mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-16 12:41:22 +01:00
9ef50ed430
* Refactor webhook refactor notification to new programming model Signed-off-by: wang yan <wangyan@vmware.com>
2425 lines
76 KiB
YAML
2425 lines
76 KiB
YAML
swagger: '2.0'
|
|
info:
|
|
title: Harbor API
|
|
description: These APIs provide services for manipulating Harbor project.
|
|
version: '2.0'
|
|
host: localhost
|
|
schemes:
|
|
- http
|
|
- https
|
|
basePath: /api/v2.0
|
|
produces:
|
|
- application/json
|
|
- text/plain
|
|
consumes:
|
|
- application/json
|
|
securityDefinitions:
|
|
basicAuth:
|
|
type: basic
|
|
security:
|
|
- basicAuth: []
|
|
paths:
|
|
/health:
|
|
get:
|
|
summary: 'Health check API'
|
|
description: |
|
|
The endpoint returns the health stauts of the system.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: The system health status.
|
|
schema:
|
|
$ref: '#/definitions/OverallHealthStatus'
|
|
'/projects/{project_id}/metadatas':
|
|
get:
|
|
summary: Get project metadata.
|
|
description: |
|
|
This endpoint returns metadata of the project specified by project ID.
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
description: The ID of project.
|
|
required: true
|
|
type: integer
|
|
format: int64
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get metadata successfully.
|
|
schema:
|
|
$ref: '#/definitions/ProjectMetadata'
|
|
'401':
|
|
description: User need to login first.
|
|
'500':
|
|
description: Internal server errors.
|
|
post:
|
|
summary: Add metadata for the project.
|
|
description: |
|
|
This endpoint is aimed to add metadata of a project.
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Selected project ID.
|
|
- name: metadata
|
|
in: body
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/ProjectMetadata'
|
|
description: The metadata of project.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Add metadata successfully.
|
|
'400':
|
|
description: Invalid request.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User does not have permission to the project.
|
|
'404':
|
|
description: Project ID does not exist.
|
|
'415':
|
|
$ref: '#/responses/UnsupportedMediaType'
|
|
'500':
|
|
description: Internal server errors.
|
|
'/projects/{project_id}/metadatas/{meta_name}':
|
|
get:
|
|
summary: Get project metadata
|
|
description: |
|
|
This endpoint returns specified metadata of a project.
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
description: Project ID for filtering results.
|
|
required: true
|
|
type: integer
|
|
format: int64
|
|
- name: meta_name
|
|
in: path
|
|
description: The name of metadat.
|
|
required: true
|
|
type: string
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get metadata successfully.
|
|
schema:
|
|
$ref: '#/definitions/ProjectMetadata'
|
|
'401':
|
|
description: User need to log in first.
|
|
'500':
|
|
description: Internal server errors.
|
|
put:
|
|
summary: Update metadata of a project.
|
|
description: |
|
|
This endpoint is aimed to update the metadata of a project.
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: The ID of project.
|
|
- name: meta_name
|
|
in: path
|
|
description: The name of metadat.
|
|
required: true
|
|
type: string
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Updated metadata successfully.
|
|
'400':
|
|
description: Invalid request.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User does not have permission to the project.
|
|
'404':
|
|
description: Project or metadata does not exist.
|
|
'500':
|
|
description: Internal server errors.
|
|
delete:
|
|
summary: Delete metadata of a project
|
|
description: |
|
|
This endpoint is aimed to delete metadata of a project.
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
description: The ID of project.
|
|
required: true
|
|
type: integer
|
|
format: int64
|
|
- name: meta_name
|
|
in: path
|
|
description: The name of metadat.
|
|
required: true
|
|
type: string
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Metadata is deleted successfully.
|
|
'400':
|
|
description: Invalid requst.
|
|
'403':
|
|
description: User need to log in first.
|
|
'404':
|
|
description: Project or metadata does not exist.
|
|
'500':
|
|
description: Internal server errors.
|
|
'/projects/{project_id}/members':
|
|
get:
|
|
summary: Get all project member information
|
|
description: Get all project member information
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Relevant project ID.
|
|
- name: entityname
|
|
in: query
|
|
type: string
|
|
description: The entity name to search.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get project members successfully.
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '#/definitions/ProjectMemberEntity'
|
|
'400':
|
|
description: The project id is invalid.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User in session does not have permission to the project.
|
|
'404':
|
|
description: Project ID does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
post:
|
|
summary: Create project member
|
|
description: 'Create project member relationship, the member can be one of the user_member and group_member, The user_member need to specify user_id or username. If the user already exist in harbor DB, specify the user_id, If does not exist in harbor DB, it will SearchAndOnBoard the user. The group_member need to specify id or ldap_group_dn. If the group already exist in harbor DB. specify the user group''s id, If does not exist, it will SearchAndOnBoard the group. '
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Relevant project ID.
|
|
- name: project_member
|
|
in: body
|
|
schema:
|
|
$ref: '#/definitions/ProjectMember'
|
|
responses:
|
|
'201':
|
|
description: Project member created successfully.
|
|
headers:
|
|
Location:
|
|
type: string
|
|
description: The URL of the created resource
|
|
'400':
|
|
description: 'Illegal format of project member or project id is invalid, or LDAP DN is invalid.'
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User in session does not have permission to the project.
|
|
'409':
|
|
description: A user group with same group name already exist or an LDAP user group with same DN already exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
'/projects/{project_id}/members/{mid}':
|
|
get:
|
|
summary: Get the project member information
|
|
description: Get the project member information
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Relevant project ID.
|
|
- name: mid
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: The member ID
|
|
responses:
|
|
'200':
|
|
description: Project member retrieved successfully.
|
|
schema:
|
|
$ref: '#/definitions/ProjectMemberEntity'
|
|
'400':
|
|
description: 'Illegal format of project member or invalid project id, member id.'
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User in session does not have permission to the project.
|
|
'404':
|
|
description: Project or projet member does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
put:
|
|
summary: Update project member
|
|
description: Update project member relationship
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Relevant project ID.
|
|
- name: mid
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Member ID.
|
|
- name: role
|
|
in: body
|
|
schema:
|
|
$ref: '#/definitions/RoleRequest'
|
|
responses:
|
|
'200':
|
|
description: Project member updated successfully.
|
|
'400':
|
|
description: 'Invalid role id, it should be 1,2 or 3, or invalid project id, or invalid member id.'
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User in session does not have permission to the project.
|
|
'404':
|
|
description: project or project member does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
delete:
|
|
summary: Delete project member
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: project_id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Relevant project ID.
|
|
- name: mid
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Member ID.
|
|
responses:
|
|
'200':
|
|
description: Project member deleted successfully.
|
|
'400':
|
|
description: The project id or project member id is invalid.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User in session does not have permission to the project.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/statistics:
|
|
get:
|
|
summary: Get projects number and repositories number relevant to the user
|
|
description: |
|
|
This endpoint is aimed to statistic all of the projects number and repositories number relevant to the logined user, also the public projects number and repositories number. If the user is admin, he can also get total projects number and total repositories number.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get the projects number and repositories number relevant to the user successfully.
|
|
schema:
|
|
$ref: '#/definitions/StatisticMap'
|
|
'401':
|
|
description: User need to log in first.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/users:
|
|
get:
|
|
summary: Get registered users of Harbor.
|
|
description: |
|
|
This endpoint is for user to search registered users, support for filtering results with username.Notice, by now this operation is only for administrator.
|
|
parameters:
|
|
- name: username
|
|
in: query
|
|
type: string
|
|
required: false
|
|
description: Username for filtering results.
|
|
- name: email
|
|
in: query
|
|
type: string
|
|
required: false
|
|
description: Email for filtering results.
|
|
- name: page
|
|
in: query
|
|
type: integer
|
|
format: int32
|
|
required: false
|
|
description: 'The page number, default is 1.'
|
|
- name: page_size
|
|
in: query
|
|
type: integer
|
|
format: int32
|
|
required: false
|
|
description: The size of per page.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Searched for users of Harbor successfully.
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '#/definitions/User'
|
|
headers:
|
|
X-Total-Count:
|
|
description: The total count of available items
|
|
type: integer
|
|
Link:
|
|
description: Link to previous page and next page
|
|
type: string
|
|
'400':
|
|
description: Invalid user ID.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User does not have permission of admin role.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
post:
|
|
summary: Creates a new user account.
|
|
description: |
|
|
This endpoint is to create a user if the user does not already exist.
|
|
parameters:
|
|
- name: user
|
|
in: body
|
|
description: New created user.
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/User'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'201':
|
|
description: User created successfully.
|
|
headers:
|
|
Location:
|
|
type: string
|
|
description: The URL of the created resource
|
|
'400':
|
|
description: Unsatisfied with constraints of the user creation.
|
|
'403':
|
|
description: User registration can only be used by admin role user when self-registration is off.
|
|
'415':
|
|
$ref: '#/responses/UnsupportedMediaType'
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/users/current:
|
|
get:
|
|
summary: Get current user info.
|
|
description: |
|
|
This endpoint is to get the current user information.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get current user information successfully.
|
|
schema:
|
|
$ref: '#/definitions/User'
|
|
'401':
|
|
description: User need to log in first.
|
|
/users/current/permissions:
|
|
get:
|
|
summary: Get current user permissions.
|
|
description: |
|
|
This endpoint is to get the current user permissions.
|
|
parameters:
|
|
- name: scope
|
|
in: query
|
|
type: string
|
|
required: false
|
|
description: Get permissions of the scope
|
|
- name: relative
|
|
in: query
|
|
type: boolean
|
|
required: false
|
|
description: |
|
|
If true, the resources in the response are relative to the scope,
|
|
eg for resource '/project/1/repository' if relative is 'true' then the resource in response will be 'repository'.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get current user permission successfully.
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '#/definitions/Permission'
|
|
'401':
|
|
description: User need to log in first.
|
|
'500':
|
|
description: Internal errors.
|
|
/users/search:
|
|
get:
|
|
summary: Search users by username
|
|
description: |
|
|
This endpoint is to search the users by username.
|
|
parameters:
|
|
- name: username
|
|
in: query
|
|
type: string
|
|
required: true
|
|
description: Username for filtering results.
|
|
- name: page
|
|
in: query
|
|
type: integer
|
|
format: int32
|
|
required: false
|
|
description: 'The page number, default is 1.'
|
|
- name: page_size
|
|
in: query
|
|
type: integer
|
|
format: int32
|
|
required: false
|
|
description: The size of per page.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Search users by username, email successfully.
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '#/definitions/UserSearch'
|
|
headers:
|
|
X-Total-Count:
|
|
description: The total count of available items
|
|
type: integer
|
|
Link:
|
|
description: Link to previous page and next page
|
|
type: string
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
'/users/{user_id}':
|
|
get:
|
|
summary: Get a user's profile.
|
|
description: |
|
|
Get user's profile with user id.
|
|
parameters:
|
|
- name: user_id
|
|
in: path
|
|
type: integer
|
|
format: int
|
|
required: true
|
|
description: Registered user ID
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get user's profile successfully.
|
|
schema:
|
|
$ref: '#/definitions/User'
|
|
'400':
|
|
description: Invalid user ID.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User does not have permission of admin role.
|
|
'404':
|
|
description: User ID does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
put:
|
|
summary: Update a registered user to change his profile.
|
|
description: |
|
|
This endpoint let a registered user change his profile.
|
|
parameters:
|
|
- name: user_id
|
|
in: path
|
|
type: integer
|
|
format: int
|
|
required: true
|
|
description: Registered user ID
|
|
- name: profile
|
|
in: body
|
|
description: 'Only email, realname and comment can be modified.'
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/UserProfile'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Updated user's profile successfully.
|
|
'400':
|
|
description: Invalid user ID.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User does not have permission of admin role.
|
|
'404':
|
|
description: User ID does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
delete:
|
|
summary: Mark a registered user as be removed.
|
|
description: |
|
|
This endpoint let administrator of Harbor mark a registered user as
|
|
be removed.It actually won't be deleted from DB.
|
|
parameters:
|
|
- name: user_id
|
|
in: path
|
|
type: integer
|
|
format: int
|
|
required: true
|
|
description: User ID for marking as to be removed.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Marked user as be removed successfully.
|
|
'400':
|
|
description: Invalid user ID.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User does not have permission of admin role.
|
|
'404':
|
|
description: User ID does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
'/users/{user_id}/password':
|
|
put:
|
|
summary: Change the password on a user that already exists.
|
|
description: |
|
|
This endpoint is for user to update password. Users with the admin role can change any user's password. Guest users can change only their own password.
|
|
parameters:
|
|
- name: user_id
|
|
in: path
|
|
type: integer
|
|
format: int
|
|
required: true
|
|
description: Registered user ID.
|
|
- name: password
|
|
in: body
|
|
description: Password to be updated, the attribute 'old_password' is optional when the API is called by the system administrator.
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Password'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Updated password successfully.
|
|
'400':
|
|
description: Invalid user ID; Old password is blank; New password is blank.
|
|
'401':
|
|
description: Don't have authority to change password. Please check login status.
|
|
'403':
|
|
description: The caller does not have permission to update the password of the user with given ID, or the old password in request body is not correct.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
'/users/{user_id}/sysadmin':
|
|
put:
|
|
summary: Update a registered user to change to be an administrator of Harbor.
|
|
description: |
|
|
This endpoint let a registered user change to be an administrator
|
|
of Harbor.
|
|
parameters:
|
|
- name: user_id
|
|
in: path
|
|
type: integer
|
|
format: int
|
|
required: true
|
|
description: Registered user ID
|
|
- name: sysadmin_flag
|
|
in: body
|
|
description: Toggle a user to admin or not.
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/SysAdminFlag'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Updated user's admin role successfully.
|
|
'400':
|
|
description: Invalid user ID.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User does not have permission of admin role.
|
|
'404':
|
|
description: User ID does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
'/users/{user_id}/cli_secret':
|
|
put:
|
|
summary: Set CLI secret for a user.
|
|
description: |
|
|
This endpoint let user generate a new CLI secret for himself. This API only works when auth mode is set to 'OIDC'.
|
|
Once this API returns with successful status, the old secret will be invalid, as there will be only one CLI secret
|
|
for a user.
|
|
parameters:
|
|
- name: user_id
|
|
in: path
|
|
type: integer
|
|
format: int
|
|
required: true
|
|
description: User ID
|
|
- name: input_secret
|
|
in: body
|
|
description: JSON object that includes the new secret
|
|
required: true
|
|
schema:
|
|
type: object
|
|
properties:
|
|
secret:
|
|
type: string
|
|
description: The new secret
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: The secret is successfully updated
|
|
'400':
|
|
description: Invalid user ID. Or user is not onboarded via OIDC authentication. Or the secret does not meet the standard.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: Non-admin user can only generate the cli secret of himself.
|
|
'404':
|
|
description: User ID does not exist.
|
|
'412':
|
|
description: The auth mode of the system is not "oidc_auth", or the user is not onboarded via OIDC AuthN.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/labels:
|
|
get:
|
|
summary: List labels according to the query strings.
|
|
description: |
|
|
This endpoint let user list labels by name, scope and project_id
|
|
parameters:
|
|
- name: name
|
|
in: query
|
|
type: string
|
|
required: false
|
|
description: The label name.
|
|
- name: scope
|
|
in: query
|
|
type: string
|
|
required: true
|
|
description: The label scope. Valid values are g and p. g for global labels and p for project labels.
|
|
- name: project_id
|
|
in: query
|
|
type: integer
|
|
format: int64
|
|
required: false
|
|
description: 'Relevant project ID, required when scope is p.'
|
|
- name: page
|
|
in: query
|
|
type: integer
|
|
format: int32
|
|
required: false
|
|
description: The page number.
|
|
- name: page_size
|
|
in: query
|
|
type: integer
|
|
format: int32
|
|
required: false
|
|
description: The size of per page.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get successfully.
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '#/definitions/Label'
|
|
headers:
|
|
X-Total-Count:
|
|
description: The total count of available items
|
|
type: integer
|
|
Link:
|
|
description: Link to previous page and next page
|
|
type: string
|
|
'400':
|
|
description: Invalid parameters.
|
|
'401':
|
|
description: User need to log in first.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
post:
|
|
summary: Post creates a label
|
|
description: |
|
|
This endpoint let user creates a label.
|
|
parameters:
|
|
- name: label
|
|
in: body
|
|
description: The json object of label.
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Label'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'201':
|
|
description: Create successfully.
|
|
headers:
|
|
Location:
|
|
type: string
|
|
description: The URL of the created resource
|
|
'400':
|
|
description: Invalid parameters.
|
|
'401':
|
|
description: User need to log in first.
|
|
'409':
|
|
description: Label with the same name and same scope already exists.
|
|
'415':
|
|
$ref: '#/responses/UnsupportedMediaType'
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
'/labels/{id}':
|
|
get:
|
|
summary: Get the label specified by ID.
|
|
description: |
|
|
This endpoint let user get the label by specific ID.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Label ID
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get successfully.
|
|
schema:
|
|
$ref: '#/definitions/Label'
|
|
'401':
|
|
description: User need to log in first.
|
|
'404':
|
|
description: The resource does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
put:
|
|
summary: Update the label properties.
|
|
description: |
|
|
This endpoint let user update label properties.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Label ID
|
|
- name: label
|
|
in: body
|
|
description: The updated label json object.
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Label'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Update successfully.
|
|
'400':
|
|
description: Invalid parameters.
|
|
'401':
|
|
description: User need to log in first.
|
|
'404':
|
|
description: The resource does not exist.
|
|
'409':
|
|
description: The label with the same name already exists.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
delete:
|
|
summary: Delete the label specified by ID.
|
|
description: |
|
|
Delete the label specified by ID.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Label ID
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Delete successfully.
|
|
'400':
|
|
description: Invalid parameters.
|
|
'401':
|
|
description: User need to log in first.
|
|
'404':
|
|
description: The resource does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/replication/adapters:
|
|
get:
|
|
summary: List supported adapters.
|
|
description: |
|
|
This endpoint let user list supported adapters.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Success.
|
|
schema:
|
|
type: array
|
|
items:
|
|
type: string
|
|
'401':
|
|
description: Unauthorized.
|
|
'403':
|
|
description: Forbidden.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/registries:
|
|
get:
|
|
summary: List registries.
|
|
description: |
|
|
List registries according to the query.
|
|
parameters:
|
|
- name: name
|
|
in: query
|
|
type: string
|
|
required: false
|
|
description: Deprecated, use `q` instead.
|
|
- $ref: '#/parameters/query'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: List registries successfully.
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '#/definitions/Registry'
|
|
'401':
|
|
description: User need to log in first.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
post:
|
|
summary: Create a new registry.
|
|
description: |
|
|
This endpoint is for user to create a new registry.
|
|
parameters:
|
|
- name: registry
|
|
in: body
|
|
description: New created registry.
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Registry'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'201':
|
|
description: Registry created successfully.
|
|
headers:
|
|
Location:
|
|
type: string
|
|
description: The URL of the created resource
|
|
'400':
|
|
description: Unsatisfied with constraints of the registry creation.
|
|
'401':
|
|
description: User need to log in first.
|
|
'409':
|
|
description: Registry name already exists.
|
|
'415':
|
|
$ref: '#/responses/UnsupportedMediaType'
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/registries/ping:
|
|
post:
|
|
summary: Ping status of a registry.
|
|
description: |
|
|
This endpoint checks status of a registry, the registry can be given by ID or URL (together with credential)
|
|
parameters:
|
|
- name: registry
|
|
in: body
|
|
description: Registry to ping.
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Registry'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Registry is healthy.
|
|
'400':
|
|
description: No proper registry information provided.
|
|
'401':
|
|
description: User need to log in first.
|
|
'404':
|
|
description: Registry not found (when registry is provided by ID).
|
|
'415':
|
|
$ref: '#/responses/UnsupportedMediaType'
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
'/registries/{id}':
|
|
put:
|
|
summary: Update a given registry.
|
|
description: |
|
|
This endpoint is for update a given registry.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: The registry's ID.
|
|
- name: repo_target
|
|
in: body
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/PutRegistry'
|
|
description: Updates registry.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Updated registry successfully.
|
|
'400':
|
|
description: The registry is associated with policy which is enabled.
|
|
'401':
|
|
description: User need to log in first.
|
|
'404':
|
|
description: Registry does not exist.
|
|
'409':
|
|
description: Registry name is already used.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
get:
|
|
summary: Get registry.
|
|
description: This endpoint is for get specific registry.
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: The registry ID.
|
|
responses:
|
|
'200':
|
|
description: Get registry successfully.
|
|
schema:
|
|
$ref: '#/definitions/Registry'
|
|
'401':
|
|
description: User need to log in first.
|
|
'404':
|
|
description: Registry not found
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
delete:
|
|
summary: Delete specific registry.
|
|
description: |
|
|
This endpoint is for to delete specific registry.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: The registry's ID.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Registry deleted successfully.
|
|
'400':
|
|
description: Registry's ID is invalid or the registry is used by policies.
|
|
'401':
|
|
description: Only admin has this authority.
|
|
'404':
|
|
description: Registry does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
'/registries/{id}/info':
|
|
get:
|
|
summary: Get registry info.
|
|
description: Get the info of one specific registry.
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: The registry ID.
|
|
responses:
|
|
'200':
|
|
description: Get registry successfully.
|
|
schema:
|
|
$ref: '#/definitions/RegistryInfo'
|
|
'401':
|
|
description: User need to log in first.
|
|
'404':
|
|
description: Registry not found
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/registries/{id}/namespace:
|
|
get:
|
|
summary: List namespaces of registry
|
|
description: |
|
|
This endpoint let user list namespaces of registry according to query.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
type: integer
|
|
required: true
|
|
description: The registry ID.
|
|
- name: name
|
|
in: query
|
|
type: string
|
|
required: false
|
|
description: The name of namespace.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Success
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '#/definitions/Namespace'
|
|
'401':
|
|
description: User need to login first.
|
|
'403':
|
|
description: User has no privilege for the operation.
|
|
'404':
|
|
description: No registry found.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/usergroups:
|
|
get:
|
|
summary: Get all user groups information
|
|
description: Get all user groups information
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get user group successfully.
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '#/definitions/UserGroup'
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User in session does not have permission to the user group.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
post:
|
|
summary: Create user group
|
|
description: Create user group information
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: usergroup
|
|
in: body
|
|
schema:
|
|
$ref: '#/definitions/UserGroup'
|
|
responses:
|
|
'201':
|
|
description: User group created successfully.
|
|
headers:
|
|
Location:
|
|
type: string
|
|
description: The URL of the created resource
|
|
'400':
|
|
description: Invalid LDAP group DN.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User in session does not have permission to the user group.
|
|
'409':
|
|
description: A user group with same group name already exist, or an LDAP user group with same DN already exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
'/usergroups/{group_id}':
|
|
get:
|
|
summary: Get user group information
|
|
description: Get user group information
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: group_id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Group ID
|
|
responses:
|
|
'200':
|
|
description: User group get successfully.
|
|
schema:
|
|
$ref: '#/definitions/UserGroup'
|
|
'400':
|
|
description: The user group id is invalid.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User in session does not have permission to the user group.
|
|
'404':
|
|
description: User group does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
put:
|
|
summary: Update group information
|
|
description: Update user group information
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: group_id
|
|
in: path
|
|
type: integer
|
|
format: int64
|
|
required: true
|
|
description: Group ID
|
|
- name: usergroup
|
|
in: body
|
|
required: false
|
|
schema:
|
|
$ref: '#/definitions/UserGroup'
|
|
responses:
|
|
'200':
|
|
description: User group updated successfully.
|
|
'400':
|
|
description: The user group id is invalid.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: Only admin has this authority.
|
|
'404':
|
|
description: User group does not exist.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
delete:
|
|
summary: Delete user group
|
|
description: Delete user group
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: group_id
|
|
type: integer
|
|
in: path
|
|
required: true
|
|
responses:
|
|
'200':
|
|
description: User group deleted successfully.
|
|
'400':
|
|
description: The user group id is invalid.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: Only admin has this authority.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/configurations:
|
|
get:
|
|
summary: Get system configurations.
|
|
description: |
|
|
This endpoint is for retrieving system configurations that only provides for admin user.
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Get system configurations successfully. The response body is a map.
|
|
schema:
|
|
$ref: '#/definitions/ConfigurationsResponse'
|
|
'401':
|
|
description: User need to log in first.ß
|
|
'403':
|
|
description: User does not have permission of admin role.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
put:
|
|
summary: Modify system configurations.
|
|
description: |
|
|
This endpoint is for modifying system configurations that only provides for admin user.
|
|
tags:
|
|
- Products
|
|
parameters:
|
|
- name: configurations
|
|
in: body
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Configurations'
|
|
description: 'The configuration map can contain a subset of the attributes of the schema, which are to be updated.'
|
|
responses:
|
|
'200':
|
|
description: Modify system configurations successfully.
|
|
'401':
|
|
description: User need to log in first.
|
|
'403':
|
|
description: User does not have permission of admin role.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/email/ping:
|
|
post:
|
|
summary: Test connection and authentication with email server.
|
|
description: |
|
|
Test connection and authentication with email server.
|
|
parameters:
|
|
- name: settings
|
|
in: body
|
|
description: 'Email server settings, if some of the settings are not assigned, they will be read from system configuration.'
|
|
required: false
|
|
schema:
|
|
$ref: '#/definitions/EmailServerSetting'
|
|
tags:
|
|
- Products
|
|
responses:
|
|
'200':
|
|
description: Ping email server successfully.
|
|
'400':
|
|
description: Inviald email server settings.
|
|
'401':
|
|
description: User need to login first.
|
|
'403':
|
|
description: Only admin has this authority.
|
|
'415':
|
|
$ref: '#/responses/UnsupportedMediaType'
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
/chartrepo/{repo}/charts/{name}/{version}/labels:
|
|
get:
|
|
summary: Return the attahced labels of chart.
|
|
description: Return the attahced labels of the specified chart version.
|
|
tags:
|
|
- Products
|
|
- Chart Repository
|
|
- Label
|
|
parameters:
|
|
- name: repo
|
|
in: path
|
|
type: string
|
|
required: true
|
|
description: The project name
|
|
- name: name
|
|
in: path
|
|
type: string
|
|
required: true
|
|
description: The chart name
|
|
- name: version
|
|
in: path
|
|
type: string
|
|
required: true
|
|
description: The chart version
|
|
responses:
|
|
'200':
|
|
$ref: '#/definitions/Labels'
|
|
'401':
|
|
$ref: '#/definitions/UnauthorizedChartAPIError'
|
|
'403':
|
|
$ref: '#/definitions/ForbiddenChartAPIError'
|
|
'404':
|
|
$ref: '#/definitions/NotFoundChartAPIError'
|
|
'500':
|
|
$ref: '#/definitions/InternalChartAPIError'
|
|
post:
|
|
summary: Mark label to chart.
|
|
description: Mark label to the specified chart version.
|
|
tags:
|
|
- Products
|
|
- Chart Repository
|
|
- Label
|
|
parameters:
|
|
- name: repo
|
|
in: path
|
|
type: string
|
|
required: true
|
|
description: The project name
|
|
- name: name
|
|
in: path
|
|
type: string
|
|
required: true
|
|
description: The chart name
|
|
- name: version
|
|
in: path
|
|
type: string
|
|
required: true
|
|
description: The chart version
|
|
- name: label
|
|
in: body
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Label'
|
|
description: 'The label being marked to the chart version'
|
|
responses:
|
|
'200':
|
|
description: The label is successfully marked to the chart version.
|
|
'400':
|
|
$ref: '#/definitions/BadRequestFormatedError'
|
|
'401':
|
|
$ref: '#/definitions/UnauthorizedChartAPIError'
|
|
'403':
|
|
$ref: '#/definitions/ForbiddenChartAPIError'
|
|
'404':
|
|
$ref: '#/definitions/NotFoundChartAPIError'
|
|
'409':
|
|
$ref: '#/definitions/ConflictFormatedError'
|
|
'500':
|
|
$ref: '#/definitions/InternalChartAPIError'
|
|
/chartrepo/{repo}/charts/{name}/{version}/labels/{id}:
|
|
delete:
|
|
summary: Remove label from chart.
|
|
description: Remove label from the specified chart version.
|
|
tags:
|
|
- Products
|
|
- Chart Repository
|
|
- Label
|
|
parameters:
|
|
- name: repo
|
|
in: path
|
|
type: string
|
|
required: true
|
|
description: The project name
|
|
- name: name
|
|
in: path
|
|
type: string
|
|
required: true
|
|
description: The chart name
|
|
- name: version
|
|
in: path
|
|
type: string
|
|
required: true
|
|
description: The chart version
|
|
- name: id
|
|
in: path
|
|
type: integer
|
|
required: true
|
|
description: The label ID
|
|
responses:
|
|
'200':
|
|
description: The label is successfully unmarked from the chart version.
|
|
'400':
|
|
$ref: '#/definitions/BadRequestFormatedError'
|
|
'401':
|
|
$ref: '#/definitions/UnauthorizedChartAPIError'
|
|
'403':
|
|
$ref: '#/definitions/ForbiddenChartAPIError'
|
|
'404':
|
|
$ref: '#/definitions/NotFoundChartAPIError'
|
|
'500':
|
|
$ref: '#/definitions/InternalChartAPIError'
|
|
'/system/CVEAllowlist':
|
|
get:
|
|
summary: Get the system level allowlist of CVE.
|
|
description: Get the system level allowlist of CVE. This API can be called by all authenticated users.
|
|
tags:
|
|
- Products
|
|
- System
|
|
responses:
|
|
'200':
|
|
description: Successfully retrieved the CVE allowlist.
|
|
schema:
|
|
$ref: "#/definitions/CVEAllowlist"
|
|
'401':
|
|
description: User is not authenticated.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
put:
|
|
summary: Update the system level allowlist of CVE.
|
|
description: This API overwrites the system level allowlist of CVE with the list in request body. Only system Admin
|
|
has permission to call this API.
|
|
tags:
|
|
- Products
|
|
- System
|
|
parameters:
|
|
- in: body
|
|
name: allowlist
|
|
description: The allowlist with new content
|
|
schema:
|
|
$ref: "#/definitions/CVEAllowlist"
|
|
responses:
|
|
'200':
|
|
description: Successfully updated the CVE allowlist.
|
|
'401':
|
|
description: User is not authenticated.
|
|
'403':
|
|
description: User does not have permission to call this API.
|
|
'500':
|
|
description: Unexpected internal errors.
|
|
responses:
|
|
OK:
|
|
description: 'Success'
|
|
Created:
|
|
description: 'Created'
|
|
headers:
|
|
Location:
|
|
type: string
|
|
description: The URL of the created resource
|
|
BadRequest:
|
|
description: 'Bad Request'
|
|
Unauthorized:
|
|
description: 'Unauthorized'
|
|
Forbidden:
|
|
description: 'Forbidden'
|
|
NotFound:
|
|
description: 'Not Found'
|
|
Conflict:
|
|
description: 'Conflict'
|
|
PreconditionFailed:
|
|
description: 'Precondition Failed'
|
|
UnsupportedMediaType:
|
|
description: 'The Media Type of the request is not supported, it has to be "application/json"'
|
|
InternalServerError:
|
|
description: 'Internal Server Error'
|
|
definitions:
|
|
ProjectMetadata:
|
|
type: object
|
|
properties:
|
|
public:
|
|
type: string
|
|
description: 'The public status of the project. The valid values are "true", "false".'
|
|
enable_content_trust:
|
|
type: string
|
|
description: 'Whether content trust is enabled or not. If it is enabled, user can''t pull unsigned images from this project. The valid values are "true", "false".'
|
|
prevent_vul:
|
|
type: string
|
|
description: 'Whether prevent the vulnerable images from running. The valid values are "true", "false".'
|
|
severity:
|
|
type: string
|
|
description: 'If the vulnerability is high than severity defined here, the images can''t be pulled. The valid values are "none", "low", "medium", "high", "critical".'
|
|
auto_scan:
|
|
type: string
|
|
description: 'Whether scan images automatically when pushing. The valid values are "true", "false".'
|
|
reuse_sys_cve_allowlist:
|
|
type: string
|
|
description: 'Whether this project reuse the system level CVE allowlist as the allowlist of its own. The valid values are "true", "false".
|
|
If it is set to "true" the actual allowlist associate with this project, if any, will be ignored.'
|
|
User:
|
|
type: object
|
|
properties:
|
|
user_id:
|
|
type: integer
|
|
format: int
|
|
description: The ID of the user.
|
|
username:
|
|
type: string
|
|
email:
|
|
type: string
|
|
password:
|
|
type: string
|
|
realname:
|
|
type: string
|
|
comment:
|
|
type: string
|
|
deleted:
|
|
type: boolean
|
|
role_name:
|
|
type: string
|
|
role_id:
|
|
type: integer
|
|
format: int
|
|
sysadmin_flag:
|
|
type: boolean
|
|
admin_role_in_auth:
|
|
type: boolean
|
|
description: indicate the admin privilege is grant by authenticator (LDAP), is always false unless it is the current login user
|
|
reset_uuid:
|
|
type: string
|
|
Salt:
|
|
type: string
|
|
creation_time:
|
|
type: string
|
|
update_time:
|
|
type: string
|
|
UserSearch:
|
|
type: object
|
|
properties:
|
|
user_id:
|
|
type: integer
|
|
format: int
|
|
description: The ID of the user.
|
|
username:
|
|
type: string
|
|
Password:
|
|
type: object
|
|
properties:
|
|
old_password:
|
|
type: string
|
|
description: The user's existing password.
|
|
new_password:
|
|
type: string
|
|
description: New password for marking as to be updated.
|
|
Role:
|
|
type: object
|
|
properties:
|
|
role_id:
|
|
type: integer
|
|
format: int32
|
|
description: ID in table.
|
|
role_code:
|
|
type: string
|
|
description: Description of permissions for the role.
|
|
role_name:
|
|
type: string
|
|
description: Name the the role.
|
|
role_mask:
|
|
type: string
|
|
RoleParam:
|
|
type: object
|
|
properties:
|
|
roles:
|
|
type: array
|
|
items:
|
|
type: integer
|
|
format: int32
|
|
description: Role ID for updating project role member.
|
|
username:
|
|
type: string
|
|
description: Username relevant to a project role member.
|
|
StatisticMap:
|
|
type: object
|
|
properties:
|
|
private_project_count:
|
|
type: integer
|
|
format: int32
|
|
description: The count of the private projects which the user is a member of.
|
|
private_repo_count:
|
|
type: integer
|
|
format: int32
|
|
description: The count of the private repositories belonging to the projects which the user is a member of.
|
|
public_project_count:
|
|
type: integer
|
|
format: int32
|
|
description: The count of the public projects.
|
|
public_repo_count:
|
|
type: integer
|
|
format: int32
|
|
description: The count of the public repositories belonging to the public projects which the user is a member of.
|
|
total_project_count:
|
|
type: integer
|
|
format: int32
|
|
description: 'The count of the total projects, only be seen when the is admin.'
|
|
total_repo_count:
|
|
type: integer
|
|
format: int32
|
|
description: 'The count of the total repositories, only be seen when the user is admin.'
|
|
RegistryCredential:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
description: Credential type, such as 'basic', 'oauth'.
|
|
access_key:
|
|
type: string
|
|
description: Access key, e.g. user name when credential type is 'basic'.
|
|
access_secret:
|
|
type: string
|
|
description: Access secret, e.g. password when credential type is 'basic'.
|
|
Registry:
|
|
type: object
|
|
properties:
|
|
id:
|
|
type: integer
|
|
format: int64
|
|
description: The registry ID.
|
|
url:
|
|
type: string
|
|
description: The registry URL string.
|
|
name:
|
|
type: string
|
|
description: The registry name.
|
|
credential:
|
|
$ref: '#/definitions/RegistryCredential'
|
|
type:
|
|
type: string
|
|
description: Type of the registry, e.g. 'harbor'.
|
|
insecure:
|
|
type: boolean
|
|
description: Whether or not the certificate will be verified when Harbor tries to access the server.
|
|
description:
|
|
type: string
|
|
description: Description of the registry.
|
|
status:
|
|
type: string
|
|
description: Health status of the registry.
|
|
creation_time:
|
|
type: string
|
|
description: The create time of the policy.
|
|
update_time:
|
|
type: string
|
|
description: The update time of the policy.
|
|
PingRegistry:
|
|
type: object
|
|
properties:
|
|
id:
|
|
type: integer
|
|
description: The ID of the registry
|
|
type:
|
|
type: string
|
|
description: Type of the registry, e.g. 'harbor'.
|
|
url:
|
|
type: string
|
|
description: The registry address URL string.
|
|
credential_type:
|
|
type: string
|
|
description: Credential type of the registry, e.g. 'basic'.
|
|
access_key:
|
|
type: string
|
|
description: The registry access key.
|
|
access_secret:
|
|
type: string
|
|
description: The registry access secret.
|
|
insecure:
|
|
type: boolean
|
|
description: Whether or not the certificate will be verified when Harbor tries to access the server.
|
|
PutRegistry:
|
|
type: object
|
|
properties:
|
|
name:
|
|
type: string
|
|
description: The registry name.
|
|
description:
|
|
type: string
|
|
description: Description of the registry.
|
|
url:
|
|
type: string
|
|
description: The registry address URL string.
|
|
credential_type:
|
|
type: string
|
|
description: Credential type of the registry, e.g. 'basic'.
|
|
access_key:
|
|
type: string
|
|
description: The registry access key.
|
|
access_secret:
|
|
type: string
|
|
description: The registry access secret.
|
|
insecure:
|
|
type: boolean
|
|
description: Whether or not the certificate will be verified when Harbor tries to access the server.
|
|
SysAdminFlag:
|
|
type: object
|
|
properties:
|
|
sysadmin_flag:
|
|
type: boolean
|
|
description: 'true-admin, false-not admin.'
|
|
UserProfile:
|
|
type: object
|
|
properties:
|
|
email:
|
|
type: string
|
|
description: The new email.
|
|
realname:
|
|
type: string
|
|
description: The new realname.
|
|
comment:
|
|
type: string
|
|
description: The new comment.
|
|
LdapConf:
|
|
type: object
|
|
properties:
|
|
ldap_url:
|
|
type: string
|
|
description: The url of ldap service.
|
|
ldap_search_dn:
|
|
type: string
|
|
description: The search dn of ldap service.
|
|
ldap_search_password:
|
|
type: string
|
|
description: The search password of ldap service.
|
|
ldap_base_dn:
|
|
type: string
|
|
description: The base dn of ldap service.
|
|
ldap_filter:
|
|
type: string
|
|
description: The serach filter of ldap service.
|
|
ldap_uid:
|
|
type: string
|
|
description: The serach uid from ldap service attributes.
|
|
ldap_scope:
|
|
type: integer
|
|
format: int64
|
|
description: The serach scope of ldap service.
|
|
ldap_connection_timeout:
|
|
type: integer
|
|
format: int64
|
|
description: The connect timeout of ldap service(second).
|
|
LdapUsers:
|
|
type: object
|
|
properties:
|
|
ldap_username:
|
|
type: string
|
|
description: search ldap user name based on ldapconf.
|
|
ldap_realname:
|
|
type: string
|
|
description: system will try to guess the user realname form "uid" or "cn" attribute.
|
|
ldap_email:
|
|
type: string
|
|
description: system will try to guess the user email address form "mail" or "email" attribute.
|
|
LdapImportUsers:
|
|
type: object
|
|
properties:
|
|
ldap_uid_list:
|
|
type: array
|
|
description: selected uid list
|
|
items:
|
|
type: string
|
|
LdapFailedImportUsers:
|
|
type: object
|
|
properties:
|
|
ldap_uid:
|
|
type: string
|
|
description: the uid can't add to system.
|
|
error:
|
|
type: string
|
|
description: fail reason.
|
|
EmailServerSetting:
|
|
type: object
|
|
properties:
|
|
email_host:
|
|
type: string
|
|
description: The host of email server.
|
|
email_port:
|
|
type: integer
|
|
description: The port of email server.
|
|
email_username:
|
|
type: string
|
|
description: The username of email server.
|
|
email_password:
|
|
type: string
|
|
description: The password of email server.
|
|
email_ssl:
|
|
type: boolean
|
|
description: Use ssl/tls or not.
|
|
email_identity:
|
|
type: string
|
|
description: The dentity of email server.
|
|
ComponentOverviewEntry:
|
|
type: object
|
|
properties:
|
|
severity:
|
|
type: integer
|
|
description: '1-None/Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High'
|
|
count:
|
|
type: integer
|
|
description: number of the components with certain severity.
|
|
Configurations:
|
|
type: object
|
|
properties:
|
|
auth_mode:
|
|
type: string
|
|
description: 'The auth mode of current system, such as "db_auth", "ldap_auth"'
|
|
count_per_project:
|
|
type: string
|
|
description: The default count quota for the new created projects.
|
|
email_from:
|
|
type: string
|
|
description: The sender name for Email notification.
|
|
email_host:
|
|
type: string
|
|
description: The hostname of SMTP server that sends Email notification.
|
|
email_port:
|
|
type: integer
|
|
description: The port of SMTP server.
|
|
email_identity:
|
|
type: string
|
|
description: By default it's empty so the email_username is picked.
|
|
email_username:
|
|
type: string
|
|
description: The username for authenticate against SMTP server.
|
|
email_ssl:
|
|
type: boolean
|
|
description: 'When it''s set to true the system will access Email server via TLS by default. If it''s set to false, it still will handle "STARTTLS" from server side.'
|
|
email_insecure:
|
|
type: boolean
|
|
description: Whether or not the certificate will be verified when Harbor tries to access the email server.
|
|
ldap_url:
|
|
type: string
|
|
description: The URL of LDAP server.
|
|
ldap_base_dn:
|
|
type: string
|
|
description: The Base DN for LDAP binding.
|
|
ldap_filter:
|
|
type: string
|
|
description: The filter for LDAP binding.
|
|
ldap_scope:
|
|
type: integer
|
|
description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'
|
|
ldap_uid:
|
|
type: string
|
|
description: 'The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"'
|
|
ldap_search_dn:
|
|
type: string
|
|
description: The DN of the user to do the search.
|
|
ldap_timeout:
|
|
type: integer
|
|
description: timeout in seconds for connection to LDAP server.
|
|
ldap_group_attribute_name:
|
|
type: string
|
|
description: 'The attribute which is used as identity of the LDAP group, default is cn.'
|
|
ldap_group_base_dn:
|
|
type: string
|
|
description: The base DN to search LDAP group.
|
|
ldap_group_search_filter:
|
|
type: string
|
|
description: The filter to search the ldap group.
|
|
ldap_group_search_scope:
|
|
type: integer
|
|
description: 'The scope to search ldap. ''0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'''
|
|
ldap_group_admin_dn:
|
|
type: string
|
|
description: Specify the ldap group which have the same privilege with Harbor admin.
|
|
oidc_client_id:
|
|
type: string
|
|
description: The client id of the OIDC.
|
|
oidc_client_secret:
|
|
type: string
|
|
description: The client secret of the OIDC.
|
|
oidc_endpoint:
|
|
type: string
|
|
description: The URL of an OIDC-complaint server, must start with 'https://'.
|
|
oidc_name:
|
|
type: string
|
|
description: The name of the OIDC provider.
|
|
oidc_scope:
|
|
type: string
|
|
description: The scope sent to OIDC server during authentication, should be separated by comma. It has to contain “openid”, and “offline_access”. If you are using google, please remove “offline_access” from this field.
|
|
oidc_verify_cert:
|
|
type: boolean
|
|
description: Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate.
|
|
project_creation_restriction:
|
|
type: string
|
|
description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly".
|
|
quota_per_project_enable:
|
|
type: boolean
|
|
description: This attribute indicates whether quota per project enabled in harbor
|
|
read_only:
|
|
type: boolean
|
|
description: '''docker push'' is prohibited by Harbor if you set it to true. '
|
|
self_registration:
|
|
type: boolean
|
|
description: 'Whether the Harbor instance supports self-registration. If it''s set to false, admin need to add user to the instance.'
|
|
storage_per_project:
|
|
type: string
|
|
description: The default storage quota for the new created projects.
|
|
token_expiration:
|
|
type: integer
|
|
description: 'The expiration time of the token for internal Registry, in minutes.'
|
|
verify_remote_cert:
|
|
type: boolean
|
|
description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication.
|
|
scan_all_policy:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
description: 'The type of scan all policy, currently the valid values are "none" and "daily"'
|
|
parameter:
|
|
type: object
|
|
properties:
|
|
daily_time:
|
|
type: integer
|
|
description: 'The offset in seconds of UTC 0 o''clock, only valid when the policy type is "daily"'
|
|
description: 'The parameters of the policy, the values are dependant on the type of the policy.'
|
|
ConfigurationsResponse:
|
|
type: object
|
|
properties:
|
|
auth_mode:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: 'The auth mode of current system, such as "db_auth", "ldap_auth"'
|
|
count_per_project:
|
|
$ref: '#/definitions/IntegerConfigItem'
|
|
description: The default count quota for the new created projects.
|
|
email_from:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The sender name for Email notification.
|
|
email_host:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The hostname of SMTP server that sends Email notification.
|
|
email_port:
|
|
$ref: '#/definitions/IntegerConfigItem'
|
|
description: The port of SMTP server.
|
|
email_identity:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: By default it's empty so the email_username is picked.
|
|
email_username:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The username for authenticate against SMTP server.
|
|
email_ssl:
|
|
$ref: '#/definitions/BoolConfigItem'
|
|
description: 'When it''s set to true the system will access Email server via TLS by default. If it''s set to false, it still will handle "STARTTLS" from server side.'
|
|
email_insecure:
|
|
$ref: '#/definitions/BoolConfigItem'
|
|
description: Whether or not the certificate will be verified when Harbor tries to access the email server.
|
|
ldap_url:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The URL of LDAP server.
|
|
ldap_base_dn:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The Base DN for LDAP binding.
|
|
ldap_filter:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The filter for LDAP binding.
|
|
ldap_scope:
|
|
type: integer
|
|
description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'
|
|
ldap_uid:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: 'The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"'
|
|
ldap_search_dn:
|
|
type: string
|
|
description: The DN of the user to do the search.
|
|
ldap_timeout:
|
|
$ref: '#/definitions/IntegerConfigItem'
|
|
description: timeout in seconds for connection to LDAP server.
|
|
ldap_group_attribute_name:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: 'The attribute which is used as identity of the LDAP group, default is cn.'
|
|
ldap_group_base_dn:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The base DN to search LDAP group.
|
|
ldap_group_search_filter:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The filter to search the ldap group.
|
|
ldap_group_search_scope:
|
|
$ref: '#/definitions/IntegerConfigItem'
|
|
description: 'The scope to search ldap. ''0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'''
|
|
ldap_group_admin_dn:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: Specify the ldap group which have the same privilege with Harbor admin.
|
|
oidc_client_id:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The client id of the OIDC.
|
|
oidc_endpoint:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The URL of an OIDC-complaint server, must start with 'https://'.
|
|
oidc_name:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The name of the OIDC provider.
|
|
oidc_scope:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: The scope sent to OIDC server during authentication, should be separated by comma. It has to contain “openid”, and “offline_access”. If you are using google, please remove “offline_access” from this field.
|
|
oidc_verify_cert:
|
|
$ref: '#/definitions/BoolConfigItem'
|
|
description: Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate.
|
|
project_creation_restriction:
|
|
$ref: '#/definitions/StringConfigItem'
|
|
description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly".
|
|
quota_per_project_enable:
|
|
$ref: '#/definitions/BoolConfigItem'
|
|
description: This attribute indicates whether quota per project enabled in harbor
|
|
read_only:
|
|
$ref: '#/definitions/BoolConfigItem'
|
|
description: '''docker push'' is prohibited by Harbor if you set it to true. '
|
|
self_registration:
|
|
$ref: '#/definitions/BoolConfigItem'
|
|
description: 'Whether the Harbor instance supports self-registration. If it''s set to false, admin need to add user to the instance.'
|
|
storage_per_project:
|
|
$ref: '#/definitions/IntegerConfigItem'
|
|
description: The default storage quota for the new created projects.
|
|
token_expiration:
|
|
$ref: '#/definitions/IntegerConfigItem'
|
|
description: 'The expiration time of the token for internal Registry, in minutes.'
|
|
verify_remote_cert:
|
|
$ref: '#/definitions/BoolConfigItem'
|
|
description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication.
|
|
scan_all_policy:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
description: 'The type of scan all policy, currently the valid values are "none" and "daily"'
|
|
parameter:
|
|
type: object
|
|
properties:
|
|
daily_time:
|
|
type: integer
|
|
description: 'The offset in seconds of UTC 0 o''clock, only valid when the policy type is "daily"'
|
|
description: 'The parameters of the policy, the values are dependant on the type of the policy.'
|
|
Label:
|
|
type: object
|
|
properties:
|
|
id:
|
|
type: integer
|
|
description: The ID of label.
|
|
name:
|
|
type: string
|
|
description: The name of label.
|
|
description:
|
|
type: string
|
|
description: The description of label.
|
|
color:
|
|
type: string
|
|
description: The color of label.
|
|
scope:
|
|
type: string
|
|
description: 'The scope of label, g for global labels and p for project labels.'
|
|
project_id:
|
|
type: integer
|
|
description: The project ID if the label is a project label.
|
|
creation_time:
|
|
type: string
|
|
description: The creation time of label.
|
|
update_time:
|
|
type: string
|
|
description: The update time of label.
|
|
deleted:
|
|
type: boolean
|
|
description: The label is deleted or not.
|
|
ProjectMemberEntity:
|
|
type: object
|
|
properties:
|
|
id:
|
|
type: integer
|
|
description: the project member id
|
|
project_id:
|
|
type: integer
|
|
description: the project id
|
|
entity_name:
|
|
type: string
|
|
description: the name of the group member.
|
|
role_name:
|
|
type: string
|
|
description: the name of the role
|
|
role_id:
|
|
type: integer
|
|
description: the role id
|
|
entity_id:
|
|
type: integer
|
|
description: 'the id of entity, if the member is a user, it is user_id in user table. if the member is a user group, it is the user group''s ID in user_group table.'
|
|
entity_type:
|
|
type: string
|
|
description: 'the entity''s type, u for user entity, g for group entity.'
|
|
ProjectMember:
|
|
type: object
|
|
properties:
|
|
role_id:
|
|
type: integer
|
|
description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for maintainer'
|
|
member_user:
|
|
$ref: '#/definitions/UserEntity'
|
|
member_group:
|
|
$ref: '#/definitions/UserGroup'
|
|
RoleRequest:
|
|
type: object
|
|
properties:
|
|
role_id:
|
|
type: integer
|
|
description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for maintainer'
|
|
UserEntity:
|
|
type: object
|
|
properties:
|
|
user_id:
|
|
type: integer
|
|
description: The ID of the user.
|
|
username:
|
|
type: string
|
|
description: The name of the user.
|
|
UserGroup:
|
|
type: object
|
|
properties:
|
|
id:
|
|
type: integer
|
|
description: The ID of the user group
|
|
group_name:
|
|
type: string
|
|
description: The name of the user group
|
|
group_type:
|
|
type: integer
|
|
description: 'The group type, 1 for LDAP group, 2 for HTTP group.'
|
|
ldap_group_dn:
|
|
type: string
|
|
description: The DN of the LDAP group if group type is 1 (LDAP group).
|
|
StringConfigItem:
|
|
type: object
|
|
properties:
|
|
value:
|
|
type: string
|
|
description: The string value of current config item
|
|
editable:
|
|
type: boolean
|
|
description: The configure item can be updated or not
|
|
BoolConfigItem:
|
|
type: object
|
|
properties:
|
|
value:
|
|
type: boolean
|
|
description: The boolean value of current config item
|
|
editable:
|
|
type: boolean
|
|
description: The configure item can be updated or not
|
|
IntegerConfigItem:
|
|
type: object
|
|
properties:
|
|
value:
|
|
type: integer
|
|
description: The integer value of current config item
|
|
editable:
|
|
type: boolean
|
|
description: The configure item can be updated or not
|
|
ChartAPIError:
|
|
description: The error object returned by chart repository API
|
|
type: object
|
|
required:
|
|
- error
|
|
properties:
|
|
error:
|
|
type: string
|
|
description: The error message returned by the chart API
|
|
UnauthorizedChartAPIError:
|
|
description: Unauthorized
|
|
type: object
|
|
allOf:
|
|
- $ref: '#/definitions/ChartAPIError'
|
|
ForbiddenChartAPIError:
|
|
description: Operation is forbidden or quota exceeded
|
|
type: object
|
|
allOf:
|
|
- $ref: '#/definitions/ChartAPIError'
|
|
InternalChartAPIError:
|
|
description: Internal server error occurred
|
|
type: object
|
|
allOf:
|
|
- $ref: '#/definitions/ChartAPIError'
|
|
NotFoundChartAPIError:
|
|
description: Not found
|
|
type: object
|
|
allOf:
|
|
- $ref: '#/definitions/ChartAPIError'
|
|
InsufficientStorageChartAPIError:
|
|
description: Insufficient storage
|
|
type: object
|
|
allOf:
|
|
- $ref: '#/definitions/ChartAPIError'
|
|
BadRequestFormatedError:
|
|
description: Bad request
|
|
type: object
|
|
allOf:
|
|
- $ref: '#/definitions/ChartAPIError'
|
|
ConflictFormatedError:
|
|
description: Conflicts
|
|
type: object
|
|
allOf:
|
|
- $ref: '#/definitions/ChartAPIError'
|
|
ChartMetadata:
|
|
type: object
|
|
description: The metadata of chart version
|
|
required:
|
|
- name
|
|
- version
|
|
- engine
|
|
- icon
|
|
- apiVersion
|
|
- appVersion
|
|
properties:
|
|
name:
|
|
type: string
|
|
description: The name of the chart
|
|
home:
|
|
type: string
|
|
description: The URL to the relevant project page
|
|
sources:
|
|
type: array
|
|
description: The URL to the source code of chart
|
|
items:
|
|
type: string
|
|
version:
|
|
type: string
|
|
description: A SemVer 2 version of chart
|
|
description:
|
|
type: string
|
|
description: A one-sentence description of chart
|
|
keywords:
|
|
type: array
|
|
description: A list of string keywords
|
|
items:
|
|
type: string
|
|
engine:
|
|
type: string
|
|
description: The name of template engine
|
|
icon:
|
|
type: string
|
|
description: The URL to an icon file
|
|
apiVersion:
|
|
type: string
|
|
description: The API version of this chart
|
|
appVersion:
|
|
type: string
|
|
description: The version of the application enclosed in the chart
|
|
deprecated:
|
|
type: boolean
|
|
description: Whether or not this chart is deprecated
|
|
ChartVersion:
|
|
type: object
|
|
description: A specified chart entry
|
|
allOf:
|
|
- $ref: '#/definitions/ChartMetadata'
|
|
- type: object
|
|
properties:
|
|
created:
|
|
type: string
|
|
description: The created time of the chart entry
|
|
removed:
|
|
type: boolean
|
|
description: A flag to indicate if the chart entry is removed
|
|
digest:
|
|
type: string
|
|
description: The digest value of the chart entry
|
|
urls:
|
|
type: array
|
|
description: The urls of the chart entry
|
|
items:
|
|
type: string
|
|
properties:
|
|
labels:
|
|
$ref: '#/definitions/Labels'
|
|
Labels:
|
|
type: array
|
|
description: A list of label
|
|
items:
|
|
$ref: '#/definitions/Label'
|
|
OverallHealthStatus:
|
|
type: object
|
|
description: The system health status
|
|
properties:
|
|
status:
|
|
type: string
|
|
description: The overall health status. It is "healthy" only when all the components' status are "healthy"
|
|
components:
|
|
type: array
|
|
items:
|
|
$ref: '#/definitions/ComponentHealthStatus'
|
|
ComponentHealthStatus:
|
|
type: object
|
|
description: The health status of component
|
|
properties:
|
|
name:
|
|
type: string
|
|
description: The component name
|
|
status:
|
|
type: string
|
|
description: The health status of component
|
|
error:
|
|
type: string
|
|
description: (optional) The error message when the status is "unhealthy"
|
|
Permission:
|
|
type: object
|
|
description: The permission
|
|
properties:
|
|
resource:
|
|
type: string
|
|
description: The permission resoruce
|
|
action:
|
|
type: string
|
|
description: The permission action
|
|
RegistryInfo:
|
|
type: object
|
|
description: The registry info contains the base info and capability declarations of the registry
|
|
properties:
|
|
type:
|
|
type: string
|
|
description: The registry type
|
|
description:
|
|
type: string
|
|
description: The description
|
|
supported_resource_filters:
|
|
type: array
|
|
description: The filters that the registry supports
|
|
items:
|
|
$ref: '#/definitions/FilterStyle'
|
|
supported_triggers:
|
|
type: array
|
|
description: The triggers that the registry supports
|
|
items:
|
|
type: string
|
|
FilterStyle:
|
|
type: object
|
|
description: The style of the resource filter
|
|
properties:
|
|
type:
|
|
type: string
|
|
description: The filter type
|
|
style:
|
|
type: string
|
|
description: The filter style
|
|
values:
|
|
type: array
|
|
description: The filter values
|
|
items:
|
|
type: string
|
|
Namespace:
|
|
type: object
|
|
description: The namespace of registry
|
|
properties:
|
|
name:
|
|
type: string
|
|
description: The name of namespace
|
|
metadata:
|
|
type: object
|
|
description: The metadata of namespace
|
|
CVEAllowlist:
|
|
type: object
|
|
description: The CVE Allowlist for system or project
|
|
properties:
|
|
id:
|
|
type: integer
|
|
description: ID of the allowlist
|
|
project_id:
|
|
type: integer
|
|
description: ID of the project which the allowlist belongs to. For system level allowlist this attribute is zero.
|
|
expires_at:
|
|
type: integer
|
|
description: the time for expiration of the allowlist, in the form of seconds since epoch. This is an optional attribute, if it's not set the CVE allowlist does not expire.
|
|
items:
|
|
type: array
|
|
items:
|
|
$ref: "#/definitions/CVEAllowlistItem"
|
|
CVEAllowlistItem:
|
|
type: object
|
|
description: The item in CVE allowlist
|
|
properties:
|
|
cve_id:
|
|
type: string
|
|
description: The ID of the CVE, such as "CVE-2019-10164"
|
|
|
|
QuotaSwitcher:
|
|
type: object
|
|
properties:
|
|
enabled:
|
|
type: boolean
|
|
description: The quota is enable or disable
|
|
|
|
parameters:
|
|
query:
|
|
name: q
|
|
description: Query string to query resources. Supported query patterns are "exact match(k=v)", "fuzzy match(k=~v)", "range(k=[min~max])", "list with union releationship(k={v1 v2 v3})" and "list with intersetion relationship(k=(v1 v2 v3))". The value of range and list can be string(enclosed by " or '), integer or time(in format "2020-04-09 02:36:00"). All of these query patterns should be put in the query string "q=xxx" and splitted by ",". e.g. q=k1=v1,k2=~v2,k3=[min~max]
|
|
in: query
|
|
type: string
|
|
required: false
|