mirror of
https://github.com/goharbor/harbor
synced 2024-09-20 23:59:56 +00:00
Merge remote-tracking branch 'upstream/master' into 170830_email_insecure
This commit is contained in:
commit
bb77ceebae
|
@ -100,9 +100,10 @@ script:
|
||||||
- docker-compose -f make/docker-compose.test.yml down
|
- docker-compose -f make/docker-compose.test.yml down
|
||||||
- sudo rm -rf /data/config/*
|
- sudo rm -rf /data/config/*
|
||||||
- ls /data/cert
|
- ls /data/cert
|
||||||
- sudo make install GOBUILDIMAGE=golang:1.7.3 COMPILETAG=compile_golangimage CLARITYIMAGE=vmware/harbor-clarity-ui-builder:1.2.7 NOTARYFLAG=true
|
- sudo make install GOBUILDIMAGE=golang:1.7.3 COMPILETAG=compile_golangimage CLARITYIMAGE=vmware/harbor-clarity-ui-builder:1.2.7 NOTARYFLAG=true CLAIRFLAG=true
|
||||||
|
|
||||||
- docker ps
|
- docker ps
|
||||||
|
- ./tests/validatecontainers.sh
|
||||||
- ./tests/notarytest.sh
|
- ./tests/notarytest.sh
|
||||||
- ./tests/swaggerchecker.sh
|
- ./tests/swaggerchecker.sh
|
||||||
- ./tests/startuptest.sh
|
- ./tests/startuptest.sh
|
||||||
|
|
4
NOTICE
4
NOTICE
|
@ -1,8 +1,8 @@
|
||||||
NOTICE
|
NOTICE
|
||||||
|
|
||||||
Harbor 1.2.0
|
Harbor
|
||||||
|
|
||||||
Copyright (c) 2017 VMware, Inc. All Rights Reserved.
|
Copyright (c) 2016-2017 VMware, Inc. All Rights Reserved.
|
||||||
|
|
||||||
This product is licensed to you under the Apache License, Version 2.0 (the "License"). You may not use this product except in compliance with the License.
|
This product is licensed to you under the Apache License, Version 2.0 (the "License"). You may not use this product except in compliance with the License.
|
||||||
|
|
||||||
|
|
|
@ -973,6 +973,11 @@ paths:
|
||||||
one by one in background, so there's no way to track the overall status
|
one by one in background, so there's no way to track the overall status
|
||||||
of the "scan all" action. Only system adim has permission to call this
|
of the "scan all" action. Only system adim has permission to call this
|
||||||
API.
|
API.
|
||||||
|
parameters:
|
||||||
|
- name: project_id
|
||||||
|
in: query
|
||||||
|
type: integer
|
||||||
|
description: When this parm is set only the images under the project identified by the project_id will be scanned.
|
||||||
responses:
|
responses:
|
||||||
'202':
|
'202':
|
||||||
description: >-
|
description: >-
|
||||||
|
@ -1217,7 +1222,7 @@ paths:
|
||||||
description: User need to login first.
|
description: User need to login first.
|
||||||
'500':
|
'500':
|
||||||
description: Unexpected internal errors.
|
description: Unexpected internal errors.
|
||||||
'/jobs/replication/{id}':
|
/jobs/replication/{id}:
|
||||||
delete:
|
delete:
|
||||||
summary: Delete specific ID job.
|
summary: Delete specific ID job.
|
||||||
description: |
|
description: |
|
||||||
|
@ -1242,7 +1247,7 @@ paths:
|
||||||
description: Project ID does not exist.
|
description: Project ID does not exist.
|
||||||
'500':
|
'500':
|
||||||
description: Unexpected internal errors.
|
description: Unexpected internal errors.
|
||||||
'/jobs/replication/{id}/log':
|
/jobs/replication/{id}/log:
|
||||||
get:
|
get:
|
||||||
summary: Get job logs.
|
summary: Get job logs.
|
||||||
description: |
|
description: |
|
||||||
|
@ -1267,6 +1272,32 @@ paths:
|
||||||
description: The specific repository ID's log does not exist.
|
description: The specific repository ID's log does not exist.
|
||||||
'500':
|
'500':
|
||||||
description: Unexpected internal errors.
|
description: Unexpected internal errors.
|
||||||
|
/jobs/scan/{id}/log:
|
||||||
|
get:
|
||||||
|
summary: Get job logs.
|
||||||
|
description: |
|
||||||
|
This endpoint let user get scan job logs filtered by specific ID.
|
||||||
|
parameters:
|
||||||
|
- name: id
|
||||||
|
in: path
|
||||||
|
type: integer
|
||||||
|
format: int64
|
||||||
|
required: true
|
||||||
|
description: Relevant job ID
|
||||||
|
tags:
|
||||||
|
- Products
|
||||||
|
responses:
|
||||||
|
'200':
|
||||||
|
description: Get job log successfully.
|
||||||
|
'400':
|
||||||
|
description: Illegal format of provided ID value.
|
||||||
|
'401':
|
||||||
|
description: User need to log in first.
|
||||||
|
'404':
|
||||||
|
description: The specific repository ID's log does not exist.
|
||||||
|
'500':
|
||||||
|
description: Unexpected internal errors.
|
||||||
|
|
||||||
/policies/replication:
|
/policies/replication:
|
||||||
get:
|
get:
|
||||||
summary: List filters policies by name and project_id
|
summary: List filters policies by name and project_id
|
||||||
|
@ -1327,7 +1358,7 @@ paths:
|
||||||
project and target.
|
project and target.
|
||||||
'500':
|
'500':
|
||||||
description: Unexpected internal errors.
|
description: Unexpected internal errors.
|
||||||
'/policies/replication/{id}':
|
/policies/replication/{id}:
|
||||||
get:
|
get:
|
||||||
summary: Get replication policy.
|
summary: Get replication policy.
|
||||||
description: |
|
description: |
|
||||||
|
@ -1387,7 +1418,7 @@ paths:
|
||||||
project and target.
|
project and target.
|
||||||
'500':
|
'500':
|
||||||
description: Unexpected internal errors.
|
description: Unexpected internal errors.
|
||||||
'/policies/replication/{id}/enablement':
|
/policies/replication/{id}/enablement:
|
||||||
put:
|
put:
|
||||||
summary: Put modifies enablement of the policy.
|
summary: Put modifies enablement of the policy.
|
||||||
description: |
|
description: |
|
||||||
|
@ -1821,7 +1852,7 @@ paths:
|
||||||
'200':
|
'200':
|
||||||
description: Get system configurations successfully. The response body is a map.
|
description: Get system configurations successfully. The response body is a map.
|
||||||
schema:
|
schema:
|
||||||
type: object
|
$ref: '#/definitions/Configurations'
|
||||||
'401':
|
'401':
|
||||||
description: User need to log in first.
|
description: User need to log in first.
|
||||||
'403':
|
'403':
|
||||||
|
@ -1840,15 +1871,8 @@ paths:
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
schema:
|
schema:
|
||||||
type: object
|
$ref: '#/definitions/Configurations'
|
||||||
description: >-
|
description: The configuration map can contain a subset of the attributes of the schema, which are to be updated.
|
||||||
The configurations map need to be modified, the following are keys
|
|
||||||
"auth_mode", "email_from", "email_host", "email_identity",
|
|
||||||
"email_password", "email_port", "email_ssl", "email_username",
|
|
||||||
"ldap_base_dn", "ldap_filter", "ldap_scope", "ldap_search_dn",
|
|
||||||
"ldap_search_password", "ldap_timeout", "ldap_uid", "ldap_url",
|
|
||||||
"project_creation_restriction", "self_registration",
|
|
||||||
"verify_remote_cert".
|
|
||||||
responses:
|
responses:
|
||||||
'200':
|
'200':
|
||||||
description: Modify system configurations successfully.
|
description: Modify system configurations successfully.
|
||||||
|
@ -2679,3 +2703,76 @@ definitions:
|
||||||
description: >-
|
description: >-
|
||||||
The version which the vulnerability is fixed, this is an optional
|
The version which the vulnerability is fixed, this is an optional
|
||||||
property.
|
property.
|
||||||
|
Configurations:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
auth_mode:
|
||||||
|
type: string
|
||||||
|
description: The auth mode of current system, such as "db_auth", "ldap_auth"
|
||||||
|
email_from:
|
||||||
|
type: string
|
||||||
|
description: The sender name for Email notification.
|
||||||
|
email_host:
|
||||||
|
type: string
|
||||||
|
description: The hostname of SMTP server that sends Email notification.
|
||||||
|
email_port:
|
||||||
|
type: integer
|
||||||
|
description: The port of SMTP server.
|
||||||
|
email_identity:
|
||||||
|
type: string
|
||||||
|
description: By default it's empty so the email_username is picked.
|
||||||
|
email_username:
|
||||||
|
type: string
|
||||||
|
description: The username for authenticate against SMTP server.
|
||||||
|
email_ssl:
|
||||||
|
type: boolean
|
||||||
|
description: When it's set to true the system will access Email server via TLS by default. If it's set to false, it still will handle "STARTTLS" from server side.
|
||||||
|
ldap_url:
|
||||||
|
type: string
|
||||||
|
description: The URL of LDAP server.
|
||||||
|
ldap_base_dn:
|
||||||
|
type: string
|
||||||
|
description: The Base DN for LDAP binding.
|
||||||
|
ldap_filter:
|
||||||
|
type: string
|
||||||
|
description: The filter for LDAP binding.
|
||||||
|
ldap_scope:
|
||||||
|
type: integer
|
||||||
|
description: 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
|
||||||
|
ldap_uid:
|
||||||
|
type: string
|
||||||
|
description: The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"
|
||||||
|
ldap_search_dn:
|
||||||
|
type: string
|
||||||
|
description: The DN of the user to do the search.
|
||||||
|
ldap_timeout:
|
||||||
|
type: integer
|
||||||
|
description: timeout in seconds for connection to LDAP server.
|
||||||
|
project_creation_restriction:
|
||||||
|
type: string
|
||||||
|
description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly".
|
||||||
|
self_registration:
|
||||||
|
type: boolean
|
||||||
|
description: Whether the Harbor instance supports self-registration. If it's set to false, admin need to add user to the instance.
|
||||||
|
token_expiration:
|
||||||
|
type: integer
|
||||||
|
description: The expiration time of the token for internal Registry, in minutes.
|
||||||
|
verify_remote_cert:
|
||||||
|
type: boolean
|
||||||
|
description: Whether or not the certificate will be verified when Harbor tries to access a remote Harbor instance for replication.
|
||||||
|
scan_all_policy:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
type:
|
||||||
|
type: string
|
||||||
|
description: The type of scan all policy, currently the valid values are "none" and "daily"
|
||||||
|
parameter:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
daily_time:
|
||||||
|
type: integer
|
||||||
|
description: The offest in seconds of UTC 0 o'clock, only valid when the policy type is "daily"
|
||||||
|
description: The parameters of the policy, the values are dependant on the type of the policy.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -59,13 +59,8 @@ http {
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
proxy_set_header X-Forwarded-Proto $$scheme;
|
||||||
|
proxy_buffering off;
|
||||||
proxy_buffer_size 4k;
|
proxy_request_buffering off;
|
||||||
proxy_buffers 4 32k;
|
|
||||||
proxy_busy_buffers_size 64k;
|
|
||||||
proxy_temp_file_write_size 64k;
|
|
||||||
client_body_temp_path /tmp/nginx_client_body_temp;
|
|
||||||
proxy_temp_path /tmp/nginx_proxy_temp;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location /service/ {
|
location /service/ {
|
||||||
|
|
|
@ -78,13 +78,8 @@ http {
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
proxy_set_header X-Forwarded-Proto $$scheme;
|
||||||
|
proxy_buffering off;
|
||||||
proxy_buffer_size 4k;
|
proxy_request_buffering off;
|
||||||
proxy_buffers 4 32k;
|
|
||||||
proxy_busy_buffers_size 64k;
|
|
||||||
proxy_temp_file_write_size 64k;
|
|
||||||
client_body_temp_path /tmp/nginx_client_body_temp;
|
|
||||||
proxy_temp_path /tmp/nginx_proxy_temp;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location /service/ {
|
location /service/ {
|
||||||
|
|
|
@ -6,6 +6,9 @@ MAINTAINER wangyan@vmware.com
|
||||||
COPY entrypoint.sh /
|
COPY entrypoint.sh /
|
||||||
RUN chmod u+x /entrypoint.sh
|
RUN chmod u+x /entrypoint.sh
|
||||||
|
|
||||||
|
RUN mkdir -p /etc/docker/registry
|
||||||
|
COPY config.yml /etc/docker/registry/config.yml
|
||||||
|
|
||||||
COPY binary/registry /usr/bin
|
COPY binary/registry /usr/bin
|
||||||
RUN chmod u+x /usr/bin/registry
|
RUN chmod u+x /usr/bin/registry
|
||||||
|
|
||||||
|
|
|
@ -53,10 +53,12 @@ docker rmi -f registry-golang
|
||||||
echo "Build registry binary success, then to build photon image..."
|
echo "Build registry binary success, then to build photon image..."
|
||||||
cd $cur
|
cd $cur
|
||||||
echo $PHOTONIMAGE
|
echo $PHOTONIMAGE
|
||||||
|
cp $TEMP/cmd/registry/config-example.yml config.yml
|
||||||
docker build -f Dockerfile -t $PHOTONIMAGE .
|
docker build -f Dockerfile -t $PHOTONIMAGE .
|
||||||
|
|
||||||
rm -rf $TEMP
|
rm -rf $TEMP
|
||||||
rm -rf binary
|
rm -rf binary
|
||||||
|
rm -rf config.yml
|
||||||
|
|
||||||
echo 'Push image to docker hub.'
|
echo 'Push image to docker hub.'
|
||||||
../../pushimage.sh $PHOTONIMAGE USERNAME PASSWORD
|
../../pushimage.sh $PHOTONIMAGE $USERNAME $PASSWORD
|
|
@ -197,11 +197,11 @@ export class RepositoryStackviewComponent implements OnChanges, OnInit {
|
||||||
signedDataSet(repoName: string): void {
|
signedDataSet(repoName: string): void {
|
||||||
let signature: string = '';
|
let signature: string = '';
|
||||||
if (this.signedCon[repoName].length === 0) {
|
if (this.signedCon[repoName].length === 0) {
|
||||||
this.confirmationDialogSet('DELETION_TITLE_REPO', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO', ConfirmationButtons.DELETE_CANCEL);
|
this.confirmationDialogSet('REPOSITORY.DELETION_TITLE_REPO', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO', ConfirmationButtons.DELETE_CANCEL);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
signature = this.signedCon[repoName].join(',');
|
signature = this.signedCon[repoName].join(',');
|
||||||
this.confirmationDialogSet('DELETION_TITLE_REPO_SIGNED', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO_SIGNED', ConfirmationButtons.CLOSE);
|
this.confirmationDialogSet('REPOSITORY.DELETION_TITLE_REPO_SIGNED', signature, repoName, 'REPOSITORY.DELETION_SUMMARY_REPO_SIGNED', ConfirmationButtons.CLOSE);
|
||||||
}
|
}
|
||||||
|
|
||||||
confirmationDialogSet(summaryTitle: string, signature: string, repoName: string, summaryKey: string, button: ConfirmationButtons): void {
|
confirmationDialogSet(summaryTitle: string, signature: string, repoName: string, summaryKey: string, button: ConfirmationButtons): void {
|
||||||
|
|
|
@ -175,6 +175,7 @@ export class ResultBarChartComponent implements OnInit, OnDestroy {
|
||||||
copyValue(newVal: VulnerabilitySummary): void {
|
copyValue(newVal: VulnerabilitySummary): void {
|
||||||
if (!newVal || !newVal.scan_status) { return; }
|
if (!newVal || !newVal.scan_status) { return; }
|
||||||
this.summary.scan_status = newVal.scan_status;
|
this.summary.scan_status = newVal.scan_status;
|
||||||
|
this.summary.job_id = newVal.job_id;
|
||||||
this.summary.severity = newVal.severity;
|
this.summary.severity = newVal.severity;
|
||||||
this.summary.components = newVal.components;
|
this.summary.components = newVal.components;
|
||||||
this.summary.update_time = newVal.update_time;
|
this.summary.update_time = newVal.update_time;
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
"clarity-icons": "^0.9.8",
|
"clarity-icons": "^0.9.8",
|
||||||
"clarity-ui": "^0.9.8",
|
"clarity-ui": "^0.9.8",
|
||||||
"core-js": "^2.4.1",
|
"core-js": "^2.4.1",
|
||||||
"harbor-ui": "0.4.52",
|
"harbor-ui": "0.4.60",
|
||||||
"intl": "^1.2.5",
|
"intl": "^1.2.5",
|
||||||
"mutationobserver-shim": "^0.3.2",
|
"mutationobserver-shim": "^0.3.2",
|
||||||
"ngx-cookie": "^1.0.0",
|
"ngx-cookie": "^1.0.0",
|
||||||
|
|
|
@ -323,7 +323,7 @@
|
||||||
"DELETION_TITLE_REPO": "Confirm Repository Deletion",
|
"DELETION_TITLE_REPO": "Confirm Repository Deletion",
|
||||||
"DELETION_TITLE_REPO_SIGNED": "Repository cannot be deleted",
|
"DELETION_TITLE_REPO_SIGNED": "Repository cannot be deleted",
|
||||||
"DELETION_SUMMARY_REPO_SIGNED": "Repository '{{repoName}}' cannot be deleted because the following signed images existing.\n{{signedImages}} \nYou should unsign all the signed images before deleting the repository!",
|
"DELETION_SUMMARY_REPO_SIGNED": "Repository '{{repoName}}' cannot be deleted because the following signed images existing.\n{{signedImages}} \nYou should unsign all the signed images before deleting the repository!",
|
||||||
"DELETION_SUMMARY_REPO": "Do you want to delete repository {{param}}?",
|
"DELETION_SUMMARY_REPO": "Do you want to delete repository {{repoName}}?",
|
||||||
"DELETION_TITLE_TAG": "Confirm Tag Deletion",
|
"DELETION_TITLE_TAG": "Confirm Tag Deletion",
|
||||||
"DELETION_SUMMARY_TAG": "Do you want to delete tag {{param}}?",
|
"DELETION_SUMMARY_TAG": "Do you want to delete tag {{param}}?",
|
||||||
"DELETION_TITLE_TAG_DENIED": "Signed tag cannot be deleted",
|
"DELETION_TITLE_TAG_DENIED": "Signed tag cannot be deleted",
|
||||||
|
|
|
@ -324,7 +324,7 @@
|
||||||
"DELETION_TITLE_REPO": "Confirmar Eliminación de Repositorio",
|
"DELETION_TITLE_REPO": "Confirmar Eliminación de Repositorio",
|
||||||
"DELETION_TITLE_REPO_SIGNED": "Repository cannot be deleted",
|
"DELETION_TITLE_REPO_SIGNED": "Repository cannot be deleted",
|
||||||
"DELETION_SUMMARY_REPO_SIGNED": "Repository '{{repoName}}' cannot be deleted because the following signed images existing.\n{{signedImages}} \nYou should unsign all the signed images before deleting the repository!",
|
"DELETION_SUMMARY_REPO_SIGNED": "Repository '{{repoName}}' cannot be deleted because the following signed images existing.\n{{signedImages}} \nYou should unsign all the signed images before deleting the repository!",
|
||||||
"DELETION_SUMMARY_REPO": "¿Quiere eliminar el repositorio {{param}}?",
|
"DELETION_SUMMARY_REPO": "¿Quiere eliminar el repositorio {{repoName}}?",
|
||||||
"DELETION_TITLE_TAG": "Confirmación de Eliminación de Etiqueta",
|
"DELETION_TITLE_TAG": "Confirmación de Eliminación de Etiqueta",
|
||||||
"DELETION_SUMMARY_TAG": "¿Quiere eliminar la etiqueta {{param}}?",
|
"DELETION_SUMMARY_TAG": "¿Quiere eliminar la etiqueta {{param}}?",
|
||||||
"DELETION_TITLE_TAG_DENIED": "La etiqueta firmada no puede ser eliminada",
|
"DELETION_TITLE_TAG_DENIED": "La etiqueta firmada no puede ser eliminada",
|
||||||
|
|
|
@ -323,7 +323,7 @@
|
||||||
"DELETION_TITLE_REPO": "删除镜像仓库确认",
|
"DELETION_TITLE_REPO": "删除镜像仓库确认",
|
||||||
"DELETION_TITLE_REPO_SIGNED": "仓库不能被删除",
|
"DELETION_TITLE_REPO_SIGNED": "仓库不能被删除",
|
||||||
"DELETION_SUMMARY_REPO_SIGNED": "镜像仓库 '{{repoName}}' 不能被删除,因为存在以下签名镜像.\n{{signedImages}} \n在删除镜像仓库前需先删除所有的签名镜像",
|
"DELETION_SUMMARY_REPO_SIGNED": "镜像仓库 '{{repoName}}' 不能被删除,因为存在以下签名镜像.\n{{signedImages}} \n在删除镜像仓库前需先删除所有的签名镜像",
|
||||||
"DELETION_SUMMARY_REPO": "确认删除镜像仓库 {{param}}?",
|
"DELETION_SUMMARY_REPO": "确认删除镜像仓库 {{repoName}}?",
|
||||||
"DELETION_TITLE_TAG": "删除镜像标签确认",
|
"DELETION_TITLE_TAG": "删除镜像标签确认",
|
||||||
"DELETION_SUMMARY_TAG": "确认删除镜像标签 {{param}}?",
|
"DELETION_SUMMARY_TAG": "确认删除镜像标签 {{param}}?",
|
||||||
"DELETION_TITLE_TAG_DENIED": "已签名的镜像不能被删除",
|
"DELETION_TITLE_TAG_DENIED": "已签名的镜像不能被删除",
|
||||||
|
|
|
@ -286,4 +286,7 @@ Test Case - Admin Push Signed Image
|
||||||
|
|
||||||
Test Case - Admin Push Un-Signed Image
|
Test Case - Admin Push Un-Signed Image
|
||||||
${rc} ${output}= Run And Return Rc And Output docker push ${ip}/library/hello-world:latest
|
${rc} ${output}= Run And Return Rc And Output docker push ${ip}/library/hello-world:latest
|
||||||
Log To Console ${output}
|
Log To Console ${output}
|
||||||
|
|
||||||
|
Test Case - Clean Harbor Images
|
||||||
|
Down Harbor with_notary=true
|
8
tests/validatecontainers.sh
Executable file
8
tests/validatecontainers.sh
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if docker ps --filter "status=restarting" | grep 'vmware'; then
|
||||||
|
echo "container is restaring, fail CI."
|
||||||
|
exit 1
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user