Commit Graph

788 Commits

Author SHA1 Message Date
Yogi_Wang
f022e89843 Modify the repository list sort and filter
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-12-03 10:37:41 +08:00
Daniel Jiang
4e1bac4b82
Merge pull request #9820 from reasonerjt/oidc-cli-secret-group
Populate user groups during OIDC CLI secret verification
2019-11-19 03:03:38 -08:00
Daniel Jiang
64af09d52b Populate user groups during OIDC CLI secret verification
This commit refactors the flow to populate user info and verify CLI
secret in OIDC authentication.

It will call the `userinfo` backend of OIDC backend and fallback to
using the ID token if userinfo is not supported by the backend.

It also makes sure the token will be persisted if it's refreshed during
this procedure.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-18 23:53:05 -08:00
He Weiwei
0c068d81f5
feat(vuln-severity): map negligible to none to match CVSS v3 ratings (#9885)
BREAKING CHANGE: the value negligible of severity in project metadata will change to none in the responses of project APIs

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-18 14:36:51 +08:00
Wang Yan
6e03c8a54e
Merge pull request #9896 from heww/owner-check-for-project-member-robot-account
fix(robot,project-member): check owner of member, robot when update, …
2019-11-15 16:53:22 +08:00
Wang Yan
7b12ed14a1
Merge pull request #9852 from stonezdj/remove_tedious_msg
Change log level to avoid tedious error in log
2019-11-15 10:42:28 +08:00
He Weiwei
5bd1cfdbf2 fix(robot,project-member): check owner of member, robot when update, delete
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-14 07:00:44 +00:00
Wang Yan
29be93725d
Merge pull request #9860 from reasonerjt/authproxy-case-sensitive-master
Authproxy case sensitive master
2019-11-14 14:03:53 +08:00
Daniel Jiang
8933ab8074 Add configuration "case sensitive" to HTTP auth proxy
This commit make case sensitivity configurable when the authentication
backend is auth proxy.
When the "http_authproxy_case_sensitive" is set to false, the name of
user/group will be converted to lower-case when onboarded to Harbor, so
as long as the authentication is successful there's no difference regardless
upper or lower case is used.  It will be mapped to one entry in Harbor's
User/Group table.
Similar to auth_mode, there is limitation that once there are users
onboarded to Harbor's DB this attribute is not configurable.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-13 15:00:05 +08:00
stonezdj
dc5cb3504c Change log level to avoid tedious error in log
change from error to debug

Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-11-13 11:15:00 +08:00
stonezdj
4d822e0a19 Fix review comments on PR9749
Fix review comments on PR9749
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-11-12 13:05:11 +08:00
Wang Yan
407417ce7b
Merge pull request #9810 from stonezdj/bug9479
Populate group from auth provider to Harbor when user login
2019-11-11 19:52:31 +08:00
stonezdj
0c011ae717 Populate group from auth provider to Harbor DB when user login
Fix #9749, change include LDAP auth, OIDC auth, HTTP auth

Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-11-11 14:41:35 +08:00
Daniel Jiang
64dc5122e6 Add role list in project response
This commit fixes #9771

It compares the roles to return the one with highest permission in the
response of `GET /api/projects`.
In addition to that, it adds the role list to the response, because a
user can have multiple roles in a project.
It also removes the togglable attribute as it's not used anywhere.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-11 14:03:50 +08:00
Daniel Jiang
7d04eab63c
Merge pull request #9593 from qyqcswill/code_improve
promote code quality
2019-11-08 18:28:46 +08:00
Steven Zou
ee31418e8e revoke scan permission from the developer role
Signed-off-by: Steven Zou <szou@vmware.com>
2019-11-06 17:57:48 +08:00
Steven Zou
ebc5d2482b do improvements to the scan all job
- update scan all job to avoid sending too many HTTP requets
- update scan controller to support scan options
- update the db schema of the scan report to introduce requester
- introduce scan all metrics to report the overall progress of scan all job
- fix the status updating bug in scan report
- enhance the admin job status updats
- add duplicate checking before triggering generic admin job
- update the db scheme of admin job

fix #9705
fix #9722
fix #9670

Signed-off-by: Steven Zou <szou@vmware.com>
2019-11-05 15:12:07 +08:00
He Weiwei
ae8931e816 fix(policy-checker): add func to transform project severity to vuln.Severity
The severity saved in db is lowercase but the severities in vuln pkg
begin with upper letter, this fix use func to transform project severity
value from db to vuln.Severity.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-31 14:11:44 +00:00
He Weiwei
3c80832341 fix(quota): order by quotas only on support resources
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-30 02:42:34 +00:00
Daniel Jiang
b17711abbf
Merge pull request #9592 from qyqcswill/code_clean
remove useless code
2019-10-29 15:08:59 +08:00
Steven Zou
5b2ab34e03 permission grant for scanner related actions are not correctly
- add new endpoint for getting scanner candidates of specified project
- adjust the permission granting functions
- fix #9608

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-28 18:20:47 +08:00
Wenkai Yin(尹文开)
f007a62b04
Merge pull request #9588 from stonezdj/fix_ldap_group_sql
Fix User Group Search SQL error
2019-10-28 11:22:14 +08:00
hao.cheng
29e905271d promote code quality
Signed-off-by: hao.cheng <hao.cheng@daocloud.io>
2019-10-25 15:37:35 +08:00
hao.cheng
94bc8c2f5c remove useless code
Signed-off-by: hao.cheng <hao.cheng@daocloud.io>
2019-10-25 15:20:25 +08:00
stonezdj
f402db380b Fix User Group Search SQL error
User Group Query SQL error in some cases

Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-10-25 14:00:45 +08:00
Wang Yan
d18678a48d
Merge pull request #9506 from wy65701436/token-sevice
Enable robot account to support scan pull case
2019-10-24 19:52:33 +08:00
wang yan
71c769ec97 remvoe bypass to scanner pull
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-24 17:49:20 +08:00
wang yan
a6ad1b2db8 update code per review comments
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-23 20:05:51 +08:00
wang yan
2fa85aefca fix per comments
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-23 18:45:30 +08:00
wang yan
5996189bb0 update per comments and fix govet error
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-23 18:45:30 +08:00
wang yan
22b4ea0f89 Enable robot account bypass policy check
1, the commit is for internal robot to bypass policy check, like vul and signature checking.
2, add a bool attribute into registry token, decode it in the harbor core and add the status into request context.
3, add a bool attribut for robot API controller, but API will not use it.y

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-23 18:45:30 +08:00
Wenkai Yin
9d896d4d72 Remove the health checker for Clair in health check API
As we introduce the pluggable scanner, users can add the external scanners, so we remove the Clair from the health check API

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-10-23 12:55:03 +08:00
stonezdj(Daojun Zhang)
4dcd323b4a
Merge pull request #9475 from wy65701436/immu-delete-repo
add immutable match in the repository/tag delete api
2019-10-22 17:28:15 +08:00
Wang Yan
fc106e218c
Merge pull request #9503 from heww/issue-9308
fix(configuration): E notation support for int64 and quota types
2019-10-22 11:50:06 +08:00
Wang Yan
3772ccc163
Merge pull request #9493 from stonezdj/remove_nested_group
Remove nested group search
2019-10-21 17:45:50 +08:00
He Weiwei
7c8f5426ed fix(configuration): E notation support for int64 and quota types
Closes #9308

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-21 08:15:27 +00:00
wang yan
424f11e697 add immutable match in the repository/tag delete api
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-21 15:53:24 +08:00
stonezdj
b148ffe6a8 Remove the nested group search
Remove the code change in #8378, because the previous code change caused issues: #9092, #9110, #9326

Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-10-21 14:34:53 +08:00
He Weiwei
e254fe3095
fix(permissions): permissions checking for member and quota info (#9490)
1. Only show project member info when has member list permission.
2. Only show quota info when has quota read permission.
3. Add quota read permission for all roles of project.
4. Refactor permission service in portoal.
5. Clear cache when clear session.

Closes #8697

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-21 14:03:52 +08:00
He Weiwei
bf6a14c9ad
feat(role): introduce a limited guest role (#9403)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-20 14:21:28 +08:00
Wenkai Yin(尹文开)
f98196e5ba
Merge pull request #9435 from reasonerjt/oidc-refresh-refine
Update OIDC token refresh process
2019-10-18 19:43:34 +08:00
Steven Zou
0f16913635 rebase: resolve the code confilcts with master
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-17 17:42:41 +08:00
Wenkai Yin(尹文开)
97ddff2ac8
Merge pull request #9434 from heww/clair-adapter
build(clair): internal clair adapter when install with clair
2019-10-17 16:06:10 +08:00
He Weiwei
8964a8697a build(clair): internal clair adapter when install with clair
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-17 12:00:51 +08:00
Daniel Jiang
f0cb16cb86 Update OIDC token refresh process
1) Disassociate id token from user session

2) Some OIDC providers do not return id_token in the response of refresh
request:
https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse
When validating the CLI secret it will not validate the id token,
instead it will check the expiration of the access token, and try to
refresh it.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-17 11:26:18 +08:00
Steven Zou
f18afc0a3f do changes to let the vul policy check compatiable with new framework
- update the scan/scanner controller
- enhance the report summary generation
- do changes to the vulnerable handler
- remove the unused clair related code
- add more UT cases
- update the scan web hook event
- drop the unsed tables/index/triggers in sql schema

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-16 23:15:26 +08:00
stonezdj(Daojun Zhang)
2973ddcf6b
Merge pull request #9428 from stonezdj/disable_self_reg
Update default self_registration=false
2019-10-16 17:41:21 +08:00
stonezdj
3636a1afa5 Update default self_registration=false
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-10-16 01:33:48 -07:00
He Weiwei
d9a539807b perf(test): speed up TestAddBlobsToProject test in dao pkg
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-14 16:46:01 +00:00
Daniel Jiang
ee9e92b6dd
Merge pull request #9157 from phin1x/master
Escape user dn in ldap group search filter
2019-10-14 16:41:27 +08:00