Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-01-21 23:21:26 +01:00
Code Issues Projects Releases Wiki Activity
4,846 Commits 57 Branches 324 Tags 348 MiB
fd5c17bced
Commit Graph

679 Commits

Author SHA1 Message Date
Tan Jiang
bc1366c3e5 Enable user to edit UAA settings on UI 2018-01-14 11:47:45 +08:00
Tan Jiang
d6bf0ea11d Remove data generated by dao_test after the test. 2018-01-12 15:56:30 +08:00
Wenkai Yin
27b4197459 Handle /harbor/* with IndexController to fix UI 404 Page Not Found error 2018-01-12 15:48:42 +08:00
Daniel Jiang
43afd426bb
Merge pull request #3995 from reasonerjt/admin-rename 
Provide API to rename admin
 2018-01-12 13:59:13 +08:00
stone
ec173305a3
Merge pull request #3974 from stonezdj/ldap_ping_timeout 
Setting timeout for ldap ping
 2018-01-12 11:22:27 +08:00
Tan Jiang
a392a8dc29 Provide API to rename admin 
This is to provide a workaround for very corner case that in user's
authentication backend (LDAP, UAA) has a user called "admin" and because
Harbor's super user is hard coded to "admin" it's not possible to login
the "admin" with credentials in LDAP or UAA.

To minimize the impact, we'll provide an internal API for user to update
the super user's username from "admin" to "admin@harbor.local", this API
can be called by "admin" only, and is not reversible.
 2018-01-11 23:01:06 +08:00
stonezdj
c48c7f7b6a Setting timeout for ldap ping 2018-01-10 15:14:30 +08:00
Wenkai Yin
e26b442c9c
Merge pull request #3951 from ywk253100/180104_replicate_interval 
Manual starting replication will be rejected if there are pending/running jobs
 2018-01-10 10:56:45 +08:00
Wenkai Yin
7da89ec39b Passing tag as a parameter or the value will be overwritten 2018-01-08 15:23:35 +08:00
Daniel Jiang
f8af1f275e
Merge pull request #3911 from stonezdj/ldap_search_level 
Ambiguous UI and internal values ldap_scope
 2018-01-08 14:53:55 +08:00
Daniel Jiang
093e2bead2
Merge pull request #3950 from ywk253100/180105_ut 
Add unit test for adding description of repository
 2018-01-08 14:32:10 +08:00
Wenkai Yin
87ce1c84d5 Manual starting replication will be rejected if there are pending/running jobs 2018-01-05 17:05:57 +08:00
Wenkai Yin
487c248227 Add unit test for adding description of repository 2018-01-05 16:52:48 +08:00
stonezdj
26b86984d2 Ambiguous UI and internal values ldap_scope #3764 2018-01-05 15:51:37 +08:00
pfh
13308ce9d8 Merge remote-tracking branch 'upstream/master' into repEnhance 2018-01-05 14:09:03 +08:00
Wenkai Yin
51297cdfd7
Merge pull request #3887 from ywk253100/171227_ssrf 
Fix SSRF security issue #3755 in ping target, email server and LDAP server APIs
 2018-01-04 18:11:47 +08:00
Daniel Jiang
8e5115c832
Merge pull request #3870 from stonezdj/ldap_syncuser2 
Sync user email in ldap #3663
 2018-01-04 13:28:51 +08:00
Wenkai Yin
3448fd9a2d Fix SSRF security issue #3755 in ping target, email server and LDAP server APIs 2018-01-04 12:26:17 +08:00
Tan Jiang
e02de2068a Enable configuring the CA Certificate for UAA 
Enable configuring the path of root cert of UAA in harbor.cfg.  It only
takes effects if the verify_cert is set to "true" If the file does not
exist, the configuration is skipped.
The intention for this commit is to support integration with nested UAA
in PAS or PKS, we don't expect user to manually configure this value,
though he can do it if he wants.
 2018-01-03 16:21:29 +08:00
Wenkai Yin
96a63c56b1 Merge remote-tracking branch 'upstream/master' into 180103_merge 2018-01-03 10:32:03 +08:00
Daniel Jiang
5289ff8d5a
Merge pull request #3888 from stonezdj/ldap_security2 
Do not display internal error message to user
 2017-12-29 16:49:53 +08:00
Tan Jiang
cae581979b Return UAA settings in configuration API 
All the UAA settings will be read only as we expect user to modify it
via opsman instead of Harbor UI.
 2017-12-28 11:30:18 +08:00
stonezdj
fba68ed000 Do not display internal error message to user 2017-12-27 19:22:17 +08:00
stonezdj
35716dedd3 Sync user email in ldap #3663 2017-12-26 18:53:32 +08:00
stonezdj
9f99d0400c Call EscapeFilter for filter to avoid security issue 2017-12-26 15:34:14 +08:00
Tan Jiang
da20e4f11c Search UAA when adding member to a project. 
1)Enable UAA client to search UAA by calling '/Users' API.
2)Implement 'SearchUser' in UAA auth helper, register it to auth
package.
 2017-12-26 00:25:32 +08:00
Wenkai Yin
3be1d5a7fd Assign read-only privilege of replication policy to project admin and add stopping replication jobs API. 2017-12-25 23:49:21 +08:00
yixingj
08a1b45b72 Add test case for Clair DB configuration 
Add test case for validate Clair DB config
 2017-12-21 11:39:53 +08:00
yixingjia
fa67e11680
Merge pull request #3831 from yixingjia/HA_Clair 
Make Clair DB configurable
 2017-12-21 11:31:26 +08:00
Daniel Jiang
60d2204f33
Merge pull request #3840 from ywk253100/171220_desc 
Allow project developer to edit repository description
 2017-12-21 02:17:58 +08:00
Tan Jiang
12cd733678 Remove useless code from UI router and API 
Some URLs are not used on UI, so they are removed.  And the validation
code of API is removed as we use the security context approach.

fix test issue
 2017-12-20 23:10:38 +08:00
yixingj
f63588855f Make Clair DB configurable 
Make the HOST,PORT,USERNAME,DB configurable for
Clair
 2017-12-20 18:29:50 +08:00
Daniel Jiang
052521b92c
Merge pull request #3821 from reasonerjt/uaa-restriction 
Refactor the configuraiton of UAA
 2017-12-19 19:36:09 +08:00
Daniel Jiang
c0c262cb53
Merge pull request #3790 from ywk253100/171214_author 
Read image author from label 'maintainer' if author is null
 2017-12-19 18:40:25 +08:00
Tan Jiang
2ffc58a5d4 Refactor the configuraiton of UAA 
Remove the attribute "uaa_ca_root" from harbor.cfg and introduce
"uaa_verify_cert".  Similar to LDAP settings, this allow user to
explicitly turn of the cert verification against UAA server, such that
the code will work with self-signed certificate.
 2017-12-19 14:42:07 +08:00
Tan Jiang
224f75b9a6 Refactor /users API, add more restircation in password reset 
Simplified the code when checking if a user is modiable in different
auth modes.
Also add restriction in password, such that when the auth mode is not DB
auth, only the super user can choose to reset his password.
 2017-12-18 14:32:29 +08:00
Wenkai Yin
42c9c439f9 Allow project developer to edit repository description 2017-12-15 20:30:39 +08:00
stonezdj
9393d26fdc Fix ldap ping issue #3653 2017-12-15 14:47:54 +08:00
Wenkai Yin
d9b0f54c5e Split populating author as a method and add unit test 2017-12-15 10:40:24 +08:00
Wenkai Yin
a736cb7b09 Update the HTTP client according to the comments 2017-12-15 09:40:31 +08:00
Wenkai Yin
c4dc95f4f9 Add implement for supporting replicatie the existing images now 2017-12-15 09:40:31 +08:00
Wenkai Yin
b5e7de331e Delete enabled and start_time properties of replication rule 2017-12-15 09:40:31 +08:00
Wenkai Yin
055ab0ba15 Refine replication schedule trigger API 2017-12-15 09:40:31 +08:00
Wenkai Yin
fe10c2e7f5 Create replicator to submit replication job to jobservice 2017-12-15 09:40:31 +08:00
Wenkai Yin
8b4fdfc2cc Add unit tests for replication related methods 2017-12-15 09:40:31 +08:00
Wenkai Yin
c5ccb7e53c Enable filter chain in replication 2017-12-15 09:40:30 +08:00
Wenkai Yin
a384325a1e Publish replication notification for manual, scheduel and immediate trigger 2017-12-15 09:40:30 +08:00
Wenkai Yin
a54b7dd4c0 Merge remote-tracking branch 'upstream/master' into 171219_merge 2017-12-15 08:48:57 +08:00
Wenkai Yin
745d83e393 Read image author from label 'maintainer' if author is null 2017-12-13 23:28:01 +08:00
Tan Jiang
5da894bcf2 Small refactory. 2017-12-13 20:58:27 +08:00
stonezdj
ec67974104 Refactor ldap 
Changes include:

1. Use Session to manage the lifecycle of ldap connections
2. Abstract common AuthenticateHelper interface for db_auth, ldap_auth,
uaa_auth mode
 2017-12-13 14:57:04 +08:00
Wenkai Yin
665a54edc3 Merge remote-tracking branch 'upstream/master' into 171213_merge 2017-12-13 13:40:24 +08:00
Qian Deng
5de872486c
Merge pull request #3692 from ywk253100/171127_repo_desc 
Add update repository API to support description of repository
 2017-12-04 17:25:38 +08:00
Wenkai Yin
594d213630 Publish replication notification for manual, scheduel and immediate trigger 2017-12-04 15:07:30 +08:00
Wenkai Yin
7ccdce33a0 Refactor ping target API 
Merge ping target API by ID into ping target API
 2017-11-29 17:15:03 +08:00
Wenkai Yin
fa85ad6d28
Merge pull request #3687 from ywk253100/171123_trigger_api 
Add replication manual trigger API & update replication/policy API docs
 2017-11-28 13:38:53 +08:00
Daniel Jiang
d13321f2b5
Support getting user info via token in UAA Client (#3686) 2017-11-27 18:13:36 +08:00
Wenkai Yin
6b0ee138e5 Implement immediate trigger and the methods of WatchList 2017-11-27 14:23:21 +08:00
Wenkai Yin
8d9af50bbc Add update repository API to support description of repository 2017-11-27 14:18:57 +08:00
stonezdj
1179769e31 Update with PR review comment 2017-11-24 14:53:34 +08:00
stonezdj
16243cfbbc Add LDAP remote certifcate validation 
push test

Add unit test for ldap verify cert

remove common.VerifyRemoteCert

Update code with PR review comments

Add change ldaps config and add UT testcase for TLS feature

add ldap verfiy cert checkbox about #3513

Draft harbor ova install guide

Search and import ldap user when add project members

Add unit test case for SearchAndImportUser

ova guide

Add ova install guide

Add ova install guide 2

Add ova install guide 3

Call ValidateLdapConf before search ldap

trim space in username

Remove leading space in openLdap username

Remove doc change in this branch

Update unit test for ldap search and import user

Add test case about ldap verify cert checkbox

Modify ldap testcase
 2017-11-24 12:41:51 +08:00
Wenkai Yin
1c338ed30b Add replication manual trigger API & update replication/policy API docs 2017-11-24 10:50:10 +08:00
Wenkai Yin
59c1160edd Setup/Unset trigger when CURD policies 2017-11-20 17:09:46 +08:00
Wenkai Yin
31cf6c078e Implement replication policy manager 2017-11-16 10:55:03 +08:00
reasonerjt
19a13e8575 Deprivilege harbor-ui harbor-jobservice harbor-adminserver 
Use non-root user to run the service within these docker images, and provide HEALTHCHECK
mechanism.
 2017-11-09 03:09:09 -08:00
Wenkai Yin
5cef58baa1 update according to the comments 2017-11-08 17:53:41 +08:00
Tan Jiang
512384722a Make the internal URL of UI and JobService configurable 2017-11-03 20:43:25 +08:00
Daniel Jiang
795d33a45a
Add filter on API endpoints to mitigate XSRF (#3542) 
Add filter for all API endpoints to allow the POST requests which have
application/json header.
Make update to UI code to make sure all requests contain the header.
 2017-11-03 14:43:27 +08:00
Wenkai Yin
51d5df0849 Update replication policy API to support trigger and filter 2017-11-02 14:59:26 +08:00
Wenkai Yin
5b2ececae8 Merge pull request #3436 from ywk253100/171020_meta_api 
Add project metadata API
 2017-10-27 05:16:50 -05:00
Wenkai Yin
c355034c14 Add project metadata API 
Project metadata API can be used to integrated with project management
service which can not provide all metadatas needed by Harbor.
 2017-10-27 17:05:15 +08:00
Deng, Qian
69ffd7117c add ui for project level policy 2017-10-27 15:18:00 +08:00
Wenkai Yin
2156750b04 Move certificate verification to target level 
The certificate verification is on system level before this commit. Moving it
to target level makes the configuration more flexible for different targets.
 2017-10-20 15:36:56 +08:00
Wenkai Yin
66b2d0d3f3 Apply project level policies to standalone Harbor 
The following features are only enabled in integration mode, this commit moves
these to standalone Harbor:
 - Content trust policy: only signed images can be pulled
 - Vulnerability policy: only images whose severity is below the threshold can be pulled
 - Automatic scan policy: automatic scan pushed images
 2017-10-19 17:33:28 +08:00
Tan Jiang
eab6b43d99 Make the root CA certificate of UAA should be configurable 2017-10-16 17:40:29 +08:00
Tan Jiang
51286d9baa Provide UAA authenticator for password based authentication. 2017-10-07 00:16:53 +08:00
Wenkai Yin
e495357d98 implement the default project metadata manager 2017-09-28 16:17:51 +08:00
Wenkai Yin
e79334a445 Add interfaces to implement project level policy (#3271) 
* add interfaces to implement project level policy
 2017-09-26 16:41:08 +08:00
Wenkai Yin
dc4f2ece72 readjust package structure 2017-09-20 15:24:19 +08:00
Wenkai Yin
5cd55220c8 Merge pull request #3244 from ywk253100/170919_golint 
Fix code style issues reported by golint
 2017-09-20 10:31:28 +08:00
Wenkai Yin
f0946b63cf fix code style issues reported by golint 2017-09-19 17:16:54 +08:00
Wenkai Yin
82dc758064 Merge pull request #3213 from ywk253100/170914_image_size 
Return image size when getting detail information of tag
 2017-09-19 17:09:49 +08:00
Wenkai Yin
2ebcc454ba support image size 2017-09-15 13:34:23 +08:00
Wenkai Yin
923a8d65b1 expose insecure flag in api 2017-09-04 15:10:07 +08:00
Yan
1a71b13591 update error format (#3125) 
* update error format

update

update

update

update

update

update

* update

* update
 2017-08-29 19:17:08 +08:00
Yan
97f73dbf6c block pull scan failed image (#3119) 2017-08-28 10:30:59 +08:00
Wenkai Yin
599d94be0c update 2017-08-22 15:22:25 +08:00
Wenkai Yin
bb958a7f4b convert 500 error returned by Admiral to duplicate project error when creating duplicate project 2017-08-22 13:34:06 +08:00
Wenkai Yin
0ffb74f261 remove useless attributes in configuration API 2017-08-14 16:42:25 +08:00
Yan
d0103856f1 [BAT] fix issues (#3037) 
* fix issues

* update
 2017-08-14 15:19:48 +08:00
Wenkai Yin
98d8b7e246 fix bug in parsing scope 2017-08-11 14:13:15 +08:00
Daniel Jiang
9b6ad0e90f Merge pull request #3027 from reasonerjt/add-vuln-link 
add cve link in Harbor API
 2017-08-10 19:44:06 +08:00
Tan Jiang
5846d7d28d add cve link in Harbor API 2017-08-10 15:27:30 +08:00
Wenkai Yin
c3c21586ea fix bug: can not display signed or not correctly 2017-08-10 15:12:52 +08:00
Wenkai Yin
7205d03106 bug fix 2017-08-10 11:09:04 +08:00
Wenkai Yin
689994fa93 return isSystem when using ldap 2017-08-09 18:02:55 +08:00
Wenkai Yin
3c64ae340e bug fix 2017-08-08 16:22:29 +08:00
Wenkai Yin
7800d2c2b2 check the existence of project when generating token 2017-08-07 13:30:16 +08:00
Wenkai Yin
d5a6d25082 Merge pull request #2923 from ywk253100/170728_registry 
Remove useless insecure flag
 2017-08-04 10:14:40 +08:00
Daniel Jiang
6f8f765358 Merge pull request #2906 from ywk253100/170728_integration 
Apply security filter to certain patterns and enable basic auth for deleting repo
 2017-08-02 18:09:15 +08:00
Steven Zou
e7da22d812 fix issue #2840 and #2916 2017-08-01 15:49:50 +08:00
Wenkai Yin
67200db678 update 2017-07-31 13:58:41 +08:00
Wenkai Yin
8963a15520 remove useless insecure flag 2017-07-31 13:45:49 +08:00
Wenkai Yin
cdb75519a9 1. only apply security filter to /api/ and /service/ 2.support basic auth for deleting repository and tag in integration mode 2017-07-28 15:25:22 +08:00
Wenkai Yin
ce169e74dc Merge pull request #2878 from ywk253100/170724_registry 
Refactor registry client
 2017-07-28 13:40:32 +08:00
Wenkai Yin
a8dc75dd15 update 2017-07-28 13:10:26 +08:00
Daniel Jiang
8117e9ee79 Merge pull request #2884 from ywk253100/170726_api 
Add API to check whether a project can be deleted or not
 2017-07-27 10:29:03 +03:00
Wenkai Yin
9d7ad6de68 Add API to check whether a project can be deleted or not 2017-07-27 14:08:32 +08:00
Wenkai Yin
0a74a0f1e4 update 2017-07-27 08:17:29 +08:00
Wenkai Yin
71e4c3c447 Merge remote-tracking branch 'upstream/master' into 170724_registry 
Conflicts:
	src/ui/utils/utils.go
 2017-07-26 18:46:41 +08:00
Wenkai Yin
cc264f85e7 do not ping if using raw token authorizer 2017-07-26 18:41:36 +08:00
Tan Jiang
10c8573464 provide API for scanning images under a projet 2017-07-26 15:19:17 +08:00
Yan
274f764622 update interceptor error code (#2836) 
* update interceptor error code

* update

* update error string

* update interceptor error code

update

update error string
 2017-07-23 18:34:44 -07:00
Tan Jiang
cd24c0f171 fix issue in golint 2017-07-21 00:07:42 +08:00
Tan Jiang
ea25c3cfe5 provide api to show log of scan job 2017-07-20 19:32:27 +08:00
Wenkai Yin
b127ba391d Merge pull request #2827 from ywk253100/170720_replic 
Fix replicate issue
 2017-07-20 18:48:33 +08:00
Wenkai Yin
1c4a42009d remove duplicate codes in notification handler (#2828) 2017-07-20 03:10:52 -07:00
Wenkai Yin
2e427bffe2 fix replicate issue 2017-07-20 16:47:14 +08:00
Wenkai Yin
e0040a09b6 Merge pull request #2821 from ywk253100/170719_integration 
Refactor getting project logic according to the change of Admiral's API
 2017-07-20 15:57:42 +08:00
Wenkai Yin
1298d465da refactor GetPublic logic 2017-07-20 10:34:18 +08:00
Wenkai Yin
75c4d4a60a Merge pull request #2816 from ywk253100/170719_trim 
Trim the new line in the end of token file
 2017-07-19 17:51:49 +08:00
Wenkai Yin
e9a2ee779f trim the new line in the end of token file 2017-07-19 17:34:04 +08:00
Steven Zou
e6368ab8a0 Merge pull request #2799 from vmware/fix_issue_#2793 
Fix issue of detecting configuration changes
 2017-07-19 17:32:45 +08:00
Wenkai Yin
f57b9ae9d5 trim new line in the end of token file 2017-07-19 17:28:54 +08:00
Steven Zou
8f921db588 Refine scheduler 2017-07-19 16:57:22 +08:00
Daniel Jiang
8a23f0e0a1 Merge pull request #2812 from reasonerjt/systeminfo-scan-all 
add next_scan_all to systeminfo api response
 2017-07-19 15:49:57 +08:00
Wenkai Yin
7573d59624 update token file location 2017-07-19 13:46:10 +08:00
Tan Jiang
ad2cafe4d2 add next_scan_all to systeminfo api response 2017-07-19 13:33:42 +08:00
Steven Zou
5c876621ec Merge branch 'master' into fix_issue_#2793 2017-07-19 12:34:43 +08:00
Wenkai Yin
6e10a21871 Merge pull request #2774 from ywk253100/170713_integration 
Trim last / in url
 2017-07-19 10:15:05 +08:00
Wenkai Yin
44ad4581e5 Merge pull request #2807 from ywk253100/170718_integration 
Support basic auth in integration mode
 2017-07-19 10:14:44 +08:00
Wenkai Yin
fc2bb51582 support basic auth in integration mode 2017-07-18 19:20:19 +08:00
Steven Zou
db58ca673d Fix issue of detecting configuration changes 2017-07-17 17:39:41 +08:00
Tan Jiang
629cf29850 The password to access clair db can be configured in harbor.cfg, skip auto-scan if clair-db is not ready 2017-07-17 15:25:47 +08:00
Tan Jiang
473b85cffa fix nil pointer issue 2017-07-14 20:06:34 +08:00
Tan Jiang
72b3a020e3 provide default timestamp for all distros in system info api 2017-07-13 18:48:05 +08:00
Wenkai Yin
5c965719a2 trim / in url 2017-07-13 17:12:53 +08:00
Daniel Jiang
920c41c204 Merge pull request #2769 from ywk253100/170713_integration 
Bug fix
 2017-07-13 16:47:43 +08:00
Wenkai Yin
c4fbc707af bug fix 2017-07-13 13:58:24 +08:00
Wenkai Yin
d51b01c200 fix bug in GET member API 2017-07-12 19:17:26 +08:00
Daniel Jiang
ca6bd3b585 Merge pull request #2741 from reasonerjt/fetch-timestamp-from-clairdb 
read last update from clair db, return in system info
 2017-07-12 17:16:30 +08:00
Tan Jiang
436f0efab8 overall timestamp returns 0 when error happens, split check and mark into two func 2017-07-12 15:57:57 +08:00
Wenkai Yin
ba22ee5022 Merge pull request #2738 from ywk253100/170711_integration 
Disable some APIs in integration mode
 2017-07-12 15:13:50 +08:00
Wenkai Yin
005d783463 Merge pull request #2732 from ywk253100/170710_bug_fix 
Bug fix
 2017-07-12 12:59:24 +08:00
Yan
c1fc09a2d9 format error to make it readable for docker (#2731) 
remove unneeded
 2017-07-11 19:36:51 -07:00
Tan Jiang
543cf62e14 read last update from clair db, return in system info 2017-07-11 21:26:31 +08:00
Wenkai Yin
7e8468c302 update 2017-07-11 18:49:25 +08:00
Wenkai Yin
52f9e5f1c8 disable some APIs in integration mode 2017-07-11 18:13:48 +08:00
Steven Zou
35c62da69c remove watch testing case 2017-07-11 15:53:04 +08:00
Steven Zou
cbdf49c8e9 Merge remote-tracking branch 'upstream/master' 2017-07-11 15:44:32 +08:00