swagger: '2.0' info: title: Harbor API description: These APIs provide services for manipulating Harbor project. version: '2.0' host: localhost schemes: - http - https basePath: /api/v2.0 produces: - application/json - text/plain consumes: - application/json securityDefinitions: basicAuth: type: basic security: - basicAuth: [] paths: /health: get: summary: 'Health check API' description: | The endpoint returns the health stauts of the system. tags: - Products responses: '200': description: The system health status. schema: $ref: '#/definitions/OverallHealthStatus' '/projects/{project_id}/metadatas': get: summary: Get project metadata. description: | This endpoint returns metadata of the project specified by project ID. parameters: - name: project_id in: path description: The ID of project. required: true type: integer format: int64 tags: - Products responses: '200': description: Get metadata successfully. schema: $ref: '#/definitions/ProjectMetadata' '401': description: User need to login first. '500': description: Internal server errors. post: summary: Add metadata for the project. description: | This endpoint is aimed to add metadata of a project. parameters: - name: project_id in: path type: integer format: int64 required: true description: Selected project ID. - name: metadata in: body required: true schema: $ref: '#/definitions/ProjectMetadata' description: The metadata of project. tags: - Products responses: '200': description: Add metadata successfully. '400': description: Invalid request. '401': description: User need to log in first. '403': description: User does not have permission to the project. '404': description: Project ID does not exist. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Internal server errors. '/projects/{project_id}/metadatas/{meta_name}': get: summary: Get project metadata description: | This endpoint returns specified metadata of a project. parameters: - name: project_id in: path description: Project ID for filtering results. required: true type: integer format: int64 - name: meta_name in: path description: The name of metadat. required: true type: string tags: - Products responses: '200': description: Get metadata successfully. schema: $ref: '#/definitions/ProjectMetadata' '401': description: User need to log in first. '500': description: Internal server errors. put: summary: Update metadata of a project. description: | This endpoint is aimed to update the metadata of a project. parameters: - name: project_id in: path type: integer format: int64 required: true description: The ID of project. - name: meta_name in: path description: The name of metadat. required: true type: string tags: - Products responses: '200': description: Updated metadata successfully. '400': description: Invalid request. '401': description: User need to log in first. '403': description: User does not have permission to the project. '404': description: Project or metadata does not exist. '500': description: Internal server errors. delete: summary: Delete metadata of a project description: | This endpoint is aimed to delete metadata of a project. parameters: - name: project_id in: path description: The ID of project. required: true type: integer format: int64 - name: meta_name in: path description: The name of metadat. required: true type: string tags: - Products responses: '200': description: Metadata is deleted successfully. '400': description: Invalid requst. '403': description: User need to log in first. '404': description: Project or metadata does not exist. '500': description: Internal server errors. '/projects/{project_id}/members': get: summary: Get all project member information description: Get all project member information parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: entityname in: query type: string description: The entity name to search. tags: - Products responses: '200': description: Get project members successfully. schema: type: array items: $ref: '#/definitions/ProjectMemberEntity' '400': description: The project id is invalid. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project ID does not exist. '500': description: Unexpected internal errors. post: summary: Create project member description: 'Create project member relationship, the member can be one of the user_member and group_member, The user_member need to specify user_id or username. If the user already exist in harbor DB, specify the user_id, If does not exist in harbor DB, it will SearchAndOnBoard the user. The group_member need to specify id or ldap_group_dn. If the group already exist in harbor DB. specify the user group''s id, If does not exist, it will SearchAndOnBoard the group. ' tags: - Products parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: project_member in: body schema: $ref: '#/definitions/ProjectMember' responses: '201': description: Project member created successfully. headers: Location: type: string description: The URL of the created resource '400': description: 'Illegal format of project member or project id is invalid, or LDAP DN is invalid.' '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '409': description: A user group with same group name already exist or an LDAP user group with same DN already exist. '500': description: Unexpected internal errors. '/projects/{project_id}/members/{mid}': get: summary: Get the project member information description: Get the project member information tags: - Products parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: mid in: path type: integer format: int64 required: true description: The member ID responses: '200': description: Project member retrieved successfully. schema: $ref: '#/definitions/ProjectMemberEntity' '400': description: 'Illegal format of project member or invalid project id, member id.' '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: Project or projet member does not exist. '500': description: Unexpected internal errors. put: summary: Update project member description: Update project member relationship tags: - Products parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: mid in: path type: integer format: int64 required: true description: Member ID. - name: role in: body schema: $ref: '#/definitions/RoleRequest' responses: '200': description: Project member updated successfully. '400': description: 'Invalid role id, it should be 1,2 or 3, or invalid project id, or invalid member id.' '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '404': description: project or project member does not exist. '500': description: Unexpected internal errors. delete: summary: Delete project member tags: - Products parameters: - name: project_id in: path type: integer format: int64 required: true description: Relevant project ID. - name: mid in: path type: integer format: int64 required: true description: Member ID. responses: '200': description: Project member deleted successfully. '400': description: The project id or project member id is invalid. '401': description: User need to log in first. '403': description: User in session does not have permission to the project. '500': description: Unexpected internal errors. /statistics: get: summary: Get projects number and repositories number relevant to the user description: | This endpoint is aimed to statistic all of the projects number and repositories number relevant to the logined user, also the public projects number and repositories number. If the user is admin, he can also get total projects number and total repositories number. tags: - Products responses: '200': description: Get the projects number and repositories number relevant to the user successfully. schema: $ref: '#/definitions/StatisticMap' '401': description: User need to log in first. '500': description: Unexpected internal errors. /users: get: summary: Get registered users of Harbor. description: | This endpoint is for user to search registered users, support for filtering results with username.Notice, by now this operation is only for administrator. parameters: - name: username in: query type: string required: false description: Username for filtering results. - name: email in: query type: string required: false description: Email for filtering results. - name: page in: query type: integer format: int32 required: false description: 'The page number, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: The size of per page. tags: - Products responses: '200': description: Searched for users of Harbor successfully. schema: type: array items: $ref: '#/definitions/User' headers: X-Total-Count: description: The total count of available items type: integer Link: description: Link to previous page and next page type: string '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. post: summary: Creates a new user account. description: | This endpoint is to create a user if the user does not already exist. parameters: - name: user in: body description: New created user. required: true schema: $ref: '#/definitions/User' tags: - Products responses: '201': description: User created successfully. headers: Location: type: string description: The URL of the created resource '400': description: Unsatisfied with constraints of the user creation. '403': description: User registration can only be used by admin role user when self-registration is off. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. /users/current: get: summary: Get current user info. description: | This endpoint is to get the current user information. tags: - Products responses: '200': description: Get current user information successfully. schema: $ref: '#/definitions/User' '401': description: User need to log in first. /users/current/permissions: get: summary: Get current user permissions. description: | This endpoint is to get the current user permissions. parameters: - name: scope in: query type: string required: false description: Get permissions of the scope - name: relative in: query type: boolean required: false description: | If true, the resources in the response are relative to the scope, eg for resource '/project/1/repository' if relative is 'true' then the resource in response will be 'repository'. tags: - Products responses: '200': description: Get current user permission successfully. schema: type: array items: $ref: '#/definitions/Permission' '401': description: User need to log in first. '500': description: Internal errors. /users/search: get: summary: Search users by username description: | This endpoint is to search the users by username. parameters: - name: username in: query type: string required: true description: Username for filtering results. - name: page in: query type: integer format: int32 required: false description: 'The page number, default is 1.' - name: page_size in: query type: integer format: int32 required: false description: The size of per page. tags: - Products responses: '200': description: Search users by username, email successfully. schema: type: array items: $ref: '#/definitions/UserSearch' headers: X-Total-Count: description: The total count of available items type: integer Link: description: Link to previous page and next page type: string '500': description: Unexpected internal errors. '/users/{user_id}': get: summary: Get a user's profile. description: | Get user's profile with user id. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID tags: - Products responses: '200': description: Get user's profile successfully. schema: $ref: '#/definitions/User' '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. put: summary: Update a registered user to change his profile. description: | This endpoint let a registered user change his profile. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID - name: profile in: body description: 'Only email, realname and comment can be modified.' required: true schema: $ref: '#/definitions/UserProfile' tags: - Products responses: '200': description: Updated user's profile successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. delete: summary: Mark a registered user as be removed. description: | This endpoint let administrator of Harbor mark a registered user as be removed.It actually won't be deleted from DB. parameters: - name: user_id in: path type: integer format: int required: true description: User ID for marking as to be removed. tags: - Products responses: '200': description: Marked user as be removed successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. '/users/{user_id}/password': put: summary: Change the password on a user that already exists. description: | This endpoint is for user to update password. Users with the admin role can change any user's password. Guest users can change only their own password. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID. - name: password in: body description: Password to be updated, the attribute 'old_password' is optional when the API is called by the system administrator. required: true schema: $ref: '#/definitions/Password' tags: - Products responses: '200': description: Updated password successfully. '400': description: Invalid user ID; Old password is blank; New password is blank. '401': description: Don't have authority to change password. Please check login status. '403': description: The caller does not have permission to update the password of the user with given ID, or the old password in request body is not correct. '500': description: Unexpected internal errors. '/users/{user_id}/sysadmin': put: summary: Update a registered user to change to be an administrator of Harbor. description: | This endpoint let a registered user change to be an administrator of Harbor. parameters: - name: user_id in: path type: integer format: int required: true description: Registered user ID - name: sysadmin_flag in: body description: Toggle a user to admin or not. required: true schema: $ref: '#/definitions/SysAdminFlag' tags: - Products responses: '200': description: Updated user's admin role successfully. '400': description: Invalid user ID. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '404': description: User ID does not exist. '500': description: Unexpected internal errors. '/users/{user_id}/cli_secret': put: summary: Set CLI secret for a user. description: | This endpoint let user generate a new CLI secret for himself. This API only works when auth mode is set to 'OIDC'. Once this API returns with successful status, the old secret will be invalid, as there will be only one CLI secret for a user. parameters: - name: user_id in: path type: integer format: int required: true description: User ID - name: input_secret in: body description: JSON object that includes the new secret required: true schema: type: object properties: secret: type: string description: The new secret tags: - Products responses: '200': description: The secret is successfully updated '400': description: Invalid user ID. Or user is not onboarded via OIDC authentication. Or the secret does not meet the standard. '401': description: User need to log in first. '403': description: Non-admin user can only generate the cli secret of himself. '404': description: User ID does not exist. '412': description: The auth mode of the system is not "oidc_auth", or the user is not onboarded via OIDC AuthN. '500': description: Unexpected internal errors. /labels: get: summary: List labels according to the query strings. description: | This endpoint let user list labels by name, scope and project_id parameters: - name: name in: query type: string required: false description: The label name. - name: scope in: query type: string required: true description: The label scope. Valid values are g and p. g for global labels and p for project labels. - name: project_id in: query type: integer format: int64 required: false description: 'Relevant project ID, required when scope is p.' - name: page in: query type: integer format: int32 required: false description: The page number. - name: page_size in: query type: integer format: int32 required: false description: The size of per page. tags: - Products responses: '200': description: Get successfully. schema: type: array items: $ref: '#/definitions/Label' headers: X-Total-Count: description: The total count of available items type: integer Link: description: Link to previous page and next page type: string '400': description: Invalid parameters. '401': description: User need to log in first. '500': description: Unexpected internal errors. post: summary: Post creates a label description: | This endpoint let user creates a label. parameters: - name: label in: body description: The json object of label. required: true schema: $ref: '#/definitions/Label' tags: - Products responses: '201': description: Create successfully. headers: Location: type: string description: The URL of the created resource '400': description: Invalid parameters. '401': description: User need to log in first. '409': description: Label with the same name and same scope already exists. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. '/labels/{id}': get: summary: Get the label specified by ID. description: | This endpoint let user get the label by specific ID. parameters: - name: id in: path type: integer format: int64 required: true description: Label ID tags: - Products responses: '200': description: Get successfully. schema: $ref: '#/definitions/Label' '401': description: User need to log in first. '404': description: The resource does not exist. '500': description: Unexpected internal errors. put: summary: Update the label properties. description: | This endpoint let user update label properties. parameters: - name: id in: path type: integer format: int64 required: true description: Label ID - name: label in: body description: The updated label json object. required: true schema: $ref: '#/definitions/Label' tags: - Products responses: '200': description: Update successfully. '400': description: Invalid parameters. '401': description: User need to log in first. '404': description: The resource does not exist. '409': description: The label with the same name already exists. '500': description: Unexpected internal errors. delete: summary: Delete the label specified by ID. description: | Delete the label specified by ID. parameters: - name: id in: path type: integer format: int64 required: true description: Label ID tags: - Products responses: '200': description: Delete successfully. '400': description: Invalid parameters. '401': description: User need to log in first. '404': description: The resource does not exist. '500': description: Unexpected internal errors. /usergroups: get: summary: Get all user groups information description: Get all user groups information tags: - Products responses: '200': description: Get user group successfully. schema: type: array items: $ref: '#/definitions/UserGroup' '401': description: User need to log in first. '403': description: User in session does not have permission to the user group. '500': description: Unexpected internal errors. post: summary: Create user group description: Create user group information tags: - Products parameters: - name: usergroup in: body schema: $ref: '#/definitions/UserGroup' responses: '201': description: User group created successfully. headers: Location: type: string description: The URL of the created resource '400': description: Invalid LDAP group DN. '401': description: User need to log in first. '403': description: User in session does not have permission to the user group. '409': description: A user group with same group name already exist, or an LDAP user group with same DN already exist. '500': description: Unexpected internal errors. '/usergroups/{group_id}': get: summary: Get user group information description: Get user group information tags: - Products parameters: - name: group_id in: path type: integer format: int64 required: true description: Group ID responses: '200': description: User group get successfully. schema: $ref: '#/definitions/UserGroup' '400': description: The user group id is invalid. '401': description: User need to log in first. '403': description: User in session does not have permission to the user group. '404': description: User group does not exist. '500': description: Unexpected internal errors. put: summary: Update group information description: Update user group information tags: - Products parameters: - name: group_id in: path type: integer format: int64 required: true description: Group ID - name: usergroup in: body required: false schema: $ref: '#/definitions/UserGroup' responses: '200': description: User group updated successfully. '400': description: The user group id is invalid. '401': description: User need to log in first. '403': description: Only admin has this authority. '404': description: User group does not exist. '500': description: Unexpected internal errors. delete: summary: Delete user group description: Delete user group tags: - Products parameters: - name: group_id type: integer in: path required: true responses: '200': description: User group deleted successfully. '400': description: The user group id is invalid. '401': description: User need to log in first. '403': description: Only admin has this authority. '500': description: Unexpected internal errors. /configurations: get: summary: Get system configurations. description: | This endpoint is for retrieving system configurations that only provides for admin user. tags: - Products responses: '200': description: Get system configurations successfully. The response body is a map. schema: $ref: '#/definitions/ConfigurationsResponse' '401': description: User need to log in first.ß '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. put: summary: Modify system configurations. description: | This endpoint is for modifying system configurations that only provides for admin user. tags: - Products parameters: - name: configurations in: body required: true schema: $ref: '#/definitions/Configurations' description: 'The configuration map can contain a subset of the attributes of the schema, which are to be updated.' responses: '200': description: Modify system configurations successfully. '401': description: User need to log in first. '403': description: User does not have permission of admin role. '500': description: Unexpected internal errors. /email/ping: post: summary: Test connection and authentication with email server. description: | Test connection and authentication with email server. parameters: - name: settings in: body description: 'Email server settings, if some of the settings are not assigned, they will be read from system configuration.' required: false schema: $ref: '#/definitions/EmailServerSetting' tags: - Products responses: '200': description: Ping email server successfully. '400': description: Inviald email server settings. '401': description: User need to login first. '403': description: Only admin has this authority. '415': $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. /chartrepo/{repo}/charts/{name}/{version}/labels: get: summary: Return the attahced labels of chart. description: Return the attahced labels of the specified chart version. tags: - Products - Chart Repository - Label parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name - name: version in: path type: string required: true description: The chart version responses: '200': $ref: '#/definitions/Labels' '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '404': $ref: '#/definitions/NotFoundChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' post: summary: Mark label to chart. description: Mark label to the specified chart version. tags: - Products - Chart Repository - Label parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name - name: version in: path type: string required: true description: The chart version - name: label in: body required: true schema: $ref: '#/definitions/Label' description: 'The label being marked to the chart version' responses: '200': description: The label is successfully marked to the chart version. '400': $ref: '#/definitions/BadRequestFormatedError' '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '404': $ref: '#/definitions/NotFoundChartAPIError' '409': $ref: '#/definitions/ConflictFormatedError' '500': $ref: '#/definitions/InternalChartAPIError' /chartrepo/{repo}/charts/{name}/{version}/labels/{id}: delete: summary: Remove label from chart. description: Remove label from the specified chart version. tags: - Products - Chart Repository - Label parameters: - name: repo in: path type: string required: true description: The project name - name: name in: path type: string required: true description: The chart name - name: version in: path type: string required: true description: The chart version - name: id in: path type: integer required: true description: The label ID responses: '200': description: The label is successfully unmarked from the chart version. '400': $ref: '#/definitions/BadRequestFormatedError' '401': $ref: '#/definitions/UnauthorizedChartAPIError' '403': $ref: '#/definitions/ForbiddenChartAPIError' '404': $ref: '#/definitions/NotFoundChartAPIError' '500': $ref: '#/definitions/InternalChartAPIError' '/system/CVEAllowlist': get: summary: Get the system level allowlist of CVE. description: Get the system level allowlist of CVE. This API can be called by all authenticated users. tags: - Products - System responses: '200': description: Successfully retrieved the CVE allowlist. schema: $ref: "#/definitions/CVEAllowlist" '401': description: User is not authenticated. '500': description: Unexpected internal errors. put: summary: Update the system level allowlist of CVE. description: This API overwrites the system level allowlist of CVE with the list in request body. Only system Admin has permission to call this API. tags: - Products - System parameters: - in: body name: allowlist description: The allowlist with new content schema: $ref: "#/definitions/CVEAllowlist" responses: '200': description: Successfully updated the CVE allowlist. '401': description: User is not authenticated. '403': description: User does not have permission to call this API. '500': description: Unexpected internal errors. responses: OK: description: 'Success' Created: description: 'Created' headers: Location: type: string description: The URL of the created resource BadRequest: description: 'Bad Request' Unauthorized: description: 'Unauthorized' Forbidden: description: 'Forbidden' NotFound: description: 'Not Found' Conflict: description: 'Conflict' PreconditionFailed: description: 'Precondition Failed' UnsupportedMediaType: description: 'The Media Type of the request is not supported, it has to be "application/json"' InternalServerError: description: 'Internal Server Error' definitions: ProjectMetadata: type: object properties: public: type: string description: 'The public status of the project. The valid values are "true", "false".' enable_content_trust: type: string description: 'Whether content trust is enabled or not. If it is enabled, user can''t pull unsigned images from this project. The valid values are "true", "false".' prevent_vul: type: string description: 'Whether prevent the vulnerable images from running. The valid values are "true", "false".' severity: type: string description: 'If the vulnerability is high than severity defined here, the images can''t be pulled. The valid values are "none", "low", "medium", "high", "critical".' auto_scan: type: string description: 'Whether scan images automatically when pushing. The valid values are "true", "false".' reuse_sys_cve_allowlist: type: string description: 'Whether this project reuse the system level CVE allowlist as the allowlist of its own. The valid values are "true", "false". If it is set to "true" the actual allowlist associate with this project, if any, will be ignored.' User: type: object properties: user_id: type: integer format: int description: The ID of the user. username: type: string email: type: string password: type: string realname: type: string comment: type: string deleted: type: boolean role_name: type: string role_id: type: integer format: int sysadmin_flag: type: boolean admin_role_in_auth: type: boolean description: indicate the admin privilege is grant by authenticator (LDAP), is always false unless it is the current login user reset_uuid: type: string Salt: type: string creation_time: type: string update_time: type: string UserSearch: type: object properties: user_id: type: integer format: int description: The ID of the user. username: type: string Password: type: object properties: old_password: type: string description: The user's existing password. new_password: type: string description: New password for marking as to be updated. Role: type: object properties: role_id: type: integer format: int32 description: ID in table. role_code: type: string description: Description of permissions for the role. role_name: type: string description: Name the the role. role_mask: type: string RoleParam: type: object properties: roles: type: array items: type: integer format: int32 description: Role ID for updating project role member. username: type: string description: Username relevant to a project role member. StatisticMap: type: object properties: private_project_count: type: integer format: int32 description: The count of the private projects which the user is a member of. private_repo_count: type: integer format: int32 description: The count of the private repositories belonging to the projects which the user is a member of. public_project_count: type: integer format: int32 description: The count of the public projects. public_repo_count: type: integer format: int32 description: The count of the public repositories belonging to the public projects which the user is a member of. total_project_count: type: integer format: int32 description: 'The count of the total projects, only be seen when the is admin.' total_repo_count: type: integer format: int32 description: 'The count of the total repositories, only be seen when the user is admin.' SysAdminFlag: type: object properties: sysadmin_flag: type: boolean description: 'true-admin, false-not admin.' UserProfile: type: object properties: email: type: string description: The new email. realname: type: string description: The new realname. comment: type: string description: The new comment. LdapConf: type: object properties: ldap_url: type: string description: The url of ldap service. ldap_search_dn: type: string description: The search dn of ldap service. ldap_search_password: type: string description: The search password of ldap service. ldap_base_dn: type: string description: The base dn of ldap service. ldap_filter: type: string description: The serach filter of ldap service. ldap_uid: type: string description: The serach uid from ldap service attributes. ldap_scope: type: integer format: int64 description: The serach scope of ldap service. ldap_connection_timeout: type: integer format: int64 description: The connect timeout of ldap service(second). LdapUsers: type: object properties: ldap_username: type: string description: search ldap user name based on ldapconf. ldap_realname: type: string description: system will try to guess the user realname form "uid" or "cn" attribute. ldap_email: type: string description: system will try to guess the user email address form "mail" or "email" attribute. LdapImportUsers: type: object properties: ldap_uid_list: type: array description: selected uid list items: type: string LdapFailedImportUsers: type: object properties: ldap_uid: type: string description: the uid can't add to system. error: type: string description: fail reason. EmailServerSetting: type: object properties: email_host: type: string description: The host of email server. email_port: type: integer description: The port of email server. email_username: type: string description: The username of email server. email_password: type: string description: The password of email server. email_ssl: type: boolean description: Use ssl/tls or not. email_identity: type: string description: The dentity of email server. ComponentOverviewEntry: type: object properties: severity: type: integer description: '1-None/Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High' count: type: integer description: number of the components with certain severity. Configurations: type: object properties: auth_mode: type: string description: 'The auth mode of current system, such as "db_auth", "ldap_auth"' count_per_project: type: string description: The default count quota for the new created projects. email_from: type: string description: The sender name for Email notification. email_host: type: string description: The hostname of SMTP server that sends Email notification. email_port: type: integer description: The port of SMTP server. email_identity: type: string description: By default it's empty so the email_username is picked. email_username: type: string description: The username for authenticate against SMTP server. email_ssl: type: boolean description: 'When it''s set to true the system will access Email server via TLS by default. If it''s set to false, it still will handle "STARTTLS" from server side.' email_insecure: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access the email server. ldap_url: type: string description: The URL of LDAP server. ldap_base_dn: type: string description: The Base DN for LDAP binding. ldap_filter: type: string description: The filter for LDAP binding. ldap_scope: type: integer description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE' ldap_uid: type: string description: 'The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"' ldap_search_dn: type: string description: The DN of the user to do the search. ldap_timeout: type: integer description: timeout in seconds for connection to LDAP server. ldap_group_attribute_name: type: string description: 'The attribute which is used as identity of the LDAP group, default is cn.' ldap_group_base_dn: type: string description: The base DN to search LDAP group. ldap_group_search_filter: type: string description: The filter to search the ldap group. ldap_group_search_scope: type: integer description: 'The scope to search ldap. ''0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE''' ldap_group_admin_dn: type: string description: Specify the ldap group which have the same privilege with Harbor admin. oidc_client_id: type: string description: The client id of the OIDC. oidc_client_secret: type: string description: The client secret of the OIDC. oidc_endpoint: type: string description: The URL of an OIDC-complaint server, must start with 'https://'. oidc_name: type: string description: The name of the OIDC provider. oidc_scope: type: string description: The scope sent to OIDC server during authentication, should be separated by comma. It has to contain “openid”, and “offline_access”. If you are using google, please remove “offline_access” from this field. oidc_verify_cert: type: boolean description: Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate. project_creation_restriction: type: string description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly". quota_per_project_enable: type: boolean description: This attribute indicates whether quota per project enabled in harbor read_only: type: boolean description: '''docker push'' is prohibited by Harbor if you set it to true. ' self_registration: type: boolean description: 'Whether the Harbor instance supports self-registration. If it''s set to false, admin need to add user to the instance.' storage_per_project: type: string description: The default storage quota for the new created projects. token_expiration: type: integer description: 'The expiration time of the token for internal Registry, in minutes.' verify_remote_cert: type: boolean description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication. scan_all_policy: type: object properties: type: type: string description: 'The type of scan all policy, currently the valid values are "none" and "daily"' parameter: type: object properties: daily_time: type: integer description: 'The offset in seconds of UTC 0 o''clock, only valid when the policy type is "daily"' description: 'The parameters of the policy, the values are dependant on the type of the policy.' ConfigurationsResponse: type: object properties: auth_mode: $ref: '#/definitions/StringConfigItem' description: 'The auth mode of current system, such as "db_auth", "ldap_auth"' count_per_project: $ref: '#/definitions/IntegerConfigItem' description: The default count quota for the new created projects. email_from: $ref: '#/definitions/StringConfigItem' description: The sender name for Email notification. email_host: $ref: '#/definitions/StringConfigItem' description: The hostname of SMTP server that sends Email notification. email_port: $ref: '#/definitions/IntegerConfigItem' description: The port of SMTP server. email_identity: $ref: '#/definitions/StringConfigItem' description: By default it's empty so the email_username is picked. email_username: $ref: '#/definitions/StringConfigItem' description: The username for authenticate against SMTP server. email_ssl: $ref: '#/definitions/BoolConfigItem' description: 'When it''s set to true the system will access Email server via TLS by default. If it''s set to false, it still will handle "STARTTLS" from server side.' email_insecure: $ref: '#/definitions/BoolConfigItem' description: Whether or not the certificate will be verified when Harbor tries to access the email server. ldap_url: $ref: '#/definitions/StringConfigItem' description: The URL of LDAP server. ldap_base_dn: $ref: '#/definitions/StringConfigItem' description: The Base DN for LDAP binding. ldap_filter: $ref: '#/definitions/StringConfigItem' description: The filter for LDAP binding. ldap_scope: type: integer description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE' ldap_uid: $ref: '#/definitions/StringConfigItem' description: 'The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"' ldap_search_dn: type: string description: The DN of the user to do the search. ldap_timeout: $ref: '#/definitions/IntegerConfigItem' description: timeout in seconds for connection to LDAP server. ldap_group_attribute_name: $ref: '#/definitions/StringConfigItem' description: 'The attribute which is used as identity of the LDAP group, default is cn.' ldap_group_base_dn: $ref: '#/definitions/StringConfigItem' description: The base DN to search LDAP group. ldap_group_search_filter: $ref: '#/definitions/StringConfigItem' description: The filter to search the ldap group. ldap_group_search_scope: $ref: '#/definitions/IntegerConfigItem' description: 'The scope to search ldap. ''0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE''' ldap_group_admin_dn: $ref: '#/definitions/StringConfigItem' description: Specify the ldap group which have the same privilege with Harbor admin. oidc_client_id: $ref: '#/definitions/StringConfigItem' description: The client id of the OIDC. oidc_endpoint: $ref: '#/definitions/StringConfigItem' description: The URL of an OIDC-complaint server, must start with 'https://'. oidc_name: $ref: '#/definitions/StringConfigItem' description: The name of the OIDC provider. oidc_scope: $ref: '#/definitions/StringConfigItem' description: The scope sent to OIDC server during authentication, should be separated by comma. It has to contain “openid”, and “offline_access”. If you are using google, please remove “offline_access” from this field. oidc_verify_cert: $ref: '#/definitions/BoolConfigItem' description: Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate. project_creation_restriction: $ref: '#/definitions/StringConfigItem' description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly". quota_per_project_enable: $ref: '#/definitions/BoolConfigItem' description: This attribute indicates whether quota per project enabled in harbor read_only: $ref: '#/definitions/BoolConfigItem' description: '''docker push'' is prohibited by Harbor if you set it to true. ' self_registration: $ref: '#/definitions/BoolConfigItem' description: 'Whether the Harbor instance supports self-registration. If it''s set to false, admin need to add user to the instance.' storage_per_project: $ref: '#/definitions/IntegerConfigItem' description: The default storage quota for the new created projects. token_expiration: $ref: '#/definitions/IntegerConfigItem' description: 'The expiration time of the token for internal Registry, in minutes.' verify_remote_cert: $ref: '#/definitions/BoolConfigItem' description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication. scan_all_policy: type: object properties: type: type: string description: 'The type of scan all policy, currently the valid values are "none" and "daily"' parameter: type: object properties: daily_time: type: integer description: 'The offset in seconds of UTC 0 o''clock, only valid when the policy type is "daily"' description: 'The parameters of the policy, the values are dependant on the type of the policy.' Label: type: object properties: id: type: integer description: The ID of label. name: type: string description: The name of label. description: type: string description: The description of label. color: type: string description: The color of label. scope: type: string description: 'The scope of label, g for global labels and p for project labels.' project_id: type: integer description: The project ID if the label is a project label. creation_time: type: string description: The creation time of label. update_time: type: string description: The update time of label. deleted: type: boolean description: The label is deleted or not. ProjectMemberEntity: type: object properties: id: type: integer description: the project member id project_id: type: integer description: the project id entity_name: type: string description: the name of the group member. role_name: type: string description: the name of the role role_id: type: integer description: the role id entity_id: type: integer description: 'the id of entity, if the member is a user, it is user_id in user table. if the member is a user group, it is the user group''s ID in user_group table.' entity_type: type: string description: 'the entity''s type, u for user entity, g for group entity.' ProjectMember: type: object properties: role_id: type: integer description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for maintainer' member_user: $ref: '#/definitions/UserEntity' member_group: $ref: '#/definitions/UserGroup' RoleRequest: type: object properties: role_id: type: integer description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for maintainer' UserEntity: type: object properties: user_id: type: integer description: The ID of the user. username: type: string description: The name of the user. UserGroup: type: object properties: id: type: integer description: The ID of the user group group_name: type: string description: The name of the user group group_type: type: integer description: 'The group type, 1 for LDAP group, 2 for HTTP group.' ldap_group_dn: type: string description: The DN of the LDAP group if group type is 1 (LDAP group). StringConfigItem: type: object properties: value: type: string description: The string value of current config item editable: type: boolean description: The configure item can be updated or not BoolConfigItem: type: object properties: value: type: boolean description: The boolean value of current config item editable: type: boolean description: The configure item can be updated or not IntegerConfigItem: type: object properties: value: type: integer description: The integer value of current config item editable: type: boolean description: The configure item can be updated or not ChartAPIError: description: The error object returned by chart repository API type: object required: - error properties: error: type: string description: The error message returned by the chart API UnauthorizedChartAPIError: description: Unauthorized type: object allOf: - $ref: '#/definitions/ChartAPIError' ForbiddenChartAPIError: description: Operation is forbidden or quota exceeded type: object allOf: - $ref: '#/definitions/ChartAPIError' InternalChartAPIError: description: Internal server error occurred type: object allOf: - $ref: '#/definitions/ChartAPIError' NotFoundChartAPIError: description: Not found type: object allOf: - $ref: '#/definitions/ChartAPIError' InsufficientStorageChartAPIError: description: Insufficient storage type: object allOf: - $ref: '#/definitions/ChartAPIError' BadRequestFormatedError: description: Bad request type: object allOf: - $ref: '#/definitions/ChartAPIError' ConflictFormatedError: description: Conflicts type: object allOf: - $ref: '#/definitions/ChartAPIError' ChartMetadata: type: object description: The metadata of chart version required: - name - version - engine - icon - apiVersion - appVersion properties: name: type: string description: The name of the chart home: type: string description: The URL to the relevant project page sources: type: array description: The URL to the source code of chart items: type: string version: type: string description: A SemVer 2 version of chart description: type: string description: A one-sentence description of chart keywords: type: array description: A list of string keywords items: type: string engine: type: string description: The name of template engine icon: type: string description: The URL to an icon file apiVersion: type: string description: The API version of this chart appVersion: type: string description: The version of the application enclosed in the chart deprecated: type: boolean description: Whether or not this chart is deprecated ChartVersion: type: object description: A specified chart entry allOf: - $ref: '#/definitions/ChartMetadata' - type: object properties: created: type: string description: The created time of the chart entry removed: type: boolean description: A flag to indicate if the chart entry is removed digest: type: string description: The digest value of the chart entry urls: type: array description: The urls of the chart entry items: type: string properties: labels: $ref: '#/definitions/Labels' Labels: type: array description: A list of label items: $ref: '#/definitions/Label' OverallHealthStatus: type: object description: The system health status properties: status: type: string description: The overall health status. It is "healthy" only when all the components' status are "healthy" components: type: array items: $ref: '#/definitions/ComponentHealthStatus' ComponentHealthStatus: type: object description: The health status of component properties: name: type: string description: The component name status: type: string description: The health status of component error: type: string description: (optional) The error message when the status is "unhealthy" Permission: type: object description: The permission properties: resource: type: string description: The permission resoruce action: type: string description: The permission action Namespace: type: object description: The namespace of registry properties: name: type: string description: The name of namespace metadata: type: object description: The metadata of namespace CVEAllowlist: type: object description: The CVE Allowlist for system or project properties: id: type: integer description: ID of the allowlist project_id: type: integer description: ID of the project which the allowlist belongs to. For system level allowlist this attribute is zero. expires_at: type: integer description: the time for expiration of the allowlist, in the form of seconds since epoch. This is an optional attribute, if it's not set the CVE allowlist does not expire. items: type: array items: $ref: "#/definitions/CVEAllowlistItem" CVEAllowlistItem: type: object description: The item in CVE allowlist properties: cve_id: type: string description: The ID of the CVE, such as "CVE-2019-10164" QuotaSwitcher: type: object properties: enabled: type: boolean description: The quota is enable or disable parameters: query: name: q description: Query string to query resources. Supported query patterns are "exact match(k=v)", "fuzzy match(k=~v)", "range(k=[min~max])", "list with union releationship(k={v1 v2 v3})" and "list with intersetion relationship(k=(v1 v2 v3))". The value of range and list can be string(enclosed by " or '), integer or time(in format "2020-04-09 02:36:00"). All of these query patterns should be put in the query string "q=xxx" and splitted by ",". e.g. q=k1=v1,k2=~v2,k3=[min~max] in: query type: string required: false