constraint to the name of replication policy and target 3. Fix bugs of testing library Signed-off-by: Wenkai Yin <yinw@vmware.com>	2018-11-30 13:32:20 +08:00
peimingming	238dbc0347	Add UT and review comments and issue fix (#6144 ) Signed-off-by: peimingming <peimingming@corp.netease.com>	2018-11-28 17:43:14 +08:00
peimingming	c67fdc40f5	Support store job log in DB (#6144 ) Signed-off-by: peimingming <peimingming@corp.netease.com>	2018-11-28 15:09:29 +08:00
Steven Zou	e6d4c024ee	Update README of job service to reflect latest updates Signed-off-by: Steven Zou <szou@vmware.com>	2018-11-08 10:35:12 +08:00
Steven Zou	7b106d06c5	Build logger framework to support configurable loggers/sweepers/getters Signed-off-by: Steven Zou <szou@vmware.com>	2018-11-06 09:31:31 +08:00
Daniel Jiang	39b4d011c7	Not submit scan all job when core container starts Fixes #6115 As for the change in migration sql file, in 1.7 we'll switch to jobservice for scheduling "scan all" job. To avoid inconsistency, this item will be reset and user will need to configure the policy again. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2018-10-25 19:01:52 +08:00
Steven Zou	3b76a960e1	Merge pull request #6039 from stonezdj/refact_5996 Refactor capacity	2018-10-24 10:50:11 +08:00
陈德	1ffd9d8fba	Add op uuid to image replication Signed-off-by: 陈德 <chende@caicloud.io>	2018-10-21 23:55:57 +08:00
Steven Zou	db24cbe25a	Merge pull request #5779 from cd1989/images-retag Merge Images retag	2018-10-19 11:04:48 +08:00
Daniel Jiang	fe2e58e1a0	Ignore duplication error when inserting config This commit mitigates the situation when more then one adminserver is deployed and there may be duplication error when they try to initialize the configuration to DB. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2018-10-19 10:23:00 +08:00
陈德	a1b4729aa7	Add more unit tests Signed-off-by: 陈德 <chende@caicloud.io>	2018-10-18 00:26:25 +08:00
stonezdj	0278981523	Change admin server to core in jobservice Signed-off-by: stonezdj <stonezdj@gmail.com>	2018-10-16 19:23:12 +08:00
stonezdj(Daojun Zhang)	b764033fc9	Merge pull request #6007 from stonezdj/refact_5998 Change admin server to core in jobservice	2018-10-15 17:52:24 +08:00
stonezdj	79bac7a64e	Change admin server to core in jobservice Signed-off-by: stonezdj <stonezdj@gmail.com>	2018-10-15 14:56:18 +08:00
Daniel Jiang	00c8344c13	Remove the local scheduler This is no longer needed after moving the "scan all" to job-service. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2018-10-15 14:14:11 +08:00
Wenkai Yin	83147b1982	Merge pull request #6003 from wy65701436/fix-gc-bug Fix gc api issues	2018-10-11 10:26:38 +08:00
Daniel Jiang	1188bd89b9	Use secure transport to access HTTP endpoint In various parts of the code, we used insecure transport in http Client when we assume the endpoint is http. This causes complaints form security scanner. We should use secure transport in such cases. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2018-10-10 17:51:02 +08:00
wang yan	a4ad4c7282	Fix gc api issues 1, filter out the scan all jobs in the gc list. 2, make it able to delete unexecuted scheduler. Signed-off-by: wang yan <wangyan@vmware.com>	2018-10-10 15:45:03 +08:00
陈德	b648084d95	Improve code styles and fix after Harbor refactoring Signed-off-by: 陈德 <chende@caicloud.io>	2018-10-09 10:49:03 +08:00
陈德	03d5157eaf	Updae retag api spec Signed-off-by: 陈德 <chende@caicloud.io>	2018-10-08 19:07:23 +08:00
陈德	75f1cdb449	Update swagger file to add retag API Signed-off-by: 陈德 <chende@caicloud.io>	2018-10-08 19:07:22 +08:00
陈德	48d2435146	Fix notification event filtered because of user agent Signed-off-by: 陈德 <chende@caicloud.io>	2018-10-08 19:07:22 +08:00
陈德	03af3c5936	Add image retag API Signed-off-by: 陈德 <chende@caicloud.io>	2018-10-08 19:07:21 +08:00
James Zabala	e09a157dce	Merge pull request #5896 from erks/normalize_ldap_group_dn Normalize (make lowercase) ldap_group_dn during onboarding	2018-10-02 16:03:03 -04:00
Daniel Jiang	b12dc3b5d8	Schedule "scan all" via jobservice This commit leverage the jobservice to trigger "scan all" and gets rid of the local scheduler to make the harbor-core container stateless. It keeps using the notifer mechanism to handle the configuration change. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2018-09-28 15:42:37 +08:00
Steven Zou	8b538cbc0a	Return the total count of charts under the project in project API - add new interface method to get total count of charts under namespaces by calling get index - add new field 'chart_count' in project model - append chart count to the project model in project API Signed-off-by: Steven Zou <szou@vmware.com>	2018-09-25 17:56:11 +08:00
Daniel Jiang	0699980924	Add Scan All job to job service (#5934 ) This commit adds the job to scan all images on registry. It also makes necessary change to Secret based security context, to job service has higher permission to call the API of core service. Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2018-09-22 13:07:32 +08:00
clouderati	587459df15	Replacing copyright notices with "Copyright Project Harbor Authors". Signed-off-by: clouderati <35942204+clouderati@users.noreply.github.com>	2018-09-19 16:59:36 +00:00
Qian Deng	7873a0312a	Rename harbor-ui to harbor-core 1. Update the nginx.conf 2. Update Makefile 3. Update docker-compose 4. Update image name 5. Rename folder ui to core 6. Change the harbor-ui's package name to core 7. Remove unused static file on harbor-core 8. Remove unused code for harbor-portal Signed-off-by: Qian Deng <dengq@vmware.com>	2018-09-19 16:35:13 +08:00
Yan	29ca31cf6c	Update gc api to fix issues found by UI implemention (#5920 ) This commit is to update gc api to fix issues found by UI implemention: 1, Return json format of gc schedule 2, Unify capital and small letter 3，Return gc records by desc Signed-off-by: wang yan <wangyan@vmware.com>	2018-09-19 14:36:47 +08:00
Touch Ungboriboonpisal	e256547411	Normalize (make lowercase) the ldap group dn when onboarding Fixes #5895 Signed-off-by: Touch Ungboriboonpisal <tungbori@zynga.com>	2018-09-18 13:37:35 -07:00
Wenkai Yin	dfcd6f044d	Merge pull request #5888 from steven-zou/mark_labels_to_chart Add API to support marking labels to charts	2018-09-14 15:09:46 +08:00
Steven Zou	7b8fe27c22	Add API to support marking labels to charts - add related chart label API entries - extract label related functionalities to a separate manager interface - add a base controller for label related actions - add related UT cases Signed-off-by: Steven Zou <szou@vmware.com>	2018-09-14 13:27:50 +08:00
Wenkai Yin	89893779fb	Support configuring sslmode for the connection of database (#5861 ) The sslmode of the connection with postgresql is hardcoded as "disable" currently, this commit expose it as an environment variable so that users can configure it Signed-off-by: Wenkai Yin <yinw@vmware.com>	2018-09-14 13:05:05 +08:00
Wenkai Yin	1f195c2b5f	Merge pull request #5840 from Colstuwjx/fix-tcp-probe Fix `TestTCPConn` break issue.	2018-09-10 14:46:04 +08:00
Daniel Jiang	cd31cbf892	Merge pull request #5828 from stonezdj/ldap_caseinsense LDAP group DN should be case insensitively	2018-09-07 10:48:31 +08:00
Colstuwjx	e49a9de2f4	Fix `TestTCPConn` break issue. Signed-off-by: Colstuwjx <Colstuwjx@gmail.com>	2018-09-06 14:58:04 +08:00
stonezdj	9dca49ba6e	LDAP group DN should be case insensitive Fix issue #5776, LDAP servers are case insensitive. because only LDAP group DN is used to compare/equal operation, lowercase all LDAP group DN when retrieves it from LDAP server, and lowercase them before save in DB Signed-off-by: stonezdj <stonezdj@gmail.com>	2018-09-06 11:33:05 +08:00
Wenkai Yin	5427c0064c	Merge pull request #5731 from Colstuwjx/fix-log-test Fix logger test case, add SetSkipLine func.	2018-09-06 08:17:17 +08:00
Colstuwjx	bab203c0f4	Fix logger test case. Signed-off-by: Colstuwjx <Colstuwjx@gmail.com>	2018-09-05 19:25:17 +08:00
陈德	0582db9a82	Apply consistent format for comments Signed-off-by: 陈德 <chende@caicloud.io>	2018-09-05 16:16:31 +08:00
Wenkai Yin	49bb5cfafb	Test TCP connection before upgrading database schema This commit moves the database schema upgrading after database initialization. The init will test TCP connection. Signed-off-by: Wenkai Yin <yinw@vmware.com>	2018-09-05 02:07:47 +08:00
陈德	6eb972c383	Add pull scope to post/put/patch method Signed-off-by: 陈德 <chende@caicloud.io>	2018-09-03 11:12:11 +08:00
陈德	a59af8ce82	fix gofmt Signed-off-by: 陈德 <chende@caicloud.io>	2018-08-30 14:11:18 +08:00
陈德	666bd692fe	Support repo list sorting Signed-off-by: 陈德 <chende@caicloud.io>	2018-08-30 10:56:50 +08:00
wang yan	aab761ac8a	Fix gofmt check results Signed-off-by: wang yan <wangyan@vmware.com>	2018-08-29 11:50:00 +08:00
Yan	fca2bb3a6b	Fix misspell checking results (#5749 ) Signed-off-by: wang yan <wangyan@vmware.com>	2018-08-29 10:25:42 +08:00
Daniel Jiang	dcf4e2ee78	Update import path in go code vmware -> goharbor Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2018-08-23 17:50:53 +08:00
wangyan	9a95f14918	Cherry-pick -- Fix security issue found by gas	2018-08-03 01:16:53 -07:00
Daniel Jiang	6062bf279b	Set default creation_time and update_time at model This commit set the default value of creation_time and update_time to data objects by adding `orm:add_now` annotations.	2018-07-31 12:56:14 +08:00
stonezdj	9b209858f4	Ldap_group_admin_dn can not updated via rest	2018-07-24 17:47:57 +08:00
silenceshell	7745b79b2e	var name should not be error (#5332 ) Rename the variable names from "error" to "err"	2018-07-24 11:33:21 +08:00
Steven Zou	bb380e6dbc	Merge pull request #5314 from steven-zou/chart_repo_supporting Refactor chart API endpoints	2018-07-20 20:43:55 +08:00
Steven Zou	0227a1315a	Keep the chart server related configurations in adminserver append chart server related config options to the supporting list of adminserver provide chart server related config access method in the API layer update prepare script and ui env template file to enable cache driver config for chart server API append flag info in the systeminfo API to indicate if chart server is deployed with Harbor refactor the response rewriting logic to return structual error object add api init method to initilizing objects required in API handlers chage owner of the storage folder update offline/online package scripts in Harbor-Util.robot	2018-07-20 19:40:33 +08:00
Yan	efdb57548f	add admin job api (#5344 ) It supports Harbor admin to trigger job either manual or schedule. The job will be populated to job service to execute. The api includes: 1. POST /api/system/gc 2, GET /api/system/gc/:id 3, GET /api/system/gc/:id/log 4, PUT/GET/POST /api/system/gc/schedule	2018-07-20 19:22:37 +08:00
stonezdj	f5e82f75a7	Add SafeCast function and set default value for some sytem configure Add SafeCastString, SafeCastInt, SafeCastFloat64, SafeCastBool function to check the type matched and avoid panic in runtime Add default value to configure settings to avoid cannot save configure issue	2018-07-17 17:00:06 +08:00
Yan	9e65499c10	Add garbage collection job implemention, this job could (#5268 ) be triggered by manual and schedule. It calls registrtctl to do the GC job, and log the output.	2018-07-16 18:08:40 +08:00
Yan	d5b85a6748	Add the registry controller httpserver, it's responsible for controlling (#5265 ) docker regsitry. This version has the API to call regsitry GC with jobservice secret. Seprates it into a standalone container as do not want to invoke two processes in one container. It needs to mount the registry storage into this container in order to do GC, and needs to copy the registry binary into it.	2018-07-16 16:50:28 +08:00
Daniel Jiang	0d6ea995e1	Let adminserver initialise the DB schema. This commit make update to remove the code from ui container to init the DB schema. As UI has dependency on admin server, so it's safe to assume adminserver has to be ready first. Regardless the setting of the config store of admin server, it will try to access and intialize the schema of database.	2018-07-13 17:32:17 +08:00
stonezdj	62acdb14f3	Add settings to define admin with LDAP group DN	2018-07-05 14:46:44 +08:00
Deng, Qian	edbe2fe620	Update migrator to 1 6 0 1. Add new alembic_pg folder for postgres 2. Add migration file for 1.6.0 3. Update version to 1.6.0 4. update migrator dockerfile	2018-07-02 21:23:47 +08:00
Daniel Jiang	1afb09b6cf	Merge pull request #5194 from ywk253100/180626_search Fix bug in search API	2018-06-29 21:13:09 +08:00
Daniel Jiang	aef3213dfa	Merge pull request #5190 from stonezdj/reload_config Fix issue that harbor tile can not save customized settings	2018-06-29 13:04:36 +08:00
Daniel Jiang	c9b1962b1e	Initialise Harbor DB schema in Harbor UI/adminserver container This commit fixes #5040, the harbor-db image will only contain empty databases, and harbor ui container will use migrate tool to run initial SQL scripts to do initialization. This is helpful for the case to configure Harbor against external DB or DBaaS like RDS for HA deployment However, this change will results some confusion as there are two tables to track schema versions have been using alembic for migration, for this release we'll try to use alembic to mock a `migration` table during upgrade so the migrator will be bypassed, in future we'll consider to consolidate to the golang based migrator. Another issue is that the UI and adminserver containers will access DB after start up in different congurations, can't ensure the sequence, so both of them will try to update the schema when started up.	2018-06-28 16:22:53 +08:00
stonezdj	72e9b22e10	Fix issue that harbor tile can not save customized settings	2018-06-28 16:20:10 +08:00
Wenkai Yin	982760a132	Fix bug in search API Refactor the logic of search API to fix bug mentioned in issue #5156 and #3838	2018-06-27 12:51:08 +08:00
stonezdj	d6a4d79a03	Handle Invalid syntax and not found error	2018-06-20 14:27:29 +08:00
Daniel Jiang	255a6d6f95	Merge pull request #5070 from ywk253100/180601_label_fuzzy_match Fix #4742: fuzzy match label name	2018-06-12 14:39:35 +08:00
Wenkai Yin 79628	0c56493fb6	Soft delete label Modify the deletion of label to soft deletion, in this way the names of deleted labels referenced by replication rules can be shown to users	2018-06-07 17:14:12 +08:00
Wenkai Yin 79628	07c092c9be	Fix #4742 This commit provides the support of fuzzy matching for label name when listing labels	2018-06-01 07:38:21 +08:00
Daniel Jiang	2f4950b80c	Merge pull request #5034 from ywk253100/180524_relativeurl Fix replication issue when the remote registry enables relativeurls	2018-05-25 19:33:29 +08:00
Wenkai Yin 79628	29a4a3335e	Fix replication issue when the remote registry enables relativeurls The location header returned by the remote registry contains no scheme and host parts if "relativeurls" is enabled, this commit fix it by adding them at the beginning of location.	2018-05-24 15:34:31 +08:00
Wenkai Yin 79628	76274dbf84	Update change password API Modify the changing password API to support that admin user can change the password of normal users without old password	2018-05-22 19:02:20 +08:00
stone	d3930ae17c	Put user info into session (#4885 ) Fix the following issues. 1) GroupList is not found in SecurityContext user info 2) Retrieve multiple memberof information from LDAP. 3) If user is in two groups with guest, administrator role separately, display the max privilege role.	2018-05-17 16:23:51 +08:00
stonezdj	b8a48d0326	Update security context for assign role to project group member The project list will contain all public projects, user is a member of this project, or user is in the group which is a member of this projects. Change the behaviour of user roles, if the user is not a member of this project, then return the user's groups role of current project	2018-05-03 16:49:16 +08:00
Yan	ae257433cc	Fully migrate harbor db to postgresql (#4689 ) * Merge harbor db to postgres	2018-04-27 02:27:12 -07:00
Wenkai Yin	f77e4167ac	Merge pull request #4802 from ywk253100/180427_label_db Modify unique constraint of table harbor_label	2018-04-27 17:10:05 +08:00
Wenkai Yin	73babbf1ab	Modify unique constraint of table harbor_label Add unique constraint to column name, scope and project_id of table harbor_label to make creating same name labels under different projects valid	2017-12-19 22:15:56 +08:00
Tan Jiang	93c448d91b	Fix mis-interpretation of severity in Clair Currently "Critical" vulnerablity is treated as "Unknown" in Harbor. This commit provides a quickfix that it will be interpret as "High". In future, we should consider introduce "Critical" and enable UI to handle it to be more consistent with CVSS spec.	2018-04-25 10:31:12 +08:00
Tan Jiang	1fc4142e1a	Do not call `chown` to config files This commit fixes a recently discovered issue on Kubernetes #4496 It make necessary to avoid calling `chown` to config files during the bootstrap of the containers.	2018-04-20 13:44:21 +08:00
Daniel Jiang	f8d577994f	Merge pull request #4719 from reasonerjt/fix-db-broken-pipe Fix intermittent `broken pipe` issue in log	2018-04-19 10:23:59 +08:00
Tan Jiang	7fa8261661	Fix intermittent `broken pipe` issue in log This commit fixes #4713, by adopting the suggested fix in: https://github.com/go-sql-driver/mysql/issues/529 When creating the DB instance in orm, call `SetConnMaxLifetime()`	2018-04-18 17:39:13 +08:00
Wenkai Yin 79628	f6bd2f245d	Fix bug #4688 Fix bug: the user can push images although he have no permisson by checking empty value before assign permissions.	2018-04-18 12:03:06 +08:00
stonezdj	7e57c685ac	Add project member search by name Previous implementation contains the search user by name feature. This implementation can search user and user group by name.	2018-04-16 18:38:10 +08:00
stonezdj	de49165427	Refactor project member API 1) Remove the previous /api/projects/?:project_id/members/:userid 2) Move the /api/projects/:project_id/projectmembers/?:pmid to /api/projects/:project_id/members/?:pmid 3) Change the project member maintain ui to call new REST API	2018-04-11 17:49:33 +08:00
Tan Jiang	ff06ec05c3	Store secret in header instead of cookie	2018-04-07 22:02:06 +08:00
Daniel Jiang	b5f52bc3fb	Merge pull request #4586 from reasonerjt/job-context-props Read the system properties from scan job context	2018-04-07 10:23:30 +08:00
Tan Jiang	15580a5e8c	Read the system properties from scan job context	2018-04-04 19:58:54 +08:00
stone	df63a73fd4	Merge pull request #4483 from stonezdj/api4assign_role_to_group4 Add REST API for assign role to group	2018-04-04 16:19:37 +08:00
stonezdj	9bcfaedc0e	Add REST API for assign role to group	2018-04-04 13:39:42 +08:00
Wenkai Yin	79f0ca96bc	Merge pull request #4572 from ywk253100/180402_job Hide schedule job when listing replication jobs	2018-04-03 16:12:10 +08:00
Wenkai Yin	500651a5a1	Hide schedule job when listing replication jobs	2018-04-03 01:11:55 +08:00
Tan Jiang	7aec4d9f21	Add UT and remove useless code.	2018-04-02 21:28:46 +08:00
Wenkai Yin	3436729d52	Merge pull request #4547 from ywk253100/180328_schedule_replication_job Move schedule replication job to new jobservice	2018-03-30 21:03:45 +08:00
Steven Zou	ba91fc2861	Merge master into job_service and fix conflicts	2018-03-30 19:26:04 +08:00
Wenkai Yin	dd40f187ec	Move schedule replication job to new jobservice	2018-03-30 17:44:05 +08:00
Steven Zou	d1899c840d	Merge branch 'master' into job_service	2018-03-29 23:25:20 +08:00
Tan Jiang	5dd75bb0b0	Trust Root CA of VIC appliance when accessing Admiral	2018-03-29 19:53:41 +08:00
Daniel Jiang	2c2cbd9c52	Merge pull request #4510 from reasonerjt/master Add indexes to job tables and bump up schema version.	2018-03-28 16:58:16 +08:00
Tan Jiang	b6df6cf169	Add indexes to job tables and bump up schema version.	2018-03-28 16:15:54 +08:00
stone	203b1b52bb	Merge pull request #4415 from stonezdj/user_group_and_project_member Add DAO for user group and project member	2018-03-26 15:21:20 +08:00
stonezdj	49d960b060	Add DAO for project member and user group	2018-03-26 14:38:32 +08:00
yixingj	cb64ad96ff	Make endpoint configurable Move all the endpoint to harbor.cfg	2018-03-26 10:50:18 +08:00
Wenkai Yin	dd156ca243	Handle replication job status hook	2018-03-24 21:18:58 +08:00
Tan Jiang	be97a91650	Integrate with jobservice webhook	2018-03-27 21:27:52 +08:00
Tan Jiang	c859616e25	fix golint and go vet issue	2018-03-26 22:10:01 +08:00
Tan Jiang	582deea9e7	resolve conflict	2018-03-26 18:11:39 +08:00
Tan Jiang	41ce0891ab	Trigger scan job from UI.	2018-03-26 18:07:21 +08:00
Wenkai Yin	38568a1d2c	Merge pull request #4485 from ywk253100/180326_period_job Create a job to call UI's replication API to do the period replication job	2018-03-26 17:31:10 +08:00
Tan Jiang	745b21abbc	Merge remote-tracking branch 'upstream/master' into scan-job-migrate	2018-03-26 15:39:42 +08:00
Tan Jiang	381ecc3521	Merge with master	2018-03-26 10:37:17 +08:00
Wenkai Yin	85f357ec6b	Delete the mapping relationship between resources and labels when the label is deleted	2018-03-24 02:22:51 +08:00
Wenkai Yin	e63d5a1c06	Create a job to call UI's replication API to do the period replication job	2018-03-23 23:53:15 +08:00
Wenkai Yin	ed08a42e4b	Migrate replication job to the new jobservice	2018-03-23 18:36:37 +08:00
Yan	cbcca015b0	add read only mode to stop docker push (#4433 )	2018-03-23 03:16:08 -07:00
Wenkai Yin	c6e65d2ded	Fuzzy matching repository name in GET repositories API	2018-03-22 13:38:26 +08:00
Tan Jiang	b8ec419c8e	Add missed package to fix compilation issue	2018-03-21 16:59:32 +08:00
Tan Jiang	613464bc16	Migrate scan job to job service V1 phase1	2018-03-21 16:25:32 +08:00
Wenkai Yin	838b439560	Implement filter repository and tags by label API	2018-03-21 10:51:06 +08:00
stonezdj	44fc373c6d	Add LDAP Group Search Configure Param	2018-03-15 06:16:47 +08:00
Wenkai Yin	36b9c4e458	Implement adding/removing labels to/from repositories and images API	2018-03-12 19:30:05 +08:00
Wenkai Yin	379f113452	Implement label management API	2018-03-09 12:17:27 +08:00
Wenkai Yin	0a8929b85e	Do the authentication with CRAM-MD5 when the connection is insecure	2018-03-08 14:21:44 +08:00
stonezdj	4c6d1488bd	Add UT	2018-02-09 15:29:08 +08:00
stonezdj	f138067242	Refactor project member	2018-02-09 10:38:51 +08:00
Wenkai Yin	10f56d26fe	Change codes to make everything OK after upgrading to beego 1.9.0	2018-02-05 13:07:52 +08:00
Wenkai Yin	9022abfc13	Fix code issues found by Gas	2018-01-29 15:17:03 +08:00
Wenkai Yin	515cac010a	Merge pull request #4071 from ywk253100/180117_policy_pagination Add pagination support in listing replication policy API	2018-01-19 15:19:45 +08:00
Wenkai Yin	611709a7be	Add pagination support in listing replication policy API	2018-01-18 15:54:12 +08:00
stone	c815dc01dd	Merge pull request #4043 from reasonerjt/uaa-bugfix Read Email from UAA while onboarding user.	2018-01-18 14:04:35 +08:00
Tan Jiang	d5d913f51d	Read Email from UAA while onboarding user. Will call the userinfo API of UAA to get user info and generage user model based on the response. Also this commit include a change that whenever the UAA Client is to be used it will update the configuraiton, this is needed as we enable user to update the configuration of UAA via UI.	2018-01-17 10:28:49 +08:00
Wenkai Yin	8cda2d8d65	Merge pull request #4036 from ywk253100/180116_s3 Propagate registry storage driver name to adminserver and return it in /api/systeminfo	2018-01-16 18:41:08 +08:00
Qian Deng	5017670d00	Merge pull request #4005 from ninjadq/db_migrate_from_1_3_to_1_4 Update migration tool for v1.4	2018-01-16 17:04:54 +08:00
Wenkai Yin	53d5a2256a	Propagate registry storage driver name to adminserver and return it in /api/systeminfo	2018-01-16 16:57:28 +08:00
Deng, Qian	b3e65ed71e	Update migration tool for v1.4 1. Update database meta file 2. Add migration file for 1.4	2018-01-16 15:38:51 +08:00
Wenkai Yin	a1dd8c3bff	Merge pull request #4004 from ywk253100/180111_jobservice Provide a mechanism to stop pending and retrying jobs	2018-01-15 12:55:44 +08:00
Tan Jiang	d6bf0ea11d	Remove data generated by dao_test after the test.	2018-01-12 15:56:30 +08:00
Wenkai Yin	4070ed5152	Provide a mechanism to stop pending and retrying jobs	2018-01-12 15:29:20 +08:00
Daniel Jiang	43afd426bb	Merge pull request #3995 from reasonerjt/admin-rename Provide API to rename admin	2018-01-12 13:59:13 +08:00
stone	ec173305a3	Merge pull request #3974 from stonezdj/ldap_ping_timeout Setting timeout for ldap ping	2018-01-12 11:22:27 +08:00
Tan Jiang	a392a8dc29	Provide API to rename admin This is to provide a workaround for very corner case that in user's authentication backend (LDAP, UAA) has a user called "admin" and because Harbor's super user is hard coded to "admin" it's not possible to login the "admin" with credentials in LDAP or UAA. To minimize the impact, we'll provide an internal API for user to update the super user's username from "admin" to "admin@harbor.local", this API can be called by "admin" only, and is not reversible.	2018-01-11 23:01:06 +08:00
stonezdj	c48c7f7b6a	Setting timeout for ldap ping	2018-01-10 15:14:30 +08:00
Wenkai Yin	e26b442c9c	Merge pull request #3951 from ywk253100/180104_replicate_interval Manual starting replication will be rejected if there are pending/running jobs	2018-01-10 10:56:45 +08:00
Daniel Jiang	f8af1f275e	Merge pull request #3911 from stonezdj/ldap_search_level Ambiguous UI and internal values ldap_scope	2018-01-08 14:53:55 +08:00
Wenkai Yin	87ce1c84d5	Manual starting replication will be rejected if there are pending/running jobs	2018-01-05 17:05:57 +08:00
stonezdj	26b86984d2	Ambiguous UI and internal values ldap_scope #3764	2018-01-05 15:51:37 +08:00
pfh	13308ce9d8	Merge remote-tracking branch 'upstream/master' into repEnhance	2018-01-05 14:09:03 +08:00
Wenkai Yin	51297cdfd7	Merge pull request #3887 from ywk253100/171227_ssrf Fix SSRF security issue #3755 in ping target, email server and LDAP server APIs	2018-01-04 18:11:47 +08:00
Daniel Jiang	8e5115c832	Merge pull request #3870 from stonezdj/ldap_syncuser2 Sync user email in ldap #3663	2018-01-04 13:28:51 +08:00
Wenkai Yin	3448fd9a2d	Fix SSRF security issue #3755 in ping target, email server and LDAP server APIs	2018-01-04 12:26:17 +08:00
Tan Jiang	e02de2068a	Enable configuring the CA Certificate for UAA Enable configuring the path of root cert of UAA in harbor.cfg. It only takes effects if the verify_cert is set to "true" If the file does not exist, the configuration is skipped. The intention for this commit is to support integration with nested UAA in PAS or PKS, we don't expect user to manually configure this value, though he can do it if he wants.	2018-01-03 16:21:29 +08:00
Wenkai Yin	96a63c56b1	Merge remote-tracking branch 'upstream/master' into 180103_merge	2018-01-03 10:32:03 +08:00
Wenkai Yin	a9d7403bee	Update project ID property if needed when updating replication policy	2017-12-27 15:04:26 +08:00
stonezdj	35716dedd3	Sync user email in ldap #3663	2017-12-26 18:53:32 +08:00
stonezdj	9f99d0400c	Call EscapeFilter for filter to avoid security issue	2017-12-26 15:34:14 +08:00
Daniel Jiang	94c78b3bee	Merge pull request #3858 from xuri/master Simple code and typo fixed.	2017-12-26 12:06:27 +08:00
Tan Jiang	da20e4f11c	Search UAA when adding member to a project. 1)Enable UAA client to search UAA by calling '/Users' API. 2)Implement 'SearchUser' in UAA auth helper, register it to auth package.	2017-12-26 00:25:32 +08:00
Ri Xu	9adccd3723	Simple code and typo fixed. Signed-off-by: Ri Xu <xuri.me@gmail.com>	2017-12-23 20:55:07 +08:00
yixingjia	fa67e11680	Merge pull request #3831 from yixingjia/HA_Clair Make Clair DB configurable	2017-12-21 11:31:26 +08:00
Tan Jiang	12cd733678	Remove useless code from UI router and API Some URLs are not used on UI, so they are removed. And the validation code of API is removed as we use the security context approach. fix test issue	2017-12-20 23:10:38 +08:00
yixingj	f63588855f	Make Clair DB configurable Make the HOST,PORT,USERNAME,DB configurable for Clair	2017-12-20 18:29:50 +08:00
Wenkai Yin	8d62d989a5	Fix bug #4791 Remove the table join when querying repositories with project name	2017-12-19 21:47:39 +08:00
Tan Jiang	2ffc58a5d4	Refactor the configuraiton of UAA Remove the attribute "uaa_ca_root" from harbor.cfg and introduce "uaa_verify_cert". Similar to LDAP settings, this allow user to explicitly turn of the cert verification against UAA server, such that the code will work with self-signed certificate.	2017-12-19 14:42:07 +08:00
Daniel Jiang	62cebbdb5d	Merge pull request #3797 from reasonerjt/uaa-restriction Disable user management features when auth mode is UAA.	2017-12-18 22:47:08 +08:00
Daniel Jiang	cdadc94d0f	Merge pull request #3804 from ywk253100/171215_jobservice Print stack trace when recover from panic and print warning message rather than returning an error when updating 0 records	2017-12-18 16:36:20 +08:00
Tan Jiang	224f75b9a6	Refactor /users API, add more restircation in password reset Simplified the code when checking if a user is modiable in different auth modes. Also add restriction in password, such that when the auth mode is not DB auth, only the super user can choose to reset his password.	2017-12-18 14:32:29 +08:00
Wenkai Yin	260ef561c4	Update the HTTP client for easy use by add more util functions	2017-12-16 06:45:59 +08:00
stonezdj	9393d26fdc	Fix ldap ping issue #3653	2017-12-15 14:47:54 +08:00
Wenkai Yin	a736cb7b09	Update the HTTP client according to the comments	2017-12-15 09:40:31 +08:00
Wenkai Yin	b5e7de331e	Delete enabled and start_time properties of replication rule	2017-12-15 09:40:31 +08:00
Wenkai Yin	fe10c2e7f5	Create replicator to submit replication job to jobservice	2017-12-15 09:40:31 +08:00
Wenkai Yin	8b4fdfc2cc	Add unit tests for replication related methods	2017-12-15 09:40:31 +08:00
Wenkai Yin	a54b7dd4c0	Merge remote-tracking branch 'upstream/master' into 171219_merge	2017-12-15 08:48:57 +08:00
Wenkai Yin	43489c2b67	Print stack trace when recover from panic and print warning message rather than returning an error when updating 0 records	2017-12-14 13:48:45 +08:00
stone	cbd1431333	Merge pull request #3726 from stonezdj/ldap_refactor2 Refactor LDAP code Changes include: 1. Use session to manage the lifecycle of LDAP connections 2. Abstract common AuthenticateHelper interface for db_auth, ldap_auth, uaa_auth	2017-12-13 16:21:20 +08:00
stonezdj	ec67974104	Refactor ldap Changes include: 1. Use Session to manage the lifecycle of ldap connections 2. Abstract common AuthenticateHelper interface for db_auth, ldap_auth, uaa_auth mode	2017-12-13 14:57:04 +08:00
Wenkai Yin	665a54edc3	Merge remote-tracking branch 'upstream/master' into 171213_merge	2017-12-13 13:40:24 +08:00
yixingj	9b03c93afd	Add database driver for Harbor configurations 1>Add a new database driver for configurations 2> change the current default driver from json to database	2017-12-06 13:06:54 +08:00
Wenkai Yin	594d213630	Publish replication notification for manual, scheduel and immediate trigger	2017-12-04 15:07:30 +08:00
Daniel Jiang	d13321f2b5	Support getting user info via token in UAA Client (#3686 )	2017-11-27 18:13:36 +08:00
Wenkai Yin	6b0ee138e5	Implement immediate trigger and the methods of WatchList	2017-11-27 14:23:21 +08:00
stonezdj	16243cfbbc	Add LDAP remote certifcate validation push test Add unit test for ldap verify cert remove common.VerifyRemoteCert Update code with PR review comments Add change ldaps config and add UT testcase for TLS feature add ldap verfiy cert checkbox about #3513 Draft harbor ova install guide Search and import ldap user when add project members Add unit test case for SearchAndImportUser ova guide Add ova install guide Add ova install guide 2 Add ova install guide 3 Call ValidateLdapConf before search ldap trim space in username Remove leading space in openLdap username Remove doc change in this branch Update unit test for ldap search and import user Add test case about ldap verify cert checkbox Modify ldap testcase	2017-11-24 12:41:51 +08:00
Wenkai Yin	31cf6c078e	Implement replication policy manager	2017-11-16 10:55:03 +08:00
Steven Zou	c2e0c8d1f2	Define the related interfaces for triggers and core controllers of replication service	2017-11-10 15:06:24 +08:00
reasonerjt	19a13e8575	Deprivilege harbor-ui harbor-jobservice harbor-adminserver Use non-root user to run the service within these docker images, and provide HEALTHCHECK mechanism.	2017-11-09 03:09:09 -08:00
Wenkai Yin	149b628292	update	2017-11-09 16:20:56 +08:00
Wenkai Yin	5cef58baa1	update according to the comments	2017-11-08 17:53:41 +08:00
Daniel Jiang	8dfe5f0bfc	Merge pull request #3536 from ywk253100/171102_fail_earlier Fail earlier when found database schema dismatch	2017-11-07 15:01:14 +08:00
Wenkai Yin	5293a9287b	Fail earlier when found database schema dismatch	2017-11-07 13:07:56 +08:00
Tan Jiang	512384722a	Make the internal URL of UI and JobService configurable	2017-11-03 20:43:25 +08:00
Wenkai Yin	51d5df0849	Update replication policy API to support trigger and filter	2017-11-02 14:59:26 +08:00
Steven Zou	87d966e369	Merge pull request #3510 from steven-zou/master Update the alternate policy and corresponding task to support byweekly	2017-11-01 21:51:04 -05:00
Steven Zou	cee0bcec22	Update the alternate policy and corresponding task to support by weekly besides daily	2017-11-01 13:55:56 +08:00
Wenkai Yin	0ddca31355	Add column id to table project_metadagta as the primary key	2017-10-30 17:37:25 +08:00
Wenkai Yin	5b2ececae8	Merge pull request #3436 from ywk253100/171020_meta_api Add project metadata API	2017-10-27 05:16:50 -05:00
Wenkai Yin	c355034c14	Add project metadata API Project metadata API can be used to integrated with project management service which can not provide all metadatas needed by Harbor.	2017-10-27 17:05:15 +08:00
Daniel Jiang	d8634290e8	Merge pull request #3420 from reasonerjt/master Add Unit test cases for Clair Client.	2017-10-23 12:18:05 +08:00
Tan Jiang	b925569767	Add Unit test cases for Clair Client.	2017-10-22 21:54:04 +08:00
Wenkai Yin	2156750b04	Move certificate verification to target level The certificate verification is on system level before this commit. Moving it to target level makes the configuration more flexible for different targets.	2017-10-20 15:36:56 +08:00
Wenkai Yin	66b2d0d3f3	Apply project level policies to standalone Harbor The following features are only enabled in integration mode, this commit moves these to standalone Harbor: - Content trust policy: only signed images can be pulled - Vulnerability policy: only images whose severity is below the threshold can be pulled - Automatic scan policy: automatic scan pushed images	2017-10-19 17:33:28 +08:00
Tan Jiang	eab6b43d99	Make the root CA certificate of UAA should be configurable	2017-10-16 17:40:29 +08:00
Tan Jiang	51286d9baa	Provide UAA authenticator for password based authentication.	2017-10-07 00:16:53 +08:00
Wenkai Yin	e495357d98	implement the default project metadata manager	2017-09-28 16:17:51 +08:00
Wenkai Yin	e79334a445	Add interfaces to implement project level policy (#3271 ) * add interfaces to implement project level policy	2017-09-26 16:41:08 +08:00
Wenkai Yin	dc4f2ece72	readjust package structure	2017-09-20 15:24:19 +08:00
Wenkai Yin	f0946b63cf	fix code style issues reported by golint	2017-09-19 17:16:54 +08:00
Wenkai Yin	8d7644b8b5	Merge pull request #3151 from ywk253100/170830_email_insecure Expose the insecure flag for email configuration	2017-09-15 15:01:30 +08:00
weibaohui	84d66d85fa	Correct spelling Correct spelling	2017-09-11 15:13:24 +08:00
Wenkai Yin	923a8d65b1	expose insecure flag in api	2017-09-04 15:10:07 +08:00
Daniel Jiang	f41d2ff436	Merge pull request #3101 from ywk253100/170822_replica Convert 500 error returned by Admiral to duplicate project error when creating duplicate project	2017-08-22 15:59:19 +08:00
Wenkai Yin	599d94be0c	update	2017-08-22 15:22:25 +08:00
Wenkai Yin	ffb2f4201b	update	2017-08-22 14:28:45 +08:00
Wenkai Yin	bb958a7f4b	convert 500 error returned by Admiral to duplicate project error when creating duplicate project	2017-08-22 13:34:06 +08:00
Tan Jiang	c1bbcb5bab	update the interval of clair updater to 12 hours, and update the interval for scan all to 2 hours	2017-08-21 13:45:23 +08:00
Wenkai Yin	7296bdc131	increase length of username in database to 256	2017-08-17 15:24:34 +08:00
Tan Jiang	2ffcf10eaa	restart scan jobs when jobservice is started	2017-08-16 17:24:41 +08:00
Daniel Jiang	1403fe09ff	Merge pull request #3030 from reasonerjt/fix-jobservice-update-vuln-bug Do not throw error if the scan result is unchanged	2017-08-11 13:26:15 +08:00
Tan Jiang	882683ae6f	Do not throw error if the scan result is unchanged	2017-08-10 17:26:39 +08:00
Tan Jiang	5846d7d28d	add cve link in Harbor API	2017-08-10 15:27:30 +08:00
Daniel Jiang	5ba363657f	Merge pull request #3006 from ywk253100/170808_bug_fix [BAT]Remove useless codes	2017-08-09 16:05:16 +08:00
Daniel Jiang	78bacbc80a	Merge pull request #2978 from wy65701436/issue-2975 Issue 2975	2017-08-09 16:05:00 +08:00
Wenkai Yin	7fedca3a4a	remove useless codes	2017-08-09 15:13:51 +08:00
Daniel Jiang	383a09e21f	Merge pull request #2982 from reasonerjt/tc-vuln-data add tc for vulnerability transform	2017-08-08 12:15:54 +08:00
Steven Zou	b6b232ce6a	Merge pull request #2945 from vmware/fix_issue_#2762 Fix data race issues of go sources	2017-08-07 21:57:03 +08:00
Tan Jiang	5b6c53a1bf	add the json file required by UT	2017-08-07 21:12:49 +08:00
wangyan	657d3c322f	fix issue 2975 udpate update update update update update	2017-08-07 18:01:37 +08:00
Tan Jiang	8f41be471d	add tc for vulnerability transform	2017-08-07 17:14:51 +08:00
Steven Zou	21d3f4a549	Fix data race issues of go sources	2017-08-07 14:50:37 +08:00
Daniel Jiang	6bd622196e	Merge pull request #2972 from reasonerjt/master Fix perf issue and connection leak in Clair.	2017-08-04 19:48:26 +08:00
Tan Jiang	fa0cb8731c	Fix performance issue and connection leakage	2017-08-04 19:22:52 +08:00
Daniel Jiang	d4dce3bb60	Merge pull request #2970 from wy65701436/issue-2965 fix 2965	2017-08-04 19:17:01 +08:00
wangyan	5b54b554ab	update	2017-08-04 18:59:16 +08:00
wangyan	bcc1a5c41d	fix 2965 update package update	2017-08-04 18:44:00 +08:00
Wenkai Yin	8963a15520	remove useless insecure flag	2017-07-31 13:45:49 +08:00
Wenkai Yin	a8dc75dd15	update	2017-07-28 13:10:26 +08:00
Wenkai Yin	1da9b8653b	update according to the comments	2017-07-27 18:23:55 +08:00
Wenkai Yin	0a74a0f1e4	update	2017-07-27 08:17:29 +08:00
Wenkai Yin	71e4c3c447	Merge remote-tracking branch 'upstream/master' into 170724_registry Conflicts: src/ui/utils/utils.go	2017-07-26 18:46:41 +08:00
Wenkai Yin	cc264f85e7	do not ping if using raw token authorizer	2017-07-26 18:41:36 +08:00

... 5 6 7 8 9 ...

864 Commits