harbor/api/v2.0/legacy_swagger.yaml
Wang Yan dba5522d0b Migrate to task manager (#129)
1, remove the gc to new programming model
2, move api define to harbor v2 swagger
3, leverage task & execution manager to manage gc job schedule, trigger and log.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-12-10 14:00:33 +08:00

4911 lines
150 KiB
YAML

swagger: '2.0'
info:
title: Harbor API
description: These APIs provide services for manipulating Harbor project.
version: '2.0'
host: localhost
schemes:
- http
- https
basePath: /api/v2.0
produces:
- application/json
- text/plain
consumes:
- application/json
securityDefinitions:
basicAuth:
type: basic
security:
- basicAuth: []
paths:
/health:
get:
summary: 'Health check API'
description: |
The endpoint returns the health stauts of the system.
tags:
- Products
responses:
'200':
description: The system health status.
schema:
$ref: '#/definitions/OverallHealthStatus'
/search:
get:
summary: 'Search for projects, repositories and helm charts'
description: |
The Search endpoint returns information about the projects ,repositories and helm charts offered at public status or related to the current logged in user. The response includes the project, repository list and charts in a proper display order.
parameters:
- name: q
in: query
description: Search parameter for project and repository name.
required: true
type: string
tags:
- Products
responses:
'200':
description: An array of search results
schema:
type: array
items:
$ref: '#/definitions/Search'
'500':
description: Unexpected internal errors.
'/projects/{project_id}/metadatas':
get:
summary: Get project metadata.
description: |
This endpoint returns metadata of the project specified by project ID.
parameters:
- name: project_id
in: path
description: The ID of project.
required: true
type: integer
format: int64
tags:
- Products
responses:
'200':
description: Get metadata successfully.
schema:
$ref: '#/definitions/ProjectMetadata'
'401':
description: User need to login first.
'500':
description: Internal server errors.
post:
summary: Add metadata for the project.
description: |
This endpoint is aimed to add metadata of a project.
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Selected project ID.
- name: metadata
in: body
required: true
schema:
$ref: '#/definitions/ProjectMetadata'
description: The metadata of project.
tags:
- Products
responses:
'200':
description: Add metadata successfully.
'400':
description: Invalid request.
'401':
description: User need to log in first.
'403':
description: User does not have permission to the project.
'404':
description: Project ID does not exist.
'415':
$ref: '#/responses/UnsupportedMediaType'
'500':
description: Internal server errors.
'/projects/{project_id}/metadatas/{meta_name}':
get:
summary: Get project metadata
description: |
This endpoint returns specified metadata of a project.
parameters:
- name: project_id
in: path
description: Project ID for filtering results.
required: true
type: integer
format: int64
- name: meta_name
in: path
description: The name of metadat.
required: true
type: string
tags:
- Products
responses:
'200':
description: Get metadata successfully.
schema:
$ref: '#/definitions/ProjectMetadata'
'401':
description: User need to log in first.
'500':
description: Internal server errors.
put:
summary: Update metadata of a project.
description: |
This endpoint is aimed to update the metadata of a project.
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: The ID of project.
- name: meta_name
in: path
description: The name of metadat.
required: true
type: string
tags:
- Products
responses:
'200':
description: Updated metadata successfully.
'400':
description: Invalid request.
'401':
description: User need to log in first.
'403':
description: User does not have permission to the project.
'404':
description: Project or metadata does not exist.
'500':
description: Internal server errors.
delete:
summary: Delete metadata of a project
description: |
This endpoint is aimed to delete metadata of a project.
parameters:
- name: project_id
in: path
description: The ID of project.
required: true
type: integer
format: int64
- name: meta_name
in: path
description: The name of metadat.
required: true
type: string
tags:
- Products
responses:
'200':
description: Metadata is deleted successfully.
'400':
description: Invalid requst.
'403':
description: User need to log in first.
'404':
description: Project or metadata does not exist.
'500':
description: Internal server errors.
'/projects/{project_id}/members':
get:
summary: Get all project member information
description: Get all project member information
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
- name: entityname
in: query
type: string
description: The entity name to search.
tags:
- Products
responses:
'200':
description: Get project members successfully.
schema:
type: array
items:
$ref: '#/definitions/ProjectMemberEntity'
'400':
description: The project id is invalid.
'401':
description: User need to log in first.
'403':
description: User in session does not have permission to the project.
'404':
description: Project ID does not exist.
'500':
description: Unexpected internal errors.
post:
summary: Create project member
description: 'Create project member relationship, the member can be one of the user_member and group_member, The user_member need to specify user_id or username. If the user already exist in harbor DB, specify the user_id, If does not exist in harbor DB, it will SearchAndOnBoard the user. The group_member need to specify id or ldap_group_dn. If the group already exist in harbor DB. specify the user group''s id, If does not exist, it will SearchAndOnBoard the group. '
tags:
- Products
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
- name: project_member
in: body
schema:
$ref: '#/definitions/ProjectMember'
responses:
'201':
description: Project member created successfully.
headers:
Location:
type: string
description: The URL of the created resource
'400':
description: 'Illegal format of project member or project id is invalid, or LDAP DN is invalid.'
'401':
description: User need to log in first.
'403':
description: User in session does not have permission to the project.
'409':
description: A user group with same group name already exist or an LDAP user group with same DN already exist.
'500':
description: Unexpected internal errors.
'/projects/{project_id}/members/{mid}':
get:
summary: Get the project member information
description: Get the project member information
tags:
- Products
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
- name: mid
in: path
type: integer
format: int64
required: true
description: The member ID
responses:
'200':
description: Project member retrieved successfully.
schema:
$ref: '#/definitions/ProjectMemberEntity'
'400':
description: 'Illegal format of project member or invalid project id, member id.'
'401':
description: User need to log in first.
'403':
description: User in session does not have permission to the project.
'404':
description: Project or projet member does not exist.
'500':
description: Unexpected internal errors.
put:
summary: Update project member
description: Update project member relationship
tags:
- Products
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
- name: mid
in: path
type: integer
format: int64
required: true
description: Member ID.
- name: role
in: body
schema:
$ref: '#/definitions/RoleRequest'
responses:
'200':
description: Project member updated successfully.
'400':
description: 'Invalid role id, it should be 1,2 or 3, or invalid project id, or invalid member id.'
'401':
description: User need to log in first.
'403':
description: User in session does not have permission to the project.
'404':
description: project or project member does not exist.
'500':
description: Unexpected internal errors.
delete:
summary: Delete project member
tags:
- Products
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
- name: mid
in: path
type: integer
format: int64
required: true
description: Member ID.
responses:
'200':
description: Project member deleted successfully.
'400':
description: The project id or project member id is invalid.
'401':
description: User need to log in first.
'403':
description: User in session does not have permission to the project.
'500':
description: Unexpected internal errors.
/statistics:
get:
summary: Get projects number and repositories number relevant to the user
description: |
This endpoint is aimed to statistic all of the projects number and repositories number relevant to the logined user, also the public projects number and repositories number. If the user is admin, he can also get total projects number and total repositories number.
tags:
- Products
responses:
'200':
description: Get the projects number and repositories number relevant to the user successfully.
schema:
$ref: '#/definitions/StatisticMap'
'401':
description: User need to log in first.
'500':
description: Unexpected internal errors.
/users:
get:
summary: Get registered users of Harbor.
description: |
This endpoint is for user to search registered users, support for filtering results with username.Notice, by now this operation is only for administrator.
parameters:
- name: username
in: query
type: string
required: false
description: Username for filtering results.
- name: email
in: query
type: string
required: false
description: Email for filtering results.
- name: page
in: query
type: integer
format: int32
required: false
description: 'The page number, default is 1.'
- name: page_size
in: query
type: integer
format: int32
required: false
description: The size of per page.
tags:
- Products
responses:
'200':
description: Searched for users of Harbor successfully.
schema:
type: array
items:
$ref: '#/definitions/User'
headers:
X-Total-Count:
description: The total count of available items
type: integer
Link:
description: Link to previous page and next page
type: string
'400':
description: Invalid user ID.
'401':
description: User need to log in first.
'403':
description: User does not have permission of admin role.
'500':
description: Unexpected internal errors.
post:
summary: Creates a new user account.
description: |
This endpoint is to create a user if the user does not already exist.
parameters:
- name: user
in: body
description: New created user.
required: true
schema:
$ref: '#/definitions/User'
tags:
- Products
responses:
'201':
description: User created successfully.
headers:
Location:
type: string
description: The URL of the created resource
'400':
description: Unsatisfied with constraints of the user creation.
'403':
description: User registration can only be used by admin role user when self-registration is off.
'415':
$ref: '#/responses/UnsupportedMediaType'
'500':
description: Unexpected internal errors.
/users/current:
get:
summary: Get current user info.
description: |
This endpoint is to get the current user information.
tags:
- Products
responses:
'200':
description: Get current user information successfully.
schema:
$ref: '#/definitions/User'
'401':
description: User need to log in first.
/users/current/permissions:
get:
summary: Get current user permissions.
description: |
This endpoint is to get the current user permissions.
parameters:
- name: scope
in: query
type: string
required: false
description: Get permissions of the scope
- name: relative
in: query
type: boolean
required: false
description: |
If true, the resources in the response are relative to the scope,
eg for resource '/project/1/repository' if relative is 'true' then the resource in response will be 'repository'.
tags:
- Products
responses:
'200':
description: Get current user permission successfully.
schema:
type: array
items:
$ref: '#/definitions/Permission'
'401':
description: User need to log in first.
'500':
description: Internal errors.
/users/search:
get:
summary: Search users by username
description: |
This endpoint is to search the users by username.
parameters:
- name: username
in: query
type: string
required: true
description: Username for filtering results.
- name: page
in: query
type: integer
format: int32
required: false
description: 'The page number, default is 1.'
- name: page_size
in: query
type: integer
format: int32
required: false
description: The size of per page.
tags:
- Products
responses:
'200':
description: Search users by username, email successfully.
schema:
type: array
items:
$ref: '#/definitions/UserSearch'
headers:
X-Total-Count:
description: The total count of available items
type: integer
Link:
description: Link to previous page and next page
type: string
'500':
description: Unexpected internal errors.
'/users/{user_id}':
get:
summary: Get a user's profile.
description: |
Get user's profile with user id.
parameters:
- name: user_id
in: path
type: integer
format: int
required: true
description: Registered user ID
tags:
- Products
responses:
'200':
description: Get user's profile successfully.
schema:
$ref: '#/definitions/User'
'400':
description: Invalid user ID.
'401':
description: User need to log in first.
'403':
description: User does not have permission of admin role.
'404':
description: User ID does not exist.
'500':
description: Unexpected internal errors.
put:
summary: Update a registered user to change his profile.
description: |
This endpoint let a registered user change his profile.
parameters:
- name: user_id
in: path
type: integer
format: int
required: true
description: Registered user ID
- name: profile
in: body
description: 'Only email, realname and comment can be modified.'
required: true
schema:
$ref: '#/definitions/UserProfile'
tags:
- Products
responses:
'200':
description: Updated user's profile successfully.
'400':
description: Invalid user ID.
'401':
description: User need to log in first.
'403':
description: User does not have permission of admin role.
'404':
description: User ID does not exist.
'500':
description: Unexpected internal errors.
delete:
summary: Mark a registered user as be removed.
description: |
This endpoint let administrator of Harbor mark a registered user as
be removed.It actually won't be deleted from DB.
parameters:
- name: user_id
in: path
type: integer
format: int
required: true
description: User ID for marking as to be removed.
tags:
- Products
responses:
'200':
description: Marked user as be removed successfully.
'400':
description: Invalid user ID.
'401':
description: User need to log in first.
'403':
description: User does not have permission of admin role.
'404':
description: User ID does not exist.
'500':
description: Unexpected internal errors.
'/users/{user_id}/password':
put:
summary: Change the password on a user that already exists.
description: |
This endpoint is for user to update password. Users with the admin role can change any user's password. Guest users can change only their own password.
parameters:
- name: user_id
in: path
type: integer
format: int
required: true
description: Registered user ID.
- name: password
in: body
description: Password to be updated, the attribute 'old_password' is optional when the API is called by the system administrator.
required: true
schema:
$ref: '#/definitions/Password'
tags:
- Products
responses:
'200':
description: Updated password successfully.
'400':
description: Invalid user ID; Old password is blank; New password is blank.
'401':
description: Don't have authority to change password. Please check login status.
'403':
description: The caller does not have permission to update the password of the user with given ID, or the old password in request body is not correct.
'500':
description: Unexpected internal errors.
'/users/{user_id}/sysadmin':
put:
summary: Update a registered user to change to be an administrator of Harbor.
description: |
This endpoint let a registered user change to be an administrator
of Harbor.
parameters:
- name: user_id
in: path
type: integer
format: int
required: true
description: Registered user ID
- name: sysadmin_flag
in: body
description: Toggle a user to admin or not.
required: true
schema:
$ref: '#/definitions/SysAdminFlag'
tags:
- Products
responses:
'200':
description: Updated user's admin role successfully.
'400':
description: Invalid user ID.
'401':
description: User need to log in first.
'403':
description: User does not have permission of admin role.
'404':
description: User ID does not exist.
'500':
description: Unexpected internal errors.
'/users/{user_id}/cli_secret':
put:
summary: Set CLI secret for a user.
description: |
This endpoint let user generate a new CLI secret for himself. This API only works when auth mode is set to 'OIDC'.
Once this API returns with successful status, the old secret will be invalid, as there will be only one CLI secret
for a user.
parameters:
- name: user_id
in: path
type: integer
format: int
required: true
description: User ID
- name: input_secret
in: body
description: JSON object that includes the new secret
required: true
schema:
type: object
properties:
secret:
type: string
description: The new secret
tags:
- Products
responses:
'200':
description: The secret is successfully updated
'400':
description: Invalid user ID. Or user is not onboarded via OIDC authentication. Or the secret does not meet the standard.
'401':
description: User need to log in first.
'403':
description: Non-admin user can only generate the cli secret of himself.
'404':
description: User ID does not exist.
'412':
description: The auth mode of the system is not "oidc_auth", or the user is not onboarded via OIDC AuthN.
'500':
description: Unexpected internal errors.
/replication/policies:
get:
summary: List replication policies
description: |
This endpoint let user list replication policies
parameters:
- name: name
in: query
type: string
required: false
description: The replication policy name.
- name: page
in: query
type: integer
format: int32
required: false
description: The page number.
- name: page_size
in: query
type: integer
format: int32
required: false
description: The size of per page.
tags:
- Products
responses:
'200':
description: Get policy successfully.
schema:
type: array
items:
$ref: '#/definitions/ReplicationPolicy'
headers:
X-Total-Count:
description: The total count of available items
type: integer
Link:
description: Link to previous page and next page
type: string
'400':
$ref: '#/responses/BadRequest'
'401':
$ref: '#/responses/Unauthorized'
'403':
$ref: '#/responses/Forbidden'
'500':
$ref: '#/responses/InternalServerError'
post:
summary: Create a replication policy
description: |
This endpoint let user create a replication policy
parameters:
- name: policy
in: body
description: The policy model.
required: true
schema:
$ref: '#/definitions/ReplicationPolicy'
tags:
- Products
responses:
'201':
$ref: '#/responses/Created'
'400':
$ref: '#/responses/BadRequest'
'401':
$ref: '#/responses/Unauthorized'
'403':
$ref: '#/responses/Forbidden'
'409':
$ref: '#/responses/Conflict'
'415':
$ref: '#/responses/UnsupportedMediaType'
'500':
$ref: '#/responses/InternalServerError'
'/replication/policies/{id}':
get:
summary: Get replication policy.
description: |
This endpoint let user get replication policy by specific ID.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: policy ID
tags:
- Products
responses:
'200':
description: Get the replication policy successfully.
schema:
$ref: '#/definitions/ReplicationPolicy'
'400':
$ref: '#/responses/BadRequest'
'401':
$ref: '#/responses/Unauthorized'
'403':
$ref: '#/responses/Forbidden'
'404':
$ref: '#/responses/NotFound'
'500':
$ref: '#/responses/InternalServerError'
put:
summary: Update the replication policy
description: |
This endpoint let user update policy.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: policy ID
- name: policy
in: body
description: The replication policy model.
required: true
schema:
$ref: '#/definitions/ReplicationPolicy'
tags:
- Products
responses:
'200':
$ref: '#/responses/OK'
'400':
$ref: '#/responses/BadRequest'
'401':
$ref: '#/responses/Unauthorized'
'403':
$ref: '#/responses/Forbidden'
'404':
$ref: '#/responses/NotFound'
'409':
$ref: '#/responses/Conflict'
'500':
$ref: '#/responses/InternalServerError'
delete:
summary: Delete the replication policy specified by ID.
description: |
Delete the replication policy specified by ID.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Replication policy ID
tags:
- Products
responses:
'200':
$ref: '#/responses/OK'
'400':
$ref: '#/responses/BadRequest'
'401':
$ref: '#/responses/Unauthorized'
'403':
$ref: '#/responses/Forbidden'
'404':
$ref: '#/responses/NotFound'
'412':
$ref: '#/responses/PreconditionFailed'
'500':
$ref: '#/responses/InternalServerError'
/labels:
get:
summary: List labels according to the query strings.
description: |
This endpoint let user list labels by name, scope and project_id
parameters:
- name: name
in: query
type: string
required: false
description: The label name.
- name: scope
in: query
type: string
required: true
description: The label scope. Valid values are g and p. g for global labels and p for project labels.
- name: project_id
in: query
type: integer
format: int64
required: false
description: 'Relevant project ID, required when scope is p.'
- name: page
in: query
type: integer
format: int32
required: false
description: The page number.
- name: page_size
in: query
type: integer
format: int32
required: false
description: The size of per page.
tags:
- Products
responses:
'200':
description: Get successfully.
schema:
type: array
items:
$ref: '#/definitions/Label'
headers:
X-Total-Count:
description: The total count of available items
type: integer
Link:
description: Link to previous page and next page
type: string
'400':
description: Invalid parameters.
'401':
description: User need to log in first.
'500':
description: Unexpected internal errors.
post:
summary: Post creates a label
description: |
This endpoint let user creates a label.
parameters:
- name: label
in: body
description: The json object of label.
required: true
schema:
$ref: '#/definitions/Label'
tags:
- Products
responses:
'201':
description: Create successfully.
headers:
Location:
type: string
description: The URL of the created resource
'400':
description: Invalid parameters.
'401':
description: User need to log in first.
'409':
description: Label with the same name and same scope already exists.
'415':
$ref: '#/responses/UnsupportedMediaType'
'500':
description: Unexpected internal errors.
'/labels/{id}':
get:
summary: Get the label specified by ID.
description: |
This endpoint let user get the label by specific ID.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Label ID
tags:
- Products
responses:
'200':
description: Get successfully.
schema:
$ref: '#/definitions/Label'
'401':
description: User need to log in first.
'404':
description: The resource does not exist.
'500':
description: Unexpected internal errors.
put:
summary: Update the label properties.
description: |
This endpoint let user update label properties.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Label ID
- name: label
in: body
description: The updated label json object.
required: true
schema:
$ref: '#/definitions/Label'
tags:
- Products
responses:
'200':
description: Update successfully.
'400':
description: Invalid parameters.
'401':
description: User need to log in first.
'404':
description: The resource does not exist.
'409':
description: The label with the same name already exists.
'500':
description: Unexpected internal errors.
delete:
summary: Delete the label specified by ID.
description: |
Delete the label specified by ID.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Label ID
tags:
- Products
responses:
'200':
description: Delete successfully.
'400':
description: Invalid parameters.
'401':
description: User need to log in first.
'404':
description: The resource does not exist.
'500':
description: Unexpected internal errors.
/replication/adapters:
get:
summary: List supported adapters.
description: |
This endpoint let user list supported adapters.
tags:
- Products
responses:
'200':
description: Success.
schema:
type: array
items:
type: string
'401':
description: Unauthorized.
'403':
description: Forbidden.
'500':
description: Unexpected internal errors.
/registries:
get:
summary: List registries.
description: |
List registries according to the query.
parameters:
- name: name
in: query
type: string
required: false
description: Deprecated, use `q` instead.
- $ref: '#/parameters/query'
tags:
- Products
responses:
'200':
description: List registries successfully.
schema:
type: array
items:
$ref: '#/definitions/Registry'
'401':
description: User need to log in first.
'500':
description: Unexpected internal errors.
post:
summary: Create a new registry.
description: |
This endpoint is for user to create a new registry.
parameters:
- name: registry
in: body
description: New created registry.
required: true
schema:
$ref: '#/definitions/Registry'
tags:
- Products
responses:
'201':
description: Registry created successfully.
headers:
Location:
type: string
description: The URL of the created resource
'400':
description: Unsatisfied with constraints of the registry creation.
'401':
description: User need to log in first.
'409':
description: Registry name already exists.
'415':
$ref: '#/responses/UnsupportedMediaType'
'500':
description: Unexpected internal errors.
/registries/ping:
post:
summary: Ping status of a registry.
description: |
This endpoint checks status of a registry, the registry can be given by ID or URL (together with credential)
parameters:
- name: registry
in: body
description: Registry to ping.
required: true
schema:
$ref: '#/definitions/Registry'
tags:
- Products
responses:
'200':
description: Registry is healthy.
'400':
description: No proper registry information provided.
'401':
description: User need to log in first.
'404':
description: Registry not found (when registry is provided by ID).
'415':
$ref: '#/responses/UnsupportedMediaType'
'500':
description: Unexpected internal errors.
'/registries/{id}':
put:
summary: Update a given registry.
description: |
This endpoint is for update a given registry.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: The registry's ID.
- name: repo_target
in: body
required: true
schema:
$ref: '#/definitions/PutRegistry'
description: Updates registry.
tags:
- Products
responses:
'200':
description: Updated registry successfully.
'400':
description: The registry is associated with policy which is enabled.
'401':
description: User need to log in first.
'404':
description: Registry does not exist.
'409':
description: Registry name is already used.
'500':
description: Unexpected internal errors.
get:
summary: Get registry.
description: This endpoint is for get specific registry.
tags:
- Products
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: The registry ID.
responses:
'200':
description: Get registry successfully.
schema:
$ref: '#/definitions/Registry'
'401':
description: User need to log in first.
'404':
description: Registry not found
'500':
description: Unexpected internal errors.
delete:
summary: Delete specific registry.
description: |
This endpoint is for to delete specific registry.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: The registry's ID.
tags:
- Products
responses:
'200':
description: Registry deleted successfully.
'400':
description: Registry's ID is invalid or the registry is used by policies.
'401':
description: Only admin has this authority.
'404':
description: Registry does not exist.
'500':
description: Unexpected internal errors.
'/registries/{id}/info':
get:
summary: Get registry info.
description: Get the info of one specific registry.
tags:
- Products
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: The registry ID.
responses:
'200':
description: Get registry successfully.
schema:
$ref: '#/definitions/RegistryInfo'
'401':
description: User need to log in first.
'404':
description: Registry not found
'500':
description: Unexpected internal errors.
/registries/{id}/namespace:
get:
summary: List namespaces of registry
description: |
This endpoint let user list namespaces of registry according to query.
parameters:
- name: id
in: path
type: integer
required: true
description: The registry ID.
- name: name
in: query
type: string
required: false
description: The name of namespace.
tags:
- Products
responses:
'200':
description: Success
schema:
type: array
items:
$ref: '#/definitions/Namespace'
'401':
description: User need to login first.
'403':
description: User has no privilege for the operation.
'404':
description: No registry found.
'500':
description: Unexpected internal errors.
/ldap/ping:
post:
summary: Ping available ldap service.
description: |
This endpoint ping the available ldap service for test related configuration parameters.
parameters:
- name: ldapconf
in: body
description: 'ldap configuration. support input ldap service configuration. If it''s a empty request, will load current configuration from the system.'
required: false
schema:
$ref: '#/definitions/LdapConf'
tags:
- Products
responses:
'200':
description: Ping ldap service successfully.
'400':
description: Inviald ldap configuration parameters.
'401':
description: User need to login first.
'403':
description: Only admin has this authority.
'415':
$ref: '#/responses/UnsupportedMediaType'
'500':
description: Unexpected internal errors.
/ldap/groups/search:
get:
summary: Search available ldap groups.
description: |
This endpoint searches the available ldap groups based on related configuration parameters. support to search by groupname or groupdn.
parameters:
- name: groupname
in: query
type: string
required: false
description: Ldap group name
- name: groupdn
in: query
type: string
required: false
description: The LDAP group DN
tags:
- Products
responses:
'200':
description: Search ldap group successfully.
schema:
type: array
items:
$ref: '#/definitions/UserGroup'
'400':
description: The Ldap group DN is invalid.
'404':
description: No ldap group found.
'500':
description: Unexpected internal errors.
/ldap/users/search:
get:
summary: Search available ldap users.
description: |
This endpoint searches the available ldap users based on related configuration parameters. Support searched by input ladp configuration, load configuration from the system and specific filter.
parameters:
- name: username
in: query
type: string
required: false
description: Registered user ID
tags:
- Products
responses:
'200':
description: Search ldap users successfully.
schema:
type: array
items:
$ref: '#/definitions/LdapUsers'
'401':
description: User need to login first.
'403':
description: Only admin has this authority.
'500':
description: Unexpected internal errors.
/ldap/users/import:
post:
summary: Import selected available ldap users.
description: |
This endpoint adds the selected available ldap users to harbor based on related configuration parameters from the system. System will try to guess the user email address and realname, add to harbor user information.
If have errors when import user, will return the list of importing failed uid and the failed reason.
parameters:
- name: uid_list
in: body
description: The uid listed for importing. This list will check users validity of ldap service based on configuration from the system.
required: true
schema:
$ref: '#/definitions/LdapImportUsers'
tags:
- Products
responses:
'200':
description: Add ldap users successfully.
'401':
description: User need to login first.
'403':
description: Only admin has this authority.
'404':
description: Failed import some users.
schema:
type: array
items:
$ref: '#/definitions/LdapFailedImportUsers'
'415':
$ref: '#/responses/UnsupportedMediaType'
/usergroups:
get:
summary: Get all user groups information
description: Get all user groups information
tags:
- Products
responses:
'200':
description: Get user group successfully.
schema:
type: array
items:
$ref: '#/definitions/UserGroup'
'401':
description: User need to log in first.
'403':
description: User in session does not have permission to the user group.
'500':
description: Unexpected internal errors.
post:
summary: Create user group
description: Create user group information
tags:
- Products
parameters:
- name: usergroup
in: body
schema:
$ref: '#/definitions/UserGroup'
responses:
'201':
description: User group created successfully.
headers:
Location:
type: string
description: The URL of the created resource
'400':
description: Invalid LDAP group DN.
'401':
description: User need to log in first.
'403':
description: User in session does not have permission to the user group.
'409':
description: A user group with same group name already exist, or an LDAP user group with same DN already exist.
'500':
description: Unexpected internal errors.
'/usergroups/{group_id}':
get:
summary: Get user group information
description: Get user group information
tags:
- Products
parameters:
- name: group_id
in: path
type: integer
format: int64
required: true
description: Group ID
responses:
'200':
description: User group get successfully.
schema:
$ref: '#/definitions/UserGroup'
'400':
description: The user group id is invalid.
'401':
description: User need to log in first.
'403':
description: User in session does not have permission to the user group.
'404':
description: User group does not exist.
'500':
description: Unexpected internal errors.
put:
summary: Update group information
description: Update user group information
tags:
- Products
parameters:
- name: group_id
in: path
type: integer
format: int64
required: true
description: Group ID
- name: usergroup
in: body
required: false
schema:
$ref: '#/definitions/UserGroup'
responses:
'200':
description: User group updated successfully.
'400':
description: The user group id is invalid.
'401':
description: User need to log in first.
'403':
description: Only admin has this authority.
'404':
description: User group does not exist.
'500':
description: Unexpected internal errors.
delete:
summary: Delete user group
description: Delete user group
tags:
- Products
parameters:
- name: group_id
type: integer
in: path
required: true
responses:
'200':
description: User group deleted successfully.
'400':
description: The user group id is invalid.
'401':
description: User need to log in first.
'403':
description: Only admin has this authority.
'500':
description: Unexpected internal errors.
'/system/gc/{id}':
get:
summary: Get gc status.
description: This endpoint let user get gc status filtered by specific ID.
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Relevant job ID
tags:
- Products
responses:
'200':
description: Get gc results successfully.
schema:
$ref: '#/definitions/GCResult'
'401':
description: User need to log in first.
'403':
description: User does not have permission of admin role.
'500':
description: Unexpected internal errors.
/system/scanAll/schedule:
get:
summary: Get scan_all's schedule.
description: This endpoint is for getting a schedule for the scan all job, which scans all of images in Harbor.
tags:
- Products
responses:
'200':
description: Get a schedule for the scan all job, which scans all of images in Harbor.
schema:
$ref: '#/definitions/AdminJobSchedule'
'401':
description: User need to log in first.
'403':
description: Only admin has this authority.
'500':
description: Unexpected internal errors.
put:
summary: Update scan all's schedule.
description: |
This endpoint is for updating the schedule of scan all job, which scans all of images in Harbor.
parameters:
- name: schedule
in: body
required: true
schema:
$ref: '#/definitions/AdminJobSchedule'
description: Updates the schedule of scan all job, which scans all of images in Harbor.
tags:
- Products
responses:
'200':
description: Updated scan_all's schedule successfully.
'400':
description: Invalid schedule type.
'401':
description: User need to log in first.
'403':
description: User does not have permission of admin role.
'500':
description: Unexpected internal errors.
post:
summary: Create a schedule or a manual trigger for the scan all job.
description: |
This endpoint is for creating a schedule or a manual trigger for the scan all job, which scans all of images in Harbor.
parameters:
- name: schedule
in: body
required: true
schema:
$ref: '#/definitions/AdminJobSchedule'
description: Create a schedule or a manual trigger for the scan all job.
tags:
- Products
responses:
'200':
description: Updated scan_all's schedule successfully.
'400':
description: Invalid schedule type.
'401':
description: User need to log in first.
'403':
description: User does not have permission of admin role.
'409':
description: There is a "scanall" job in progress, so the request cannot be served.
'500':
description: Unexpected internal errors.
'503':
description: Harbor is not deployed with scanners.
/configurations:
get:
summary: Get system configurations.
description: |
This endpoint is for retrieving system configurations that only provides for admin user.
tags:
- Products
responses:
'200':
description: Get system configurations successfully. The response body is a map.
schema:
$ref: '#/definitions/ConfigurationsResponse'
'401':
description: User need to log in first.ß
'403':
description: User does not have permission of admin role.
'500':
description: Unexpected internal errors.
put:
summary: Modify system configurations.
description: |
This endpoint is for modifying system configurations that only provides for admin user.
tags:
- Products
parameters:
- name: configurations
in: body
required: true
schema:
$ref: '#/definitions/Configurations'
description: 'The configuration map can contain a subset of the attributes of the schema, which are to be updated.'
responses:
'200':
description: Modify system configurations successfully.
'401':
description: User need to log in first.
'403':
description: User does not have permission of admin role.
'500':
description: Unexpected internal errors.
/email/ping:
post:
summary: Test connection and authentication with email server.
description: |
Test connection and authentication with email server.
parameters:
- name: settings
in: body
description: 'Email server settings, if some of the settings are not assigned, they will be read from system configuration.'
required: false
schema:
$ref: '#/definitions/EmailServerSetting'
tags:
- Products
responses:
'200':
description: Ping email server successfully.
'400':
description: Inviald email server settings.
'401':
description: User need to login first.
'403':
description: Only admin has this authority.
'415':
$ref: '#/responses/UnsupportedMediaType'
'500':
description: Unexpected internal errors.
/chartrepo/{repo}/charts/{name}/{version}/labels:
get:
summary: Return the attahced labels of chart.
description: Return the attahced labels of the specified chart version.
tags:
- Products
- Chart Repository
- Label
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
- name: name
in: path
type: string
required: true
description: The chart name
- name: version
in: path
type: string
required: true
description: The chart version
responses:
'200':
$ref: '#/definitions/Labels'
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'404':
$ref: '#/definitions/NotFoundChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
post:
summary: Mark label to chart.
description: Mark label to the specified chart version.
tags:
- Products
- Chart Repository
- Label
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
- name: name
in: path
type: string
required: true
description: The chart name
- name: version
in: path
type: string
required: true
description: The chart version
- name: label
in: body
required: true
schema:
$ref: '#/definitions/Label'
description: 'The label being marked to the chart version'
responses:
'200':
description: The label is successfully marked to the chart version.
'400':
$ref: '#/definitions/BadRequestFormatedError'
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'404':
$ref: '#/definitions/NotFoundChartAPIError'
'409':
$ref: '#/definitions/ConflictFormatedError'
'500':
$ref: '#/definitions/InternalChartAPIError'
/chartrepo/{repo}/charts/{name}/{version}/labels/{id}:
delete:
summary: Remove label from chart.
description: Remove label from the specified chart version.
tags:
- Products
- Chart Repository
- Label
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
- name: name
in: path
type: string
required: true
description: The chart name
- name: version
in: path
type: string
required: true
description: The chart version
- name: id
in: path
type: integer
required: true
description: The label ID
responses:
'200':
description: The label is successfully unmarked from the chart version.
'400':
$ref: '#/definitions/BadRequestFormatedError'
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'404':
$ref: '#/definitions/NotFoundChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
'/system/oidc/ping':
post:
summary: Test the OIDC endpoint.
description: Test the OIDC endpoint, the setting of the endpoint is provided in the request. This API can only
be called by system admin.
tags:
- Products
- System
parameters:
- name: endpoint
in: body
description: Request body for OIDC endpoint to be tested.
required: true
schema:
type: object
properties:
url:
type: string
description: The URL of OIDC endpoint to be tested.
verify_cert:
type: boolean
description: Whether the certificate should be verified
responses:
'200':
description: Ping succeeded. The OIDC endpoint is valid.
'400':
description: The ping failed
'401':
description: User need to log in first.
'403':
description: User does not have permission to call this API
'/system/CVEAllowlist':
get:
summary: Get the system level allowlist of CVE.
description: Get the system level allowlist of CVE. This API can be called by all authenticated users.
tags:
- Products
- System
responses:
'200':
description: Successfully retrieved the CVE allowlist.
schema:
$ref: "#/definitions/CVEAllowlist"
'401':
description: User is not authenticated.
'500':
description: Unexpected internal errors.
put:
summary: Update the system level allowlist of CVE.
description: This API overwrites the system level allowlist of CVE with the list in request body. Only system Admin
has permission to call this API.
tags:
- Products
- System
parameters:
- in: body
name: allowlist
description: The allowlist with new content
schema:
$ref: "#/definitions/CVEAllowlist"
responses:
'200':
description: Successfully updated the CVE allowlist.
'401':
description: User is not authenticated.
'403':
description: User does not have permission to call this API.
'500':
description: Unexpected internal errors.
'/quotas':
get:
summary: List quotas
description: List quotas
tags:
- Products
parameters:
- name: reference
in: query
description: The reference type of quota.
required: false
type: string
- name: reference_id
in: query
description: The reference id of quota.
required: false
type: string
- name: sort
in: query
type: string
required: false
description: |
Sort method, valid values include:
'hard.resource_name', '-hard.resource_name', 'used.resource_name', '-used.resource_name'.
Here '-' stands for descending order, resource_name should be the real resource name of the quota.
- name: page
in: query
type: integer
format: int32
required: false
description: 'The page number, default is 1.'
- name: page_size
in: query
type: integer
format: int32
required: false
description: 'The size of per page, default is 10, maximum is 100.'
responses:
'200':
description: Successfully retrieved the quotas.
schema:
type: array
items:
$ref: '#/definitions/Quota'
headers:
X-Total-Count:
description: The total count of access logs
type: integer
Link:
description: Link refers to the previous page and next page
type: string
'401':
description: User is not authenticated.
'403':
description: User does not have permission to call this API.
'500':
description: Unexpected internal errors.
'/quotas/{id}':
get:
summary: Get the specified quota
description: Get the specified quota
tags:
- Products
- Quota
parameters:
- name: id
in: path
type: integer
required: true
description: Quota ID
responses:
'200':
description: Successfully retrieved the quota.
schema:
$ref: '#/definitions/Quota'
'401':
description: User need to log in first.
'403':
description: User does not have permission to call this API
'404':
description: Quota does not exist.
'500':
description: Unexpected internal errors.
put:
summary: Update the specified quota
description: Update hard limits of the specified quota
tags:
- Products
- Quota
parameters:
- name: id
in: path
type: integer
required: true
description: Quota ID
- name: hard
in: body
required: true
description: The new hard limits for the quota
schema:
$ref: '#/definitions/QuotaUpdateReq'
responses:
'200':
description: Updated quota hard limits successfully.
'400':
description: Illegal format of quota update request.
'401':
description: User need to log in first.
'403':
description: User does not have permission to the quota.
'404':
description: Quota ID does not exist.
'500':
description: Unexpected internal errors.
'/projects/{project_id}/webhook/policies':
get:
summary: List project webhook policies.
description: |
This endpoint returns webhook policies of a project.
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
tags:
- Products
responses:
'200':
description: List project webhook policies successfully.
schema:
type: array
items:
$ref: '#/definitions/WebhookPolicy'
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to list webhook policies of the project.
'500':
description: Unexpected internal errors.
post:
summary: Create project webhook policy.
description: |
This endpoint create a webhook policy if the project does not have one.
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID
- name: policy
in: body
description: Properties "targets" and "event_types" needed.
required: true
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- Products
responses:
'201':
description: Project webhook policy create successfully.
headers:
Location:
type: string
description: The URL of the created resource
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to create webhook policy of the project.
'500':
description: Unexpected internal errors.
'/projects/{project_id}/webhook/policies/{policy_id}':
get:
summary: Get project webhook policy
description: |
This endpoint returns specified webhook policy of a project.
parameters:
- name: project_id
in: path
description: Relevant project ID.
required: true
type: integer
format: int64
- name: policy_id
in: path
description: The id of webhook policy.
required: true
type: integer
format: int64
tags:
- Products
responses:
'200':
description: Get webhook policy successfully.
schema:
$ref: '#/definitions/WebhookPolicy'
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to get webhook policy of the project.
'404':
description: Webhook policy ID does not exist.
'500':
description: Internal server errors.
put:
summary: Update webhook policy of a project.
description: |
This endpoint is aimed to update the webhook policy of a project.
parameters:
- name: project_id
in: path
description: Relevant project ID.
required: true
type: integer
format: int64
- name: policy_id
in: path
description: The id of webhook policy.
required: true
type: integer
format: int64
- name: policy
in: body
description: All properties needed except "id", "project_id", "creation_time", "update_time".
required: true
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- Products
responses:
'200':
description: Update webhook policy successfully.
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to update webhook policy of the project.
'404':
description: Webhook policy ID does not exist.
'500':
description: Internal server errors.
delete:
summary: Delete webhook policy of a project
description: |
This endpoint is aimed to delete webhookpolicy of a project.
parameters:
- name: project_id
in: path
description: Relevant project ID.
required: true
type: integer
format: int64
- name: policy_id
in: path
description: The id of webhook policy.
required: true
type: integer
format: int64
tags:
- Products
responses:
'200':
description: Delete webhook policy successfully.
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to delete webhook policy of the project.
'404':
description: Webhook policy ID does not exist.
'500':
description: Internal server errors.
'/projects/{project_id}/webhook/policies/test':
post:
summary: Test project webhook connection
description: |
This endpoint tests webhook connection of a project.
parameters:
- name: project_id
in: path
description: Relevant project ID.
required: true
type: integer
format: int64
- name: policy
in: body
description: Only property "targets" needed.
required: true
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- Products
responses:
'200':
description: Test webhook connection successfully.
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to get webhook policy of the project.
'500':
description: Internal server errors.
'/projects/{project_id}/webhook/lasttrigger':
get:
summary: Get project webhook policy last trigger info
description: |
This endpoint returns last trigger information of project webhook policy.
parameters:
- name: project_id
in: path
description: Relevant project ID.
required: true
type: integer
format: int64
tags:
- Products
responses:
'200':
description: Test webhook connection successfully.
schema:
type: array
items:
$ref: '#/definitions/WebhookLastTrigger'
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to get webhook policy of the project.
'500':
description: Internal server errors.
'/projects/{project_id}/webhook/jobs':
get:
summary: List project webhook jobs
description: |
This endpoint returns webhook jobs of a project.
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
- name: policy_id
in: query
type: integer
format: int64
required: true
description: The policy ID.
tags:
- Products
responses:
'200':
description: List project webhook jobs successfully.
schema:
type: array
items:
$ref: '#/definitions/WebhookJob'
headers:
X-Total-Count:
description: The total count of available items
type: integer
Link:
description: Link to previous page and next page
type: string
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to list webhook jobs of the project.
'500':
description: Unexpected internal errors.
'/projects/{project_id}/webhook/events':
get:
summary: Get supported event types and notify types.
description: Get supportted event types and notify types.
tags:
- Products
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
responses:
'200':
description: Success
schema:
$ref: '#/definitions/SupportedWebhookEventTypes'
'401':
description: User need to log in first.
'403':
description: User have no permission to list webhook jobs of the project.
'500':
description: Unexpected internal errors.
'/projects/{project_id}/immutabletagrules':
get:
summary: List all immutable tag rules of current project
description: |
This endpoint returns the immutable tag rules of a project
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
tags:
- Products
responses:
'200':
description: List project immutable tag rules successfully.
schema:
type: array
items:
$ref: '#/definitions/RetentionRule'
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to list immutable tag rules of the project.
'500':
description: Unexpected internal errors.
post:
summary: Add an immutable tag rule to current project
description: |
This endpoint add an immutable tag rule to the project
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
- name: RetentionRule
in: body
required: true
schema:
$ref: '#/definitions/RetentionRule'
tags:
- Products
responses:
'200':
description: Add the immutable tag rule successfully.
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to get immutable tag rule of the project.
'500':
description: Internal server errors.
'/projects/{project_id}/immutabletagrules/{id}':
put:
summary: Update the immutable tag rule or enable or disable the rule
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
- name: id
in: path
type: integer
format: int64
required: true
description: Immutable tag rule ID.
- name: RetentionRule
in: body
required: true
schema:
$ref: '#/definitions/RetentionRule'
tags:
- Products
responses:
'200':
description: Update the immutable tag rule successfully.
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to update the immutable tag rule of the project.
'500':
description: Internal server errors.
delete:
summary: Delete the immutable tag rule.
parameters:
- name: project_id
in: path
type: integer
format: int64
required: true
description: Relevant project ID.
- name: id
in: path
type: integer
format: int64
required: true
description: Immutable tag rule ID.
tags:
- Products
responses:
'200':
description: Delete the immutable tag rule successfully.
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission to delete immutable tags of the project.
'500':
description: Internal server errors.
'/retentions/metadatas':
get:
summary: Get Retention Metadatas
description: Get Retention Metadatas.
tags:
- Products
- Retention
responses:
'200':
description: Get Retention Metadatas successfully.
schema:
$ref: '#/definitions/RetentionMetadata'
'/retentions':
post:
summary: Create Retention Policy
description: |
Create Retention Policy, you can reference metadatas API for the policy model.
You can check project metadatas to find whether a retention policy is already binded.
This method should only be called when no retention policy binded to project yet.
tags:
- Products
- Retention
parameters:
- name: policy
in: body
description: Create Retention Policy successfully.
required: true
schema:
$ref: '#/definitions/RetentionPolicy'
responses:
'201':
description: Project created successfully.
headers:
Location:
type: string
description: The URL of the created resource
'400':
description: Illegal format of provided ID value.
'401':
description: User need to log in first.
'403':
description: User have no permission.
'500':
description: Unexpected internal errors.
'/retentions/{id}':
get:
summary: Get Retention Policy
description: Get Retention Policy.
tags:
- Products
- Retention
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Retention ID.
responses:
'200':
description: Get Retention Policy successfully.
schema:
$ref: '#/definitions/RetentionPolicy'
'401':
description: User need to log in first.
'403':
description: User have no permission.
'500':
description: Unexpected internal errors.
put:
summary: Update Retention Policy
description: |
Update Retention Policy, you can reference metadatas API for the policy model.
You can check project metadatas to find whether a retention policy is already binded.
This method should only be called when retention policy has already binded to project.
tags:
- Products
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Retention ID.
- name: policy
in: body
required: true
schema:
$ref: '#/definitions/RetentionPolicy'
responses:
'200':
description: Update Retention Policy successfully.
'401':
description: User need to log in first.
'403':
description: User have no permission.
'500':
description: Unexpected internal errors.
'/retentions/{id}/executions':
post:
summary: Trigger a Retention job
description: Trigger a Retention job, if dry_run is True, nothing would be deleted actually.
tags:
- Products
- Retention
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Retention ID.
- name: action
in: body
required: true
schema:
type: object
properties:
dry_run:
type: boolean
responses:
'200':
description: Trigger a Retention job successfully.
'401':
description: User need to log in first.
'403':
description: User have no permission.
'500':
description: Unexpected internal errors.
get:
summary: Get a Retention job
description: Get a Retention job, job status may be delayed before job service schedule it up.
tags:
- Products
- Retention
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Retention ID.
- name: page
in: query
type: integer
format: int32
required: false
description: The page number.
- name: page_size
in: query
type: integer
format: int32
required: false
description: The size of per page.
responses:
'200':
description: Get a Retention job successfully.
schema:
type: array
items:
type: object
$ref: '#/definitions/RetentionExecution'
headers:
X-Total-Count:
description: The total count of available items
type: integer
Link:
description: Link to previous page and next page
type: string
'401':
description: User need to log in first.
'403':
description: User have no permission.
'500':
description: Unexpected internal errors.
'/retentions/{id}/executions/{eid}':
patch:
summary: Stop a Retention job
description: Stop a Retention job, only support "stop" action now.
tags:
- Products
- Retention
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Retention ID.
- name: eid
in: path
type: integer
format: int64
required: true
description: Retention execution ID.
- name: action
in: body
description: The action, only support "stop" now.
required: true
schema:
type: object
properties:
action:
type: string
responses:
'200':
description: Stop a Retention job successfully.
'401':
description: User need to log in first.
'403':
description: User have no permission.
'500':
description: Unexpected internal errors.
'/retentions/{id}/executions/{eid}/tasks':
get:
summary: Get Retention job tasks
description: Get Retention job tasks, each repository as a task.
tags:
- Products
- Retention
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Retention ID.
- name: eid
in: path
type: integer
format: int64
required: true
description: Retention execution ID.
- name: page
in: query
type: integer
format: int32
required: false
description: The page number.
- name: page_size
in: query
type: integer
format: int32
required: false
description: The size of per page.
responses:
'200':
description: Get Retention job tasks successfully.
schema:
type: array
items:
type: object
$ref: '#/definitions/RetentionExecutionTask'
headers:
X-Total-Count:
description: The total count of available items
type: integer
Link:
description: Link to previous page and next page
type: string
'401':
description: User need to log in first.
'403':
description: User have no permission.
'500':
description: Unexpected internal errors.
'/retentions/{id}/executions/{eid}/tasks/{tid}':
get:
summary: Get Retention job task log
description: Get Retention job task log, tags ratain or deletion detail will be shown in a table.
tags:
- Products
- Retention
parameters:
- name: id
in: path
type: integer
format: int64
required: true
description: Retention ID.
- name: eid
in: path
type: integer
format: int64
required: true
description: Retention execution ID.
- name: tid
in: path
type: integer
format: int64
required: true
description: Retention execution ID.
responses:
'200':
description: Get Retention job task log successfully.
schema:
type: string
'401':
description: User need to log in first.
'403':
description: User have no permission.
'500':
description: Unexpected internal errors.
'/scanners':
get:
summary: List scanner registrations
description: |
Returns a list of currently configured scanner registrations.
tags:
- Products
- Scanners
responses:
'200':
description: A list of scanner registrations.
schema:
type: array
items:
$ref: '#/definitions/ScannerRegistration'
headers:
X-Total-Count:
description: The total count of available items
type: integer
Link:
description: Link to previous page and next page
type: string
'400':
description: Bad query paramters
'401':
description: Unauthorized request
'403':
description: Request is not allowed, system role required
'500':
description: Internal server error happened
parameters:
- name: page
in: query
type: integer
format: int32
required: false
description: The page number.
- name: page_size
in: query
type: integer
format: int32
required: false
description: The size of per page.
post:
summary: Create a scanner registration
description: |
Creats a new scanner registration with the given data.
tags:
- Scanners
parameters:
- name: registration
in: body
description: A scanner registration to be created.
required: true
schema:
$ref: '#/definitions/ScannerRegistrationReq'
responses:
'201':
description: Created successfully
headers:
Location:
type: string
description: The URL of the created resource
'400':
description: Bad registration request
'401':
description: Unauthorized request
'403':
description: Request is not allowed, system role required
'500':
description: Internal server error happened
'/scanners/ping':
post:
summary: Tests scanner registration settings
description: |
Pings scanner adapter to test endpoint URL and authorization settings.
tags:
- Products
- Scanners
parameters:
- name: settings
in: body
description: A scanner registration settings to be tested.
required: true
schema:
$ref: '#/definitions/ScannerRegistrationSettings'
responses:
'200':
description: Test succeeded
'400':
description: Bad registration settings
'401':
description: Unauthorized request
'403':
description: Request is not allowed, system role required
'500':
description: Internal server error happened
'/scanners/{registration_id}':
get:
summary: Get a scanner registration details
description: |
Retruns the details of the specified scanner registration.
tags:
- Products
- Scanners
parameters:
- name: registration_id
in: path
description: The scanner registration identifer.
required: true
type: string
responses:
'200':
description: The details of the scanner registration.
schema:
$ref: '#/definitions/ScannerRegistration'
'401':
description: Unauthorized request
'403':
description: Request is not allowed, system role required
'404':
description: The requested object is not found
'500':
description: Internal server error happened
put:
summary: Update a scanner registration
description: |
Updates the specified scanner registration.
tags:
- Scanners
parameters:
- name: registration_id
in: path
description: The scanner registration identifier.
required: true
type: string
- name: registration
in: body
required: true
description: A scanner registraiton to be updated.
schema:
$ref: '#/definitions/ScannerRegistrationReq'
responses:
'200':
description: Updated successfully
'401':
description: Unauthorized request
'403':
description: Request is not allowed, system role required
'404':
description: The requested object is not found
'500':
description: Internal server error happened
delete:
summary: Delete a scanner registration
description: |
Deletes the specified scanner registration.
tags:
- Scanners
parameters:
- name: registration_id
in: path
description: The scanner registration identifier.
required: true
type: string
responses:
'200':
description: Deleted successfully and return the deleted registration
schema:
$ref: '#/definitions/ScannerRegistration'
'401':
description: Unauthorized request
'403':
description: Request is not allowed, system role required or registration is immutable
'404':
description: The requested object is not found
'500':
description: Internal server error happened
patch:
summary: Set system default scanner registration
description: |
Set the specified scanner registration as the system default one.
tags:
- Scanners
parameters:
- name: registration_id
in: path
description: The scanner registration identifier.
required: true
type: string
- name: payload
in: body
required: true
schema:
$ref: '#/definitions/IsDefault'
responses:
'200':
description: Successfully set the specified scanner registration as system default
'401':
description: Unauthorized request
'403':
description: Request is not allowed
'500':
description: Internal server error happened
'/scanners/{registration_id}/metadata':
get:
summary: Get the metadata of the specified scanner registration
description: |
Get the metadata of the specified scanner registration, including the capabilities and customzied properties.
tags:
- Products
- Scanners
parameters:
- name: registration_id
in: path
required: true
description: The scanner registration identifier.
type: string
responses:
'200':
description: The metadata of the specified scanner adapter
schema:
$ref: '#/definitions/ScannerAdapterMetadata'
'401':
description: Unauthorized request
'403':
description: Request is not allowed
'500':
description: Internal server error happened
'/projects/{project_id}/scanner':
get:
summary: Get project level scanner
description: Get the scanner registration of the specified project. If no scanner registration is configured for the specified project, the system default scanner registration will be returned.
tags:
- Products
- Scanners
parameters:
- name: project_id
in: path
required: true
description: The project identifier.
type: integer
format: int64
responses:
'200':
description: The details of the scanner registration.
schema:
$ref: '#/definitions/ScannerRegistration'
'400':
description: Bad project ID
'401':
description: Unauthorized request
'403':
description: Request is not allowed
'404':
description: The requested object is not found
'500':
description: Internal server error happened
put:
summary: Configure scanner for the specified project
description: Set one of the system configured scanner registration as the indepndent scanner of the specified project.
tags:
- Scanners
parameters:
- name: project_id
in: path
required: true
description: The project identifier.
type: integer
format: int64
- name: payload
in: body
required: true
schema:
$ref: '#/definitions/ProjectScanner'
responses:
'200':
description: Successfully set the project level scanner
'400':
description: Bad project ID
'401':
description: Unauthorized request
'403':
description: Request is not allowed
'404':
description: The requested object is not found
'500':
description: Internal server error happened
'/projects/{project_id}/scanner/candidates':
get:
summary: Get scanner registration candidates for configurating project level scanner
description: |
Retrieve the system configured scanner registrations as candidates of setting project level scanner.
tags:
- Products
- Scanners
parameters:
- name: page
in: query
type: integer
format: int32
required: false
description: The page number.
- name: page_size
in: query
type: integer
format: int32
required: false
description: The size of per page.
- name: project_id
in: path
required: true
description: The project identifier.
type: integer
format: int64
responses:
'200':
description: A list of scanner registrations.
schema:
type: array
items:
$ref: '#/definitions/ScannerRegistration'
headers:
X-Total-Count:
description: The total count of available items
type: integer
Link:
description: Link to previous page and next page
type: string
'400':
description: Bad project ID or query parameters
'401':
description: Unauthorized request
'403':
description: Request is not allowed
'500':
description: Internal server error happened
'/scans/all/metrics':
get:
summary: Get the metrics of the latest scan all process
description: Get the metrics of the latest scan all process
tags:
- Products
- Scan
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Stats'
'401':
description: Unauthorized request
'403':
description: Request is not allowed
'500':
description: Internal server error happened
'/scans/schedule/metrics':
get:
summary: Get the metrics of the latest scheduled scan all process
description: Get the metrics of the latest scheduled scan all process
tags:
- Products
- Scan
responses:
'200':
description: OK
schema:
$ref: '#/definitions/Stats'
'401':
description: Unauthorized request
'403':
description: Request is not allowed
'500':
description: Internal server error happened
responses:
OK:
description: 'Success'
Created:
description: 'Created'
headers:
Location:
type: string
description: The URL of the created resource
BadRequest:
description: 'Bad Request'
Unauthorized:
description: 'Unauthorized'
Forbidden:
description: 'Forbidden'
NotFound:
description: 'Not Found'
Conflict:
description: 'Conflict'
PreconditionFailed:
description: 'Precondition Failed'
UnsupportedMediaType:
description: 'The Media Type of the request is not supported, it has to be "application/json"'
InternalServerError:
description: 'Internal Server Error'
definitions:
Search:
type: object
properties:
project:
description: Search results of the projects that matched the filter keywords.
type: array
items:
$ref: '#/definitions/Project'
repository:
description: Search results of the repositories that matched the filter keywords.
type: array
items:
$ref: '#/definitions/SearchRepository'
chart:
description: Search results of the charts that macthed the filter keywords.
type: array
items:
$ref: '#/definitions/SearchResult'
SearchRepository:
type: object
properties:
project_id:
type: integer
description: The ID of the project that the repository belongs to
project_name:
type: string
description: The name of the project that the repository belongs to
project_public:
type: boolean
description: 'The flag to indicate the publicity of the project that the repository belongs to (1 is public, 0 is not)'
repository_name:
type: string
description: The name of the repository
pull_count:
type: integer
description: The count how many times the repository is pulled
artifact_count:
type: integer
description: The count of artifacts in the repository
ProjectReq:
type: object
properties:
project_name:
type: string
description: The name of the project.
metadata:
description: The metadata of the project.
$ref: '#/definitions/ProjectMetadata'
cve_allowlist:
description: The CVE allowlist of the project.
$ref: '#/definitions/CVEAllowlist'
count_limit:
type: integer
format: int64
description: The count quota of the project.
storage_limit:
type: integer
format: int64
description: The storage quota of the project.
registry_id:
type: integer
format: int64
description: The ID of referenced registry when creating the proxy cache project
Project:
type: object
properties:
project_id:
type: integer
format: int32
description: Project ID
owner_id:
type: integer
format: int32
description: The owner ID of the project always means the creator of the project.
name:
type: string
description: The name of the project.
registry_id:
type: integer
format: int64
description: The ID of referenced registry when the project is a proxy cache project.
creation_time:
type: string
description: The creation time of the project.
update_time:
type: string
description: The update time of the project.
deleted:
type: boolean
description: A deletion mark of the project.
owner_name:
type: string
description: The owner name of the project.
togglable:
type: boolean
description: Correspond to the UI about whether the project's publicity is updatable (for UI)
current_user_role_id:
type: integer
description: The role ID with highest permission of the current user who triggered the API (for UI). This attribute is deprecated and will be removed in future versions.
current_user_role_ids:
type: array
items:
type: integer
format: int32
description: The list of role ID of the current user who triggered the API (for UI)
repo_count:
type: integer
description: The number of the repositories under this project.
chart_count:
type: integer
description: The total number of charts under this project.
metadata:
description: The metadata of the project.
$ref: '#/definitions/ProjectMetadata'
cve_allowlist:
description: The CVE allowlist of this project.
$ref: '#/definitions/CVEAllowlist'
ProjectMetadata:
type: object
properties:
public:
type: string
description: 'The public status of the project. The valid values are "true", "false".'
enable_content_trust:
type: string
description: 'Whether content trust is enabled or not. If it is enabled, user can''t pull unsigned images from this project. The valid values are "true", "false".'
prevent_vul:
type: string
description: 'Whether prevent the vulnerable images from running. The valid values are "true", "false".'
severity:
type: string
description: 'If the vulnerability is high than severity defined here, the images can''t be pulled. The valid values are "none", "low", "medium", "high", "critical".'
auto_scan:
type: string
description: 'Whether scan images automatically when pushing. The valid values are "true", "false".'
reuse_sys_cve_allowlist:
type: string
description: 'Whether this project reuse the system level CVE allowlist as the allowlist of its own. The valid values are "true", "false".
If it is set to "true" the actual allowlist associate with this project, if any, will be ignored.'
ProjectSummary:
type: object
properties:
repo_count:
type: integer
description: The number of the repositories under this project.
chart_count:
type: integer
description: The total number of charts under this project.
project_admin_count:
type: integer
description: The total number of project admin members.
maintainer_count:
type: integer
description: The total number of maintainer members.
developer_count:
type: integer
description: The total number of developer members.
guest_count:
type: integer
description: The total number of guest members.
quota:
type: object
properties:
hard:
$ref: "#/definitions/ResourceList"
description: The hard limits of the quota
used:
$ref: "#/definitions/ResourceList"
description: The used status of the quota
registry:
$ref: "#/definitions/Registry"
User:
type: object
properties:
user_id:
type: integer
format: int
description: The ID of the user.
username:
type: string
email:
type: string
password:
type: string
realname:
type: string
comment:
type: string
deleted:
type: boolean
role_name:
type: string
role_id:
type: integer
format: int
sysadmin_flag:
type: boolean
admin_role_in_auth:
type: boolean
description: indicate the admin privilege is grant by authenticator (LDAP), is always false unless it is the current login user
reset_uuid:
type: string
Salt:
type: string
creation_time:
type: string
update_time:
type: string
UserSearch:
type: object
properties:
user_id:
type: integer
format: int
description: The ID of the user.
username:
type: string
Password:
type: object
properties:
old_password:
type: string
description: The user's existing password.
new_password:
type: string
description: New password for marking as to be updated.
Role:
type: object
properties:
role_id:
type: integer
format: int32
description: ID in table.
role_code:
type: string
description: Description of permissions for the role.
role_name:
type: string
description: Name the the role.
role_mask:
type: string
RoleParam:
type: object
properties:
roles:
type: array
items:
type: integer
format: int32
description: Role ID for updating project role member.
username:
type: string
description: Username relevant to a project role member.
StatisticMap:
type: object
properties:
private_project_count:
type: integer
format: int32
description: The count of the private projects which the user is a member of.
private_repo_count:
type: integer
format: int32
description: The count of the private repositories belonging to the projects which the user is a member of.
public_project_count:
type: integer
format: int32
description: The count of the public projects.
public_repo_count:
type: integer
format: int32
description: The count of the public repositories belonging to the public projects which the user is a member of.
total_project_count:
type: integer
format: int32
description: 'The count of the total projects, only be seen when the is admin.'
total_repo_count:
type: integer
format: int32
description: 'The count of the total repositories, only be seen when the user is admin.'
ReplicationPolicy:
type: object
properties:
id:
type: integer
format: int64
description: The policy ID.
name:
type: string
description: The policy name.
description:
type: string
description: The description of the policy.
src_registry:
description: The source registry.
$ref: '#/definitions/Registry'
dest_registry:
description: The destination registry.
$ref: '#/definitions/Registry'
dest_namespace:
type: string
description: The destination namespace.
trigger:
$ref: '#/definitions/ReplicationTrigger'
filters:
type: array
description: The replication policy filter array.
items:
$ref: '#/definitions/ReplicationFilter'
deletion:
type: boolean
description: Whether to replicate the deletion operation.
override:
type: boolean
description: Whether to override the resources on the destination registry.
enabled:
type: boolean
description: Whether the policy is enabled or not.
creation_time:
type: string
description: The create time of the policy.
update_time:
type: string
description: The update time of the policy.
ReplicationTrigger:
type: object
properties:
type:
type: string
description: 'The replication policy trigger type. The valid values are manual, event_based and scheduled.'
trigger_settings:
$ref: '#/definitions/TriggerSettings'
TriggerSettings:
type: object
properties:
cron:
type: string
description: The cron string for scheduled trigger
ReplicationFilter:
type: object
properties:
type:
type: string
description: 'The replication policy filter type.'
value:
type: string
description: 'The value of replication policy filter.'
RegistryCredential:
type: object
properties:
type:
type: string
description: Credential type, such as 'basic', 'oauth'.
access_key:
type: string
description: Access key, e.g. user name when credential type is 'basic'.
access_secret:
type: string
description: Access secret, e.g. password when credential type is 'basic'.
Registry:
type: object
properties:
id:
type: integer
format: int64
description: The registry ID.
url:
type: string
description: The registry URL string.
name:
type: string
description: The registry name.
credential:
$ref: '#/definitions/RegistryCredential'
type:
type: string
description: Type of the registry, e.g. 'harbor'.
insecure:
type: boolean
description: Whether or not the certificate will be verified when Harbor tries to access the server.
description:
type: string
description: Description of the registry.
status:
type: string
description: Health status of the registry.
creation_time:
type: string
description: The create time of the policy.
update_time:
type: string
description: The update time of the policy.
PingRegistry:
type: object
properties:
id:
type: integer
description: The ID of the registry
type:
type: string
description: Type of the registry, e.g. 'harbor'.
url:
type: string
description: The registry address URL string.
credential_type:
type: string
description: Credential type of the registry, e.g. 'basic'.
access_key:
type: string
description: The registry access key.
access_secret:
type: string
description: The registry access secret.
insecure:
type: boolean
description: Whether or not the certificate will be verified when Harbor tries to access the server.
PutRegistry:
type: object
properties:
name:
type: string
description: The registry name.
description:
type: string
description: Description of the registry.
url:
type: string
description: The registry address URL string.
credential_type:
type: string
description: Credential type of the registry, e.g. 'basic'.
access_key:
type: string
description: The registry access key.
access_secret:
type: string
description: The registry access secret.
insecure:
type: boolean
description: Whether or not the certificate will be verified when Harbor tries to access the server.
SysAdminFlag:
type: object
properties:
sysadmin_flag:
type: boolean
description: 'true-admin, false-not admin.'
UserProfile:
type: object
properties:
email:
type: string
description: The new email.
realname:
type: string
description: The new realname.
comment:
type: string
description: The new comment.
LdapConf:
type: object
properties:
ldap_url:
type: string
description: The url of ldap service.
ldap_search_dn:
type: string
description: The search dn of ldap service.
ldap_search_password:
type: string
description: The search password of ldap service.
ldap_base_dn:
type: string
description: The base dn of ldap service.
ldap_filter:
type: string
description: The serach filter of ldap service.
ldap_uid:
type: string
description: The serach uid from ldap service attributes.
ldap_scope:
type: integer
format: int64
description: The serach scope of ldap service.
ldap_connection_timeout:
type: integer
format: int64
description: The connect timeout of ldap service(second).
LdapUsers:
type: object
properties:
ldap_username:
type: string
description: search ldap user name based on ldapconf.
ldap_realname:
type: string
description: system will try to guess the user realname form "uid" or "cn" attribute.
ldap_email:
type: string
description: system will try to guess the user email address form "mail" or "email" attribute.
LdapImportUsers:
type: object
properties:
ldap_uid_list:
type: array
description: selected uid list
items:
type: string
LdapFailedImportUsers:
type: object
properties:
ldap_uid:
type: string
description: the uid can't add to system.
error:
type: string
description: fail reason.
EmailServerSetting:
type: object
properties:
email_host:
type: string
description: The host of email server.
email_port:
type: integer
description: The port of email server.
email_username:
type: string
description: The username of email server.
email_password:
type: string
description: The password of email server.
email_ssl:
type: boolean
description: Use ssl/tls or not.
email_identity:
type: string
description: The dentity of email server.
ComponentOverviewEntry:
type: object
properties:
severity:
type: integer
description: '1-None/Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High'
count:
type: integer
description: number of the components with certain severity.
Configurations:
type: object
properties:
auth_mode:
type: string
description: 'The auth mode of current system, such as "db_auth", "ldap_auth"'
count_per_project:
type: string
description: The default count quota for the new created projects.
email_from:
type: string
description: The sender name for Email notification.
email_host:
type: string
description: The hostname of SMTP server that sends Email notification.
email_port:
type: integer
description: The port of SMTP server.
email_identity:
type: string
description: By default it's empty so the email_username is picked.
email_username:
type: string
description: The username for authenticate against SMTP server.
email_ssl:
type: boolean
description: 'When it''s set to true the system will access Email server via TLS by default. If it''s set to false, it still will handle "STARTTLS" from server side.'
email_insecure:
type: boolean
description: Whether or not the certificate will be verified when Harbor tries to access the email server.
ldap_url:
type: string
description: The URL of LDAP server.
ldap_base_dn:
type: string
description: The Base DN for LDAP binding.
ldap_filter:
type: string
description: The filter for LDAP binding.
ldap_scope:
type: integer
description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'
ldap_uid:
type: string
description: 'The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"'
ldap_search_dn:
type: string
description: The DN of the user to do the search.
ldap_timeout:
type: integer
description: timeout in seconds for connection to LDAP server.
ldap_group_attribute_name:
type: string
description: 'The attribute which is used as identity of the LDAP group, default is cn.'
ldap_group_base_dn:
type: string
description: The base DN to search LDAP group.
ldap_group_search_filter:
type: string
description: The filter to search the ldap group.
ldap_group_search_scope:
type: integer
description: 'The scope to search ldap. ''0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'''
ldap_group_admin_dn:
type: string
description: Specify the ldap group which have the same privilege with Harbor admin.
oidc_client_id:
type: string
description: The client id of the OIDC.
oidc_client_secret:
type: string
description: The client secret of the OIDC.
oidc_endpoint:
type: string
description: The URL of an OIDC-complaint server, must start with 'https://'.
oidc_name:
type: string
description: The name of the OIDC provider.
oidc_scope:
type: string
description: The scope sent to OIDC server during authentication, should be separated by comma. It has to contain “openid”, and “offline_access”. If you are using google, please remove “offline_access” from this field.
oidc_verify_cert:
type: boolean
description: Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate.
project_creation_restriction:
type: string
description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly".
quota_per_project_enable:
type: boolean
description: This attribute indicates whether quota per project enabled in harbor
read_only:
type: boolean
description: '''docker push'' is prohibited by Harbor if you set it to true. '
self_registration:
type: boolean
description: 'Whether the Harbor instance supports self-registration. If it''s set to false, admin need to add user to the instance.'
storage_per_project:
type: string
description: The default storage quota for the new created projects.
token_expiration:
type: integer
description: 'The expiration time of the token for internal Registry, in minutes.'
verify_remote_cert:
type: boolean
description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication.
scan_all_policy:
type: object
properties:
type:
type: string
description: 'The type of scan all policy, currently the valid values are "none" and "daily"'
parameter:
type: object
properties:
daily_time:
type: integer
description: 'The offset in seconds of UTC 0 o''clock, only valid when the policy type is "daily"'
description: 'The parameters of the policy, the values are dependant on the type of the policy.'
ConfigurationsResponse:
type: object
properties:
auth_mode:
$ref: '#/definitions/StringConfigItem'
description: 'The auth mode of current system, such as "db_auth", "ldap_auth"'
count_per_project:
$ref: '#/definitions/IntegerConfigItem'
description: The default count quota for the new created projects.
email_from:
$ref: '#/definitions/StringConfigItem'
description: The sender name for Email notification.
email_host:
$ref: '#/definitions/StringConfigItem'
description: The hostname of SMTP server that sends Email notification.
email_port:
$ref: '#/definitions/IntegerConfigItem'
description: The port of SMTP server.
email_identity:
$ref: '#/definitions/StringConfigItem'
description: By default it's empty so the email_username is picked.
email_username:
$ref: '#/definitions/StringConfigItem'
description: The username for authenticate against SMTP server.
email_ssl:
$ref: '#/definitions/BoolConfigItem'
description: 'When it''s set to true the system will access Email server via TLS by default. If it''s set to false, it still will handle "STARTTLS" from server side.'
email_insecure:
$ref: '#/definitions/BoolConfigItem'
description: Whether or not the certificate will be verified when Harbor tries to access the email server.
ldap_url:
$ref: '#/definitions/StringConfigItem'
description: The URL of LDAP server.
ldap_base_dn:
$ref: '#/definitions/StringConfigItem'
description: The Base DN for LDAP binding.
ldap_filter:
$ref: '#/definitions/StringConfigItem'
description: The filter for LDAP binding.
ldap_scope:
type: integer
description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'
ldap_uid:
$ref: '#/definitions/StringConfigItem'
description: 'The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"'
ldap_search_dn:
type: string
description: The DN of the user to do the search.
ldap_timeout:
$ref: '#/definitions/IntegerConfigItem'
description: timeout in seconds for connection to LDAP server.
ldap_group_attribute_name:
$ref: '#/definitions/StringConfigItem'
description: 'The attribute which is used as identity of the LDAP group, default is cn.'
ldap_group_base_dn:
$ref: '#/definitions/StringConfigItem'
description: The base DN to search LDAP group.
ldap_group_search_filter:
$ref: '#/definitions/StringConfigItem'
description: The filter to search the ldap group.
ldap_group_search_scope:
$ref: '#/definitions/IntegerConfigItem'
description: 'The scope to search ldap. ''0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'''
ldap_group_admin_dn:
$ref: '#/definitions/StringConfigItem'
description: Specify the ldap group which have the same privilege with Harbor admin.
oidc_client_id:
$ref: '#/definitions/StringConfigItem'
description: The client id of the OIDC.
oidc_endpoint:
$ref: '#/definitions/StringConfigItem'
description: The URL of an OIDC-complaint server, must start with 'https://'.
oidc_name:
$ref: '#/definitions/StringConfigItem'
description: The name of the OIDC provider.
oidc_scope:
$ref: '#/definitions/StringConfigItem'
description: The scope sent to OIDC server during authentication, should be separated by comma. It has to contain “openid”, and “offline_access”. If you are using google, please remove “offline_access” from this field.
oidc_verify_cert:
$ref: '#/definitions/BoolConfigItem'
description: Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate.
project_creation_restriction:
$ref: '#/definitions/StringConfigItem'
description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly".
quota_per_project_enable:
$ref: '#/definitions/BoolConfigItem'
description: This attribute indicates whether quota per project enabled in harbor
read_only:
$ref: '#/definitions/BoolConfigItem'
description: '''docker push'' is prohibited by Harbor if you set it to true. '
self_registration:
$ref: '#/definitions/BoolConfigItem'
description: 'Whether the Harbor instance supports self-registration. If it''s set to false, admin need to add user to the instance.'
storage_per_project:
$ref: '#/definitions/IntegerConfigItem'
description: The default storage quota for the new created projects.
token_expiration:
$ref: '#/definitions/IntegerConfigItem'
description: 'The expiration time of the token for internal Registry, in minutes.'
verify_remote_cert:
$ref: '#/definitions/BoolConfigItem'
description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication.
scan_all_policy:
type: object
properties:
type:
type: string
description: 'The type of scan all policy, currently the valid values are "none" and "daily"'
parameter:
type: object
properties:
daily_time:
type: integer
description: 'The offset in seconds of UTC 0 o''clock, only valid when the policy type is "daily"'
description: 'The parameters of the policy, the values are dependant on the type of the policy.'
Label:
type: object
properties:
id:
type: integer
description: The ID of label.
name:
type: string
description: The name of label.
description:
type: string
description: The description of label.
color:
type: string
description: The color of label.
scope:
type: string
description: 'The scope of label, g for global labels and p for project labels.'
project_id:
type: integer
description: The project ID if the label is a project label.
creation_time:
type: string
description: The creation time of label.
update_time:
type: string
description: The update time of label.
deleted:
type: boolean
description: The label is deleted or not.
ProjectMemberEntity:
type: object
properties:
id:
type: integer
description: the project member id
project_id:
type: integer
description: the project id
entity_name:
type: string
description: the name of the group member.
role_name:
type: string
description: the name of the role
role_id:
type: integer
description: the role id
entity_id:
type: integer
description: 'the id of entity, if the member is a user, it is user_id in user table. if the member is a user group, it is the user group''s ID in user_group table.'
entity_type:
type: string
description: 'the entity''s type, u for user entity, g for group entity.'
ProjectMember:
type: object
properties:
role_id:
type: integer
description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for maintainer'
member_user:
$ref: '#/definitions/UserEntity'
member_group:
$ref: '#/definitions/UserGroup'
RoleRequest:
type: object
properties:
role_id:
type: integer
description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for maintainer'
UserEntity:
type: object
properties:
user_id:
type: integer
description: The ID of the user.
username:
type: string
description: The name of the user.
UserGroup:
type: object
properties:
id:
type: integer
description: The ID of the user group
group_name:
type: string
description: The name of the user group
group_type:
type: integer
description: 'The group type, 1 for LDAP group, 2 for HTTP group.'
ldap_group_dn:
type: string
description: The DN of the LDAP group if group type is 1 (LDAP group).
StringConfigItem:
type: object
properties:
value:
type: string
description: The string value of current config item
editable:
type: boolean
description: The configure item can be updated or not
BoolConfigItem:
type: object
properties:
value:
type: boolean
description: The boolean value of current config item
editable:
type: boolean
description: The configure item can be updated or not
IntegerConfigItem:
type: object
properties:
value:
type: integer
description: The integer value of current config item
editable:
type: boolean
description: The configure item can be updated or not
ChartAPIError:
description: The error object returned by chart repository API
type: object
required:
- error
properties:
error:
type: string
description: The error message returned by the chart API
UnauthorizedChartAPIError:
description: Unauthorized
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
ForbiddenChartAPIError:
description: Operation is forbidden or quota exceeded
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
InternalChartAPIError:
description: Internal server error occurred
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
NotFoundChartAPIError:
description: Not found
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
InsufficientStorageChartAPIError:
description: Insufficient storage
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
BadRequestFormatedError:
description: Bad request
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
ConflictFormatedError:
description: Conflicts
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
ChartMetadata:
type: object
description: The metadata of chart version
required:
- name
- version
- engine
- icon
- apiVersion
- appVersion
properties:
name:
type: string
description: The name of the chart
home:
type: string
description: The URL to the relevant project page
sources:
type: array
description: The URL to the source code of chart
items:
type: string
version:
type: string
description: A SemVer 2 version of chart
description:
type: string
description: A one-sentence description of chart
keywords:
type: array
description: A list of string keywords
items:
type: string
engine:
type: string
description: The name of template engine
icon:
type: string
description: The URL to an icon file
apiVersion:
type: string
description: The API version of this chart
appVersion:
type: string
description: The version of the application enclosed in the chart
deprecated:
type: boolean
description: Whether or not this chart is deprecated
ChartVersion:
type: object
description: A specified chart entry
allOf:
- $ref: '#/definitions/ChartMetadata'
- type: object
properties:
created:
type: string
description: The created time of the chart entry
removed:
type: boolean
description: A flag to indicate if the chart entry is removed
digest:
type: string
description: The digest value of the chart entry
urls:
type: array
description: The urls of the chart entry
items:
type: string
properties:
labels:
$ref: '#/definitions/Labels'
GCResult:
type: object
properties:
id:
type: integer
description: the id of gc job.
job_name:
type: string
description: the job name of gc job.
job_kind:
type: string
description: the job kind of gc job.
job_parameters:
type: string
description: the job parameters of gc job.
schedule:
$ref: '#/definitions/AdminJobScheduleObj'
job_status:
type: string
description: the status of gc job.
deleted:
type: boolean
description: if gc job was deleted.
creation_time:
type: string
description: the creation time of gc job.
update_time:
type: string
description: the update time of gc job.
AdminJobSchedule:
type: object
properties:
schedule:
$ref: '#/definitions/AdminJobScheduleObj'
parameters:
type: object
description: The parameters of admin job
additionalProperties:
type: boolean
AdminJobScheduleObj:
type: object
properties:
type:
type: string
description: |
The schedule type. The valid values are 'Hourly', 'Daily', 'Weekly', 'Custom', 'Manually' and 'None'.
'Manually' means to trigger it right away and 'None' means to cancel the schedule.
cron:
type: string
description: A cron expression, a time-based job scheduler.
SearchResult:
type: object
description: The chart search result item
properties:
name:
type: string
description: The chart name with repo name
score:
type: integer
description: The matched level
chart:
$ref: '#/definitions/ChartVersion'
Labels:
type: array
description: A list of label
items:
$ref: '#/definitions/Label'
OverallHealthStatus:
type: object
description: The system health status
properties:
status:
type: string
description: The overall health status. It is "healthy" only when all the components' status are "healthy"
components:
type: array
items:
$ref: '#/definitions/ComponentHealthStatus'
ComponentHealthStatus:
type: object
description: The health status of component
properties:
name:
type: string
description: The component name
status:
type: string
description: The health status of component
error:
type: string
description: (optional) The error message when the status is "unhealthy"
Permission:
type: object
description: The permission
properties:
resource:
type: string
description: The permission resoruce
action:
type: string
description: The permission action
RegistryInfo:
type: object
description: The registry info contains the base info and capability declarations of the registry
properties:
type:
type: string
description: The registry type
description:
type: string
description: The description
supported_resource_filters:
type: array
description: The filters that the registry supports
items:
$ref: '#/definitions/FilterStyle'
supported_triggers:
type: array
description: The triggers that the registry supports
items:
type: string
FilterStyle:
type: object
description: The style of the resource filter
properties:
type:
type: string
description: The filter type
style:
type: string
description: The filter style
values:
type: array
description: The filter values
items:
type: string
Namespace:
type: object
description: The namespace of registry
properties:
name:
type: string
description: The name of namespace
metadata:
type: object
description: The metadata of namespace
CVEAllowlist:
type: object
description: The CVE Allowlist for system or project
properties:
id:
type: integer
description: ID of the allowlist
project_id:
type: integer
description: ID of the project which the allowlist belongs to. For system level allowlist this attribute is zero.
expires_at:
type: integer
description: the time for expiration of the allowlist, in the form of seconds since epoch. This is an optional attribute, if it's not set the CVE allowlist does not expire.
items:
type: array
items:
$ref: "#/definitions/CVEAllowlistItem"
CVEAllowlistItem:
type: object
description: The item in CVE allowlist
properties:
cve_id:
type: string
description: The ID of the CVE, such as "CVE-2019-10164"
ResourceList:
type: object
additionalProperties:
type: integer
format: int64
QuotaUpdateReq:
type: object
properties:
hard:
$ref: "#/definitions/ResourceList"
description: The new hard limits for the quota
QuotaRefObject:
type: object
additionalProperties: {}
Quota:
type: object
description: The quota object
properties:
id:
type: integer
description: ID of the quota
ref:
$ref: "#/definitions/QuotaRefObject"
description: The reference object of the quota
hard:
$ref: "#/definitions/ResourceList"
description: The hard limits of the quota
used:
$ref: "#/definitions/ResourceList"
description: The used status of the quota
creation_time:
type: string
description: the creation time of the quota
update_time:
type: string
description: the update time of the quota
WebhookTargetObject:
type: object
description: The webhook policy target object.
properties:
type:
type: string
description: The webhook target notify type.
address:
type: string
description: The webhook target address.
auth_header:
type: string
description: The webhook auth header.
skip_cert_verify:
type: boolean
description: Whether or not to skip cert verify.
WebhookPolicy:
type: object
description: The webhook policy object
properties:
id:
type: integer
format: int64
description: The webhook policy ID.
name:
type: string
description: The name of webhook policy.
description:
type: string
description: The description of webhook policy.
project_id:
type: integer
description: The project ID of webhook policy.
targets:
type: array
items:
$ref: '#/definitions/WebhookTargetObject'
event_types:
type: array
items:
type: string
creator:
type: string
description: The creator of the webhook policy.
creation_time:
type: string
description: The create time of the webhook policy.
update_time:
type: string
description: The update time of the webhook policy.
enabled:
type: boolean
description: Whether the webhook policy is enabled or not.
WebhookLastTrigger:
type: object
description: The webhook policy and last trigger time group by event type.
properties:
event_type:
type: string
description: The webhook event type.
enabled:
type: boolean
description: Whether or not the webhook policy enabled.
creation_time:
type: string
description: The creation time of webhook policy.
last_trigger_time:
type: string
description: The last trigger time of webhook policy.
WebhookJob:
type: object
description: The webhook job.
properties:
id:
type: integer
format: int64
description: The webhook job ID.
policy_id:
type: integer
format: int64
description: The webhook policy ID.
event_type:
type: string
description: The webhook job event type.
notify_type:
type: string
description: The webhook job notify type.
status:
type: string
description: The webhook job status.
job_detail:
type: string
description: The webhook job notify detailed data.
creation_time:
type: string
description: The webhook job creation time.
update_time:
type: string
description: The webhook job update time.
RetentionMetadata:
type: object
description: the tag retention metadata
properties:
templates:
type: array
description: templates
items:
$ref: '#/definitions/RetentionRuleMetadata'
scope_selectors:
type: array
description: supported scope selectors
items:
$ref: '#/definitions/RetentionSelectorMetadata'
tag_selectors:
type: array
description: supported tag selectors
items:
$ref: '#/definitions/RetentionSelectorMetadata'
RetentionRuleMetadata:
type: object
description: the tag retention rule metadata
properties:
rule_template:
type: string
description: rule id
display_text:
type: string
description: rule display text
action:
type: string
description: rule action
params:
type: array
description: rule params
items:
$ref: '#/definitions/RetentionRuleParamMetadata'
RetentionRuleParamMetadata:
type: object
description: rule param
properties:
type:
type: string
unit:
type: string
required:
type: boolean
RetentionSelectorMetadata:
type: object
description: retention selector
properties:
display_text:
type: string
kind:
type: string
decorations:
type: array
items:
type: string
RetentionPolicy:
type: object
description: retention policy
properties:
id:
type: integer
format: int64
algorithm:
type: string
rules:
type: array
items:
$ref: '#/definitions/RetentionRule'
trigger:
type: object
$ref: '#/definitions/RetentionRuleTrigger'
scope:
type: object
$ref: '#/definitions/RetentionPolicyScope'
RetentionRuleTrigger:
type: object
properties:
kind:
type: string
settings:
type: object
references:
type: object
RetentionPolicyScope:
type: object
properties:
level:
type: string
ref:
type: integer
RetentionRule:
type: object
properties:
id:
type: integer
priority:
type: integer
disabled:
type: boolean
action:
type: string
template:
type: string
params:
type: object
additionalProperties:
type: object
tag_selectors:
type: array
items:
$ref: '#/definitions/RetentionSelector'
scope_selectors:
type: object
additionalProperties:
type: array
items:
$ref: '#/definitions/RetentionSelector'
RetentionSelector:
type: object
properties:
kind:
type: string
decoration:
type: string
pattern:
type: string
extras:
type: string
RetentionExecution:
type: object
properties:
id:
type: integer
format: int64
policy_id:
type: integer
format: int64
start_time:
type: string
end_time:
type: string
status:
type: string
trigger:
type: string
dry_run:
type: boolean
RetentionExecutionTask:
type: object
properties:
id:
type: integer
format: int64
execution_id:
type: integer
format: int64
repository:
type: string
job_id:
type: string
status:
type: string
status_code:
type: integer
status_revision:
type: integer
format: int64
start_time:
type: string
end_time:
type: string
total:
type: integer
retained:
type: integer
QuotaSwitcher:
type: object
properties:
enabled:
type: boolean
description: The quota is enable or disable
ScannerRegistration:
type: object
description: |
Registration represents a named configuration for invoking a scanner via its adapter.
properties:
uuid:
type: string
description: The unique identifier of this registration.
name:
type: string
example: Clair
description: The name of this registration.
description:
type: string
description: An optional description of this registration.
example: |
A free-to-use tool that scans container images for package vulnerabilities.
url:
type: string
format: url
description: A base URL of the scanner adapter
example: http://harbor-scanner-clair:8080
disabled:
type: boolean
default: false
description: Indicate whether the registration is enabled or not
is_default:
type: boolean
default: false
description: Indicate if the registration is set as the system default one
health:
type: string
default: ""
description: Indicate the healthy of the registration
example: "healthy"
auth:
type: string
default: ""
description: |
Specify what authentication approach is adopted for the HTTP communications.
Supported types Basic", "Bearer" and api key header "X-ScannerAdapter-API-Key"
example: "Bearer"
access_credential:
type: string
description: |
An optional value of the HTTP Authorization header sent with each request to the Scanner Adapter API.
example: "Bearer: JWTTOKENGOESHERE"
skip_certVerify:
type: boolean
default: false
description: Indicate if skip the certificate verification when sending HTTP requests
use_internal_addr:
type: boolean
default: false
description: Indicate whether use internal registry addr for the scanner to pull content or not
adapter:
type: string
description: Optional property to describe the name of the scanner registration
example: "Clair"
vendor:
type: string
description: Optional property to describe the vendor of the scanner registration
example: "CentOS"
version:
type: string
description: Optional property to describe the version of the scanner registration
example: "1.0.1"
ScannerRegistrationReq:
type: object
properties:
name:
type: string
description: The name of this registration
example: Clair
description:
type: string
description: An optional description of this registration.
example: |
A free-to-use tool that scans container images for package vulnerabilities.
url:
type: string
format: url
description: A base URL of the scanner adapter.
example: http://harbor-scanner-clair:8080
auth:
type: string
default: ""
description: |
Specify what authentication approach is adopted for the HTTP communications.
Supported types Basic", "Bearer" and api key header "X-ScannerAdapter-API-Key"
example: "Bearer"
access_credential:
type: string
description: |
An optional value of the HTTP Authorization header sent with each request to the Scanner Adapter API.
example: "Bearer: JWTTOKENGOESHERE"
skip_certVerify:
type: boolean
default: false
description: Indicate if skip the certificate verification when sending HTTP requests
use_internal_addr:
type: boolean
default: false
description: Indicate whether use internal registry addr for the scanner to pull content or not
disabled:
type: boolean
default: false
description: Indicate whether the registration is enabled or not
ScannerRegistrationSettings:
type: object
properties:
name:
type: string
description: The name of this registration
example: Clair
url:
type: string
format: url
description: A base URL of the scanner adapter.
example: http://harbor-scanner-clair:8080
auth:
type: string
default: ""
description: |
Specify what authentication approach is adopted for the HTTP communications.
Supported types Basic", "Bearer" and api key header "X-ScannerAdapter-API-Key"
access_credential:
type: string
description: |
An optional value of the HTTP Authorization header sent with each request to the Scanner Adapter API.
example: "Bearer: JWTTOKENGOESHERE"
IsDefault:
type: object
properties:
is_default:
type: boolean
description: A flag indicating whether a scanner registration is default.
Scanner:
type: object
properties:
name:
type: string
description: Name of the scanner
example: "Clair"
vendor:
type: string
description: Name of the scanner provider
example: "CentOS"
version:
type: string
description: Version of the scanner adapter
example: "1.0.1"
ScannerCapability:
type: object
properties:
consumes_mime_types:
type: array
items:
type: string
example: "application/vnd.docker.distribution.manifest.v2+json"
produces_mime_types:
type: array
items:
type: string
example: "application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"
ScannerAdapterMetadata:
type: object
description: The metadata info of the scanner adapter
properties:
name:
$ref: '#/definitions/Scanner'
capabilities:
type: array
items:
$ref: '#/definitions/ScannerCapability'
properties:
type: object
additionalProperties:
type: string
example:
'harbor.scanner-adapter/registry-authorization-type': 'Bearer'
ProjectScanner:
type: object
properties:
uuid:
type: string
description: The identifier of the scanner registration
Stats:
type: object
description: Stats provides the overall progress of the scan all process.
properties:
total:
type: integer
format: int
description: 'The total number of scan processes triggered by the scan all action'
example: 100
completed:
type: integer
format: int
description: 'The number of the finished scan processes triggered by the scan all action'
example: 90
requester:
type: string
description: 'The requester identity which usually uses the ID of the scan all job'
example: '28'
metrics:
type: object
description: 'The metrics data for the each status'
additionalProperties:
type: integer
format: int
example: 10
example:
'Success': 5
'Error': 2,
'Running': 3
ongoing:
type: boolean
description: A flag indicating job status of scan all .
SupportedWebhookEventTypes:
type: object
description: Supportted webhook event types and notify types.
properties:
event_type:
type: array
items:
$ref: '#/definitions/EventType'
notify_type:
type: array
items:
$ref: '#/definitions/NotifyType'
EventType:
type: string
description: Webhook supportted event type.
example: 'pullImage'
NotifyType:
type: string
description: Webhook supportted notify type.
example: 'http'
parameters:
query:
name: q
description: Query string to query resources. Supported query patterns are "exact match(k=v)", "fuzzy match(k=~v)", "range(k=[min~max])", "list with union releationship(k={v1 v2 v3})" and "list with intersetion relationship(k=(v1 v2 v3))". The value of range and list can be string(enclosed by " or '), integer or time(in format "2020-04-09 02:36:00"). All of these query patterns should be put in the query string "q=xxx" and splitted by ",". e.g. q=k1=v1,k2=~v2,k3=[min~max]
in: query
type: string
required: false