Qian Deng
9469252e85
Merge pull request #11745 from ninjadq/mount_ca_bundle
...
Enhance: Create shared to store shared ca
2020-04-28 10:19:26 +08:00
DQ
f70339870a
Enhance: Create shared to store shared ca
...
this shared ca will mount to all harbor components
Signed-off-by: DQ <dengq@vmware.com>
2020-04-28 02:58:11 +08:00
DQ
90faf700f8
Enhance: output the stdout of gen cert script
...
use popen replace check_all
Signed-off-by: DQ <dengq@vmware.com>
2020-04-27 10:43:22 +08:00
DQ
026e37e777
Fix chart museum absolute url issue
...
if absolute url is enabled return true else set it to false
Signed-off-by: DQ <dengq@vmware.com>
2020-04-26 13:04:29 +08:00
DQ
599ca98c09
Hidden veriify client cert verfiy option
...
Remove to avoid replication access core from external_url issue
Signed-off-by: DQ <dengq@vmware.com>
2020-04-23 10:14:36 +08:00
Daniel Jiang
2ecf0425a4
Remove the certs of notary signer
...
Since `prepare` generates the certs as needed during installation, these
certs should not exist in the repo.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-04-21 13:20:19 +08:00
DQ
b728f04d0a
Fix tls min version for registry
...
cert,key,mintls should in the same context
Signed-off-by: DQ <dengq@vmware.com>
2020-04-20 19:19:15 +08:00
Daniel Pacak
5c3abee135
chore(trivy): Bump up trivy adapter to 0.9.0
...
- Vendor the latest Trivy release 0.6.0
- Configure TLS 1.2 as min version when TLS is enabled
- Add more tracing to adapter config to facilitate troubleshooting
Resolves : #11544
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-04-16 08:40:27 +02:00
DQ
42c1095216
Fix cert issue of trivy
...
Trivy can't access harbor from external if https enabled so inject cert to trivy container trust
Signed-off-by: DQ <dengq@vmware.com>
2020-04-16 10:52:03 +08:00
DQ
75f78b64b2
Set registry tls version to 1.2
...
when internal tls enabled set min version of registry to 1.2
Signed-off-by: DQ <dengq@vmware.com>
2020-04-13 18:13:30 +08:00
DQ
08ff622310
Remove lines not needed
...
volume already defined above
Signed-off-by: DQ <dengq@vmware.com>
2020-04-09 20:06:51 +08:00
Ziming Zhang
572ebef685
feat(cicd) parameterize docker base image and external url
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-04-08 00:21:47 +08:00
DQ
4a836ea975
Fix health check url
...
health check url should depend on internal https
Signed-off-by: DQ <dengq@vmware.com>
2020-04-07 03:35:52 +00:00
DQ
cdb675bf3d
Add proxy cert file to jobservice when https enabled
...
jobservice may request via absolute path of url to harbor
Signed-off-by: DQ <dengq@vmware.com>
2020-04-04 17:44:34 +00:00
DQ
23ed189ed4
Add SAN to gencert script
...
add localhost and 127.0.0.1 to SAN
Signed-off-by: DQ <dengq@vmware.com>
2020-04-04 17:44:34 +00:00
He Weiwei
77a8c3205f
fix(prepare): not accpet items of false value in external_redis
...
Item in yaml without value will be as None in python, which will make
the password of redis as `None` in `get_redis_configs`. This fix will
not accept items of `false value` in `external_redis` configurations.
Closes #11367
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-04-03 04:09:26 +00:00
Qian Deng
a702c32346
Merge pull request #11063 from ninjadq/fix_syslog_dir_in_tpl
...
Fix: fix logrotate is dir issue
2020-04-02 11:37:29 +08:00
DQ
dc271e1a87
Add packaging to pipenv
...
Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 22:54:47 +08:00
DQ
d636f2ea5c
Enhance help message
...
Provide more info in help message
Add requried opition and they will show missing option if you are not provide them instead of Exception
Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 17:02:59 +08:00
DQ
b2e1905e7a
Enhance: Stop upgrade when input version less then 1.9.0
...
The migration script should failure early when version is not supported
Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 15:35:49 +08:00
Qian Deng
9e101b73a4
Merge pull request #11156 from ninjadq/migrate_config_to_harbor2
...
Migrate config to harbor2
2020-03-25 16:02:18 +08:00
DQ
85ec0e7820
Enhance: Refactor the migration structure
...
1. Refactor structure of migrate file
2. fix some previous bugs
Signed-off-by: DQ <dengq@vmware.com>
2020-03-23 21:26:28 +08:00
DQ
444678fe07
Fix: module path raise exception when it is loop
...
add test for loop
Signed-off-by: DQ <dengq@vmware.com>
2020-03-23 19:29:59 +08:00
DQ
e8bb977ae1
Feat: Upgrade configs to harbor 2.0
...
add migrate files for harbor 2.0
Signed-off-by: DQ <dengq@vmware.com>
2020-03-20 15:20:32 +08:00
DQ
1e0c9f7231
Feat: Add config migrator to prepare
...
deprecated migrator container and move config migration to prepare
Signed-off-by: DQ <dengq@vmware.com>
2020-03-20 03:04:10 +08:00
Steven Zou
2859cd8b69
Merge pull request #11134 from danielpacak/feat/issue_11090/trivy_skip_update_flag
...
feat(trivy): Configure Trivy to skip database updates
2020-03-19 18:13:08 +08:00
DQ
f18a546429
Fix: return error when internal_tls_not_provided
...
When iinternal_tls is empty, prepare should works as usual
Signed-off-by: DQ <dengq@vmware.com>
2020-03-19 10:37:58 +08:00
Daniel Pacak
7325105714
feat(trivy): Configure Trivy to skip database updates
...
Resolves : #11090
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-18 17:11:47 +01:00
DQ
6e8d44101f
Enhance: User can generate cert by their own ca key pair
...
User can put their ca key pair on internal cert dir and name them to `harbor_internal_ca.key` and `harbor_internal_ca.crt` we wil use them to generate other certs
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
b93092e012
Add tls for trivy
...
Add trivy tls cert files
Add tivey tls env and config
enhance gencert
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
c954969bcd
Add mTLS configs
...
mTLS only enabled in jobservice and registryctl
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
c5d73e6a0c
Add switch to https
...
use switch to make decision whether mTLS or server TLS
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
454382149f
TLS update for chart, clairadapter, registry
...
Remove trustca in chartmuseum
Remove trustca in registry
Add tls in clair-adapter
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
03e11c63c7
Fix docker file with secure tls change
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
dcc6950af7
Feat: auto install ca in registry
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
b852605193
Feat: enable mtls in harbor replication
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
40e67f3b14
Feat: Enable mtls for registry
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
07a1d51693
Feat: enable tls in registryctlAdd tls related code in registryctl
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
da359f609f
Feat: enable mtls in core
...
add mtls related code in core
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
a4855cca36
Feat: update prepare to support tls
...
update makefile
add model for prepare
update jinja template for prepare
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
Daniel Pacak
9c13116963
chore(trivy): Allow configuring HTTP(S) proxy
...
Resolves : #11032
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-16 12:26:49 +01:00
Daniel Pacak
46fb43bc25
chore: Bump up Trivy adapter to v0.4.0
...
Allows configuring SCANNER_TRIVY_GITHUB_TOKEN environment variable,
which is passed to trivy executable binary when it starts scanning
a given artifact.
This is to increase GitHub requests rate limit from 60 per hours
(for anonymous requests) to 5000 when Trivy download its
vulnerabilities database.
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-16 09:53:16 +01:00
DQ
1eeea6b888
Fix: fix logrotate is dir issue
...
Change it to bind command
Signed-off-by: DQ <dengq@vmware.com>
2020-03-13 14:58:45 +08:00
Ziming Zhang
695a2559be
feat(cicd) use unified version as tag name, clean more
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 17:13:28 +08:00
Ziming Zhang
200c352c35
feat(cicd) use unified version as tag name
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 15:30:03 +08:00
Daniel Jiang
ae5ffce83a
Update CSRF mechanism
...
This commit replaces beego's CSRF mechanism with gorilla's csrf library.
The criteria for requests to skip the csrf check remain the same.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-03-09 01:15:54 +08:00
wang yan
2b0b7576b2
Fix gc issue on clean the artifact trash
...
1, enable dao test for artifact trash
2, set default flush trash table to false
3, hanlder empty parameter in API call
4, add registry auth info into jobservice container
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-06 03:11:31 +08:00
Daniel Jiang
1823c984f7
Merge branch 'master' into redis-idle-timeout
2020-02-27 22:01:22 +08:00
stonezdj(Daojun Zhang)
a7e5873f46
Merge pull request #10821 from stonezdj/20200224_remove_notification
...
Remove registry notification and change core health check url
2020-02-25 13:34:37 +08:00
Ziming Zhang
94230b5e19
feat(cicd) fix some build problem
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-02-25 12:05:39 +08:00