swagger: '2.0' info: title: Harbor API description: These APIs provide services for manipulating Harbor project. version: 0.3.0 host: localhost schemes: - http basePath: /api produces: - application/json - text/plain consumes: - text/plain - application/json paths: /search: get: summary: Search for projects and repositories description: > The Search endpoint returns information about the projects and repositories offered at public status or related to the current logged in user. The response includes the project and repository list in a proper display order. parameters: - name: q in: query description: Search parameter for project and repository name. required: true type: string tags: - Products responses: '200': description: An array of search results schema: type: array items: $ref: '#/definitions/Search' '500': description: Unexpected internal errors. /projects: get: summary: List projects description: > This endpoint returns all projects created by Harbor, and can be filtered by project name. parameters: - name: name in: query description: The name of project. required: false type: string - name: public in: query description: The project is public or private. required: false type: boolean format: int32 - name: owner in: query description: The name of project owner. required: false type: string - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: 'The size of per page, default is 10, maximum is 100.' tags: - Products responses: '200': description: Return all matched projects. schema: type: array items: $ref: '#/definitions/Project' headers: X-Total-Count: description: The total count of projects type: integer Link: description: Link refers to the previous page and next page type: string '401': description: User need to log in first. '500': description: Internal errors. head: summary: Check if the project name user provided already exists. description: > This endpoint is used to check if the project name user provided already exist. parameters: - name: project_name in: query description: Project name for checking exists. required: true type: string tags: - Products responses: '200': description: Project name exists. '401': description: User need to log in first. '404': description: Project name does not exist. '500': description: Unexpected internal errors. post: summary: Create a new project. description: | This endpoint is for user to create a new project. parameters: - name: project in: body description: New created project. required: true schema: $ref: '#/definitions/ProjectReq' tags: - Products responses: '201': description: Project created successfully. '400': description: Unsatisfied with constraints of the project creation. '401': description: User need to log in first. '409': description: Project name already exists. '500': description: Unexpected internal errors. '/projects/{project_id}': get: summary: Return specific project detail infomation description: | This endpoint returns specific project information by project ID. parameters: - name: project_id in: path description: Project ID for filtering results. required: true type: integer format: int64 tags: - Products responses: '200': description: Return matched project information. schema: $ref: '#/definitions/Project' '401': description: User need to log in first. '500': description: Internal errors. put: summary: Update properties for a selected project. description: | This endpoint is aimed to update the properties of a project. parameters: - name: project_id in: path type: integer format: int64 required: true description: Selected project ID. - name: project in: body required: true schema: $ref: '#/definitions/Project' description: Updates of project. tags: - Products responses: '200': description: Updated project properties successfully. '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '403': description: User does not have permission to the project. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. delete: summary: Delete project by projectID description: | This endpoint is aimed to delete project by project ID. parameters: - name: project_id in: path description: Project ID of project which will be deleted. required: true type: integer format: int64 tags: - Products responses: '200': description: Project is deleted successfully. '400': description: Invalid project id. '403': description: User need to log in first. '404': description: Project does not exist. '412': description: 'Project contains policies, can not be deleted.' '500': description: Internal errors. '/projects/{project_id}/logs': get: summary: Get access logs accompany with a relevant project. description: > This endpoint let user search access logs filtered by operations and date time ranges. parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID - name: username in: query type: string required: false description: Username of the operator. - name: repository in: query type: string required: false description: The name of repository - name: tag in: query type: string required: false description: The name of tag - name: operation in: query type: string required: false description: The operation - name: begin_timestamp in: query type: string required: false description: The begin timestamp - name: end_timestamp in: query type: string required: false description: The end timestamp - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: 'The size of per page, default is 10, maximum is 100.' tags: - Products responses: '200': description: Get access log successfully. schema: type: array items: $ref: '#/definitions/AccessLog' headers: X-Total-Count: description: The total count of access logs type: integer Link: description: Link refers to the previous page and next page type: string '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '500': description: Unexpected internal errors. '/projects/{project_id}/metadatas': get: summary: Get project metadata. description: | This endpoint returns metadata of the project specified by project ID. parameters: - name: project_id in: path description: The ID of project. required: true type: integer format: int64 tags: - Products responses: '200': description: Get metadata successfully. schema: $ref: '#/definitions/ProjectMetadata' '401': description: User need to login first. '500': description: Internal server errors. post: summary: Add metadata for the project. description: | This endpoint is aimed to add metadata of a project. parameters: - name: project_id in: path type: integer format: int64 required: true description: Selected project ID. - name: metadata in: body required: true schema: $ref: '#/definitions/ProjectMetadata' description: The metadata of project. tags: - Products responses: '200': description: Add metadata successfully. '400': description: Invalid request. '401': description: User need to log in first. '403': description: User does not have permission to the project. '404': description: Project ID does not exist. '500': description: Internal server errors. '/projects/{project_id}/metadatas/{meta_name}': get: summary: Get project metadata description: | This endpoint returns specified metadata of a project. parameters: - name: project_id in: path description: Project ID for filtering results. required: true type: integer format: int64 - name: meta_name in: path description: The name of metadat. required: true type: string tags: - Products responses: '200': description: Get metadata successfully. schema: $ref: '#/definitions/ProjectMetadata' '401': description: User need to log in first. '500': description: Internal server errors. put: summary: Update metadata of a project. description: | This endpoint is aimed to update the metadata of a project. parameters: - name: project_id in: path type: integer format: int64 required: true description: The ID of project. - name: meta_name in: path description: The name of metadat. required: true type: string tags: - Products responses: '200': description: Updated metadata successfully. '400': description: Invalid request. '401': description: User need to log in first. '403': description: User does not have permission to the project. '404': description: Project or metadata does not exist. '500': description: Internal server errors. delete: summary: Delete metadata of a project description: | This endpoint is aimed to delete metadata of a project. parameters: - name: project_id in: path description: The ID of project. required: true type: integer format: int64 - name: meta_name in: path description: The name of metadat. required: true type: string tags: - Products responses: '200': description: Metadata is deleted successfully. '400': description: Invalid requst. '403': description: User need to log in first. '404': description: Project or metadata does not exist. '500': description: Internal server errors. '/projects/{project_id}/members/': get: summary: Return a project's relevant role members. description: > This endpoint is for user to search a specified project's relevant role members. parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. tags: - Products responses: '200': description: Get project's relevant role members successfully. schema: type: array items: $ref: '#/definitions/User' '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. post: summary: Add project role member accompany with relevant project and user. description: > This endpoint is for user to add project role member accompany with relevant project and user. parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: roles in: body description: >- Role members for adding to relevant project. Only one role is supported in the role list. schema: $ref: '#/definitions/RoleParam' tags: - Products responses: '200': description: Role members added to relevant project successfully. '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project ID or username does not exist. '409': description: User has already added as a project role member. '500': description: Unexpected internal errors. '/projects/{project_id}/members/{user_id}': get: summary: Return role members accompany with relevant project and user. description: > This endpoint is for user to get role members accompany with relevant project and user. parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID - name: user_id in: path type: integer format: int required: true description: Relevant user ID tags: - Products responses: '200': description: Get project role members successfully. schema: type: array items: $ref: '#/definitions/Role' '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. put: summary: Update project role members accompany with relevant project and user. description: > This endpoint is for user to update current project role members accompany with relevant project and user. parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: user_id in: path type: integer format: int required: true description: Relevant user ID. - name: roles in: body schema: $ref: '#/definitions/RoleParam' description: Updates for roles and username. tags: - Products responses: '200': description: Project role members updated successfully. '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. delete: summary: Delete project role members accompany with relevant project and user. description: > This endpoint is aimed to remove project role members already added to the relevant project and user. parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: user_id in: path type: integer format: int required: true description: Relevant user ID. tags: - Products responses: '200': description: Project role members deleted successfully. '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. /statistics: get: summary: Get projects number and repositories number relevant to the user description: > This endpoint is aimed to statistic all of the projects number and repositories number relevant to the logined user, also the public projects number and repositories number. If the user is admin, he can also get total projects number and total repositories number. tags: - Products responses: '200': description: >- Get the projects number and repositories number relevant to the user successfully. schema: $ref: '#/definitions/StatisticMap' '401': description: User need to log in first. '500': description: Unexpected internal errors. /users: get: summary: Get registered users of Harbor. description: > This endpoint is for user to search registered users, support for filtering results with username.Notice, by now this operation is only for administrator. parameters: - name: username in: query type: string required: false description: Username for filtering results. - name: email in: query type: string required: false description: Email for filtering results. - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: The size of per page. tags: - Products responses: '200': description: Searched for users of Harbor successfully. schema: type: array items: $ref: '#/definitions/User' '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. post: summary: Creates a new user account. description: | This endpoint is to create a user if the user does not already exist. parameters: - name: user in: body description: New created user. required: true schema: $ref: '#/definitions/User' tags: - Products responses: '201': description: User created successfully. '400': description: Unsatisfied with constraints of the user creation. '403': description: >- User registration can only be used by admin role user when self-registration is off. '500': description: Unexpected internal errors. /users/current: get: summary: Get current user info. description: | This endpoint is to get the current user infomation. tags: - Products responses: '200': description: Get current user information successfully. schema: $ref: '#/definitions/User' '401': description: User need to log in first. '/users/{user_id}': get: summary: Get a user's profile. description: | Get user's profile with user id. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID tags: - Products responses: '200': description: Get user's profile successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. put: summary: Update a registered user to change his profile. description: | This endpoint let a registered user change his profile. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID - name: profile in: body description: 'Only email, realname and comment can be modified.' required: true schema: $ref: '#/definitions/UserProfile' tags: - Products responses: '200': description: Updated user's profile successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. delete: summary: Mark a registered user as be removed. description: | This endpoint let administrator of Harbor mark a registered user as be removed.It actually won't be deleted from DB. parameters: - name: user_id in: path type: integer format: int required: true description: User ID for marking as to be removed. tags: - Products responses: '200': description: Marked user as be removed successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. '/users/{user_id}/password': put: summary: Change the password on a user that already exists. description: > This endpoint is for user to update password. Users with the admin role can change any user's password. Guest users can change only their own password. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID. - name: password in: body description: Password to be updated. required: true schema: $ref: '#/definitions/Password' tags: - Products responses: '200': description: Updated password successfully. '400': description: Invalid user ID; Old password is blank; New password is blank. '401': description: Don't have authority to change password. Please check login status. '403': description: Old password is not correct. '500': description: Unexpected internal errors. '/users/{user_id}/sysadmin': put: summary: Update a registered user to change to be an administrator of Harbor. description: | This endpoint let a registered user change to be an administrator of Harbor. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID - name: has_admin_role in: body description: Toggle a user to admin or not. required: true schema: $ref: '#/definitions/HasAdminRole' tags: - Products responses: '200': description: Updated user's admin role successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. /repositories: get: summary: Get repositories accompany with relevant project and repo name. description: > This endpoint let user search repositories accompanying with relevant project ID and repo name. parameters: - name: project_id in: query type: integer format: int32 required: true description: Relevant project ID. - name: q in: query type: string required: false description: Repo name for filtering results. - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: 'The size of per page, default is 10, maximum is 100.' tags: - Products responses: '200': description: Get repositories successfully. schema: type: array items: $ref: '#/definitions/Repository' headers: X-Total-Count: description: The total count of repositories type: integer Link: description: Link refers to the previous page and next page type: string '400': description: Invalid project ID. '403': description: >- Project is not public or current user is irrelevant to the repository. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. '/repositories/{repo_name}': delete: summary: Delete a repository. description: | This endpoint let user delete a repository with name. parameters: - name: repo_name in: path type: string required: true description: The name of repository which will be deleted. tags: - Products responses: '200': description: Delete successfully. '400': description: Invalid repo_name. '401': description: Unauthorized. '403': description: Forbidden. '404': description: Repository not found. '/repositories/{repo_name}/tags/{tag}': get: summary: Get the tag of the repository. description: > This endpoint aims to retrieve the tag of the repository. If deployed with Notary, the signature property of response represents whether the image is singed or not. If the property is null, the image is unsigned. parameters: - name: repo_name in: path type: string required: true description: Relevant repository name. - name: tag in: path type: string required: true description: Tag of the repository. tags: - Products responses: '200': description: Get tag successfully. schema: $ref: '#/definitions/DetailedTag' '500': description: Unexpected internal errors. delete: summary: Delete a tag in a repository. description: | This endpoint let user delete tags with repo name and tag. parameters: - name: repo_name in: path type: string required: true description: The name of repository which will be deleted. - name: tag in: path type: string required: true description: Tag of a repository. tags: - Products responses: '200': description: Delete tag successfully. '400': description: Invalid repo_name. '401': description: Unauthorized. '403': description: Forbidden. '404': description: Repository or tag not found. '/repositories/{repo_name}/tags': get: summary: Get tags of a relevant repository. description: > This endpoint aims to retrieve tags from a relevant repository. If deployed with Notary, the signature property of response represents whether the image is singed or not. If the property is null, the image is unsigned. parameters: - name: repo_name in: path type: string required: true description: Relevant repository name. tags: - Products responses: '200': description: Get tags successfully. schema: type: array items: $ref: '#/definitions/DetailedTag' '500': description: Unexpected internal errors. '/repositories/{repo_name}/tags/{tag}/manifest': get: summary: Get manifests of a relevant repository. description: | This endpoint aims to retreive manifests from a relevant repository. parameters: - name: repo_name in: path type: string required: true description: Repository name - name: tag in: path type: string required: true description: Tag name - name: version in: query type: string required: false description: >- The version of manifest, valid value are "v1" and "v2", default is "v2" tags: - Products responses: '200': description: Retrieved manifests from a relevant repository successfully. schema: $ref: '#/definitions/Manifest' '404': description: Retrieved manifests from a relevant repository not found. '500': description: Unexpected internal errors. '/repositories/{repo_name}/tags/{tag}/scan': post: summary: Scan the image. description: > Trigger jobservice to call Clair API to scan the image identified by the repo_name and tag. Only project admins have permission to scan images under the project. parameters: - name: repo_name in: path type: string required: true description: Repository name - name: tag in: path type: string required: true description: Tag name tags: - Products responses: '200': description: Successfully created the job to scan image. '401': description: User needs to login or call the API with correct credentials. '403': description: User doesn't have permission to perform the action. '404': description: The image does not exist in Harbor. '503': description: Harbor is not deployed with Clair. /repositories/scanAll: post: summary: Scan all images of the registry. description: > The server will launch different jobs to scan each image on the regsitry, so this is equivalent to calling the API to scan the image one by one in background, so there's no way to track the overall status of the "scan all" action. Only system adim has permission to call this API. parameters: - name: project_id in: query type: integer description: When this parm is set only the images under the project identified by the project_id will be scanned. responses: '202': description: >- The action is successully taken in the background. If some images are failed to scan it will only be reflected in the job status. '401': description: User needs to login or call the API with correct credentials. '403': description: User doesn't have permission to perform the action. '500': description: Failed to initiate the action. '503': description: Harbor is not deployed with Clair. '/repositories/{repo_name}/tags/{tag}/vulnerability/details': get: summary: Get vulnerability details of the image. description: > Call Clair API to get the vulnerability based on the previous successful scan. parameters: - name: repo_name in: path type: string required: true description: Repository name - name: tag in: path type: string required: true description: Tag name tags: - Products responses: '200': description: Successfully retrieved the vulnerabilities. schema: type: array items: $ref: '#definitions/VulnerabilityItem' '401': description: User needs to login or call the API with correct credentials. '403': description: User doesn't have permission to perform the action. '404': description: The image does not exist in Harbor. '503': description: Harbor is not deployed with Clair. '/repositories/{repo_name}/signatures': get: summary: Get signature information of a repository description: > This endpoint aims to retrieve signature information of a repository, the data is from the nested notary instance of Harbor. If the repository does not have any signature information in notary, this API will return an empty list with response code 200, instead of 404 parameters: - name: repo_name in: path type: string required: true description: repository name. tags: - Products responses: '200': description: Retrieved signatures. schema: type: array items: $ref: '#/definitions/RepoSignature' '500': description: Server side error. /repositories/top: get: summary: Get public repositories which are accessed most. description: | This endpoint aims to let users see the most popular public repositories parameters: - name: count in: query type: integer format: int32 required: false description: >- The number of the requested public repositories, default is 10 if not provided. tags: - Products responses: '200': description: Get popular repositories successfully. schema: type: array items: $ref: '#/definitions/Repository' '400': description: Bad request because of invalid count. '500': description: Unexpected internal errors. /logs: get: summary: Get recent logs of the projects which the user is a member of description: > This endpoint let user see the recent operation logs of the projects which he is member of parameters: - name: username in: query type: string required: false description: Username of the operator. - name: repository in: query type: string required: false description: The name of repository - name: tag in: query type: string required: false description: The name of tag - name: operation in: query type: string required: false description: The operation - name: begin_timestamp in: query type: string required: false description: The begin timestamp - name: end_timestamp in: query type: string required: false description: The end timestamp - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: 'The size of per page, default is 10, maximum is 100.' tags: - Products responses: '200': description: Get the required logs successfully. schema: type: array items: $ref: '#/definitions/AccessLog' '400': description: Bad request because of invalid parameters. '401': description: User need to login first. '500': description: Unexpected internal errors. /jobs/replication: get: summary: List filters jobs according to the policy and repository description: > This endpoint let user list filters jobs according to the policy and repository. (if start_time and end_time are both null, list jobs of last 10 days) tags: - Products parameters: - name: policy_id in: query type: integer format: int required: true description: The ID of the policy that triggered this job. - name: num in: query type: integer format: int32 required: false description: The return list length number. - name: end_time in: query type: integer format: int64 required: false description: The end time of jobs done. (Timestamp) - name: start_time in: query type: integer format: int64 required: false description: The start time of jobs. (Timestamp) - name: repository in: query type: string required: false description: The respond jobs list filter by repository name. - name: status in: query type: string required: false description: The respond jobs list filter by status. - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: 'The size of per page, default is 10, maximum is 100.' responses: '200': description: Get the required logs successfully. schema: type: array items: $ref: '#/definitions/JobStatus' headers: X-Total-Count: description: The total count of jobs type: integer Link: description: Link refers to the previous page and next page type: string '400': description: Bad request because of invalid parameters. '401': description: User need to login first. '500': description: Unexpected internal errors. /jobs/replication/{id}: delete: summary: Delete specific ID job. description: | This endpoint is aimed to remove specific ID job from jobservice. parameters: - name: id in: path type: integer format: int64 required: true description: Delete job ID. tags: - Products responses: '200': description: Job deleted successfully. '400': description: Job ID is invalid or can't remove this job. '401': description: Only admin has this authority. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. /jobs/replication/{id}/log: get: summary: Get job logs. description: | This endpoint let user search job logs filtered by specific ID. parameters: - name: id in: path type: integer format: int64 required: true description: Relevant job ID tags: - Products responses: '200': description: Get job log successfully. '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '404': description: The specific repository ID's log does not exist. '500': description: Unexpected internal errors. /jobs/scan/{id}/log: get: summary: Get job logs. description: | This endpoint let user get scan job logs filtered by specific ID. parameters: - name: id in: path type: integer format: int64 required: true description: Relevant job ID tags: - Products responses: '200': description: Get job log successfully. '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '404': description: The specific repository ID's log does not exist. '500': description: Unexpected internal errors. /policies/replication: get: summary: List filters policies by name and project_id description: > This endpoint let user list filters policies by name and project_id, if name and project_id are nil, list returns all policies parameters: - name: name in: query type: string required: false description: The replication's policy name. - name: project_id in: query type: integer format: int64 required: false description: Relevant project ID. tags: - Products responses: '200': description: Get policy successfully. schema: type: array items: $ref: '#/definitions/RepPolicy' '400': description: Invalid project ID. '401': description: User need to log in first. '500': description: Unexpected internal errors. post: summary: Post creates a policy description: > This endpoint let user creates a policy, and if it is enabled, the replication will be triggered right now. parameters: - name: policyinfo in: body description: Create new policy. required: true schema: $ref: '#/definitions/RepPolicyPost' tags: - Products responses: '201': description: Create policy successfully. '400': description: Invalid project ID or target ID. '401': description: User need to log in first. '409': description: >- Policy name already used or policy already exists with the same project and target. '500': description: Unexpected internal errors. /policies/replication/{id}: get: summary: Get replication policy. description: | This endpoint let user search replication policy by specific ID. parameters: - name: id in: path type: integer format: int64 required: true description: policy ID tags: - Products responses: '200': description: Get job policy successfully. schema: $ref: '#/definitions/RepPolicy' '401': description: User need to log in first. '404': description: The specific repository ID's policy does not exist. '500': description: Unexpected internal errors. put: summary: 'Put modifies name, description, target and enablement of policy.' description: > This endpoint let user update policy name, description, target and enablement. parameters: - name: id in: path type: integer format: int64 required: true description: policy ID - name: policyupdate in: body description: 'Update policy name, description, target and enablement.' required: true schema: $ref: '#/definitions/RepPolicyUpdate' tags: - Products responses: '200': description: Update job policy content successfully. '400': description: policy is enabled or target does not exist '401': description: User need to log in first. '404': description: The specific repository ID's policy does not exist. '409': description: >- Policy name already used or policy already exists with the same project and target. '500': description: Unexpected internal errors. /policies/replication/{id}/enablement: put: summary: Put modifies enablement of the policy. description: | This endpoint let user update policy enablement flag. parameters: - name: id in: path type: integer format: int64 required: true description: policy ID - name: enabledflag in: body description: The policy enablement flag. required: true schema: $ref: '#/definitions/RepPolicyEnablementReq' tags: - Products responses: '200': description: Update job policy enablement successfully. '400': description: Invalid enabled value. '401': description: User need to log in first. '404': description: The specific repository ID's policy does not exist. '500': description: Unexpected internal errors. /targets: get: summary: List filters targets by name. description: > This endpoint let user list filters targets by name, if name is nil, list returns all targets. parameters: - name: name in: query type: string required: false description: The replication's target name. tags: - Products responses: '200': description: Get policy successfully. schema: type: array items: $ref: '#/definitions/RepTarget' '401': description: User need to log in first. '500': description: Unexpected internal errors. post: summary: Create a new replication target. description: | This endpoint is for user to create a new replication target. parameters: - name: reptarget in: body description: New created replication target. required: true schema: $ref: '#/definitions/RepTargetPost' tags: - Products responses: '201': description: Replication target created successfully. '400': description: Unsatisfied with constraints of the target creation. '401': description: User need to log in first. '409': description: Replication target name already exists. '500': description: Unexpected internal errors. /targets/ping: post: summary: Ping validates target. description: > This endpoint is for ping validates whether the target is reachable and whether the credential is valid. parameters: - name: target in: body description: The target object. required: true schema: $ref: '#/definitions/PingTarget' tags: - Products responses: '200': description: Ping target successfully. '400': description: >- Target id is invalid/ endpoint is needed/ invaild URL/ network issue. '401': description: >- User need to log in first or wrong username/password for remote target. '404': description: Target not found. '500': description: Unexpected internal errors. '/targets/{id}': put: summary: Update replication's target. description: | This endpoint is for update specific replication's target. parameters: - name: id in: path type: integer format: int64 required: true description: The replication's target ID. - name: repo_target in: body required: true schema: $ref: '#/definitions/PutTarget' description: Updates of replication's target. tags: - Products responses: '200': description: Updated replication's target successfully. '400': description: The target is associated with policy which is enabled. '401': description: User need to log in first. '404': description: Target ID does not exist. '409': description: Target name or endpoint is already used. '500': description: Unexpected internal errors. get: summary: Get replication's target. description: This endpoint is for get specific replication's target. tags: - Products parameters: - name: id in: path type: integer format: int64 required: true description: The replication's target ID. responses: '200': description: Get replication's target successfully. schema: $ref: '#/definitions/RepTarget' '401': description: User need to log in first. '404': description: Replication's target not found '500': description: Unexpected internal errors. delete: summary: Delete specific replication's target. description: | This endpoint is for to delete specific replication's target. parameters: - name: id in: path type: integer format: int64 required: true description: The replication's target ID. tags: - Products responses: '200': description: Replication's target deleted successfully. '400': description: >- Replication's target ID is invalid or the target is used by policies. '401': description: Only admin has this authority. '404': description: Replication's target does not exist. '500': description: Unexpected internal errors. '/targets/{id}/policies/': get: summary: List the target relevant policies. description: > This endpoint list policies filter with specific replication's target ID. parameters: - name: id in: path type: integer format: int64 required: true description: The replication's target ID. tags: - Products responses: '200': description: Get relevant policies successfully. schema: type: array items: $ref: '#/definitions/RepPolicy' '401': description: User need to log in first. '404': description: Replication's target not found '500': description: Unexpected internal errors. /internal/syncregistry: post: summary: Sync repositories from registry to DB. description: > This endpoint is for syncing all repositories of registry with database. tags: - Products responses: '200': description: Sync repositories successfully. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. /systeminfo: get: summary: Get general system info description: > This API is for retrieving general system info, this can be called by anonymous request. tags: - Products responses: '200': description: Get general info successfully. schema: type: object items: $ref: '#/definitions/GeneralInfo' '500': description: Unexpected internal error. /systeminfo/volumes: get: summary: Get system volume info (total/free size). description: > This endpoint is for retrieving system volume info that only provides for admin user. tags: - Products responses: '200': description: Get system volumes successfully. schema: type: object items: $ref: '#/definitions/SystemInfo' '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. /systeminfo/getcert: get: summary: Get default root certificate under OVA deployment. description: > This endpoint is for downloading a default root certificate that only provides for admin user under OVA deployment. tags: - Products responses: '200': description: Get default root certificate successfully. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: Not found the default root certificate. '500': description: Unexpected internal errors. /ldap/ping: post: summary: Ping available ldap service. description: > This endpoint ping the available ldap service for test related configuration parameters. parameters: - name: ldapconf in: body description: >- ldap configuration. support input ldap service configuration. If it's a empty request, will load current configuration from the system. required: false schema: $ref: '#/definitions/LdapConf' tags: - Products responses: '200': description: Ping ldap service successfully. '400': description: Inviald ldap configuration parameters. '401': description: User need to login first. '403': description: Only admin has this authority. '500': description: Unexpected internal errors. /ldap/users/search: post: summary: Search available ldap users. description: > This endpoint searches the available ldap users based on related configuration parameters. Support searched by input ladp configuration, load configuration from the system and specific filter. parameters: - name: username in: query type: string required: false description: Registered user ID - name: ldap_conf in: body description: >- ldap search configuration. ldapconf field can input ldap service configuration. If this item are blank, will load default configuration will load current configuration from the system. required: false schema: $ref: '#/definitions/LdapConf' tags: - Products responses: '200': description: Search ldap users successfully. schema: type: array items: $ref: '#/definitions/LdapUsers' '400': description: Inviald ldap configuration parameters. '401': description: User need to login first. '403': description: Only admin has this authority. '500': description: Unexpected internal errors. /ldap/users/import: post: summary: Import selected available ldap users. description: > This endpoint adds the selected available ldap users to harbor based on related configuration parameters from the system. System will try to guess the user email address and realname, add to harbor user information. If have errors when import user, will return the list of importing failed uid and the failed reason. parameters: - name: uid_list in: body description: >- The uid listed for importing. This list will check users validity of ldap service based on configuration from the system. required: true schema: $ref: '#/definitions/LdapImportUsers' tags: - Products responses: '200': description: Add ldap users successfully. '401': description: User need to login first. '403': description: Only admin has this authority. '500': description: Failed import some users. schema: type: array items: $ref: '#/definitions/LdapFailedImportUsers' /configurations: get: summary: Get system configurations. description: > This endpoint is for retrieving system configurations that only provides for admin user. tags: - Products responses: '200': description: Get system configurations successfully. The response body is a map. schema: $ref: '#/definitions/Configurations' '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. put: summary: Modify system configurations. description: > This endpoint is for modifying system configurations that only provides for admin user. tags: - Products parameters: - name: configurations in: body required: true schema: $ref: '#/definitions/Configurations' description: The configuration map can contain a subset of the attributes of the schema, which are to be updated. responses: '200': description: Modify system configurations successfully. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. /configurations/reset: post: summary: Reset system configurations. description: > Reset system configurations from environment variables. Can only be accessed by admin user. tags: - Products responses: '200': description: Reset system configurations successfully. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. /email/ping: post: summary: Test connection and authentication with email server. description: | Test connection and authentication with email server. parameters: - name: settings in: body description: >- Email server settings, if some of the settings are not assigned, they will be read from system configuration. required: false schema: $ref: '#/definitions/EmailServerSetting' tags: - Products responses: '200': description: Ping email server successfully. '400': description: Inviald email server settings. '401': description: User need to login first. '403': description: Only admin has this authority. '500': description: Unexpected internal errors. definitions: Search: type: object properties: projects: description: Search results of the projects that matched the filter keywords. type: array items: $ref: '#/definitions/Project' repositories: description: Search results of the repositories that matched the filter keywords. type: array items: $ref: '#/definitions/SearchRepository' SearchRepository: type: object properties: project_id: type: integer description: The ID of the project that the repository belongs to project_name: type: string description: The name of the project that the repository belongs to project_public: type: integer description: >- The flag to indicate the publicity of the project that the repository belongs to (1 is public, 0 is not) repository_name: type: string description: The name of the repository pull_count: type: integer description: The count how many times the repository is pulled tags_count: type: integer description: The count of tags in the repository ProjectReq: type: object properties: project_name: type: string description: The name of the project. public: type: integer format: int description: The public status of the project. enable_content_trust: type: boolean description: >- Whether content trust is enabled or not. If it is enabled, user cann't pull unsigned images from this project. prevent_vulnerable_images_from_running: type: boolean description: Whether prevent the vulnerable images from running. prevent_vulnerable_images_from_running_severity: type: string description: >- If the vulnerability is high than severity defined here, the images cann't be pulled. automatically_scan_images_on_push: type: boolean description: Whether scan images automatically when pushing. Project: type: object properties: project_id: type: integer format: int32 description: Project ID owner_id: type: integer format: int32 description: The owner ID of the project always means the creator of the project. name: type: string description: The name of the project. creation_time: type: string description: The creation time of the project. update_time: type: string description: The update time of the project. deleted: type: integer format: int32 description: 'A deletion mark of the project (1 means it''s deleted, 0 is not)' owner_name: type: string description: The owner name of the project. Togglable: type: boolean description: >- Correspond to the UI about whether the project's publicity is updatable (for UI) current_user_role_id: type: integer description: The role ID of the current user who triggered the API (for UI) repo_count: type: integer description: The number of the repositories under this project. metadata: type: object description: The metadata of the project. items: $ref: '#/definitions/ProjectMetadata' ProjectMetadata: type: object properties: public: type: integer format: int description: The public status of the project. enable_content_trust: type: boolean description: >- Whether content trust is enabled or not. If it is enabled, user cann't pull unsigned images from this project. prevent_vulnerable_images_from_running: type: boolean description: Whether prevent the vulnerable images from running. prevent_vulnerable_images_from_running_severity: type: string description: >- If the vulnerability is high than severity defined here, the images cann't be pulled. automatically_scan_images_on_push: type: boolean description: Whether scan images automatically when pushing. Manifest: type: object properties: manifest: type: object description: The detail of manifest. config: type: string description: The config of the repository. User: type: object properties: user_id: type: integer format: int description: The ID of the user. username: type: string email: type: string password: type: string realname: type: string comment: type: string deleted: type: integer format: int32 role_name: type: string role_id: type: integer format: int has_admin_role: type: integer format: int reset_uuid: type: string Salt: type: string creation_time: type: string update_time: type: string Password: type: object properties: old_password: type: string description: The user's existing password. new_password: type: string description: New password for marking as to be updated. AccessLog: type: object properties: log_id: type: integer description: The ID of the log entry. username: type: string description: Username of the user in this log entry. repo_name: type: string description: Name of the repository in this log entry. repo_tag: type: string description: Tag of the repository in this log entry. operation: type: string description: The operation against the repository in this log entry. op_time: type: string description: The time when this operation is triggered. Role: type: object properties: role_id: type: integer format: int32 description: ID in table. role_code: type: string description: Description of permissions for the role. role_name: type: string description: Name the the role. role_mask: type: string RoleParam: type: object properties: roles: type: array items: type: integer format: int32 description: Role ID for updating project role member. username: type: string description: Username relevant to a project role member. StatisticMap: type: object properties: private_project_count: type: integer format: int32 description: The count of the private projects which the user is a member of. private_repo_count: type: integer format: int32 description: >- The count of the private repositories belonging to the projects which the user is a member of. public_project_count: type: integer format: int32 description: The count of the public projects. public_repo_count: type: integer format: int32 description: >- The count of the public repositories belonging to the public projects which the user is a member of. total_project_count: type: integer format: int32 description: 'The count of the total projects, only be seen when the is admin.' total_repo_count: type: integer format: int32 description: >- The count of the total repositories, only be seen when the user is admin. JobStatus: type: object properties: id: type: integer format: int64 description: The job ID. status: type: string description: The status of the job. repository: type: string description: The repository handled by the job. policy_id: type: integer format: int64 description: The ID of the policy that triggered this job. operation: type: string description: The operation of the job. tags: type: array description: The repository's used tag list. items: $ref: '#/definitions/Tags' creation_time: type: string description: The creation time of the job. update_time: type: string description: The update time of the job. Tags: type: object properties: tag: type: string description: The repository's used tag. RepPolicy: type: object properties: id: type: integer format: int64 description: The policy ID. project_id: type: integer format: int64 description: The project ID. project_name: type: string description: The project name. target_id: type: integer format: int64 description: The target ID. name: type: string description: The policy name. enabled: type: integer format: int description: The policy's enabled status. description: type: string description: The description of the policy. cron_str: type: string description: The cron string for schedule job. start_time: type: string description: The start time of the policy. creation_time: type: string description: The create time of the policy. update_time: type: string description: The update time of the policy. error_job_count: format: int description: The error job count number for the policy. deleted: type: integer RepPolicyPost: type: object properties: project_id: type: integer format: int64 description: The project ID. target_id: type: integer format: int64 description: The target ID. name: type: string description: The policy name. enabled: type: integer format: int description: '1-enable, 0-disable' RepPolicyUpdate: type: object properties: target_id: type: integer format: int64 description: The target ID. name: type: string description: The policy name. enabled: type: integer format: int description: The policy's enabled status. description: type: string description: The description of the policy. cron_str: type: string description: The cron string for schedule job. RepPolicyEnablementReq: type: object properties: enabled: type: integer format: int description: The policy enablement flag. RepTarget: type: object properties: id: type: integer format: int64 description: The target ID. endpoint: type: string description: The target address URL string. name: type: string description: The target name. username: type: string description: The target server username. password: type: string description: The target server password. type: type: integer format: int description: Reserved field. insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the server. creation_time: type: string description: The create time of the policy. update_time: type: string description: The update time of the policy. RepTargetPost: type: object properties: endpoint: type: string description: The target address URL string. name: type: string description: The target name. username: type: string description: The target server username. password: type: string description: The target server password. insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the server. PingTarget: type: object properties: id: type: integer format: int description: Target ID. endpoint: type: string description: The target address URL string. username: type: string description: The target server username. password: type: string description: The target server password. insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the server. PutTarget: type: object properties: name: type: string description: The target name. endpoint: type: string description: The target address URL string. username: type: string description: The target server username. password: type: string description: The target server password. insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the server. HasAdminRole: type: object properties: has_admin_role: type: integer description: '1-has admin, 0-not.' UserProfile: type: object properties: email: type: string description: The new email. realname: type: string description: The new realname. comment: type: string description: The new comment. Storage: type: object properties: total: type: integer format: int64 description: Total volume size. free: type: integer format: int64 description: Free volume size. GeneralInfo: type: object properties: with_notary: type: boolean description: If the Harbor instance is deployed with nested notary. with_clair: type: boolean description: If the Harbor instance is deployed with nested clair. with_admiral: type: boolean description: If the Harbor instance is deployed with Admiral. admiral_endpoint: type: string description: The url of the endpoint of admiral instance. auth_mode: type: string description: The auth mode of current Harbor instance. project_creation_restriction: type: string description: >- Indicate who can create projects, it could be 'adminonly' or 'everyone'. self_registration: type: boolean description: Indicate whether the Harbor instance enable user to register himself. has_ca_root: type: boolean description: >- Indicate whether there is a ca root cert file ready for download in the file system. harbor_version: type: string description: The build version of Harbor. next_scan_all: type: integer description: >- The UTC time in milliseconds, after which user can call scanAll API to scan all images. clair_vulnerability_status: type: object description: The status of vulnerability data of Clair. properties: overall_last_update: type: integer description: >- The UTC timestamp in milliseconds of last successful update for Clair vulnerability data, when all the updaters are successfully executed. details: type: array description: >- Detail timestamp of different namespace. This is introduced to handle the case when some updaters are executed successfully and some not. items: $ref: '#/definitions/VulnNamespaceTimestamp' VulnNamespaceTimestamp: type: object properties: namespace: type: string description: The namespace of the Vulnerability last_update: type: integer description: >- The UTC timestamp in miliseconds of last successful update for vulnerability data. SystemInfo: type: object properties: storage: type: array description: The storage of system. items: $ref: '#/definitions/Storage' LdapConf: type: object properties: ldap_url: type: string description: The url of ldap service. ldap_search_dn: type: string description: The search dn of ldap service. ldap_search_password: type: string description: The search password of ldap service. ldap_base_dn: type: string description: The base dn of ldap service. ldap_filter: type: string description: The serach filter of ldap service. ldap_uid: type: string description: The serach uid from ldap service attributes. ldap_scope: type: integer format: int64 description: The serach scope of ldap service. ldap_connection_timeout: type: integer format: int64 description: The connect timeout of ldap service(second). LdapUsers: type: object properties: ldap_username: type: string description: search ldap user name based on ldapconf. ldap_realname: type: string description: >- system will try to guess the user realname form "uid" or "cn" attribute. ldap_email: type: string description: >- system will try to guess the user email address form "mail" or "email" attribute. LdapImportUsers: type: object properties: ldap_uid_list: type: array description: selected uid list items: type: string LdapFailedImportUsers: type: object properties: ldap_uid: type: string description: the uid can't add to system. error: type: string description: fail reason. EmailServerSetting: type: object properties: email_host: type: string description: The host of email server. email_port: type: integer description: The port of email server. email_username: type: string description: The username of email server. email_password: type: string description: The password of email server. email_ssl: type: boolean description: Use ssl/tls or not. email_identity: type: string description: The dentity of email server. RepoSignature: type: object properties: tag: type: string description: The tag of image. hashes: type: object description: The JSON object of the hash of the image. DetailedTag: type: object properties: digest: type: string description: The digest of the tag. name: type: string description: The name of the tag. size: type: integer description: The size of the image. architecture: type: string description: The architecture of the image. os: type: string description: The os of the image. docker_version: type: string description: The version of docker which builds the image. author: type: string description: The author of the image. created: type: string description: The build time of the image. signature: type: object description: >- The signature of image, defined by RepoSignature. If it is null, the image is unsigned. scan_overview: type: object description: The overview of the scan result. This is an optional property. properties: digest: type: string description: The digest of the image. scan_status: type: string description: >- The status of the scan job, it can be "pendnig", "running", "finished", "error". job_id: type: integer description: The ID of the job on jobservice to scan the image. severity: type: integer description: '0-Not scanned, 1-Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High' details_key: type: string description: >- The top layer name of this image in Clair, this is for calling Clair API to get the vulnerability list of this image. components: type: object description: The components overview of the image. properties: total: type: integer description: Total number of the components in this image. summary: description: List of number of components of different severities. type: array items: $ref: '#/definitions/ComponentOverviewEntry' ComponentOverviewEntry: type: object properties: severity: type: integer description: '1-None/Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High' count: type: integer description: number of the components with certain severity. Repository: type: object properties: id: type: integer description: The ID of repository. name: type: string description: The name of repository. project_id: type: integer description: The project ID of repository. description: type: string description: The description of repository. pull_count: type: integer description: The pull count of repository. star_count: type: integer description: The star count of repository. tags_count: type: integer description: The tags count of repository. creation_time: type: string description: The creation time of repository. update_time: type: string description: The update time of repository. VulnerabilityItem: type: object properties: id: type: string description: 'ID of the vulnerability, normally it is the CVE ID' severity: type: integer description: '1-Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High' package: type: string description: The packge that introduces the vulnerability. version: type: string description: The version of the package. description: type: string description: The description of the vulnerability. fixedVersion: type: string description: >- The version which the vulnerability is fixed, this is an optional property. Configurations: type: object properties: auth_mode: type: string description: The auth mode of current system, such as "db_auth", "ldap_auth" email_from: type: string description: The sender name for Email notification. email_host: type: string description: The hostname of SMTP server that sends Email notification. email_port: type: integer description: The port of SMTP server. email_identity: type: string description: By default it's empty so the email_username is picked. email_username: type: string description: The username for authenticate against SMTP server. email_ssl: type: boolean description: When it's set to true the system will access Email server via TLS by default. If it's set to false, it still will handle "STARTTLS" from server side. email_insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the email server. ldap_url: type: string description: The URL of LDAP server. ldap_base_dn: type: string description: The Base DN for LDAP binding. ldap_filter: type: string description: The filter for LDAP binding. ldap_scope: type: integer description: 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE ldap_uid: type: string description: The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname" ldap_search_dn: type: string description: The DN of the user to do the search. ldap_timeout: type: integer description: timeout in seconds for connection to LDAP server. project_creation_restriction: type: string description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly". self_registration: type: boolean description: Whether the Harbor instance supports self-registration. If it's set to false, admin need to add user to the instance. token_expiration: type: integer description: The expiration time of the token for internal Registry, in minutes. verify_remote_cert: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication. scan_all_policy: type: object properties: type: type: string description: The type of scan all policy, currently the valid values are "none" and "daily" parameter: type: object properties: daily_time: type: integer description: The offest in seconds of UTC 0 o'clock, only valid when the policy type is "daily" description: The parameters of the policy, the values are dependant on the type of the policy.