swagger: '2.0' info: title: Harbor API description: These APIs provide services for manipulating Harbor project. version: 1.9.0 host: localhost schemes: - http - https basePath: /api produces: - application/json - text/plain consumes: - application/json securityDefinitions: basicAuth: type: basic security: - basicAuth: [] paths: /health: get: summary: 'Health check API' description: | The endpoint returns the health stauts of the system. tags: - Products responses: '200': description: The system health status. schema: $ref: '#/definitions/OverallHealthStatus' /search: get: summary: 'Search for projects, repositories and helm charts' description: | The Search endpoint returns information about the projects ,repositories and helm charts offered at public status or related to the current logged in user. The response includes the project, repository list and charts in a proper display order. parameters: - name: q in: query description: Search parameter for project and repository name. required: true type: string tags: - Products responses: '200': description: An array of search results schema: type: array items: $ref: '#/definitions/Search' '500': description: Unexpected internal errors. /projects: get: summary: List projects description: | This endpoint returns all projects created by Harbor, and can be filtered by project name. parameters: - name: name in: query description: The name of project. required: false type: string - name: public in: query description: The project is public or private. required: false type: boolean format: int32 - name: owner in: query description: The name of project owner. required: false type: string - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: 'The size of per page, default is 10, maximum is 100.' tags: - Products responses: '200': description: Return all matched projects. schema: type: array items: $ref: '#/definitions/Project' headers: X-Total-Count: description: The total count of projects type: integer Link: description: Link refers to the previous page and next page type: string '401': description: User need to log in first. '500': description: Internal errors. head: summary: Check if the project name user provided already exists. description: | This endpoint is used to check if the project name user provided already exist. parameters: - name: project_name in: query description: Project name for checking exists. required: true type: string tags: - Products responses: '200': description: Project name exists. '401': description: User need to log in first. '404': description: Project name does not exist. '500': description: Unexpected internal errors. post: summary: Create a new project. description: | This endpoint is for user to create a new project. parameters: - name: project in: body description: New created project. required: true schema: $ref: '#/definitions/ProjectReq' tags: - Products responses: '201': description: Project created successfully. '400': description: Unsatisfied with constraints of the project creation. '401': description: User need to log in first. '409': description: Project name already exists. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. '/projects/{project_id}': get: summary: Return specific project detail information description: | This endpoint returns specific project information by project ID. parameters: - name: project_id in: path description: Project ID for filtering results. required: true type: integer format: int64 tags: - Products responses: '200': description: Return matched project information. schema: $ref: '#/definitions/Project' '401': description: User need to log in first. '500': description: Internal errors. put: summary: Update properties for a selected project. description: | This endpoint is aimed to update the properties of a project. parameters: - name: project_id in: path type: integer format: int64 required: true description: Selected project ID. - name: project in: body required: true schema: $ref: '#/definitions/ProjectReq' description: Updates of project. tags: - Products responses: '200': description: Updated project properties successfully. '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '403': description: User does not have permission to the project. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. delete: summary: Delete project by projectID description: | This endpoint is aimed to delete project by project ID. parameters: - name: project_id in: path description: Project ID of project which will be deleted. required: true type: integer format: int64 tags: - Products responses: '200': description: Project is deleted successfully. '400': description: Invalid project id. '403': description: User need to log in first. '404': description: Project does not exist. '412': description: 'Project contains policies, can not be deleted.' '500': description: Internal errors. '/projects/{project_id}/logs': get: summary: Get access logs accompany with a relevant project. description: | This endpoint let user search access logs filtered by operations and date time ranges. parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID - name: username in: query type: string required: false description: Username of the operator. - name: repository in: query type: string required: false description: The name of repository - name: tag in: query type: string required: false description: The name of tag - name: operation in: query type: string required: false description: The operation - name: begin_timestamp in: query type: string required: false description: The begin timestamp - name: end_timestamp in: query type: string required: false description: The end timestamp - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: 'The size of per page, default is 10, maximum is 100.' tags: - Products responses: '200': description: Get access log successfully. schema: type: array items: $ref: '#/definitions/AccessLog' headers: X-Total-Count: description: The total count of access logs type: integer Link: description: Link refers to the previous page and next page type: string '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '500': description: Unexpected internal errors. '/projects/{project_id}/metadatas': get: summary: Get project metadata. description: | This endpoint returns metadata of the project specified by project ID. parameters: - name: project_id in: path description: The ID of project. required: true type: integer format: int64 tags: - Products responses: '200': description: Get metadata successfully. schema: $ref: '#/definitions/ProjectMetadata' '401': description: User need to login first. '500': description: Internal server errors. post: summary: Add metadata for the project. description: | This endpoint is aimed to add metadata of a project. parameters: - name: project_id in: path type: integer format: int64 required: true description: Selected project ID. - name: metadata in: body required: true schema: $ref: '#/definitions/ProjectMetadata' description: The metadata of project. tags: - Products responses: '200': description: Add metadata successfully. '400': description: Invalid request. '401': description: User need to log in first. '403': description: User does not have permission to the project. '404': description: Project ID does not exist. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Internal server errors. '/projects/{project_id}/metadatas/{meta_name}': get: summary: Get project metadata description: | This endpoint returns specified metadata of a project. parameters: - name: project_id in: path description: Project ID for filtering results. required: true type: integer format: int64 - name: meta_name in: path description: The name of metadat. required: true type: string tags: - Products responses: '200': description: Get metadata successfully. schema: $ref: '#/definitions/ProjectMetadata' '401': description: User need to log in first. '500': description: Internal server errors. put: summary: Update metadata of a project. description: | This endpoint is aimed to update the metadata of a project. parameters: - name: project_id in: path type: integer format: int64 required: true description: The ID of project. - name: meta_name in: path description: The name of metadat. required: true type: string tags: - Products responses: '200': description: Updated metadata successfully. '400': description: Invalid request. '401': description: User need to log in first. '403': description: User does not have permission to the project. '404': description: Project or metadata does not exist. '500': description: Internal server errors. delete: summary: Delete metadata of a project description: | This endpoint is aimed to delete metadata of a project. parameters: - name: project_id in: path description: The ID of project. required: true type: integer format: int64 - name: meta_name in: path description: The name of metadat. required: true type: string tags: - Products responses: '200': description: Metadata is deleted successfully. '400': description: Invalid requst. '403': description: User need to log in first. '404': description: Project or metadata does not exist. '500': description: Internal server errors. '/projects/{project_id}/members': get: summary: Get all project member information description: Get all project member information parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: entityname in: query type: string description: The entity name to search. tags: - Products responses: '200': description: Get project members successfully. schema: type: array items: $ref: '#/definitions/ProjectMemberEntity' '400': description: The project id is invalid. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. post: summary: Create project member description: 'Create project member relationship, the member can be one of the user_member and group_member, The user_member need to specify user_id or username. If the user already exist in harbor DB, specify the user_id, If does not exist in harbor DB, it will SearchAndOnBoard the user. The group_member need to specify id or ldap_group_dn. If the group already exist in harbor DB. specify the user group''s id, If does not exist, it will SearchAndOnBoard the group. ' tags: - Products parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: project_member in: body schema: $ref: '#/definitions/ProjectMember' responses: '201': description: Project member created successfully. '400': description: 'Illegal format of project member or project id is invalid, or LDAP DN is invalid.' '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '409': description: A user group with same group name already exist or an LDAP user group with same DN already exist. '500': description: Unexpected internal errors. '/projects/{project_id}/members/{mid}': get: summary: Get the project member information description: Get the project member information tags: - Products parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: mid in: path type: integer format: int64 required: true description: The member ID responses: '200': description: Project member retrieved successfully. schema: $ref: '#/definitions/ProjectMemberEntity' '400': description: 'Illegal format of project member or invalid project id, member id.' '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project or projet member does not exist. '500': description: Unexpected internal errors. put: summary: Update project member description: Update project member relationship tags: - Products parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: mid in: path type: integer format: int64 required: true description: Member ID. - name: role in: body schema: $ref: '#/definitions/RoleRequest' responses: '200': description: Project member updated successfully. '400': description: 'Invalid role id, it should be 1,2 or 3, or invalid project id, or invalid member id.' '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: project or project member does not exist. '500': description: Unexpected internal errors. delete: summary: Delete project member tags: - Products parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: mid in: path type: integer format: int64 required: true description: Member ID. responses: '200': description: Project member deleted successfully. '400': description: The project id or project member id is invalid. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '500': description: Unexpected internal errors. /statistics: get: summary: Get projects number and repositories number relevant to the user description: | This endpoint is aimed to statistic all of the projects number and repositories number relevant to the logined user, also the public projects number and repositories number. If the user is admin, he can also get total projects number and total repositories number. tags: - Products responses: '200': description: Get the projects number and repositories number relevant to the user successfully. schema: $ref: '#/definitions/StatisticMap' '401': description: User need to log in first. '500': description: Unexpected internal errors. /users: get: summary: Get registered users of Harbor. description: | This endpoint is for user to search registered users, support for filtering results with username.Notice, by now this operation is only for administrator. parameters: - name: username in: query type: string required: false description: Username for filtering results. - name: email in: query type: string required: false description: Email for filtering results. - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: The size of per page. tags: - Products responses: '200': description: Searched for users of Harbor successfully. schema: type: array items: $ref: '#/definitions/User' '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. post: summary: Creates a new user account. description: | This endpoint is to create a user if the user does not already exist. parameters: - name: user in: body description: New created user. required: true schema: $ref: '#/definitions/User' tags: - Products responses: '201': description: User created successfully. '400': description: Unsatisfied with constraints of the user creation. '403': description: User registration can only be used by admin role user when self-registration is off. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. /users/current: get: summary: Get current user info. description: | This endpoint is to get the current user information. tags: - Products responses: '200': description: Get current user information successfully. schema: $ref: '#/definitions/User' '401': description: User need to log in first. /users/current/permissions: get: summary: Get current user permissions. description: | This endpoint is to get the current user permissions. parameters: - name: scope in: query type: string required: false description: Get permissions of the scope - name: relative in: query type: boolean required: false description: | If true, the resources in the response are relative to the scope, eg for resource '/project/1/repository' if relative is 'true' then the resource in response will be 'repository'. tags: - Products responses: '200': description: Get current user permission successfully. schema: type: array items: $ref: '#/definitions/Permission' '401': description: User need to log in first. '500': description: Internal errors. /users/search: get: summary: Search users by username, email description: | This endpoint is to search the users by username, email. parameters: - name: username in: query type: string required: false description: Username for filtering results. - name: email in: query type: string required: false description: Email for filtering results. - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: The size of per page. tags: - Products responses: '200': description: Search users by username, email successfully. schema: type: array items: $ref: '#/definitions/UserSearch' '500': description: Unexpected internal errors. '/users/{user_id}': get: summary: Get a user's profile. description: | Get user's profile with user id. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID tags: - Products responses: '200': description: Get user's profile successfully. schema: $ref: '#/definitions/User' '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. put: summary: Update a registered user to change his profile. description: | This endpoint let a registered user change his profile. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID - name: profile in: body description: 'Only email, realname and comment can be modified.' required: true schema: $ref: '#/definitions/UserProfile' tags: - Products responses: '200': description: Updated user's profile successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. delete: summary: Mark a registered user as be removed. description: | This endpoint let administrator of Harbor mark a registered user as be removed.It actually won't be deleted from DB. parameters: - name: user_id in: path type: integer format: int required: true description: User ID for marking as to be removed. tags: - Products responses: '200': description: Marked user as be removed successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. '/users/{user_id}/password': put: summary: Change the password on a user that already exists. description: | This endpoint is for user to update password. Users with the admin role can change any user's password. Guest users can change only their own password. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID. - name: password in: body description: Password to be updated, the attribute 'old_password' is optional when the API is called by the system administrator. required: true schema: $ref: '#/definitions/Password' tags: - Products responses: '200': description: Updated password successfully. '400': description: Invalid user ID; Old password is blank; New password is blank. '401': description: Don't have authority to change password. Please check login status. '403': description: The caller does not have permission to update the password of the user with given ID, or the old password in request body is not correct. '500': description: Unexpected internal errors. '/users/{user_id}/sysadmin': put: summary: Update a registered user to change to be an administrator of Harbor. description: | This endpoint let a registered user change to be an administrator of Harbor. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID - name: has_admin_role in: body description: Toggle a user to admin or not. required: true schema: $ref: '#/definitions/HasAdminRole' tags: - Products responses: '200': description: Updated user's admin role successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. '/users/{user_id}/gen_cli_secret': post: summary: Generate new CLI secret for a user. description: | This endpoint let user generate a new CLI secret for himself. This API only works when auth mode is set to 'OIDC'. Once this API returns with successful status, the old secret will be invalid, as there will be only one CLI secret for a user. The new secret will be returned in the response. parameters: - name: user_id in: path type: integer format: int required: true description: User ID tags: - Products responses: '200': description: The secret is successfully generated. schema: type: object properties: secret: type: string description: The new secret '400': description: Invalid user ID. Or user is not onboarded via OIDC authentication. '401': description: User need to log in first. '403': description: Non-admin user can only generate the cli secret of himself. '404': description: User ID does not exist. '412': description: The auth mode of the system is not "oidc_auth", or the user is not onboarded via OIDC AuthN. '500': description: Unexpected internal errors. /repositories: get: summary: Get repositories accompany with relevant project and repo name. description: | This endpoint lets user search repositories accompanying with relevant project ID and repo name. Repositories can be sorted by repo name, creation_time, update_time in either ascending or descending order. parameters: - name: project_id in: query type: integer format: int32 required: true description: Relevant project ID. - name: q in: query type: string required: false description: Repo name for filtering results. - name: sort in: query type: string required: false description: | Sort method, valid values include: 'name', '-name', 'creation_time', '-creation_time', 'update_time', '-update_time'. Here '-' stands for descending order. - name: label_id in: query type: integer required: false description: The ID of label used to filter the result. - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: 'The size of per page, default is 10, maximum is 100.' tags: - Products responses: '200': description: Get repositories successfully. schema: type: array items: $ref: '#/definitions/Repository' headers: X-Total-Count: description: The total count of repositories type: integer Link: description: Link refers to the previous page and next page type: string '400': description: Invalid project ID. '403': description: Project is not public or current user is irrelevant to the repository. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. '/repositories/{repo_name}': delete: summary: Delete a repository. description: | This endpoint let user delete a repository with name. parameters: - name: repo_name in: path type: string required: true description: The name of repository which will be deleted. tags: - Products responses: '200': description: Delete successfully. '400': description: Invalid repo_name. '401': description: Unauthorized. '403': description: Forbidden. '404': description: Repository not found. put: summary: Update description of the repository. description: | This endpoint is used to update description of the repository. parameters: - name: repo_name in: path type: string required: true description: The name of repository which will be deleted. - name: description in: body description: The description of the repository. required: true schema: $ref: '#/definitions/RepositoryDescription' tags: - Products responses: '200': description: Update successfully. '401': description: Unauthorized. '403': description: Forbidden. '404': description: Repository not found. '/repositories/{repo_name}/labels': get: summary: Get labels of a repository. description: | Get labels of a repository specified by the repo_name. parameters: - name: repo_name in: path type: string required: true description: The name of repository. tags: - Products responses: '200': description: Successfully. schema: type: array items: $ref: '#/definitions/Label' '401': description: Unauthorized. '403': description: Forbidden. User should have read permisson for the repository to perform the action. '404': description: Repository not found. post: summary: Add a label to the repository. description: | Add a label to the repository. parameters: - name: repo_name in: path type: string required: true description: The name of repository. - name: label in: body description: Only the ID property is required. required: true schema: $ref: '#/definitions/Label' tags: - Products responses: '200': description: Successfully. '401': description: Unauthorized. '403': description: Forbidden. User should have write permisson for the repository to perform the action. '404': description: Resource not found. '/repositories/{repo_name}/labels/{label_id}': delete: summary: Delete label from the repository. description: | Delete the label from the repository specified by the repo_name. parameters: - name: repo_name in: path type: string required: true description: The name of repository. - name: label_id in: path type: integer required: true description: The ID of label. tags: - Products responses: '200': description: Successfully. '401': description: Unauthorized. '403': description: Forbidden. User should have write permisson for the repository to perform the action. '404': description: Resource not found. '/repositories/{repo_name}/tags/{tag}': get: summary: Get the tag of the repository. description: | This endpoint aims to retrieve the tag of the repository. If deployed with Notary, the signature property of response represents whether the image is singed or not. If the property is null, the image is unsigned. parameters: - name: repo_name in: path type: string required: true description: Relevant repository name. - name: tag in: path type: string required: true description: Tag of the repository. tags: - Products responses: '200': description: Get tag successfully. schema: $ref: '#/definitions/DetailedTag' '500': description: Unexpected internal errors. delete: summary: Delete a tag in a repository. description: | This endpoint let user delete tags with repo name and tag. parameters: - name: repo_name in: path type: string required: true description: The name of repository which will be deleted. - name: tag in: path type: string required: true description: Tag of a repository. tags: - Products responses: '200': description: Delete tag successfully. '400': description: Invalid repo_name. '401': description: Unauthorized. '403': description: Forbidden. '404': description: Repository or tag not found. '/repositories/{repo_name}/tags': get: summary: Get tags of a relevant repository. description: | This endpoint aims to retrieve tags from a relevant repository. If deployed with Notary, the signature property of response represents whether the image is singed or not. If the property is null, the image is unsigned. parameters: - name: repo_name in: path type: string required: true description: Relevant repository name. - name: label_ids in: query type: string required: false description: A list of comma separated label IDs. tags: - Products responses: '200': description: Get tags successfully. schema: type: array items: $ref: '#/definitions/DetailedTag' '500': description: Unexpected internal errors. post: summary: Retag an image description: > This endpoint tags an existing image with another tag in this repo, source images can be in different repos or projects. parameters: - name: repo_name in: path type: string required: true description: Relevant repository name. - name: request in: body description: Request to give source image and target tag. required: true schema: $ref: '#/definitions/RetagReq' tags: - Products responses: '200': description: Image retag successfully. '400': description: Invalid image values provided. '401': description: User has no permission to the source project or destination project. '404': description: Project or repository not found. '409': description: Target tag already exists. '500': description: Unexpected internal errors. '/repositories/{repo_name}/tags/{tag}/labels': get: summary: Get labels of an image. description: | Get labels of an image specified by the repo_name and tag. parameters: - name: repo_name in: path type: string required: true description: The name of repository. - name: tag in: path type: string required: true description: The tag of the image. tags: - Products responses: '200': description: Successfully. schema: type: array items: $ref: '#/definitions/Label' '401': description: Unauthorized. '403': description: Forbidden. User should have read permisson for the image to perform the action. '404': description: Resource not found. post: summary: Add a label to image. description: | Add a label to the image. parameters: - name: repo_name in: path type: string required: true description: The name of repository. - name: tag in: path type: string required: true description: The tag of the image. - name: label in: body description: Only the ID property is required. required: true schema: $ref: '#/definitions/Label' tags: - Products responses: '200': description: Successfully. '401': description: Unauthorized. '403': description: Forbidden. User should have write permisson for the image to perform the action. '404': description: Resource not found. '/repositories/{repo_name}/tags/{tag}/labels/{label_id}': delete: summary: Delete label from the image. description: | Delete the label from the image specified by the repo_name and tag. parameters: - name: repo_name in: path type: string required: true description: The name of repository. - name: tag in: path type: string required: true description: The tag of the image. - name: label_id in: path type: integer required: true description: The ID of label. tags: - Products responses: '200': description: Successfully. '401': description: Unauthorized. '403': description: Forbidden. User should have write permisson for the image to perform the action. '404': description: Resource not found. '/repositories/{repo_name}/tags/{tag}/manifest': get: summary: Get manifests of a relevant repository. description: | This endpoint aims to retreive manifests from a relevant repository. parameters: - name: repo_name in: path type: string required: true description: Repository name - name: tag in: path type: string required: true description: Tag name - name: version in: query type: string required: false description: 'The version of manifest, valid value are "v1" and "v2", default is "v2"' tags: - Products responses: '200': description: Retrieved manifests from a relevant repository successfully. schema: $ref: '#/definitions/Manifest' '404': description: Retrieved manifests from a relevant repository not found. '500': description: Unexpected internal errors. '/repositories/{repo_name}/tags/{tag}/scan': post: summary: Scan the image. description: | Trigger jobservice to call Clair API to scan the image identified by the repo_name and tag. Only project admins have permission to scan images under the project. parameters: - name: repo_name in: path type: string required: true description: Repository name - name: tag in: path type: string required: true description: Tag name tags: - Products responses: '200': description: Successfully created the job to scan image. '401': description: User needs to login or call the API with correct credentials. '403': description: User doesn't have permission to perform the action. '404': description: The image does not exist in Harbor. '415': $ref: '#/responses/UnsupportedMediaType' '503': description: Harbor is not deployed with Clair. '/repositories/{repo_name}/tags/{tag}/vulnerability/details': get: summary: Get vulnerability details of the image. description: | Call Clair API to get the vulnerability based on the previous successful scan. parameters: - name: repo_name in: path type: string required: true description: Repository name - name: tag in: path type: string required: true description: Tag name tags: - Products responses: '200': description: Successfully retrieved the vulnerabilities. schema: type: array items: $ref: '#/definitions/VulnerabilityItem' '401': description: User needs to login or call the API with correct credentials. '403': description: User doesn't have permission to perform the action. '404': description: The image does not exist in Harbor. '503': description: Harbor is not deployed with Clair. '/repositories/{repo_name}/signatures': get: summary: Get signature information of a repository description: | This endpoint aims to retrieve signature information of a repository, the data is from the nested notary instance of Harbor. If the repository does not have any signature information in notary, this API will return an empty list with response code 200, instead of 404 parameters: - name: repo_name in: path type: string required: true description: repository name. tags: - Products responses: '200': description: Retrieved signatures. schema: type: array items: $ref: '#/definitions/RepoSignature' '500': description: Server side error. /repositories/top: get: summary: Get public repositories which are accessed most. description: | This endpoint aims to let users see the most popular public repositories parameters: - name: count in: query type: integer format: int32 required: false description: 'The number of the requested public repositories, default is 10 if not provided.' tags: - Products responses: '200': description: Get popular repositories successfully. schema: type: array items: $ref: '#/definitions/Repository' '400': description: Bad request because of invalid count. '500': description: Unexpected internal errors. /logs: get: summary: Get recent logs of the projects which the user is a member of description: | This endpoint let user see the recent operation logs of the projects which he is member of parameters: - name: username in: query type: string required: false description: Username of the operator. - name: repository in: query type: string required: false description: The name of repository - name: tag in: query type: string required: false description: The name of tag - name: operation in: query type: string required: false description: The operation - name: begin_timestamp in: query type: string required: false description: The begin timestamp - name: end_timestamp in: query type: string required: false description: The end timestamp - name: page in: query type: integer format: int32 required: false description: 'The page nubmer, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: 'The size of per page, default is 10, maximum is 100.' tags: - Products responses: '200': description: Get the required logs successfully. schema: type: array items: $ref: '#/definitions/AccessLog' '400': description: Bad request because of invalid parameters. '401': description: User need to login first. '500': description: Unexpected internal errors. /replication/executions: get: summary: List replication executions. description: | This endpoint let user list replication executions. parameters: - name: policy_id in: query type: integer required: false description: The policy ID. - name: status in: query type: string required: false description: The execution status. - name: trigger in: query type: string required: false description: The trigger mode. - name: page in: query type: integer required: false description: The page. - name: page_size in: query type: integer required: false description: The page size. tags: - Products responses: '200': description: Success schema: type: array items: $ref: '#/definitions/ReplicationExecution' '401': description: User need to login first. '403': description: User has no privilege for the operation. '500': description: Unexpected internal errors. post: summary: Start one execution of the replication. description: | This endpoint is for user to start one execution of the replication. parameters: - name: execution in: body description: The execution that needs to be started, only the property "policy_id" is needed. required: true schema: $ref: '#/definitions/ReplicationExecution' tags: - Products responses: '201': description: Success. '400': description: Bad request. '401': description: User need to login first. '403': description: User has no privilege for the operation. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. /replication/executions/{id}: get: summary: Get the execution of the replication. description: | This endpoint is for user to get one execution of the replication. parameters: - name: id in: path type: integer format: int64 description: The execution ID. required: true tags: - Products responses: '200': description: Success. schema: $ref: '#/definitions/ReplicationExecution' '400': description: Bad request. '401': description: User need to login first. '403': description: User has no privilege for the operation. '404': description: Resource requested does not exist. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. put: summary: Stop the execution of the replication. description: | This endpoint is for user to stop one execution of the replication. parameters: - name: id in: path type: integer format: int64 description: The execution ID. required: true tags: - Products responses: '200': description: Success. '400': description: Bad request. '401': description: User need to login first. '403': description: User has no privilege for the operation. '404': description: Resource requested does not exist. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. /replication/executions/{id}/tasks: get: summary: Get the task list of one execution. description: | This endpoint is for user to get the task list of one execution. parameters: - name: id in: path type: integer format: int64 description: The execution ID. required: true tags: - Products responses: '200': description: Success. schema: type: array items: $ref: '#/definitions/ReplicationTask' '400': description: Bad request. '401': description: User need to login first. '403': description: User has no privilege for the operation. '404': description: Resource requested does not exist. '500': description: Unexpected internal errors. /replication/executions/{id}/tasks/{task_id}/log: get: summary: Get the log of one task. description: | This endpoint is for user to get the log of one task. parameters: - name: id in: path type: integer format: int64 description: The execution ID. required: true - name: task_id in: path type: integer format: int64 description: The task ID. required: true tags: - Products responses: '200': description: Success. '400': description: Bad request. '401': description: User need to login first. '403': description: User has no privilege for the operation. '404': description: Resource requested does not exist. '500': description: Unexpected internal errors. /replication/policies: get: summary: List replication policies description: | This endpoint let user list replication policies parameters: - name: name in: query type: string required: false description: The replication policy name. - name: page in: query type: integer format: int32 required: false description: The page nubmer. - name: page_size in: query type: integer format: int32 required: false description: The size of per page. tags: - Products responses: '200': description: Get policy successfully. schema: type: array items: $ref: '#/definitions/ReplicationPolicy' '400': $ref: '#/responses/BadRequest' '401': $ref: '#/responses/Unauthorized' '403': $ref: '#/responses/Forbidden' '500': $ref: '#/responses/InternalServerError' post: summary: Create a replication policy description: | This endpoint let user create a replication policy parameters: - name: policy in: body description: The policy model. required: true schema: $ref: '#/definitions/ReplicationPolicy' tags: - Products responses: '201': $ref: '#/responses/Created' '400': $ref: '#/responses/BadRequest' '401': $ref: '#/responses/Unauthorized' '403': $ref: '#/responses/Forbidden' '409': $ref: '#/responses/Conflict' '415': $ref: '#/responses/UnsupportedMediaType' '500': $ref: '#/responses/InternalServerError' '/replication/policies/{id}': get: summary: Get replication policy. description: | This endpoint let user get replication policy by specific ID. parameters: - name: id in: path type: integer format: int64 required: true description: policy ID tags: - Products responses: '200': description: Get the replication policy successfully. schema: $ref: '#/definitions/ReplicationPolicy' '400': $ref: '#/responses/BadRequest' '401': $ref: '#/responses/Unauthorized' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '500': $ref: '#/responses/InternalServerError' put: summary: Update the replication policy description: | This endpoint let user update policy. parameters: - name: id in: path type: integer format: int64 required: true description: policy ID - name: policy in: body description: The replication policy model. required: true schema: $ref: '#/definitions/ReplicationPolicy' tags: - Products responses: '200': $ref: '#/responses/OK' '400': $ref: '#/responses/BadRequest' '401': $ref: '#/responses/Unauthorized' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': $ref: '#/responses/Conflict' '500': $ref: '#/responses/InternalServerError' delete: summary: Delete the replication policy specified by ID. description: | Delete the replication policy specified by ID. parameters: - name: id in: path type: integer format: int64 required: true description: Replication policy ID tags: - Products responses: '200': $ref: '#/responses/OK' '400': $ref: '#/responses/BadRequest' '401': $ref: '#/responses/Unauthorized' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' /labels: get: summary: List labels according to the query strings. description: | This endpoint let user list labels by name, scope and project_id parameters: - name: name in: query type: string required: false description: The label name. - name: scope in: query type: string required: true description: The label scope. Valid values are g and p. g for global labels and p for project labels. - name: project_id in: query type: integer format: int64 required: false description: 'Relevant project ID, required when scope is p.' - name: page in: query type: integer format: int32 required: false description: The page nubmer. - name: page_size in: query type: integer format: int32 required: false description: The size of per page. tags: - Products responses: '200': description: Get successfully. schema: type: array items: $ref: '#/definitions/Label' '400': description: Invalid parameters. '401': description: User need to log in first. '500': description: Unexpected internal errors. post: summary: Post creates a label description: | This endpoint let user creates a label. parameters: - name: label in: body description: The json object of label. required: true schema: $ref: '#/definitions/Label' tags: - Products responses: '201': description: Create successfully. '400': description: Invalid parameters. '401': description: User need to log in first. '409': description: Label with the same name and same scope already exists. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. '/labels/{id}': get: summary: Get the label specified by ID. description: | This endpoint let user get the label by specific ID. parameters: - name: id in: path type: integer format: int64 required: true description: Label ID tags: - Products responses: '200': description: Get successfully. schema: $ref: '#/definitions/Label' '401': description: User need to log in first. '404': description: The resource does not exist. '500': description: Unexpected internal errors. put: summary: Update the label properties. description: | This endpoint let user update label properties. parameters: - name: id in: path type: integer format: int64 required: true description: Label ID - name: label in: body description: The updated label json object. required: true schema: $ref: '#/definitions/Label' tags: - Products responses: '200': description: Update successfully. '400': description: Invalid parameters. '401': description: User need to log in first. '404': description: The resource does not exist. '409': description: The label with the same name already exists. '500': description: Unexpected internal errors. delete: summary: Delete the label specified by ID. description: | Delete the label specified by ID. parameters: - name: id in: path type: integer format: int64 required: true description: Label ID tags: - Products responses: '200': description: Delete successfully. '400': description: Invalid parameters. '401': description: User need to log in first. '404': description: The resource does not exist. '500': description: Unexpected internal errors. '/labels/{id}/resources': get: summary: Get the resources that the label is referenced by. description: | This endpoint let user get the resources that the label is referenced by. Only the replication policies are returned for now. parameters: - name: id in: path type: integer format: int64 required: true description: Label ID tags: - Products responses: '200': description: Get successfully. schema: $ref: '#/definitions/Resource' '401': description: User need to log in first. '403': description: Forbidden. '404': description: The resource does not exist. '500': description: Unexpected internal errors. /replication/adapters: get: summary: List supported adapters. description: | This endpoint let user list supported adapters. tags: - Products responses: '200': description: Success. schema: type: array items: type: string '401': description: Unauthorized. '403': description: Forbidden. '500': description: Unexpected internal errors. /registries: get: summary: List registries. description: | This endpoint let user list filtered registries by name, if name is nil, list returns all registries. parameters: - name: name in: query type: string required: false description: Registry's name. tags: - Products responses: '200': description: List registries successfully. schema: type: array items: $ref: '#/definitions/Registry' '401': description: User need to log in first. '500': description: Unexpected internal errors. post: summary: Create a new registry. description: | This endpoint is for user to create a new registry. parameters: - name: registry in: body description: New created registry. required: true schema: $ref: '#/definitions/Registry' tags: - Products responses: '201': description: Registry created successfully. '400': description: Unsatisfied with constraints of the registry creation. '401': description: User need to log in first. '409': description: Registry name already exists. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. /registries/ping: post: summary: Ping status of a registry. description: | This endpoint checks status of a registry, the registry can be given by ID or URL (together with credential) parameters: - name: registry in: body description: Registry to ping. required: true schema: $ref: '#/definitions/Registry' tags: - Products responses: '200': description: Registry is healthy. '400': description: No proper registry information provided. '401': description: User need to log in first. '404': description: Registry not found (when registry is provided by ID). '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. '/registries/{id}': put: summary: Update a given registry. description: | This endpoint is for update a given registry. parameters: - name: id in: path type: integer format: int64 required: true description: The registry's ID. - name: repo_target in: body required: true schema: $ref: '#/definitions/PutRegistry' description: Updates registry. tags: - Products responses: '200': description: Updated registry successfully. '400': description: The registry is associated with policy which is enabled. '401': description: User need to log in first. '404': description: Registry does not exist. '409': description: Registry name is already used. '500': description: Unexpected internal errors. get: summary: Get registry. description: This endpoint is for get specific registry. tags: - Products parameters: - name: id in: path type: integer format: int64 required: true description: The registry ID. responses: '200': description: Get registry successfully. schema: $ref: '#/definitions/Registry' '401': description: User need to log in first. '404': description: Registry not found '500': description: Unexpected internal errors. delete: summary: Delete specific registry. description: | This endpoint is for to delete specific registry. parameters: - name: id in: path type: integer format: int64 required: true description: The registry's ID. tags: - Products responses: '200': description: Registry deleted successfully. '400': description: Registry's ID is invalid or the registry is used by policies. '401': description: Only admin has this authority. '404': description: Registry does not exist. '500': description: Unexpected internal errors. '/registries/{id}/info': get: summary: Get registry info. description: Get the info of one specific registry. tags: - Products parameters: - name: id in: path type: integer format: int64 required: true description: The registry ID. responses: '200': description: Get registry successfully. schema: $ref: '#/definitions/RegistryInfo' '401': description: User need to log in first. '404': description: Registry not found '500': description: Unexpected internal errors. /registries/{id}/namespace: get: summary: List namespaces of registry description: | This endpoint let user list namespaces of registry according to query. parameters: - name: id in: path type: integer required: true description: The registry ID. - name: name in: query type: string required: false description: The name of namespace. tags: - Products responses: '200': description: Success schema: type: array items: $ref: '#/definitions/Namespace' '401': description: User need to login first. '404': description: No registry found. '403': description: User has no privilege for the operation. '500': description: Unexpected internal errors. /internal/syncregistry: post: summary: Sync repositories from registry to DB. description: | This endpoint is for syncing all repositories of registry with database. tags: - Products responses: '200': description: Sync repositories successfully. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. /systeminfo: get: summary: Get general system info description: | This API is for retrieving general system info, this can be called by anonymous request. tags: - Products responses: '200': description: Get general info successfully. schema: $ref: '#/definitions/GeneralInfo' '500': description: Unexpected internal error. /systeminfo/volumes: get: summary: Get system volume info (total/free size). description: | This endpoint is for retrieving system volume info that only provides for admin user. tags: - Products responses: '200': description: Get system volumes successfully. schema: $ref: '#/definitions/SystemInfo' '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. /systeminfo/getcert: get: summary: Get default root certificate. description: | This endpoint is for downloading a default root certificate. tags: - Products responses: '200': description: Get default root certificate successfully. '404': description: Not found the default root certificate. '500': description: Unexpected internal errors. /ldap/ping: post: summary: Ping available ldap service. description: | This endpoint ping the available ldap service for test related configuration parameters. parameters: - name: ldapconf in: body description: 'ldap configuration. support input ldap service configuration. If it''s a empty request, will load current configuration from the system.' required: false schema: $ref: '#/definitions/LdapConf' tags: - Products responses: '200': description: Ping ldap service successfully. '400': description: Inviald ldap configuration parameters. '401': description: User need to login first. '403': description: Only admin has this authority. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. /ldap/groups/search: get: summary: Search available ldap groups. description: | This endpoint searches the available ldap groups based on related configuration parameters. support to search by groupname or groupdn. parameters: - name: groupname in: query type: string required: false description: Ldap group name - name: groupdn in: query type: string required: false description: The LDAP group DN tags: - Products responses: '200': description: Search ldap group successfully. schema: type: array items: $ref: '#/definitions/UserGroup' '400': description: The Ldap group DN is invalid. '404': description: No ldap group found. '500': description: Unexpected internal errors. /ldap/users/search: get: summary: Search available ldap users. description: | This endpoint searches the available ldap users based on related configuration parameters. Support searched by input ladp configuration, load configuration from the system and specific filter. parameters: - name: username in: query type: string required: false description: Registered user ID tags: - Products responses: '200': description: Search ldap users successfully. schema: type: array items: $ref: '#/definitions/LdapUsers' '401': description: User need to login first. '403': description: Only admin has this authority. '500': description: Unexpected internal errors. /ldap/users/import: post: summary: Import selected available ldap users. description: | This endpoint adds the selected available ldap users to harbor based on related configuration parameters from the system. System will try to guess the user email address and realname, add to harbor user information. If have errors when import user, will return the list of importing failed uid and the failed reason. parameters: - name: uid_list in: body description: The uid listed for importing. This list will check users validity of ldap service based on configuration from the system. required: true schema: $ref: '#/definitions/LdapImportUsers' tags: - Products responses: '200': description: Add ldap users successfully. '401': description: User need to login first. '403': description: Only admin has this authority. '404': description: Failed import some users. schema: type: array items: $ref: '#/definitions/LdapFailedImportUsers' '415': $ref: '#/responses/UnsupportedMediaType' /usergroups: get: summary: Get all user groups information description: Get all user groups information tags: - Products responses: '200': description: Get user group successfully. schema: type: array items: $ref: '#/definitions/UserGroup' '401': description: User need to log in first. '403': description: User in session does not have permission to the user group. '500': description: Unexpected internal errors. post: summary: Create user group description: Create user group information tags: - Products parameters: - name: usergroup in: body schema: $ref: '#/definitions/UserGroup' responses: '201': description: User group created successfully. '400': description: Invalid LDAP group DN. '401': description: User need to log in first. '403': description: User in session does not have permission to the user group. '409': description: A user group with same group name already exist, or an LDAP user group with same DN already exist. '500': description: Unexpected internal errors. '/usergroups/{group_id}': get: summary: Get user group information description: Get user group information tags: - Products parameters: - name: group_id in: path type: integer format: int64 required: true description: Group ID responses: '200': description: User group get successfully. schema: $ref: '#/definitions/UserGroup' '400': description: The user group id is invalid. '401': description: User need to log in first. '403': description: User in session does not have permission to the user group. '404': description: User group does not exist. '500': description: Unexpected internal errors. put: summary: Update group information description: Update user group information tags: - Products parameters: - name: group_id in: path type: integer format: int64 required: true description: Group ID - name: usergroup in: body required: false schema: $ref: '#/definitions/UserGroup' responses: '200': description: User group updated successfully. '400': description: The user group id is invalid. '401': description: User need to log in first. '403': description: Only admin has this authority. '404': description: User group does not exist. '500': description: Unexpected internal errors. delete: summary: Delete user group description: Delete user group tags: - Products parameters: - name: group_id type: integer in: path required: true responses: '200': description: User group deleted successfully. '400': description: The user group id is invalid. '401': description: User need to log in first. '403': description: Only admin has this authority. '500': description: Unexpected internal errors. /system/gc: get: summary: Get gc results. description: This endpoint let user get latest ten gc results. tags: - Products responses: '200': description: Get gc results successfully. schema: type: array items: $ref: '#/definitions/GCResult' '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. '/system/gc/{id}': get: summary: Get gc status. description: This endpoint let user get gc status filtered by specific ID. parameters: - name: id in: path type: integer format: int64 required: true description: Relevant job ID tags: - Products responses: '200': description: Get gc results successfully. schema: $ref: '#/definitions/GCResult' '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. '/system/gc/{id}/log': get: summary: Get gc job log. description: This endpoint let user get gc job logs filtered by specific ID. parameters: - name: id in: path type: integer format: int64 required: true description: Relevant job ID tags: - Products responses: '200': description: Get successfully. schema: type: string '400': description: Illegal format of provided ID value. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: The specific gc ID's log does not exist. '500': description: Unexpected internal errors. /system/gc/schedule: get: summary: Get gc's schedule. description: This endpoint is for get schedule of gc job. tags: - Products responses: '200': description: Get gc's schedule. schema: $ref: '#/definitions/AdminJobSchedule' '401': description: User need to log in first. '403': description: Only admin has this authority. '500': description: Unexpected internal errors. put: summary: Update gc's schedule. description: | This endpoint is for update gc schedule. parameters: - name: schedule in: body required: true schema: $ref: '#/definitions/AdminJobSchedule' description: Updates of gc's schedule. tags: - Products responses: '200': description: Updated gc's schedule successfully. '400': description: Invalid schedule type. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. post: summary: Create a gc schedule. description: | This endpoint is for update gc schedule. parameters: - name: schedule in: body required: true schema: $ref: '#/definitions/AdminJobSchedule' description: Updates of gc's schedule. tags: - Products responses: '200': description: GC schedule successfully. '400': description: Invalid schedule type. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '409': description: There is a "gc" job in progress, so the request cannot be served. '500': description: Unexpected internal errors. /system/scanAll/schedule: get: summary: Get scan_all's schedule. description: This endpoint is for getting a schedule for the scan all job, which scans all of images in Harbor. tags: - Products responses: '200': description: Get a schedule for the scan all job, which scans all of images in Harbor. schema: $ref: '#/definitions/AdminJobSchedule' '401': description: User need to log in first. '403': description: Only admin has this authority. '500': description: Unexpected internal errors. put: summary: Update scan all's schedule. description: | This endpoint is for updating the schedule of scan all job, which scans all of images in Harbor. parameters: - name: schedule in: body required: true schema: $ref: '#/definitions/AdminJobSchedule' description: Updates the schedule of scan all job, which scans all of images in Harbor. tags: - Products responses: '200': description: Updated scan_all's schedule successfully. '400': description: Invalid schedule type. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. post: summary: Create a schedule or a manual trigger for the scan all job. description: | This endpoint is for creating a schedule or a manual trigger for the scan all job, which scans all of images in Harbor. parameters: - name: schedule in: body required: true schema: $ref: '#/definitions/AdminJobSchedule' description: Create a schedule or a manual trigger for the scan all job. tags: - Products responses: '200': description: Updated scan_all's schedule successfully. '400': description: Invalid schedule type. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '409': description: There is a "scanall" job in progress, so the request cannot be served. '500': description: Unexpected internal errors. '503': description: Harbor is not deployed with Clair. /configurations: get: summary: Get system configurations. description: | This endpoint is for retrieving system configurations that only provides for admin user. tags: - Products responses: '200': description: Get system configurations successfully. The response body is a map. schema: $ref: '#/definitions/ConfigurationsResponse' '401': description: User need to log in first.ß '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. put: summary: Modify system configurations. description: | This endpoint is for modifying system configurations that only provides for admin user. tags: - Products parameters: - name: configurations in: body required: true schema: $ref: '#/definitions/Configurations' description: 'The configuration map can contain a subset of the attributes of the schema, which are to be updated.' responses: '200': description: Modify system configurations successfully. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. /email/ping: post: summary: Test connection and authentication with email server. description: | Test connection and authentication with email server. parameters: - name: settings in: body description: 'Email server settings, if some of the settings are not assigned, they will be read from system configuration.' required: false schema: $ref: '#/definitions/EmailServerSetting' tags: - Products responses: '200': description: Ping email server successfully. '400': description: Inviald email server settings. '401': description: User need to login first. '403': description: Only admin has this authority. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. /chartrepo/health: get: summary: Check the health of chart repository service. description: Check the health of chart repository service. tags: - Products - Chart Repository responses: '200': description: Health status of chart repository service is returned. schema: type: object properties: healthy: type: boolean '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' /chartrepo/{repo}/charts: get: summary: Get all the charts under the specified project description: Get all the charts under the specified project tags: - Products - Chart Repository parameters: - name: repo in: path type: string required: true description: The project name responses: '200': description: Searched for charts of project in Harbor successfully. schema: type: array items: $ref: '#/definitions/ChartInfoEntry' '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' post: summary: Upload a chart file to the specified project. description: 'Upload a chart file to the specified project. With this API, the corresponding provance file can be uploaded together with chart file at once.' tags: - Products - Chart Repository consumes: - multipart/form-data parameters: - name: repo in: path type: string required: true description: The project name - name: chart in: formData type: file required: true description: The chart file - name: prov in: formData type: file required: false description: The provance file responses: '201': description: The specified chart is successfully uploaded. '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' '507': $ref: '#/definitions/InsufficientStorageChartAPIError' /chartrepo/{repo}/charts/{name}: get: summary: Get all the versions of the specified chart description: Get all the versions of the specified chart tags: - Products - Chart Repository parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name responses: '200': description: Retrieved all versions of the specified chart schema: $ref: '#/definitions/ChartVersions' '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '404': $ref: '#/definitions/NotFoundChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' delete: summary: Delete all the versions of the specified chart description: Delete all the versions of the specified chart tags: - Products - Chart Repository parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name responses: '200': description: The specified chart entry is successfully deleted. '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' /chartrepo/{repo}/charts/{name}/{version}: get: summary: Get the specified chart version description: Get the specified chart version tags: - Products - Chart Repository parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name - name: version in: path type: string required: true description: The chart version responses: '200': description: Successfully retrieved the chart version schema: $ref: '#/definitions/ChartVersionDetails' '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '404': $ref: '#/definitions/NotFoundChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' delete: summary: Delete the specified chart version description: Delete the specified chart version tags: - Products - Chart Repository parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name - name: version in: path type: string required: true description: The chart version responses: '200': description: The specified chart entry is successfully deleted. '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '404': $ref: '#/definitions/NotFoundChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' /chartrepo/{repo}/prov: post: summary: Upload a provance file to the specified project. description: Upload a provance file to the specified project. The provance file should be targeted for an existing chart file. tags: - Products - Chart Repository consumes: - multipart/form-data parameters: - name: repo in: path type: string required: true description: The project name - name: prov in: formData type: file required: true description: The provance file responses: '201': description: The provance file is successfully uploaded. '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' '507': $ref: '#/definitions/InsufficientStorageChartAPIError' /chartrepo/charts: post: summary: Upload a chart file to the defult 'library' project. description: Upload a chart file to the default 'library' project. Uploading together with the prov file at the same time is also supported. tags: - Products - Chart Repository consumes: - multipart/form-data parameters: - name: chart in: formData type: file required: true description: The chart file - name: prov in: formData type: file required: false description: The provance file responses: '201': description: The specified chart is successfully uploaded. '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' '507': $ref: '#/definitions/InsufficientStorageChartAPIError' /chartrepo/{repo}/charts/{name}/{version}/labels: get: summary: Return the attahced labels of chart. description: Return the attahced labels of the specified chart version. tags: - Products - Chart Repository - Label parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name - name: version in: path type: string required: true description: The chart version responses: '200': $ref: '#/definitions/Labels' '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '404': $ref: '#/definitions/NotFoundChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' post: summary: Mark label to chart. description: Mark label to the specified chart version. tags: - Products - Chart Repository - Label parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name - name: version in: path type: string required: true description: The chart version - name: label in: body required: true schema: $ref: '#/definitions/Label' description: 'The label being marked to the chart version' responses: '200': description: The label is successfully marked to the chart version. '400': $ref: '#/definitions/BadRequestFormatedError' '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '404': $ref: '#/definitions/NotFoundChartAPIError' '409': $ref: '#/definitions/ConflictFormatedError' '500': $ref: '#/definitions/InternalChartAPIError' /chartrepo/{repo}/charts/{name}/{version}/labels/{id}: delete: summary: Remove label from chart. description: Remove label from the specified chart version. tags: - Products - Chart Repository - Label parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name - name: version in: path type: string required: true description: The chart version - name: id in: path type: integer required: true description: The label ID responses: '200': description: The label is successfully unmarked from the chart version. '400': $ref: '#/definitions/BadRequestFormatedError' '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '404': $ref: '#/definitions/NotFoundChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' '/projects/{project_id}/robots': get: summary: Get all robot accounts of specified project description: Get all robot accounts of specified project parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. tags: - Products - Robot Account responses: '200': description: Get project robot accounts successfully. schema: type: array items: $ref: '#/definitions/RobotAccount' '400': description: The project id is invalid. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. post: summary: Create a robot account for project description: Create a robot account for project tags: - Products - Robot Account parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: robot in: body description: Request body of creating a robot account. required: true schema: $ref: '#/definitions/RobotAccountCreate' responses: '201': description: Project member created successfully. schema: $ref: '#/definitions/RobotAccountPostRep' '400': description: Project id is not valid. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '409': description: An robot account with same name already exist in the project. '500': description: Unexpected internal errors. '/projects/{project_id}/robots/{robot_id}': get: summary: Return the infor of the specified robot account. description: Return the infor of the specified robot account. tags: - Products - Robot Account parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: robot_id in: path type: integer format: int64 required: true description: The ID of robot account. responses: '200': description: Robot account information. schema: $ref: '#/definitions/RobotAccount' '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: The robot account is not found. '500': description: Unexpected internal errors. put: summary: Update status of robot account. description: Used to disable/enable a specified robot account. tags: - Products - Robot Account parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: robot_id in: path type: integer format: int64 required: true description: The ID of robot account. - name: robot in: body description: Request body of enable/disable a robot account. required: true schema: $ref: '#/definitions/RobotAccountUpdate' responses: '200': description: Robot account has been modified success. '500': description: Unexpected internal errors. delete: summary: Delete the specified robot account description: Delete the specified robot account tags: - Products - Robot Account parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: robot_id in: path type: integer format: int64 required: true description: The ID of robot account. responses: '200': description: The specified robot account is successfully deleted. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: The robot account is not found. '500': description: Unexpected internal errors. '/system/oidc/ping': post: summary: Test the OIDC endpoint. description: Test the OIDC endpoint, the setting of the endpoint is provided in the request. This API can only be called by system admin. tags: - Products - System parameters: - name: endpoint in: body description: Request body for OIDC endpoint to be tested. required: true schema: type: object properties: url: type: string description: The URL of OIDC endpoint to be tested. verify_cert: type: boolean description: Whether the certificate should be verified responses: '200': description: Ping succeeded. The OIDC endpoint is valid. '400': description: The ping failed '401': description: User need to log in first. '403': description: User does not have permission to call this API '/system/CVEWhitelist': get: summary: Get the system level whitelist of CVE. description: Get the system level whitelist of CVE. This API can be called by all authenticated users. tags: - Products - System responses: '200': description: Successfully retrieved the CVE whitelist. schema: $ref: "#/definitions/CVEWhitelist" '401': description: User is not authenticated. '500': description: Unexpected internal errors. put: summary: Update the system level whitelist of CVE. description: This API overwrites the system level whitelist of CVE with the list in request body. Only system Admin has permission to call this API. tags: - Products - System parameters: - in: body name: whitelist description: The whitelist with new content schema: $ref: "#/definitions/CVEWhitelist" responses: '200': description: Successfully updated the CVE whitelist. '401': description: User is not authenticated. '403': description: User does not have permission to call this API. '500': description: Unexpected internal errors. responses: OK: description: 'Success' Created: description: 'Created' BadRequest: description: 'Bad Request' Unauthorized: description: 'Unauthorized' Forbidden: description: 'Forbidden' NotFound: description: 'Not Found' Conflict: description: 'Conflict' PreconditionFailed: description: 'Precondition Failed' UnsupportedMediaType: description: 'The Media Type of the request is not supported, it has to be "application/json"' InternalServerError: description: 'Internal Server Error' definitions: Search: type: object properties: project: description: Search results of the projects that matched the filter keywords. type: array items: $ref: '#/definitions/Project' repository: description: Search results of the repositories that matched the filter keywords. type: array items: $ref: '#/definitions/SearchRepository' chart: description: Search results of the charts that macthed the filter keywords. type: array items: $ref: '#/definitions/SearchResult' RetagReq: type: object properties: tag: description: new tag to be created type: string src_image: description: Source image to be retagged, e.g. 'stage/app:v1.0' type: string override: description: If target tag already exists, whether to override it type: boolean SearchRepository: type: object properties: project_id: type: integer description: The ID of the project that the repository belongs to project_name: type: string description: The name of the project that the repository belongs to project_public: type: boolean description: 'The flag to indicate the publicity of the project that the repository belongs to (1 is public, 0 is not)' repository_name: type: string description: The name of the repository pull_count: type: integer description: The count how many times the repository is pulled tags_count: type: integer description: The count of tags in the repository ProjectReq: type: object properties: project_name: type: string description: The name of the project. metadata: description: The metadata of the project. $ref: '#/definitions/ProjectMetadata' Project: type: object properties: project_id: type: integer format: int32 description: Project ID owner_id: type: integer format: int32 description: The owner ID of the project always means the creator of the project. name: type: string description: The name of the project. creation_time: type: string description: The creation time of the project. update_time: type: string description: The update time of the project. deleted: type: boolean description: A deletion mark of the project. owner_name: type: string description: The owner name of the project. togglable: type: boolean description: Correspond to the UI about whether the project's publicity is updatable (for UI) current_user_role_id: type: integer description: The role ID of the current user who triggered the API (for UI) repo_count: type: integer description: The number of the repositories under this project. chart_count: type: integer description: The total number of charts under this project. metadata: description: The metadata of the project. $ref: '#/definitions/ProjectMetadata' cve_whitelist: description: The CVE whitelist of this project. $ref: '#/definitions/CVEWhitelist' ProjectMetadata: type: object properties: public: type: string description: 'The public status of the project. The valid values are "true", "false".' enable_content_trust: type: string description: 'Whether content trust is enabled or not. If it is enabled, user cann''t pull unsigned images from this project. The valid values are "true", "false".' prevent_vul: type: string description: 'Whether prevent the vulnerable images from running. The valid values are "true", "false".' severity: type: string description: 'If the vulnerability is high than severity defined here, the images cann''t be pulled. The valid values are "negligible", "low", "medium", "high", "critical".' auto_scan: type: string description: 'Whether scan images automatically when pushing. The valid values are "true", "false".' Manifest: type: object properties: manifest: type: object description: The detail of manifest. config: type: string description: The config of the repository. User: type: object properties: user_id: type: integer format: int description: The ID of the user. username: type: string email: type: string password: type: string realname: type: string comment: type: string deleted: type: boolean role_name: type: string role_id: type: integer format: int has_admin_role: type: boolean reset_uuid: type: string Salt: type: string creation_time: type: string update_time: type: string UserSearch: type: object properties: user_id: type: integer format: int description: The ID of the user. username: type: string Password: type: object properties: old_password: type: string description: The user's existing password. new_password: type: string description: New password for marking as to be updated. AccessLog: type: object properties: log_id: type: integer description: The ID of the log entry. username: type: string description: Username of the user in this log entry. repo_name: type: string description: Name of the repository in this log entry. repo_tag: type: string description: Tag of the repository in this log entry. operation: type: string description: The operation against the repository in this log entry. op_time: type: string description: The time when this operation is triggered. Role: type: object properties: role_id: type: integer format: int32 description: ID in table. role_code: type: string description: Description of permissions for the role. role_name: type: string description: Name the the role. role_mask: type: string RoleParam: type: object properties: roles: type: array items: type: integer format: int32 description: Role ID for updating project role member. username: type: string description: Username relevant to a project role member. StatisticMap: type: object properties: private_project_count: type: integer format: int32 description: The count of the private projects which the user is a member of. private_repo_count: type: integer format: int32 description: The count of the private repositories belonging to the projects which the user is a member of. public_project_count: type: integer format: int32 description: The count of the public projects. public_repo_count: type: integer format: int32 description: The count of the public repositories belonging to the public projects which the user is a member of. total_project_count: type: integer format: int32 description: 'The count of the total projects, only be seen when the is admin.' total_repo_count: type: integer format: int32 description: 'The count of the total repositories, only be seen when the user is admin.' JobStatus: type: object properties: id: type: integer format: int64 description: The job ID. status: type: string description: The status of the job. repository: type: string description: The repository handled by the job. policy_id: type: integer format: int64 description: The ID of the policy that triggered this job. operation: type: string description: The operation of the job. tags: type: array description: The repository's used tag list. items: $ref: '#/definitions/Tags' creation_time: type: string description: The creation time of the job. update_time: type: string description: The update time of the job. Tags: type: object properties: tag: type: string description: The repository's used tag. ReplicationPolicy: type: object properties: id: type: integer format: int64 description: The policy ID. name: type: string description: The policy name. description: type: string description: The description of the policy. src_registry: description: The source registry. $ref: '#/definitions/Registry' dest_registry: description: The destination registry. $ref: '#/definitions/Registry' dest_namespace: type: string description: The destination namespace. trigger: $ref: '#/definitions/ReplicationTrigger' filters: type: array description: The replication policy filter array. items: $ref: '#/definitions/ReplicationFilter' deletion: type: boolean description: Whether to replicate the deletion operation. override: type: boolean description: Whether to override the resources on the destination registry. enabled: type: boolean description: Whether the policy is enabled or not. creation_time: type: string description: The create time of the policy. update_time: type: string description: The update time of the policy. ReplicationTrigger: type: object properties: type: type: string description: 'The replication policy trigger type. The valid values are manual, event_based and scheduled.' trigger_settings: $ref: '#/definitions/TriggerSettings' TriggerSettings: type: object properties: cron: type: string description: The cron string for scheduled trigger ReplicationFilter: type: object properties: type: type: string description: 'The replication policy filter type.' value: type: string description: 'The value of replication policy filter.' RegistryCredential: type: object properties: type: type: string description: Credential type, such as 'basic', 'oauth'. access_key: type: string description: Access key, e.g. user name when credential type is 'basic'. access_secret: type: string description: Access secret, e.g. password when credential type is 'basic'. Registry: type: object properties: id: type: integer format: int64 description: The registry ID. url: type: string description: The registry URL string. name: type: string description: The registry name. credential: $ref: '#/definitions/RegistryCredential' type: type: string description: Type of the registry, e.g. 'harbor'. insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the server. description: type: string description: Description of the registry. status: type: string description: Health status of the registry. creation_time: type: string description: The create time of the policy. update_time: type: string description: The update time of the policy. PingRegistry: type: object properties: id: type: integer description: The ID of the registry type: type: string description: Type of the registry, e.g. 'harbor'. url: type: string description: The registry address URL string. credential_type: type: string description: Credential type of the registry, e.g. 'basic'. access_key: type: string description: The registry access key. access_secret: type: string description: The registry access secret. insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the server. PutRegistry: type: object properties: name: type: string description: The registry name. description: type: string description: Description of the registry. url: type: string description: The registry address URL string. credential_type: type: string description: Credential type of the registry, e.g. 'basic'. access_key: type: string description: The registry access key. access_secret: type: string description: The registry access secret. insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the server. HasAdminRole: type: object properties: has_admin_role: type: boolean description: '1-has admin, 0-not.' UserProfile: type: object properties: email: type: string description: The new email. realname: type: string description: The new realname. comment: type: string description: The new comment. Storage: type: object properties: total: type: integer format: int64 description: Total volume size. free: type: integer format: int64 description: Free volume size. GeneralInfo: type: object properties: with_notary: type: boolean description: If the Harbor instance is deployed with nested notary. with_clair: type: boolean description: If the Harbor instance is deployed with nested clair. with_admiral: type: boolean description: If the Harbor instance is deployed with Admiral. admiral_endpoint: type: string description: The url of the endpoint of admiral instance. registry_url: type: string description: The url of registry against which the docker command should be issued. external_url: type: string description: The external URL of Harbor, with protocol. auth_mode: type: string description: The auth mode of current Harbor instance. project_creation_restriction: type: string description: 'Indicate who can create projects, it could be ''adminonly'' or ''everyone''.' self_registration: type: boolean description: Indicate whether the Harbor instance enable user to register himself. has_ca_root: type: boolean description: Indicate whether there is a ca root cert file ready for download in the file system. harbor_version: type: string description: The build version of Harbor. next_scan_all: type: integer description: 'The UTC time in milliseconds, after which user can call scanAll API to scan all images.' clair_vulnerability_status: type: object description: The status of vulnerability data of Clair. properties: overall_last_update: type: integer description: 'The UTC timestamp in milliseconds of last successful update for Clair vulnerability data, when all the updaters are successfully executed.' details: type: array description: Detail timestamp of different namespace. This is introduced to handle the case when some updaters are executed successfully and some not. items: $ref: '#/definitions/VulnNamespaceTimestamp' VulnNamespaceTimestamp: type: object properties: namespace: type: string description: The namespace of the Vulnerability last_update: type: integer description: The UTC timestamp in miliseconds of last successful update for vulnerability data. SystemInfo: type: object properties: storage: type: array description: The storage of system. items: $ref: '#/definitions/Storage' LdapConf: type: object properties: ldap_url: type: string description: The url of ldap service. ldap_search_dn: type: string description: The search dn of ldap service. ldap_search_password: type: string description: The search password of ldap service. ldap_base_dn: type: string description: The base dn of ldap service. ldap_filter: type: string description: The serach filter of ldap service. ldap_uid: type: string description: The serach uid from ldap service attributes. ldap_scope: type: integer format: int64 description: The serach scope of ldap service. ldap_connection_timeout: type: integer format: int64 description: The connect timeout of ldap service(second). LdapUsers: type: object properties: ldap_username: type: string description: search ldap user name based on ldapconf. ldap_realname: type: string description: system will try to guess the user realname form "uid" or "cn" attribute. ldap_email: type: string description: system will try to guess the user email address form "mail" or "email" attribute. LdapImportUsers: type: object properties: ldap_uid_list: type: array description: selected uid list items: type: string LdapFailedImportUsers: type: object properties: ldap_uid: type: string description: the uid can't add to system. error: type: string description: fail reason. EmailServerSetting: type: object properties: email_host: type: string description: The host of email server. email_port: type: integer description: The port of email server. email_username: type: string description: The username of email server. email_password: type: string description: The password of email server. email_ssl: type: boolean description: Use ssl/tls or not. email_identity: type: string description: The dentity of email server. RepoSignature: type: object properties: tag: type: string description: The tag of image. hashes: type: object description: The JSON object of the hash of the image. DetailedTag: type: object properties: digest: type: string description: The digest of the tag. name: type: string description: The name of the tag. size: type: integer description: The size of the image. architecture: type: string description: The architecture of the image. os: type: string description: The os of the image. docker_version: type: string description: The version of docker which builds the image. author: type: string description: The author of the image. created: type: string description: The build time of the image. signature: type: object description: 'The signature of image, defined by RepoSignature. If it is null, the image is unsigned.' scan_overview: type: object description: The overview of the scan result. This is an optional property. properties: digest: type: string description: The digest of the image. scan_status: type: string description: 'The status of the scan job, it can be "pendnig", "running", "finished", "error".' job_id: type: integer description: The ID of the job on jobservice to scan the image. severity: type: integer description: '0-Not scanned, 1-Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High' details_key: type: string description: 'The top layer name of this image in Clair, this is for calling Clair API to get the vulnerability list of this image.' components: type: object description: The components overview of the image. properties: total: type: integer description: Total number of the components in this image. summary: description: List of number of components of different severities. type: array items: $ref: '#/definitions/ComponentOverviewEntry' labels: type: array description: The label list. items: $ref: '#/definitions/Label' ComponentOverviewEntry: type: object properties: severity: type: integer description: '1-None/Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High' count: type: integer description: number of the components with certain severity. Repository: type: object properties: id: type: integer description: The ID of repository. name: type: string description: The name of repository. project_id: type: integer description: The project ID of repository. description: type: string description: The description of repository. pull_count: type: integer description: The pull count of repository. star_count: type: integer description: The star count of repository. tags_count: type: integer description: The tags count of repository. labels: type: array description: The label list. items: $ref: '#/definitions/Label' creation_time: type: string description: The creation time of repository. update_time: type: string description: The update time of repository. VulnerabilityItem: type: object properties: id: type: string description: 'ID of the vulnerability, normally it is the CVE ID' severity: type: integer description: '1-Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High' package: type: string description: The packge that introduces the vulnerability. version: type: string description: The version of the package. description: type: string description: The description of the vulnerability. fixedVersion: type: string description: 'The version which the vulnerability is fixed, this is an optional property.' Configurations: type: object properties: auth_mode: type: string description: 'The auth mode of current system, such as "db_auth", "ldap_auth"' email_from: type: string description: The sender name for Email notification. email_host: type: string description: The hostname of SMTP server that sends Email notification. email_port: type: integer description: The port of SMTP server. email_identity: type: string description: By default it's empty so the email_username is picked. email_username: type: string description: The username for authenticate against SMTP server. email_ssl: type: boolean description: 'When it''s set to true the system will access Email server via TLS by default. If it''s set to false, it still will handle "STARTTLS" from server side.' email_insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the email server. ldap_url: type: string description: The URL of LDAP server. ldap_base_dn: type: string description: The Base DN for LDAP binding. ldap_filter: type: string description: The filter for LDAP binding. ldap_scope: type: integer description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE' ldap_uid: type: string description: 'The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"' ldap_search_dn: type: string description: The DN of the user to do the search. ldap_timeout: type: integer description: timeout in seconds for connection to LDAP server. ldap_group_attribute_name: type: string description: 'The attribute which is used as identity of the LDAP group, default is cn.' ldap_group_base_dn: type: string description: The base DN to search LDAP group. ldap_group_search_filter: type: string description: The filter to search the ldap group. ldap_group_search_scope: type: integer description: 'The scope to search ldap. ''0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE''' ldap_group_admin_dn: type: string description: Specify the ldap group which have the same privilege with Harbor admin. project_creation_restriction: type: string description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly". read_only: type: boolean description: '''docker push'' is prohibited by Harbor if you set it to true. ' self_registration: type: boolean description: 'Whether the Harbor instance supports self-registration. If it''s set to false, admin need to add user to the instance.' token_expiration: type: integer description: 'The expiration time of the token for internal Registry, in minutes.' verify_remote_cert: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication. scan_all_policy: type: object properties: type: type: string description: 'The type of scan all policy, currently the valid values are "none" and "daily"' parameter: type: object properties: daily_time: type: integer description: 'The offest in seconds of UTC 0 o''clock, only valid when the policy type is "daily"' description: 'The parameters of the policy, the values are dependant on the type of the policy.' ConfigurationsResponse: type: object properties: auth_mode: $ref: '#/definitions/StringConfigItem' description: 'The auth mode of current system, such as "db_auth", "ldap_auth"' email_from: $ref: '#/definitions/StringConfigItem' description: The sender name for Email notification. email_host: $ref: '#/definitions/StringConfigItem' description: The hostname of SMTP server that sends Email notification. email_port: $ref: '#/definitions/IntegerConfigItem' description: The port of SMTP server. email_identity: $ref: '#/definitions/StringConfigItem' description: By default it's empty so the email_username is picked. email_username: $ref: '#/definitions/StringConfigItem' description: The username for authenticate against SMTP server. email_ssl: $ref: '#/definitions/BoolConfigItem' description: 'When it''s set to true the system will access Email server via TLS by default. If it''s set to false, it still will handle "STARTTLS" from server side.' email_insecure: $ref: '#/definitions/BoolConfigItem' description: Whether or not the certificate will be verified when Harbor tries to access the email server. ldap_url: $ref: '#/definitions/StringConfigItem' description: The URL of LDAP server. ldap_base_dn: $ref: '#/definitions/StringConfigItem' description: The Base DN for LDAP binding. ldap_filter: $ref: '#/definitions/StringConfigItem' description: The filter for LDAP binding. ldap_scope: type: integer description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE' ldap_uid: $ref: '#/definitions/StringConfigItem' description: 'The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"' ldap_search_dn: type: string description: The DN of the user to do the search. ldap_timeout: $ref: '#/definitions/IntegerConfigItem' description: timeout in seconds for connection to LDAP server. ldap_group_attribute_name: $ref: '#/definitions/StringConfigItem' description: 'The attribute which is used as identity of the LDAP group, default is cn.' ldap_group_base_dn: $ref: '#/definitions/StringConfigItem' description: The base DN to search LDAP group. ldap_group_search_filter: $ref: '#/definitions/StringConfigItem' description: The filter to search the ldap group. ldap_group_search_scope: $ref: '#/definitions/IntegerConfigItem' description: 'The scope to search ldap. ''0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE''' ldap_group_admin_dn: $ref: '#/definitions/StringConfigItem' description: Specify the ldap group which have the same privilege with Harbor admin. project_creation_restriction: $ref: '#/definitions/StringConfigItem' description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly". read_only: $ref: '#/definitions/BoolConfigItem' description: '''docker push'' is prohibited by Harbor if you set it to true. ' self_registration: $ref: '#/definitions/BoolConfigItem' description: 'Whether the Harbor instance supports self-registration. If it''s set to false, admin need to add user to the instance.' token_expiration: $ref: '#/definitions/IntegerConfigItem' description: 'The expiration time of the token for internal Registry, in minutes.' verify_remote_cert: $ref: '#/definitions/BoolConfigItem' description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication. scan_all_policy: type: object properties: type: type: string description: 'The type of scan all policy, currently the valid values are "none" and "daily"' parameter: type: object properties: daily_time: type: integer description: 'The offest in seconds of UTC 0 o''clock, only valid when the policy type is "daily"' description: 'The parameters of the policy, the values are dependant on the type of the policy.' RepositoryDescription: type: object properties: description: type: string description: The description of the repository. Label: type: object properties: id: type: integer description: The ID of label. name: type: string description: The name of label. description: type: string description: The description of label. color: type: string description: The color of label. scope: type: string description: 'The scope of label, g for global labels and p for project labels.' project_id: type: integer description: The project ID if the label is a project label. creation_time: type: string description: The creation time of label. update_time: type: string description: The update time of label. deleted: type: boolean description: The label is deleted or not. ProjectMemberEntity: type: object properties: id: type: integer description: the project member id project_id: type: integer description: the project id entity_name: type: string description: the name of the group member. role_name: type: string description: the name of the role role_id: type: integer description: the role id entity_id: type: integer description: 'the id of entity, if the member is an user, it is user_id in user table. if the member is an user group, it is the user group''s ID in user_group table.' entity_type: type: string description: 'the entity''s type, u for user entity, g for group entity.' ProjectMember: type: object properties: role_id: type: integer description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for master' member_user: $ref: '#/definitions/UserEntity' member_group: $ref: '#/definitions/UserGroup' RoleRequest: type: object properties: role_id: type: integer description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for master' UserEntity: type: object properties: user_id: type: integer description: The ID of the user. username: type: string description: The name of the user. UserGroup: type: object properties: id: type: integer description: The ID of the user group group_name: type: string description: The name of the user group group_type: type: integer description: 'The group type, 1 for LDAP group, 2 for HTTP group.' ldap_group_dn: type: string description: The DN of the LDAP group if group type is 1 (LDAP group). Resource: type: object properties: replication_policies: type: array description: The replication policy list. items: $ref: '#/definitions/ReplicationPolicy' StringConfigItem: type: object properties: value: type: string description: The string value of current config item editable: type: boolean description: The configure item can be updated or not BoolConfigItem: type: object properties: value: type: boolean description: The boolean value of current config item editable: type: boolean description: The configure item can be updated or not IntegerConfigItem: type: object properties: value: type: integer description: The integer value of current config item editable: type: boolean description: The configure item can be updated or not ChartAPIError: description: The error object returned by chart repository API type: object required: - error properties: error: type: string description: The error message returned by the chart API UnauthorizedChartAPIError: description: Unauthorized type: object allOf: - $ref: '#/definitions/ChartAPIError' ForbiddenChartAPIError: description: Operation is forbidden type: object allOf: - $ref: '#/definitions/ChartAPIError' InternalChartAPIError: description: Internal server error occurred type: object allOf: - $ref: '#/definitions/ChartAPIError' NotFoundChartAPIError: description: Not found type: object allOf: - $ref: '#/definitions/ChartAPIError' InsufficientStorageChartAPIError: description: Insufficient storage type: object allOf: - $ref: '#/definitions/ChartAPIError' BadRequestFormatedError: description: Bad request type: object allOf: - $ref: '#/definitions/ChartAPIError' ConflictFormatedError: description: Conflicts type: object allOf: - $ref: '#/definitions/ChartAPIError' ChartInfoEntry: type: object description: The object contains basic chart information required: - name - total_versions - created properties: name: type: string description: Name of chart total_versions: type: integer description: Total count of chart versions latest_version: type: string description: latest version of chart created: type: string description: The created time of chart updated: type: string description: The created time of chart icon: type: string description: The icon path of chart home: type: string description: The home website of chart deprecated: type: boolean description: Flag to indicate if the chart is deprecated ChartInfoList: type: array description: The chart list under the project items: $ref: '#/definitions/ChartInfoEntry' ChartMetadata: type: object description: The metadata of chart version required: - name - version - engine - icon - apiVersion - appVersion properties: name: type: string description: The name of the chart home: type: string description: The URL to the relevant project page sources: type: array description: The URL to the source code of chart items: type: string version: type: string description: A SemVer 2 version of chart description: type: string description: A one-sentence description of chart keywords: type: array description: A list of string keywords items: type: string engine: type: string description: The name of template engine icon: type: string description: The URL to an icon file apiVersion: type: string description: The API version of this chart appVersion: type: string description: The version of the application enclosed in the chart deprecated: type: boolean description: Whether or not this chart is deprecated ChartVersion: type: object description: A specified chart entry allOf: - $ref: '#/definitions/ChartMetadata' - type: object properties: created: type: string description: The created time of the chart entry removed: type: boolean description: A flag to indicate if the chart entry is removed digest: type: string description: The digest value of the chart entry urls: type: array description: The urls of the chart entry items: type: string properties: labels: $ref: '#/definitions/Labels' ChartVersions: type: array description: A list of chart entry items: $ref: '#/definitions/ChartVersion' DigitalSignature: type: object description: The signature of the chart properties: signed: type: boolean description: A flag to indicate if the chart is signed prov_file: type: string description: The URL of the provance file SecurityReport: type: object description: The security information of the chart properties: signature: $ref: '#/definitions/DigitalSignature' Dependency: type: object description: Another chart the chart depends on required: - name - version properties: name: type: string description: The name of the chart denpendency version: type: string description: The version of the chart dependency repository: type: string description: The URL to the repository ChartVersionDetails: type: object description: The detailed information of the chart entry properties: metadata: $ref: '#/definitions/ChartVersion' security: $ref: '#/definitions/SecurityReport' dependencies: type: array items: $ref: '#/definitions/Dependency' values: type: object additionalProperties: type: object files: type: object additionalProperties: type: string labels: $ref: '#/definitions/Labels' GCResult: type: object properties: id: type: integer description: the id of gc job. job_name: type: string description: the job name of gc job. job_kind: type: string description: the job kind of gc job. schedule: $ref: '#/definitions/AdminJobScheduleObj' job_status: type: string description: the status of gc job. deleted: type: boolean description: if gc job was deleted. creation_time: type: string description: the creation time of gc job. update_time: type: string description: the update time of gc job. AdminJobSchedule: type: object properties: schedule: $ref: '#/definitions/AdminJobScheduleObj' AdminJobScheduleObj: type: object properties: type: type: string description: The schedule type. The valid values are hourly, daily, weekly, custom and None. 'None' means to cancel the schedule. cron: type: string description: A cron expression, a time-based job scheduler. SearchResult: type: object description: The chart search result item properties: name: type: string description: The chart name with repo name score: type: integer description: The matched level chart: $ref: '#/definitions/ChartVersion' Labels: type: array description: A list of label items: $ref: '#/definitions/Label' OverallHealthStatus: type: object description: The system health status properties: status: type: string description: The overall health status. It is "healthy" only when all the components' status are "healthy" components: type: array items: $ref: '#/definitions/ComponentHealthStatus' ComponentHealthStatus: type: object description: The health status of component properties: name: type: string description: The component name status: type: string description: The health status of component error: type: string description: (optional) The error message when the status is "unhealthy" RobotAccount: type: object description: The object of robot account properties: id: type: integer description: The id of robot account name: type: string description: The name of robot account description: type: string description: The description of robot account expires_at: type: integer description: The expiration of robot account (in seconds) project_id: type: integer description: The project id of robot account disabled: type: boolean description: The robot account is disable or enable creation_time: type: string description: The creation time of the robot account update_time: type: string description: The update time of the robot account RobotAccountCreate: type: object properties: name: type: string description: The name of robot account description: type: string description: The description of robot account access: type: array description: The permission of robot account items: $ref: '#/definitions/RobotAccountAccess' RobotAccountPostRep: type: object properties: name: type: string description: the name of robot account token: type: string description: the token of robot account RobotAccountAccess: type: object properties: resource: type: string description: the resource of harbor action: type: string description: the action to resource that perdefined in harbor rbac RobotAccountUpdate: type: object properties: disabled: type: boolean description: The robot account is disable or enable Permission: type: object description: The permission properties: resource: type: string description: The permission resoruce action: type: string description: The permission action RegistryInfo: type: object description: The registry info contains the base info and capability declarations of the registry properties: type: type: string description: The registry type description: type: string description: The description supported_resource_filters: type: array description: The filters that the registry supports items: $ref: '#/definitions/FilterStyle' supported_triggers: type: array description: The triggers that the registry supports items: type: string FilterStyle: type: object description: The style of the resource filter properties: type: type: string description: The filter type style: type: string description: The filter style values: type: array description: The filter values items: type: string ReplicationExecution: type: object description: The replication execution properties: id: type: integer description: The ID policy_id: type: integer description: The policy ID status: type: string description: The status status_text: type: string description: The status text trigger: type: string description: The trigger mode total: type: integer description: The total count of all tasks failed: type: integer description: The count of failed tasks succeed: type: integer description: The count of succeed tasks in_progress: type: integer description: The count of in_progress tasks stopped: type: integer description: The count of stopped tasks start_time: type: string description: The start time end_time: type: string description: The end time ReplicationTask: type: object description: The replication task properties: id: type: integer description: The ID execution_id: type: integer description: The execution ID resource_type: type: string description: The resource type src_resource: type: string description: The source resource dst_resource: type: string description: The destination resource job_id: type: string description: The job ID status: type: string description: The status start_time: type: string description: The start time end_time: type: string description: The end time Namespace: type: object description: The namespace of registry properties: name: type: string description: The name of namespace metadata: type: object description: The metadata of namespace CVEWhitelist: type: object description: The CVE Whitelist for system or project properties: id: type: integer description: ID of the whitelist project_id: type: integer description: ID of the project which the whitelist belongs to. For system level whitelist this attribute is zero. expires_at: type: integer description: the time for expiration of the whitelist, in the form of seconds since epoch. This is an optional attribute, if it's not set the CVE whitelist does not expire. items: type: array items: $ref: "#/definitions/CVEWhitelistItem" CVEWhitelistItem: type: object description: The item in CVE whitelist properties: cve_id: type: string description: The ID of the CVE, such as "CVE-2019-10164"