diff --git a/.travis.yml b/.travis.yml index 2183b06e5..be4508a97 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,7 +28,7 @@ env: - POSTGRESQL_PWD: root123 - POSTGRESQL_DATABASE: registry - ADMINSERVER_URL: http://127.0.0.1:8888 - - DOCKER_COMPOSE_VERSION: 1.22.0 + - DOCKER_COMPOSE_VERSION: 1.23.0 - HARBOR_ADMIN: admin - HARBOR_ADMIN_PASSWD: Harbor12345 - CORE_SECRET: tempString diff --git a/Makefile b/Makefile index 9178e4198..79e5584aa 100644 --- a/Makefile +++ b/Makefile @@ -100,7 +100,7 @@ PREPARE_VERSION_NAME=versions REGISTRYVERSION=v2.7.1-patch-2819 NGINXVERSION=$(VERSIONTAG) NOTARYVERSION=v0.6.1 -CLAIRVERSION=v2.0.8 +CLAIRVERSION=v2.0.9 CLAIRDBVERSION=$(VERSIONTAG) MIGRATORVERSION=$(VERSIONTAG) REDISVERSION=$(VERSIONTAG) diff --git a/README.md b/README.md index 7e0264fa4..2d9e562e1 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Harbor is hosted by the [Cloud Native Computing Foundation](https://cncf.io) (CN **System requirements:** -**On a Linux host:** docker 17.06.0-ce+ and docker-compose 1.18.0+ . +**On a Linux host:** docker 17.06.0-ce+ and docker-compose 1.23.0+ . Download binaries of **[Harbor release ](https://github.com/vmware/harbor/releases)** and follow **[Installation & Configuration Guide](docs/installation_guide.md)** to install Harbor. diff --git a/docs/compile_guide.md b/docs/compile_guide.md index 30743b1d1..0dfd33fa0 100644 --- a/docs/compile_guide.md +++ b/docs/compile_guide.md @@ -4,14 +4,13 @@ This guide provides instructions for developers to build and run Harbor from sou ## Step 1: Prepare for a build environment for Harbor -Harbor is deployed as several Docker containers and most of the code is written in Go language. The build environment requires Python, Docker, Docker Compose and golang development environment. Please install the below prerequisites: +Harbor is deployed as several Docker containers and most of the code is written in Go language. The build environment requires Docker, Docker Compose and golang development environment. Please install the below prerequisites: Software | Required Version ----------------------|-------------------------- docker | 17.05 + -docker-compose | 1.11.0 + -python | 2.7 + +docker-compose | 1.23.0 + git | 1.9.1 + make | 3.81 + golang* | 1.7.3 + diff --git a/docs/installation_guide.md b/docs/installation_guide.md index 687beb094..9d0084799 100644 --- a/docs/installation_guide.md +++ b/docs/installation_guide.md @@ -31,7 +31,7 @@ Harbor is deployed as several Docker containers, and, therefore, can be deployed |Software|Version|Description| |---|---|---| |Docker engine|version 17.06.0-ce+ or higher|For installation instructions, please refer to: [docker engine doc](https://docs.docker.com/engine/installation/)| -|Docker Compose|version 1.18.0 or higher|For installation instructions, please refer to: [docker compose doc](https://docs.docker.com/compose/install/)| +|Docker Compose|version 1.23.0 or higher|For installation instructions, please refer to: [docker compose doc](https://docs.docker.com/compose/install/)| |Openssl|latest is preferred|Generate certificate and keys for Harbor| ### Network ports diff --git a/docs/manage_role_by_ldap_group.md b/docs/manage_role_by_ldap_group.md index 2e4bbc658..51e62e6b0 100644 --- a/docs/manage_role_by_ldap_group.md +++ b/docs/manage_role_by_ldap_group.md @@ -4,7 +4,7 @@ This guide provides instructions to manage roles by LDAP/AD group. You can impor ## Prerequisite -1. Harbor's auth_mode is ldap_auth and **[basic LDAP configure paremters](https://github.com/vmware/harbor/blob/master/docs/installation_guide.md#optional-parameters)** are configured. +1. Harbor's auth_mode is ldap_auth and **[basic LDAP configure parameters](https://github.com/vmware/harbor/blob/master/docs/installation_guide.md#optional-parameters)** are configured. 1. Memberof overlay This feature requires the LDAP/AD server enabled the feature **memberof overlay**. diff --git a/docs/swagger.yaml b/docs/swagger.yaml index 01071390b..84b6665fc 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -122,8 +122,6 @@ paths: responses: '200': description: Project name exists. - '401': - description: User need to log in first. '404': description: Project name does not exist. '500': @@ -333,10 +331,10 @@ paths: description: Illegal format of provided ID value. '401': description: User need to log in first. - '404': - description: Project ID does not exist. '403': description: User does not have permission to get summary of the project. + '404': + description: Project ID does not exist. '500': description: Unexpected internal errors. '/projects/{project_id}/metadatas': @@ -1263,11 +1261,16 @@ paths: type: string required: true description: Relevant repository name. - - name: label_ids + - name: label_id in: query type: string required: false - description: A list of comma separated label IDs. + description: A label ID. + - name: detail + in: query + type: boolean + required: false + description: Bool value indicating whether return detailed information of the tag, such as vulnerability scan info, if set to false, only tag name is returned. tags: - Products responses: @@ -2380,10 +2383,10 @@ paths: $ref: '#/definitions/Namespace' '401': description: User need to login first. - '404': - description: No registry found. '403': description: User has no privilege for the operation. + '404': + description: No registry found. '500': description: Unexpected internal errors. /internal/syncregistry: @@ -2404,6 +2407,20 @@ paths: $ref: '#/responses/UnsupportedMediaType' '500': description: Unexpected internal errors. + /internal/syncquota: + post: + summary: Sync quota from registry/chart to DB. + description: | + This endpoint is for syncing quota usage of registry/chart with database. + tags: + - Products + responses: + '200': + description: Sync repositories successfully. + '401': + description: User need to log in first. + '403': + description: User does not have permission of system admin role. /systeminfo: get: summary: Get general system info @@ -3684,7 +3701,7 @@ paths: description: Unexpected internal errors. '/projects/{project_id}/webhook/policies': get: - sumary: List project webhook policies. + summary: List project webhook policies. description: | This endpoint returns webhook policies of a project. parameters: @@ -3712,7 +3729,7 @@ paths: '500': description: Unexpected internal errors. post: - sumary: Create project webhook policy. + summary: Create project webhook policy. description: | This endpoint create a webhook policy if the project does not have one. parameters: @@ -3757,7 +3774,7 @@ paths: in: path description: The id of webhook policy. required: true - type: int64 + type: integer format: int64 tags: - Products @@ -3791,7 +3808,7 @@ paths: in: path description: The id of webhook policy. required: true - type: int64 + type: integer format: int64 - name: policy in: body @@ -3829,7 +3846,7 @@ paths: in: path description: The id of webhook policy. required: true - type: int64 + type: integer format: int64 tags: - Products @@ -3908,7 +3925,7 @@ paths: description: Internal server errors. '/projects/{project_id}/webhook/jobs': get: - sumary: List project webhook jobs + summary: List project webhook jobs description: | This endpoint returns webhook jobs of a project. parameters: @@ -4023,6 +4040,9 @@ definitions: metadata: description: The metadata of the project. $ref: '#/definitions/ProjectMetadata' + cve_whitelist: + description: The CVE whitelist of the project. + $ref: '#/definitions/CVEWhitelist' count_limit: type: integer format: int64 @@ -4083,16 +4103,20 @@ definitions: description: 'The public status of the project. The valid values are "true", "false".' enable_content_trust: type: string - description: 'Whether content trust is enabled or not. If it is enabled, user cann''t pull unsigned images from this project. The valid values are "true", "false".' + description: 'Whether content trust is enabled or not. If it is enabled, user can''t pull unsigned images from this project. The valid values are "true", "false".' prevent_vul: type: string description: 'Whether prevent the vulnerable images from running. The valid values are "true", "false".' severity: type: string - description: 'If the vulnerability is high than severity defined here, the images cann''t be pulled. The valid values are "negligible", "low", "medium", "high", "critical".' + description: 'If the vulnerability is high than severity defined here, the images can''t be pulled. The valid values are "negligible", "low", "medium", "high", "critical".' auto_scan: type: string description: 'Whether scan images automatically when pushing. The valid values are "true", "false".' + reuse_sys_cve_whitelist: + type: string + description: 'Whether this project reuse the system level CVE whitelist as the whitelist of its own. The valid values are "true", "false". + If it is set to "true" the actual whitelist associate with this project, if any, will be ignored.' ProjectSummary: type: object properties: @@ -4841,6 +4865,9 @@ definitions: project_creation_restriction: type: string description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly". + quota_per_project_enable: + type: boolean + description: This attribute indicates whether quota per project enabled in harbor read_only: type: boolean description: '''docker push'' is prohibited by Harbor if you set it to true. ' @@ -4938,6 +4965,9 @@ definitions: project_creation_restriction: $ref: '#/definitions/StringConfigItem' description: This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly". + quota_per_project_enable: + $ref: '#/definitions/BoolConfigItem' + description: This attribute indicates whether quota per project enabled in harbor read_only: $ref: '#/definitions/BoolConfigItem' description: '''docker push'' is prohibited by Harbor if you set it to true. ' @@ -5349,7 +5379,9 @@ definitions: properties: type: type: string - description: The schedule type. The valid values are hourly, daily, weekly, custom and None. 'None' means to cancel the schedule. + description: | + The schedule type. The valid values are 'Hourly', 'Daily', 'Weekly', 'Custom', 'Manually' and 'None'. + 'Manually' means to trigger it right away and 'None' means to cancel the schedule. cron: type: string description: A cron expression, a time-based job scheduler. @@ -5724,7 +5756,7 @@ definitions: description: The webhook job ID. policy_id: type: integer - fromat: int64 + format: int64 description: The webhook policy ID. event_type: type: string diff --git a/make/harbor.yml b/make/harbor.yml index 347ef0c8c..f2bc1c8c4 100644 --- a/make/harbor.yml +++ b/make/harbor.yml @@ -30,6 +30,11 @@ harbor_admin_password: Harbor12345 database: # The password for the root user of Harbor DB. Change this before any production use. password: root123 + # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. + max_idle_conns: 50 + # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. + # Note: the default number of connections is 100 for postgres. + max_open_conns: 100 # The default data volume data_volume: /data @@ -50,18 +55,12 @@ data_volume: /data # disabled: false # Clair configuration -clair: +clair: # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. updaters_interval: 12 - # Config http proxy for Clair, e.g. http://my.proxy.com:3128 - # Clair doesn't need to connect to harbor internal components via http proxy. - http_proxy: - https_proxy: - no_proxy: 127.0.0.1,localhost,core,registry - jobservice: - # Maximum number of job workers in job service + # Maximum number of job workers in job service max_job_workers: 10 notification: @@ -80,8 +79,8 @@ log: local: # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. rotate_count: 50 - # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. - # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G + # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. + # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G # are all valid. rotate_size: 200M # The directory on your host that store log @@ -97,7 +96,7 @@ log: # port: 5140 #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! -_version: 1.8.0 +_version: 1.9.0 # Uncomment external_database if using external database. # external_database: @@ -143,3 +142,20 @@ _version: 1.8.0 # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. # uaa: # ca_file: /path/to/ca + +# Global proxy +# Config http proxy for components, e.g. http://my.proxy.com:3128 +# Components doesn't need to connect to each others via http proxy. +# Remove component from `components` array if want disable proxy +# for it. If you want use proxy for replication, MUST enable proxy +# for core and jobservice, and set `http_proxy` and `https_proxy`. +# Add domain to the `no_proxy` field, when you want disable proxy +# for some special registry. +proxy: + http_proxy: + https_proxy: + no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair + components: + - core + - jobservice + - clair diff --git a/make/install.sh b/make/install.sh index f8acf0f2d..9fa16038b 100755 --- a/make/install.sh +++ b/make/install.sh @@ -117,7 +117,7 @@ function check_docker { function check_dockercompose { if ! docker-compose --version &> /dev/null then - error "Need to install docker-compose(1.18.0+) by yourself first and run this script again." + error "Need to install docker-compose(1.23.0+) by yourself first and run this script again." exit 1 fi @@ -129,9 +129,9 @@ function check_dockercompose { docker_compose_version_part2=${BASH_REMATCH[3]} # the version of docker-compose does not meet the requirement - if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 18 ]) + if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 23 ]) then - error "Need to upgrade docker-compose package to 1.18.0+." + error "Need to upgrade docker-compose package to 1.23.0+." exit 1 else note "docker-compose version: $docker_compose_version" diff --git a/make/migrations/postgresql/0001_initial_schema.up.sql b/make/migrations/postgresql/0001_initial_schema.up.sql index bccd7f4cb..e3f2bb903 100644 --- a/make/migrations/postgresql/0001_initial_schema.up.sql +++ b/make/migrations/postgresql/0001_initial_schema.up.sql @@ -56,9 +56,9 @@ $$; CREATE TRIGGER harbor_user_update_time_at_modtime BEFORE UPDATE ON harbor_user FOR EACH ROW EXECUTE PROCEDURE update_update_time_at_column(); -insert into harbor_user (username, email, password, realname, comment, deleted, sysadmin_flag, creation_time, update_time) values -('admin', 'admin@example.com', '', 'system admin', 'admin user',false, true, NOW(), NOW()), -('anonymous', 'anonymous@example.com', '', 'anonymous user', 'anonymous user', true, false, NOW(), NOW()); +insert into harbor_user (username, password, realname, comment, deleted, sysadmin_flag, creation_time, update_time) values +('admin', '', 'system admin', 'admin user',false, true, NOW(), NOW()), +('anonymous', '', 'anonymous user', 'anonymous user', true, false, NOW(), NOW()); create table project ( project_id SERIAL PRIMARY KEY NOT NULL, diff --git a/make/migrations/postgresql/0010_1.9.0_schema.up.sql b/make/migrations/postgresql/0010_1.9.0_schema.up.sql index 7fd3a4241..80725fbe4 100644 --- a/make/migrations/postgresql/0010_1.9.0_schema.up.sql +++ b/make/migrations/postgresql/0010_1.9.0_schema.up.sql @@ -86,6 +86,7 @@ CREATE TABLE quota_usage UNIQUE (reference, reference_id) ); +/* only set quota and usage for 'library', and let the sync quota handling others. */ INSERT INTO quota (reference, reference_id, hard, creation_time, update_time) SELECT 'project', CAST(project_id AS VARCHAR), @@ -93,7 +94,7 @@ SELECT 'project', NOW(), NOW() FROM project -WHERE deleted = 'f'; +WHERE name = 'library' and deleted = 'f'; INSERT INTO quota_usage (id, reference, reference_id, used, creation_time, update_time) SELECT id, @@ -131,6 +132,8 @@ create table retention_task repository varchar(255), job_id varchar(64), status varchar(32), + status_code integer, + status_revision integer, start_time timestamp default CURRENT_TIMESTAMP, end_time timestamp default CURRENT_TIMESTAMP, total integer, diff --git a/make/photon/core/Dockerfile b/make/photon/core/Dockerfile index 7eaa4191c..d585a98ee 100644 --- a/make/photon/core/Dockerfile +++ b/make/photon/core/Dockerfile @@ -1,6 +1,6 @@ FROM photon:2.0 -RUN tdnf install sudo -y >> /dev/null\ +RUN tdnf install sudo tzdata -y >> /dev/null \ && tdnf clean all \ && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor \ && mkdir /harbor/ diff --git a/make/photon/jobservice/Dockerfile b/make/photon/jobservice/Dockerfile index eddb8e65b..1ee9277dd 100644 --- a/make/photon/jobservice/Dockerfile +++ b/make/photon/jobservice/Dockerfile @@ -1,6 +1,6 @@ FROM photon:2.0 -RUN tdnf install sudo -y >> /dev/null\ +RUN tdnf install sudo tzdata -y >> /dev/null \ && tdnf clean all \ && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor diff --git a/make/photon/portal/Dockerfile b/make/photon/portal/Dockerfile index f6adb9bf1..9f71410f7 100644 --- a/make/photon/portal/Dockerfile +++ b/make/photon/portal/Dockerfile @@ -1,7 +1,8 @@ FROM node:10.15.0 as nodeportal COPY src/portal /portal_src -COPY ./docs/swagger.yaml /portal_src +COPY ./docs/swagger.yaml /portal_src +COPY ./LICENSE /portal_src WORKDIR /build_dir @@ -21,6 +22,7 @@ FROM photon:2.0 COPY --from=nodeportal /build_dir/dist /usr/share/nginx/html COPY --from=nodeportal /build_dir/swagger.yaml /usr/share/nginx/html COPY --from=nodeportal /build_dir/swagger.json /usr/share/nginx/html +COPY --from=nodeportal /build_dir/LICENSE /usr/share/nginx/html COPY make/photon/portal/nginx.conf /etc/nginx/nginx.conf diff --git a/make/photon/prepare/g.py b/make/photon/prepare/g.py index f0eab0675..229f61a54 100644 --- a/make/photon/prepare/g.py +++ b/make/photon/prepare/g.py @@ -12,11 +12,12 @@ REDIS_UID = 999 REDIS_GID = 999 ## Global variable +host_root_dir = '/hostfs' + base_dir = '/harbor_make' templates_dir = "/usr/src/app/templates" config_dir = '/config' data_dir = '/data' - secret_dir = '/secret' secret_key_dir='/secret/keys' diff --git a/make/photon/prepare/templates/clair/clair_env.jinja b/make/photon/prepare/templates/clair/clair_env.jinja index 038f1a130..3825ca8fb 100644 --- a/make/photon/prepare/templates/clair/clair_env.jinja +++ b/make/photon/prepare/templates/clair/clair_env.jinja @@ -1,3 +1,3 @@ -http_proxy={{clair_http_proxy}} -https_proxy={{clair_https_proxy}} -no_proxy={{clair_no_proxy}} +HTTP_PROXY={{clair_http_proxy}} +HTTPS_PROXY={{clair_https_proxy}} +NO_PROXY={{clair_no_proxy}} diff --git a/make/photon/prepare/templates/core/env.jinja b/make/photon/prepare/templates/core/env.jinja index bc29a505d..d6413678e 100644 --- a/make/photon/prepare/templates/core/env.jinja +++ b/make/photon/prepare/templates/core/env.jinja @@ -15,6 +15,8 @@ POSTGRESQL_USERNAME={{harbor_db_username}} POSTGRESQL_PASSWORD={{harbor_db_password}} POSTGRESQL_DATABASE={{harbor_db_name}} POSTGRESQL_SSLMODE={{harbor_db_sslmode}} +POSTGRESQL_MAX_IDLE_CONNS={{harbor_db_max_idle_conns}} +POSTGRESQL_MAX_OPEN_CONNS={{harbor_db_max_open_conns}} REGISTRY_URL={{registry_url}} TOKEN_SERVICE_URL={{token_service_url}} HARBOR_ADMIN_PASSWORD={{harbor_admin_password}} @@ -41,3 +43,7 @@ RELOAD_KEY={{reload_key}} CHART_REPOSITORY_URL={{chart_repository_url}} REGISTRY_CONTROLLER_URL={{registry_controller_url}} WITH_CHARTMUSEUM={{with_chartmuseum}} + +HTTP_PROXY={{core_http_proxy}} +HTTPS_PROXY={{core_https_proxy}} +NO_PROXY={{core_no_proxy}} diff --git a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja index 9e70cc8de..cb6785766 100644 --- a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja +++ b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja @@ -276,12 +276,7 @@ services: volumes: - ./common/config/nginx:/etc/nginx:z {% if protocol == 'https' %} - - type: bind - source: {{cert_key_path}} - target: /etc/cert/server.key - - type: bind - source: {{cert_path}} - target: /etc/cert/server.crt + - {{data_volume}}/secret/cert:/etc/cert:z {% endif %} networks: - harbor diff --git a/make/photon/prepare/templates/jobservice/env.jinja b/make/photon/prepare/templates/jobservice/env.jinja index d9e32c521..c38534f02 100644 --- a/make/photon/prepare/templates/jobservice/env.jinja +++ b/make/photon/prepare/templates/jobservice/env.jinja @@ -2,3 +2,7 @@ CORE_SECRET={{core_secret}} JOBSERVICE_SECRET={{jobservice_secret}} CORE_URL={{core_url}} JOBSERVICE_WEBHOOK_JOB_MAX_RETRY={{notification_webhook_job_max_retry}} + +HTTP_PROXY={{jobservice_http_proxy}} +HTTPS_PROXY={{jobservice_https_proxy}} +NO_PROXY={{jobservice_no_proxy}} diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py index c57856845..df14a53de 100644 --- a/make/photon/prepare/utils/configs.py +++ b/make/photon/prepare/utils/configs.py @@ -112,6 +112,11 @@ def parse_yaml_config(config_file_path): config_dict['harbor_db_username'] = 'postgres' config_dict['harbor_db_password'] = db_configs.get("password") or '' config_dict['harbor_db_sslmode'] = 'disable' + + default_max_idle_conns = 2 # NOTE: https://golang.org/pkg/database/sql/#DB.SetMaxIdleConns + default_max_open_conns = 0 # NOTE: https://golang.org/pkg/database/sql/#DB.SetMaxOpenConns + config_dict['harbor_db_max_idle_conns'] = db_configs.get("max_idle_conns") or default_max_idle_conns + config_dict['harbor_db_max_open_conns'] = db_configs.get("max_open_conns") or default_max_open_conns # clari db config_dict['clair_db_host'] = 'postgresql' config_dict['clair_db_port'] = 5432 @@ -171,13 +176,18 @@ def parse_yaml_config(config_file_path): if storage_config.get('redirect'): config_dict['storage_redirect_disabled'] = storage_config['redirect']['disabled'] + # Global proxy configs + proxy_config = configs.get('proxy') or {} + proxy_components = proxy_config.get('components') or [] + for proxy_component in proxy_components: + config_dict[proxy_component + '_http_proxy'] = proxy_config.get('http_proxy') or '' + config_dict[proxy_component + '_https_proxy'] = proxy_config.get('https_proxy') or '' + config_dict[proxy_component + '_no_proxy'] = proxy_config.get('no_proxy') or '127.0.0.1,localhost,core,registry' + # Clair configs, optional clair_configs = configs.get("clair") or {} config_dict['clair_db'] = 'postgres' config_dict['clair_updaters_interval'] = clair_configs.get("updaters_interval") or 12 - config_dict['clair_http_proxy'] = clair_configs.get('http_proxy') or '' - config_dict['clair_https_proxy'] = clair_configs.get('https_proxy') or '' - config_dict['clair_no_proxy'] = clair_configs.get('no_proxy') or '127.0.0.1,localhost,core,registry' # Chart configs chart_configs = configs.get("chart") or {} @@ -286,4 +296,4 @@ def parse_yaml_config(config_file_path): # UAA configs config_dict['uaa'] = configs.get('uaa') or {} - return config_dict \ No newline at end of file + return config_dict diff --git a/make/photon/prepare/utils/docker_compose.py b/make/photon/prepare/utils/docker_compose.py index 6f46a951a..648d6b979 100644 --- a/make/photon/prepare/utils/docker_compose.py +++ b/make/photon/prepare/utils/docker_compose.py @@ -13,7 +13,7 @@ def prepare_docker_compose(configs, with_clair, with_notary, with_chartmuseum): VERSION_TAG = versions.get('VERSION_TAG') or 'dev' REGISTRY_VERSION = versions.get('REGISTRY_VERSION') or 'v2.7.1' NOTARY_VERSION = versions.get('NOTARY_VERSION') or 'v0.6.1' - CLAIR_VERSION = versions.get('CLAIR_VERSION') or 'v2.0.7' + CLAIR_VERSION = versions.get('CLAIR_VERSION') or 'v2.0.9' CHARTMUSEUM_VERSION = versions.get('CHARTMUSEUM_VERSION') or 'v0.9.0' rendering_variables = { diff --git a/make/photon/prepare/utils/nginx.py b/make/photon/prepare/utils/nginx.py index 74fc3deab..0d1117448 100644 --- a/make/photon/prepare/utils/nginx.py +++ b/make/photon/prepare/utils/nginx.py @@ -2,11 +2,13 @@ import os, shutil from fnmatch import fnmatch from pathlib import Path -from g import config_dir, templates_dir, DEFAULT_GID, DEFAULT_UID +from g import config_dir, templates_dir, host_root_dir, DEFAULT_GID, DEFAULT_UID, data_dir from utils.misc import prepare_dir, mark_file from utils.jinja import render_jinja from utils.cert import SSL_CERT_KEY_PATH, SSL_CERT_PATH +host_ngx_real_cert_dir = Path(os.path.join(data_dir, 'secret', 'cert')) + nginx_conf = os.path.join(config_dir, "nginx", "nginx.conf") nginx_confd_dir = os.path.join(config_dir, "nginx", "conf.d") nginx_https_conf_template = os.path.join(templates_dir, "nginx", "nginx.https.conf.jinja") @@ -20,8 +22,38 @@ def prepare_nginx(config_dict): prepare_dir(nginx_confd_dir, uid=DEFAULT_UID, gid=DEFAULT_GID) render_nginx_template(config_dict) + +def prepare_nginx_certs(cert_key_path, cert_path): + """ + Prepare the certs file with proper ownership + 1. Remove nginx cert files in secret dir + 2. Copy cert files on host filesystem to secret dir + 3. Change the permission to 644 and ownership to 10000:10000 + """ + host_ngx_cert_key_path = Path(os.path.join(host_root_dir, cert_key_path.lstrip('/'))) + host_ngx_cert_path = Path(os.path.join(host_root_dir, cert_path.lstrip('/'))) + + if host_ngx_real_cert_dir.exists() and host_ngx_real_cert_dir.is_dir(): + shutil.rmtree(host_ngx_real_cert_dir) + + os.makedirs(host_ngx_real_cert_dir, mode=0o755) + real_key_path = os.path.join(host_ngx_real_cert_dir, 'server.key') + real_crt_path = os.path.join(host_ngx_real_cert_dir, 'server.crt') + shutil.copy2(host_ngx_cert_key_path, real_key_path) + shutil.copy2(host_ngx_cert_path, real_crt_path) + + os.chown(host_ngx_real_cert_dir, uid=DEFAULT_UID, gid=DEFAULT_GID) + mark_file(real_key_path, uid=DEFAULT_UID, gid=DEFAULT_GID) + mark_file(real_crt_path, uid=DEFAULT_UID, gid=DEFAULT_GID) + + def render_nginx_template(config_dict): - if config_dict['protocol'] == "https": + """ + 1. render nginx config file through protocol + 2. copy additional configs to cert.d dir + """ + if config_dict['protocol'] == 'https': + prepare_nginx_certs(config_dict['cert_key_path'], config_dict['cert_path']) render_jinja( nginx_https_conf_template, nginx_conf, @@ -30,12 +62,7 @@ def render_nginx_template(config_dict): ssl_cert=SSL_CERT_PATH, ssl_cert_key=SSL_CERT_KEY_PATH) location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS - cert_dir = Path(os.path.join(config_dir, 'cert')) - ssl_key_path = Path(os.path.join(cert_dir, 'server.key')) - ssl_crt_path = Path(os.path.join(cert_dir, 'server.crt')) - cert_dir.mkdir(parents=True, exist_ok=True) - ssl_key_path.touch() - ssl_crt_path.touch() + else: render_jinja( nginx_http_conf_template, @@ -45,22 +72,23 @@ def render_nginx_template(config_dict): location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTP copy_nginx_location_configs_if_exist(nginx_template_ext_dir, nginx_confd_dir, location_file_pattern) -def add_additional_location_config(src, dst): - """ - These conf files is used for user that wanna add additional customized locations to harbor proxy - :params src: source of the file - :params dst: destination file path - """ - if not os.path.isfile(src): - return - print("Copying nginx configuration file {src} to {dst}".format( - src=src, dst=dst)) - shutil.copy2(src, dst) - mark_file(dst, mode=0o644) def copy_nginx_location_configs_if_exist(src_config_dir, dst_config_dir, filename_pattern): if not os.path.exists(src_config_dir): return + + def add_additional_location_config(src, dst): + """ + These conf files is used for user that wanna add additional customized locations to harbor proxy + :params src: source of the file + :params dst: destination file path + """ + if not os.path.isfile(src): + return + print("Copying nginx configuration file {src} to {dst}".format(src=src, dst=dst)) + shutil.copy2(src, dst) + mark_file(dst, mode=0o644) + map(lambda filename: add_additional_location_config( os.path.join(src_config_dir, filename), os.path.join(dst_config_dir, filename)), diff --git a/make/photon/prepare/utils/registry.py b/make/photon/prepare/utils/registry.py index bd42f183d..2a3512d9b 100644 --- a/make/photon/prepare/utils/registry.py +++ b/make/photon/prepare/utils/registry.py @@ -9,6 +9,13 @@ registry_config_dir = os.path.join(config_dir, "registry") registry_config_template_path = os.path.join(templates_dir, "registry", "config.yml.jinja") registry_conf = os.path.join(config_dir, "registry", "config.yml") +levels_map = { + 'debug': 'debug', + 'info': 'info', + 'warning': 'warn', + 'error': 'error', + 'fatal': 'fatal' +} def prepare_registry(config_dict): prepare_dir(registry_config_dir) @@ -22,6 +29,7 @@ def prepare_registry(config_dict): registry_conf, uid=DEFAULT_UID, gid=DEFAULT_GID, + level=levels_map[config_dict['log_level']], storage_provider_info=storage_provider_info, **config_dict) diff --git a/make/prepare b/make/prepare index 28d570c92..c628f46a3 100755 --- a/make/prepare +++ b/make/prepare @@ -1,8 +1,8 @@ #!/bin/bash set +e -# If compling source code this dir is harbor's make dir -# If install harbor via pacakge, this dir is harbor's root dir +# If compiling source code this dir is harbor's make dir. +# If installing harbor via pacakge, this dir is harbor's root dir. if [[ -n "$HARBOR_BUNDLE_DIR" ]]; then harbor_prepare_path=$HARBOR_BUNDLE_DIR else @@ -50,6 +50,7 @@ docker run --rm -v $input_dir:/input:z \ -v $harbor_prepare_path:/compose_location:z \ -v $config_dir:/config:z \ -v $secret_dir:/secret:z \ + -v /:/hostfs:z \ goharbor/prepare:dev $@ echo "Clean up the input dir" diff --git a/src/common/config/manager.go b/src/common/config/manager.go index 0df6eaa47..3886f160f 100644 --- a/src/common/config/manager.go +++ b/src/common/config/manager.go @@ -210,12 +210,14 @@ func (c *CfgManager) GetDatabaseCfg() *models.Database { return &models.Database{ Type: c.Get(common.DatabaseType).GetString(), PostGreSQL: &models.PostGreSQL{ - Host: c.Get(common.PostGreSQLHOST).GetString(), - Port: c.Get(common.PostGreSQLPort).GetInt(), - Username: c.Get(common.PostGreSQLUsername).GetString(), - Password: c.Get(common.PostGreSQLPassword).GetString(), - Database: c.Get(common.PostGreSQLDatabase).GetString(), - SSLMode: c.Get(common.PostGreSQLSSLMode).GetString(), + Host: c.Get(common.PostGreSQLHOST).GetString(), + Port: c.Get(common.PostGreSQLPort).GetInt(), + Username: c.Get(common.PostGreSQLUsername).GetString(), + Password: c.Get(common.PostGreSQLPassword).GetString(), + Database: c.Get(common.PostGreSQLDatabase).GetString(), + SSLMode: c.Get(common.PostGreSQLSSLMode).GetString(), + MaxIdleConns: c.Get(common.PostGreSQLMaxIdleConns).GetInt(), + MaxOpenConns: c.Get(common.PostGreSQLMaxOpenConns).GetInt(), }, } } diff --git a/src/common/config/metadata/metadatalist.go b/src/common/config/metadata/metadatalist.go index 3aa42f619..7106a38c6 100644 --- a/src/common/config/metadata/metadatalist.go +++ b/src/common/config/metadata/metadatalist.go @@ -116,6 +116,8 @@ var ( {Name: common.PostGreSQLPort, Scope: SystemScope, Group: DatabaseGroup, EnvKey: "POSTGRESQL_PORT", DefaultValue: "5432", ItemType: &PortType{}, Editable: false}, {Name: common.PostGreSQLSSLMode, Scope: SystemScope, Group: DatabaseGroup, EnvKey: "POSTGRESQL_SSLMODE", DefaultValue: "disable", ItemType: &StringType{}, Editable: false}, {Name: common.PostGreSQLUsername, Scope: SystemScope, Group: DatabaseGroup, EnvKey: "POSTGRESQL_USERNAME", DefaultValue: "postgres", ItemType: &StringType{}, Editable: false}, + {Name: common.PostGreSQLMaxIdleConns, Scope: SystemScope, Group: DatabaseGroup, EnvKey: "POSTGRESQL_MAX_IDLE_CONNS", DefaultValue: "2", ItemType: &IntType{}, Editable: false}, + {Name: common.PostGreSQLMaxOpenConns, Scope: SystemScope, Group: DatabaseGroup, EnvKey: "POSTGRESQL_MAX_OPEN_CONNS", DefaultValue: "0", ItemType: &IntType{}, Editable: false}, {Name: common.ProjectCreationRestriction, Scope: UserScope, Group: BasicGroup, EnvKey: "PROJECT_CREATION_RESTRICTION", DefaultValue: common.ProCrtRestrEveryone, ItemType: &ProjectCreationRestrictionType{}, Editable: false}, {Name: common.ReadOnly, Scope: UserScope, Group: BasicGroup, EnvKey: "READ_ONLY", DefaultValue: "false", ItemType: &BoolType{}, Editable: false}, @@ -151,6 +153,7 @@ var ( {Name: common.RobotTokenDuration, Scope: UserScope, Group: BasicGroup, EnvKey: "ROBOT_TOKEN_DURATION", DefaultValue: "43200", ItemType: &IntType{}, Editable: true}, {Name: common.NotificationEnable, Scope: UserScope, Group: BasicGroup, EnvKey: "NOTIFICATION_ENABLE", DefaultValue: "true", ItemType: &BoolType{}, Editable: true}, + {Name: common.QuotaPerProjectEnable, Scope: UserScope, Group: QuotaGroup, EnvKey: "QUOTA_PER_PROJECT_ENABLE", DefaultValue: "true", ItemType: &BoolType{}, Editable: true}, {Name: common.CountPerProject, Scope: UserScope, Group: QuotaGroup, EnvKey: "COUNT_PER_PROJECT", DefaultValue: "-1", ItemType: &QuotaType{}, Editable: true}, {Name: common.StoragePerProject, Scope: UserScope, Group: QuotaGroup, EnvKey: "STORAGE_PER_PROJECT", DefaultValue: "-1", ItemType: &QuotaType{}, Editable: true}, } diff --git a/src/common/const.go b/src/common/const.go index b7582439e..d6722ce07 100755 --- a/src/common/const.go +++ b/src/common/const.go @@ -53,6 +53,8 @@ const ( PostGreSQLPassword = "postgresql_password" PostGreSQLDatabase = "postgresql_database" PostGreSQLSSLMode = "postgresql_sslmode" + PostGreSQLMaxIdleConns = "postgresql_max_idle_conns" + PostGreSQLMaxOpenConns = "postgresql_max_open_conns" SelfRegistration = "self_registration" CoreURL = "core_url" CoreLocalURL = "core_local_url" @@ -147,7 +149,9 @@ const ( // Global notification enable configuration NotificationEnable = "notification_enable" + // Quota setting items for project - CountPerProject = "count_per_project" - StoragePerProject = "storage_per_project" + QuotaPerProjectEnable = "quota_per_project_enable" + CountPerProject = "count_per_project" + StoragePerProject = "storage_per_project" ) diff --git a/src/common/dao/artifact.go b/src/common/dao/artifact.go index bac77d74b..34663b5cd 100644 --- a/src/common/dao/artifact.go +++ b/src/common/dao/artifact.go @@ -58,6 +58,7 @@ func UpdateArtifactPullTime(af *models.Artifact) error { // DeleteArtifact ... func DeleteArtifact(id int64) error { + _, err := GetOrmer().QueryTable(&models.Artifact{}).Filter("ID", id).Delete() return err } diff --git a/src/common/dao/base.go b/src/common/dao/base.go index 253b02692..43ded29ef 100644 --- a/src/common/dao/base.go +++ b/src/common/dao/base.go @@ -121,12 +121,16 @@ func getDatabase(database *models.Database) (db Database, err error) { switch database.Type { case "", "postgresql": - db = NewPGSQL(database.PostGreSQL.Host, + db = NewPGSQL( + database.PostGreSQL.Host, strconv.Itoa(database.PostGreSQL.Port), database.PostGreSQL.Username, database.PostGreSQL.Password, database.PostGreSQL.Database, - database.PostGreSQL.SSLMode) + database.PostGreSQL.SSLMode, + database.PostGreSQL.MaxIdleConns, + database.PostGreSQL.MaxOpenConns, + ) default: err = fmt.Errorf("invalid database: %s", database.Type) } @@ -139,6 +143,8 @@ var once sync.Once // GetOrmer :set ormer singleton func GetOrmer() orm.Ormer { once.Do(func() { + // override the default value(1000) to return all records when setting no limit + orm.DefaultRowsLimit = -1 globalOrm = orm.NewOrm() }) return globalOrm diff --git a/src/common/dao/blob.go b/src/common/dao/blob.go index b8cbd4065..66e402567 100644 --- a/src/common/dao/blob.go +++ b/src/common/dao/blob.go @@ -78,10 +78,15 @@ func GetBlobsByArtifact(artifactDigest string) ([]*models.Blob, error) { // GetExclusiveBlobs returns layers of repository:tag which are not shared with other repositories in the project func GetExclusiveBlobs(projectID int64, repository, digest string) ([]*models.Blob, error) { + var exclusive []*models.Blob + blobs, err := GetBlobsByArtifact(digest) if err != nil { return nil, err } + if len(blobs) == 0 { + return exclusive, nil + } sql := fmt.Sprintf(` SELECT @@ -103,13 +108,11 @@ FROM ) ) AS a LEFT JOIN artifact_blob b ON a.digest = b.digest_af - AND b.digest_blob IN (%s)`, paramPlaceholder(len(blobs)-1)) + AND b.digest_blob IN (%s)`, ParamPlaceholderForIn(len(blobs))) params := []interface{}{projectID, repository, projectID, digest} for _, blob := range blobs { - if blob.Digest != digest { - params = append(params, blob.Digest) - } + params = append(params, blob.Digest) } var rows []struct { @@ -125,9 +128,8 @@ FROM shared[row.Digest] = true } - var exclusive []*models.Blob for _, blob := range blobs { - if blob.Digest != digest && !shared[blob.Digest] { + if !shared[blob.Digest] { exclusive = append(exclusive, blob) } } diff --git a/src/common/dao/blob_test.go b/src/common/dao/blob_test.go index 26dc5e492..9b7e8c077 100644 --- a/src/common/dao/blob_test.go +++ b/src/common/dao/blob_test.go @@ -133,30 +133,32 @@ func (suite *GetExclusiveBlobsSuite) mustPrepareImage(projectID int64, projectNa func (suite *GetExclusiveBlobsSuite) TestInSameRepository() { withProject(func(projectID int64, projectName string) { + digest1 := digest.FromString(utils.GenerateRandomString()).String() digest2 := digest.FromString(utils.GenerateRandomString()).String() digest3 := digest.FromString(utils.GenerateRandomString()).String() manifest1 := suite.mustPrepareImage(projectID, projectName, "mysql", "latest", digest1, digest2) if blobs, err := GetExclusiveBlobs(projectID, projectName+"/mysql", manifest1); suite.Nil(err) { - suite.Len(blobs, 2) + suite.Len(blobs, 3) } manifest2 := suite.mustPrepareImage(projectID, projectName, "mysql", "8.0", digest1, digest2) if blobs, err := GetExclusiveBlobs(projectID, projectName+"/mysql", manifest2); suite.Nil(err) { - suite.Len(blobs, 2) + suite.Len(blobs, 3) } manifest3 := suite.mustPrepareImage(projectID, projectName, "mysql", "dev", digest1, digest2, digest3) if blobs, err := GetExclusiveBlobs(projectID, projectName+"/mysql", manifest1); suite.Nil(err) { - suite.Len(blobs, 0) + suite.Len(blobs, 1) + suite.Equal(manifest1, blobs[0].Digest) } if blobs, err := GetExclusiveBlobs(projectID, projectName+"/mysql", manifest2); suite.Nil(err) { - suite.Len(blobs, 0) + suite.Len(blobs, 1) + suite.Equal(manifest2, blobs[0].Digest) } if blobs, err := GetExclusiveBlobs(projectID, projectName+"/mysql", manifest3); suite.Nil(err) { - suite.Len(blobs, 1) - suite.Equal(digest3, blobs[0].Digest) + suite.Len(blobs, 2) } }) } @@ -169,7 +171,7 @@ func (suite *GetExclusiveBlobsSuite) TestInDifferentRepositories() { manifest1 := suite.mustPrepareImage(projectID, projectName, "mysql", "latest", digest1, digest2) if blobs, err := GetExclusiveBlobs(projectID, projectName+"/mysql", manifest1); suite.Nil(err) { - suite.Len(blobs, 2) + suite.Len(blobs, 3) } manifest2 := suite.mustPrepareImage(projectID, projectName, "mariadb", "latest", digest1, digest2) @@ -188,8 +190,7 @@ func (suite *GetExclusiveBlobsSuite) TestInDifferentRepositories() { suite.Len(blobs, 0) } if blobs, err := GetExclusiveBlobs(projectID, projectName+"/mysql", manifest3); suite.Nil(err) { - suite.Len(blobs, 1) - suite.Equal(digest3, blobs[0].Digest) + suite.Len(blobs, 2) } }) } @@ -201,16 +202,16 @@ func (suite *GetExclusiveBlobsSuite) TestInDifferentProjects() { manifest1 := suite.mustPrepareImage(projectID, projectName, "mysql", "latest", digest1, digest2) if blobs, err := GetExclusiveBlobs(projectID, projectName+"/mysql", manifest1); suite.Nil(err) { - suite.Len(blobs, 2) + suite.Len(blobs, 3) } withProject(func(id int64, name string) { manifest2 := suite.mustPrepareImage(id, name, "mysql", "latest", digest1, digest2) if blobs, err := GetExclusiveBlobs(projectID, projectName+"/mysql", manifest1); suite.Nil(err) { - suite.Len(blobs, 2) + suite.Len(blobs, 3) } if blobs, err := GetExclusiveBlobs(id, name+"/mysql", manifest2); suite.Nil(err) { - suite.Len(blobs, 2) + suite.Len(blobs, 3) } }) diff --git a/src/common/dao/cve_whitelist.go b/src/common/dao/cve_whitelist.go index 25c1c9b98..645a1c076 100644 --- a/src/common/dao/cve_whitelist.go +++ b/src/common/dao/cve_whitelist.go @@ -21,6 +21,14 @@ import ( "github.com/goharbor/harbor/src/common/utils/log" ) +// CreateCVEWhitelist creates the CVE whitelist +func CreateCVEWhitelist(l models.CVEWhitelist) (int64, error) { + o := GetOrmer() + itemsBytes, _ := json.Marshal(l.Items) + l.ItemsText = string(itemsBytes) + return o.Insert(&l) +} + // UpdateCVEWhitelist Updates the vulnerability white list to DB func UpdateCVEWhitelist(l models.CVEWhitelist) (int64, error) { o := GetOrmer() @@ -30,23 +38,6 @@ func UpdateCVEWhitelist(l models.CVEWhitelist) (int64, error) { return id, err } -// GetSysCVEWhitelist Gets the system level vulnerability white list from DB -func GetSysCVEWhitelist() (*models.CVEWhitelist, error) { - return GetCVEWhitelist(0) -} - -// UpdateSysCVEWhitelist updates the system level CVE whitelist -/* -func UpdateSysCVEWhitelist(l models.CVEWhitelist) error { - if l.ProjectID != 0 { - return fmt.Errorf("system level CVE whitelist cannot set project ID") - } - l.ProjectID = -1 - _, err := UpdateCVEWhitelist(l) - return err -} -*/ - // GetCVEWhitelist Gets the CVE whitelist of the project based on the project ID in parameter func GetCVEWhitelist(pid int64) (*models.CVEWhitelist, error) { o := GetOrmer() @@ -58,8 +49,7 @@ func GetCVEWhitelist(pid int64) (*models.CVEWhitelist, error) { return nil, fmt.Errorf("failed to get CVE whitelist for project %d, error: %v", pid, err) } if len(r) == 0 { - log.Infof("No CVE whitelist found for project %d, returning empty list.", pid) - return &models.CVEWhitelist{ProjectID: pid, Items: []models.CVEWhitelistItem{}}, nil + return nil, nil } else if len(r) > 1 { log.Infof("Multiple CVE whitelists found for project %d, length: %d, returning first element.", pid, len(r)) } diff --git a/src/common/dao/cve_whitelist_test.go b/src/common/dao/cve_whitelist_test.go index 35af2f294..099409de5 100644 --- a/src/common/dao/cve_whitelist_test.go +++ b/src/common/dao/cve_whitelist_test.go @@ -23,12 +23,9 @@ import ( func TestUpdateAndGetCVEWhitelist(t *testing.T) { require.Nil(t, ClearTable("cve_whitelist")) - l, err := GetSysCVEWhitelist() - assert.Nil(t, err) - assert.Equal(t, models.CVEWhitelist{ProjectID: 0, Items: []models.CVEWhitelistItem{}}, *l) l2, err := GetCVEWhitelist(5) assert.Nil(t, err) - assert.Equal(t, models.CVEWhitelist{ProjectID: 5, Items: []models.CVEWhitelistItem{}}, *l2) + assert.Nil(t, l2) longList := []models.CVEWhitelistItem{} for i := 0; i < 50; i++ { @@ -46,15 +43,6 @@ func TestUpdateAndGetCVEWhitelist(t *testing.T) { assert.Equal(t, longList, out1.Items) assert.Equal(t, e, *out1.ExpiresAt) - in2 := models.CVEWhitelist{ProjectID: 3, Items: []models.CVEWhitelistItem{}} - _, err = UpdateCVEWhitelist(in2) - require.Nil(t, err) - // assert.Equal(t, int64(1), n2) - out2, err := GetCVEWhitelist(3) - require.Nil(t, err) - assert.Equal(t, int64(3), out2.ProjectID) - assert.Equal(t, []models.CVEWhitelistItem{}, out2.Items) - sysCVEs := []models.CVEWhitelistItem{ {CVEID: "CVE-2019-10164"}, {CVEID: "CVE-2017-12345"}, @@ -62,11 +50,6 @@ func TestUpdateAndGetCVEWhitelist(t *testing.T) { in3 := models.CVEWhitelist{Items: sysCVEs} _, err = UpdateCVEWhitelist(in3) require.Nil(t, err) - // assert.Equal(t, int64(1), n3) - sysList, err := GetSysCVEWhitelist() - require.Nil(t, err) - assert.Equal(t, int64(0), sysList.ProjectID) - assert.Equal(t, sysCVEs, sysList.Items) - // require.Nil(t, ClearTable("cve_whitelist")) + require.Nil(t, ClearTable("cve_whitelist")) } diff --git a/src/common/dao/pgsql.go b/src/common/dao/pgsql.go index e1b3da6cb..bf98c6b08 100644 --- a/src/common/dao/pgsql.go +++ b/src/common/dao/pgsql.go @@ -31,12 +31,14 @@ import ( const defaultMigrationPath = "migrations/postgresql/" type pgsql struct { - host string - port string - usr string - pwd string - database string - sslmode string + host string + port string + usr string + pwd string + database string + sslmode string + maxIdleConns int + maxOpenConns int } // Name returns the name of PostgreSQL @@ -51,17 +53,19 @@ func (p *pgsql) String() string { } // NewPGSQL returns an instance of postgres -func NewPGSQL(host string, port string, usr string, pwd string, database string, sslmode string) Database { +func NewPGSQL(host string, port string, usr string, pwd string, database string, sslmode string, maxIdleConns int, maxOpenConns int) Database { if len(sslmode) == 0 { sslmode = "disable" } return &pgsql{ - host: host, - port: port, - usr: usr, - pwd: pwd, - database: database, - sslmode: sslmode, + host: host, + port: port, + usr: usr, + pwd: pwd, + database: database, + sslmode: sslmode, + maxIdleConns: maxIdleConns, + maxOpenConns: maxOpenConns, } } @@ -82,7 +86,7 @@ func (p *pgsql) Register(alias ...string) error { info := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s", p.host, p.port, p.usr, p.pwd, p.database, p.sslmode) - return orm.RegisterDataBase(an, "postgres", info) + return orm.RegisterDataBase(an, "postgres", info, p.maxIdleConns, p.maxOpenConns) } // UpgradeSchema calls migrate tool to upgrade schema to the latest based on the SQL scripts. diff --git a/src/common/dao/pro_meta.go b/src/common/dao/pro_meta.go index d4a9c4e6f..a6593e2ef 100644 --- a/src/common/dao/pro_meta.go +++ b/src/common/dao/pro_meta.go @@ -44,7 +44,7 @@ func DeleteProjectMetadata(projectID int64, name ...string) error { params = append(params, projectID) if len(name) > 0 { - sql += fmt.Sprintf(` and name in ( %s )`, paramPlaceholder(len(name))) + sql += fmt.Sprintf(` and name in ( %s )`, ParamPlaceholderForIn(len(name))) params = append(params, name) } @@ -74,7 +74,7 @@ func GetProjectMetadata(projectID int64, name ...string) ([]*models.ProjectMetad params = append(params, projectID) if len(name) > 0 { - sql += fmt.Sprintf(` and name in ( %s )`, paramPlaceholder(len(name))) + sql += fmt.Sprintf(` and name in ( %s )`, ParamPlaceholderForIn(len(name))) params = append(params, name) } @@ -82,7 +82,9 @@ func GetProjectMetadata(projectID int64, name ...string) ([]*models.ProjectMetad return proMetas, err } -func paramPlaceholder(n int) string { +// ParamPlaceholderForIn returns a string that contains placeholders for sql keyword "in" +// e.g. n=3, returns "?,?,?" +func ParamPlaceholderForIn(n int) string { placeholders := []string{} for i := 0; i < n; i++ { placeholders = append(placeholders, "?") diff --git a/src/common/dao/project.go b/src/common/dao/project.go index b3066bcf1..e027ec221 100644 --- a/src/common/dao/project.go +++ b/src/common/dao/project.go @@ -167,9 +167,10 @@ func GetGroupProjects(groupIDs []int, query *models.ProjectQueryParam) ([]*model from project p left join project_member pm on p.project_id = pm.project_id left join user_group ug on ug.id = pm.entity_id and pm.entity_type = 'g' - where ug.id in ( %s ) order by name`, + where ug.id in ( %s )`, sql, groupIDCondition) } + sql = sql + ` order by name` sqlStr, queryParams := CreatePagination(query, sql, params) log.Debugf("query sql:%v", sql) var projects []*models.Project @@ -259,7 +260,7 @@ func projectQueryConditions(query *models.ProjectQueryParam) (string, []interfac } if len(query.ProjectIDs) > 0 { sql += fmt.Sprintf(` and p.project_id in ( %s )`, - paramPlaceholder(len(query.ProjectIDs))) + ParamPlaceholderForIn(len(query.ProjectIDs))) params = append(params, query.ProjectIDs) } return sql, params diff --git a/src/common/dao/project_blob.go b/src/common/dao/project_blob.go index 9111cdf9c..bb4b59a10 100644 --- a/src/common/dao/project_blob.go +++ b/src/common/dao/project_blob.go @@ -64,7 +64,7 @@ func RemoveBlobsFromProject(projectID int64, blobs ...*models.Blob) error { return nil } - sql := fmt.Sprintf(`DELETE FROM project_blob WHERE blob_id IN (%s)`, paramPlaceholder(len(blobIDs))) + sql := fmt.Sprintf(`DELETE FROM project_blob WHERE blob_id IN (%s)`, ParamPlaceholderForIn(len(blobIDs))) _, err := GetOrmer().Raw(sql, blobIDs).Exec() return err @@ -89,7 +89,7 @@ func GetBlobsNotInProject(projectID int64, blobDigests ...string) ([]*models.Blo } sql := fmt.Sprintf("SELECT * FROM blob WHERE id NOT IN (SELECT blob_id FROM project_blob WHERE project_id = ?) AND digest IN (%s)", - paramPlaceholder(len(blobDigests))) + ParamPlaceholderForIn(len(blobDigests))) params := []interface{}{projectID} for _, digest := range blobDigests { @@ -103,3 +103,34 @@ func GetBlobsNotInProject(projectID int64, blobDigests ...string) ([]*models.Blo return blobs, nil } + +// CountSizeOfProject ... +func CountSizeOfProject(pid int64) (int64, error) { + var blobs []models.Blob + + sql := ` +SELECT + DISTINCT bb.digest, + bb.id, + bb.content_type, + bb.size, + bb.creation_time +FROM artifact af +JOIN artifact_blob afnb + ON af.digest = afnb.digest_af +JOIN BLOB bb + ON afnb.digest_blob = bb.digest +WHERE af.project_id = ? +` + _, err := GetOrmer().Raw(sql, pid).QueryRows(&blobs) + if err != nil { + return 0, err + } + + var size int64 + for _, blob := range blobs { + size += blob.Size + } + + return size, err +} diff --git a/src/common/dao/project_blob_test.go b/src/common/dao/project_blob_test.go index 071bfdd3d..dec4c5fab 100644 --- a/src/common/dao/project_blob_test.go +++ b/src/common/dao/project_blob_test.go @@ -38,3 +38,161 @@ func TestHasBlobInProject(t *testing.T) { require.Nil(t, err) assert.True(t, has) } + +func TestCountSizeOfProject(t *testing.T) { + _, err := AddBlob(&models.Blob{ + Digest: "CountSizeOfProject_blob1", + Size: 101, + }) + require.Nil(t, err) + + _, err = AddBlob(&models.Blob{ + Digest: "CountSizeOfProject_blob2", + Size: 202, + }) + require.Nil(t, err) + + _, err = AddBlob(&models.Blob{ + Digest: "CountSizeOfProject_blob3", + Size: 303, + }) + require.Nil(t, err) + + pid1, err := AddProject(models.Project{ + Name: "CountSizeOfProject_project1", + OwnerID: 1, + }) + require.Nil(t, err) + + af := &models.Artifact{ + PID: pid1, + Repo: "hello-world", + Tag: "v1", + Digest: "CountSizeOfProject_af1", + Kind: "image", + } + + // add + _, err = AddArtifact(af) + require.Nil(t, err) + + afnb1 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af1", + DigestBlob: "CountSizeOfProject_blob1", + } + afnb2 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af1", + DigestBlob: "CountSizeOfProject_blob2", + } + afnb3 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af1", + DigestBlob: "CountSizeOfProject_blob3", + } + + var afnbs []*models.ArtifactAndBlob + afnbs = append(afnbs, afnb1) + afnbs = append(afnbs, afnb2) + afnbs = append(afnbs, afnb3) + + // add + err = AddArtifactNBlobs(afnbs) + require.Nil(t, err) + + pSize, err := CountSizeOfProject(pid1) + assert.Equal(t, pSize, int64(606)) +} + +func TestCountSizeOfProjectDupdigest(t *testing.T) { + _, err := AddBlob(&models.Blob{ + Digest: "CountSizeOfProject_blob11", + Size: 101, + }) + require.Nil(t, err) + _, err = AddBlob(&models.Blob{ + Digest: "CountSizeOfProject_blob22", + Size: 202, + }) + require.Nil(t, err) + _, err = AddBlob(&models.Blob{ + Digest: "CountSizeOfProject_blob33", + Size: 303, + }) + require.Nil(t, err) + _, err = AddBlob(&models.Blob{ + Digest: "CountSizeOfProject_blob44", + Size: 404, + }) + require.Nil(t, err) + + pid1, err := AddProject(models.Project{ + Name: "CountSizeOfProject_project11", + OwnerID: 1, + }) + require.Nil(t, err) + + // add af1 into project + af1 := &models.Artifact{ + PID: pid1, + Repo: "hello-world", + Tag: "v1", + Digest: "CountSizeOfProject_af11", + Kind: "image", + } + _, err = AddArtifact(af1) + require.Nil(t, err) + afnb11 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af11", + DigestBlob: "CountSizeOfProject_blob11", + } + afnb12 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af11", + DigestBlob: "CountSizeOfProject_blob22", + } + afnb13 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af11", + DigestBlob: "CountSizeOfProject_blob33", + } + var afnbs1 []*models.ArtifactAndBlob + afnbs1 = append(afnbs1, afnb11) + afnbs1 = append(afnbs1, afnb12) + afnbs1 = append(afnbs1, afnb13) + err = AddArtifactNBlobs(afnbs1) + require.Nil(t, err) + + // add af2 into project + af2 := &models.Artifact{ + PID: pid1, + Repo: "hello-world", + Tag: "v2", + Digest: "CountSizeOfProject_af22", + Kind: "image", + } + _, err = AddArtifact(af2) + require.Nil(t, err) + afnb21 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af22", + DigestBlob: "CountSizeOfProject_blob11", + } + afnb22 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af22", + DigestBlob: "CountSizeOfProject_blob22", + } + afnb23 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af22", + DigestBlob: "CountSizeOfProject_blob33", + } + afnb24 := &models.ArtifactAndBlob{ + DigestAF: "CountSizeOfProject_af22", + DigestBlob: "CountSizeOfProject_blob44", + } + var afnbs2 []*models.ArtifactAndBlob + afnbs2 = append(afnbs2, afnb21) + afnbs2 = append(afnbs2, afnb22) + afnbs2 = append(afnbs2, afnb23) + afnbs2 = append(afnbs2, afnb24) + err = AddArtifactNBlobs(afnbs2) + require.Nil(t, err) + + pSize, err := CountSizeOfProject(pid1) + assert.Equal(t, pSize, int64(1010)) +} diff --git a/src/common/dao/quota.go b/src/common/dao/quota.go index 6cf130d3d..c86c53797 100644 --- a/src/common/dao/quota.go +++ b/src/common/dao/quota.go @@ -193,7 +193,7 @@ func quotaQueryConditions(query ...*models.QuotaQuery) (string, []interface{}) { } if len(q.ReferenceIDs) != 0 { - sql += fmt.Sprintf(`AND a.reference_id IN (%s) `, paramPlaceholder(len(q.ReferenceIDs))) + sql += fmt.Sprintf(`AND a.reference_id IN (%s) `, ParamPlaceholderForIn(len(q.ReferenceIDs))) params = append(params, q.ReferenceIDs) } diff --git a/src/common/dao/quota_usage.go b/src/common/dao/quota_usage.go index 8e2f7ca48..d8b55db9b 100644 --- a/src/common/dao/quota_usage.go +++ b/src/common/dao/quota_usage.go @@ -111,7 +111,7 @@ func quotaUsageQueryConditions(query ...*models.QuotaUsageQuery) (string, []inte params = append(params, q.ReferenceID) } if len(q.ReferenceIDs) != 0 { - sql += fmt.Sprintf(`and reference_id in (%s) `, paramPlaceholder(len(q.ReferenceIDs))) + sql += fmt.Sprintf(`and reference_id in (%s) `, ParamPlaceholderForIn(len(q.ReferenceIDs))) params = append(params, q.ReferenceIDs) } diff --git a/src/common/dao/repository.go b/src/common/dao/repository.go index c05a46899..abb859525 100644 --- a/src/common/dao/repository.go +++ b/src/common/dao/repository.go @@ -178,7 +178,7 @@ func repositoryQueryConditions(query ...*models.RepositoryQuery) (string, []inte if len(q.ProjectIDs) > 0 { sql += fmt.Sprintf(`and r.project_id in ( %s ) `, - paramPlaceholder(len(q.ProjectIDs))) + ParamPlaceholderForIn(len(q.ProjectIDs))) params = append(params, q.ProjectIDs) } diff --git a/src/common/dao/user.go b/src/common/dao/user.go index 9349c3477..535887b1e 100644 --- a/src/common/dao/user.go +++ b/src/common/dao/user.go @@ -117,12 +117,18 @@ func ListUsers(query *models.UserQuery) ([]models.User, error) { } func userQueryConditions(query *models.UserQuery) orm.QuerySeter { - qs := GetOrmer().QueryTable(&models.User{}). - Filter("deleted", 0). - Filter("user_id__gt", 1) + qs := GetOrmer().QueryTable(&models.User{}).Filter("deleted", 0) if query == nil { - return qs + // Exclude admin account, see https://github.com/goharbor/harbor/issues/2527 + return qs.Filter("user_id__gt", 1) + } + + if len(query.UserIDs) > 0 { + qs = qs.Filter("user_id__in", query.UserIDs) + } else { + // Exclude admin account when not filter by UserIDs, see https://github.com/goharbor/harbor/issues/2527 + qs = qs.Filter("user_id__gt", 1) } if len(query.Username) > 0 { @@ -202,7 +208,7 @@ func DeleteUser(userID int) error { name := fmt.Sprintf("%s#%d", user.Username, user.UserID) email := fmt.Sprintf("%s#%d", user.Email, user.UserID) - _, err = o.Raw(`update harbor_user + _, err = o.Raw(`update harbor_user set deleted = true, username = ?, email = ? where user_id = ?`, name, email, userID).Exec() return err @@ -234,6 +240,14 @@ func OnBoardUser(u *models.User) error { } if created { u.UserID = int(id) + // current orm framework doesn't support to fetch a pointer or sql.NullString with QueryRow + // https://github.com/astaxie/beego/issues/3767 + if len(u.Email) == 0 { + _, err = o.Raw("update harbor_user set email = null where user_id = ? ", id).Exec() + if err != nil { + return err + } + } } else { existing, err := GetUser(*u) if err != nil { diff --git a/src/common/dao/user_test.go b/src/common/dao/user_test.go index ff48b27ec..2b3029c17 100644 --- a/src/common/dao/user_test.go +++ b/src/common/dao/user_test.go @@ -90,3 +90,23 @@ func TestOnBoardUser(t *testing.T) { assert.True(u.UserID == id) CleanUser(int64(id)) } +func TestOnBoardUser_EmptyEmail(t *testing.T) { + assert := assert.New(t) + u := &models.User{ + Username: "empty_email", + Password: "password1", + Realname: "empty_email", + } + err := OnBoardUser(u) + assert.Nil(err) + id := u.UserID + assert.True(id > 0) + err = OnBoardUser(u) + assert.Nil(err) + assert.True(u.UserID == id) + assert.Equal("", u.Email) + + user, err := GetUser(models.User{Username: "empty_email"}) + assert.Equal("", user.Email) + CleanUser(int64(id)) +} diff --git a/src/common/models/config.go b/src/common/models/config.go index b8c7a0e6b..dfd13d4bb 100644 --- a/src/common/models/config.go +++ b/src/common/models/config.go @@ -45,12 +45,14 @@ type SQLite struct { // PostGreSQL ... type PostGreSQL struct { - Host string `json:"host"` - Port int `json:"port"` - Username string `json:"username"` - Password string `json:"password,omitempty"` - Database string `json:"database"` - SSLMode string `json:"sslmode"` + Host string `json:"host"` + Port int `json:"port"` + Username string `json:"username"` + Password string `json:"password,omitempty"` + Database string `json:"database"` + SSLMode string `json:"sslmode"` + MaxIdleConns int `json:"max_idle_conns"` + MaxOpenConns int `json:"max_open_conns"` } // Email ... diff --git a/src/common/models/user.go b/src/common/models/user.go index 77fac1a83..c4299869f 100644 --- a/src/common/models/user.go +++ b/src/common/models/user.go @@ -46,6 +46,7 @@ type User struct { // UserQuery ... type UserQuery struct { + UserIDs []int Username string Email string Pagination *Pagination diff --git a/src/common/quota/driver/project/driver.go b/src/common/quota/driver/project/driver.go index 8fafded6c..58de3aa2a 100644 --- a/src/common/quota/driver/project/driver.go +++ b/src/common/quota/driver/project/driver.go @@ -55,11 +55,23 @@ func getProjectsBatchFn(ctx context.Context, keys dataloader.Keys) []*dataloader return handleError(err) } + var ownerIDs []int var projectsMap = make(map[int64]*models.Project, len(projectIDs)) for _, project := range projects { + ownerIDs = append(ownerIDs, project.OwnerID) projectsMap[project.ProjectID] = project } + owners, err := dao.ListUsers(&models.UserQuery{UserIDs: ownerIDs}) + if err != nil { + return handleError(err) + } + + var ownersMap = make(map[int]*models.User, len(owners)) + for i, owner := range owners { + ownersMap[owner.UserID] = &owners[i] + } + var results []*dataloader.Result for _, projectID := range projectIDs { project, ok := projectsMap[projectID] @@ -67,6 +79,11 @@ func getProjectsBatchFn(ctx context.Context, keys dataloader.Keys) []*dataloader return handleError(fmt.Errorf("project not found, "+"project_id: %d", projectID)) } + owner, ok := ownersMap[project.OwnerID] + if ok { + project.OwnerName = owner.Username + } + result := dataloader.Result{ Data: project, Error: nil, diff --git a/src/common/quota/driver/project/driver_test.go b/src/common/quota/driver/project/driver_test.go index 992af0ae9..b3812a097 100644 --- a/src/common/quota/driver/project/driver_test.go +++ b/src/common/quota/driver/project/driver_test.go @@ -41,7 +41,7 @@ func (suite *DriverSuite) TestLoad() { obj := dr.RefObject{ "id": int64(1), "name": "library", - "owner_name": "", + "owner_name": "admin", } suite.Equal(obj, ref) diff --git a/src/common/quota/errors.go b/src/common/quota/errors.go new file mode 100644 index 000000000..c828734dd --- /dev/null +++ b/src/common/quota/errors.go @@ -0,0 +1,111 @@ +// Copyright Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package quota + +import ( + "fmt" + "strings" + + "github.com/goharbor/harbor/src/pkg/types" +) + +// Errors contains all happened errors +type Errors []error + +// GetErrors gets all errors that have occurred and returns a slice of errors (Error type) +func (errs Errors) GetErrors() []error { + return errs +} + +// Add adds an error to a given slice of errors +func (errs Errors) Add(newErrors ...error) Errors { + for _, err := range newErrors { + if err == nil { + continue + } + + if errors, ok := err.(Errors); ok { + errs = errs.Add(errors...) + } else { + ok = true + for _, e := range errs { + if err == e { + ok = false + } + } + if ok { + errs = append(errs, err) + } + } + } + + return errs +} + +// Error takes a slice of all errors that have occurred and returns it as a formatted string +func (errs Errors) Error() string { + var errors = []string{} + for _, e := range errs { + errors = append(errors, e.Error()) + } + return strings.Join(errors, "; ") +} + +// ResourceOverflow ... +type ResourceOverflow struct { + Resource types.ResourceName + HardLimit int64 + CurrentUsed int64 + NewUsed int64 +} + +func (e *ResourceOverflow) Error() string { + resource := e.Resource + var ( + op string + delta int64 + ) + + if e.NewUsed > e.CurrentUsed { + op = "add" + delta = e.NewUsed - e.CurrentUsed + } else { + op = "subtract" + delta = e.CurrentUsed - e.NewUsed + } + + return fmt.Sprintf("%s %s of %s resource overflow the hard limit, current usage is %s and hard limit is %s", + op, resource.FormatValue(delta), resource, + resource.FormatValue(e.CurrentUsed), resource.FormatValue(e.HardLimit)) +} + +// NewResourceOverflowError ... +func NewResourceOverflowError(resource types.ResourceName, hardLimit, currentUsed, newUsed int64) error { + return &ResourceOverflow{Resource: resource, HardLimit: hardLimit, CurrentUsed: currentUsed, NewUsed: newUsed} +} + +// ResourceNotFound ... +type ResourceNotFound struct { + Resource types.ResourceName +} + +func (e *ResourceNotFound) Error() string { + return fmt.Sprintf("resource %s not found", e.Resource) +} + +// NewResourceNotFoundError ... +func NewResourceNotFoundError(resource types.ResourceName) error { + return &ResourceNotFound{Resource: resource} +} diff --git a/src/common/quota/manager.go b/src/common/quota/manager.go index 43d70777b..558334e6d 100644 --- a/src/common/quota/manager.go +++ b/src/common/quota/manager.go @@ -110,7 +110,8 @@ func (m *Manager) getUsageForUpdate(o orm.Ormer) (*models.QuotaUsage, error) { } func (m *Manager) updateUsage(o orm.Ormer, resources types.ResourceList, - calculate func(types.ResourceList, types.ResourceList) types.ResourceList) error { + calculate func(types.ResourceList, types.ResourceList) types.ResourceList, + skipOverflow bool) error { quota, err := m.getQuotaForUpdate(o) if err != nil { @@ -131,7 +132,13 @@ func (m *Manager) updateUsage(o orm.Ormer, resources types.ResourceList, } newUsed := calculate(used, resources) - if err := isSafe(hardLimits, newUsed); err != nil { + + // ensure that new used is never negative + if negativeUsed := types.IsNegative(newUsed); len(negativeUsed) > 0 { + return fmt.Errorf("quota usage is negative for resource(s): %s", prettyPrintResourceNames(negativeUsed)) + } + + if err := isSafe(hardLimits, used, newUsed, skipOverflow); err != nil { return err } @@ -176,27 +183,87 @@ func (m *Manager) DeleteQuota() error { // UpdateQuota update the quota resource spec func (m *Manager) UpdateQuota(hardLimits types.ResourceList) error { + o := dao.GetOrmer() if err := m.driver.Validate(hardLimits); err != nil { return err } sql := `UPDATE quota SET hard = ? WHERE reference = ? AND reference_id = ?` - _, err := dao.GetOrmer().Raw(sql, hardLimits.String(), m.reference, m.referenceID).Exec() + _, err := o.Raw(sql, hardLimits.String(), m.reference, m.referenceID).Exec() return err } +// SetResourceUsage sets the usage per resource name +func (m *Manager) SetResourceUsage(resource types.ResourceName, value int64) error { + o := dao.GetOrmer() + + sql := fmt.Sprintf("UPDATE quota_usage SET used = jsonb_set(used, '{%s}', to_jsonb(%d::int), true) WHERE reference = ? AND reference_id = ?", resource, value) + _, err := o.Raw(sql, m.reference, m.referenceID).Exec() + + return err +} + +// EnsureQuota ensures the reference has quota and usage, +// if non-existent, will create new quota and usage. +// if existent, update the quota and usage. +func (m *Manager) EnsureQuota(usages types.ResourceList) error { + query := &models.QuotaQuery{ + Reference: m.reference, + ReferenceID: m.referenceID, + } + quotas, err := dao.ListQuotas(query) + if err != nil { + return err + } + + // non-existent: create quota and usage + defaultHardLimit := m.driver.HardLimits() + if len(quotas) == 0 { + _, err := m.NewQuota(defaultHardLimit, usages) + if err != nil { + return err + } + return nil + } + + // existent + used := usages + quotaUsed, err := types.NewResourceList(quotas[0].Used) + if err != nil { + return err + } + if types.Equals(quotaUsed, used) { + return nil + } + dao.WithTransaction(func(o orm.Ormer) error { + usage, err := m.getUsageForUpdate(o) + if err != nil { + return err + } + usage.Used = used.String() + usage.UpdateTime = time.Now() + _, err = o.Update(usage) + if err != nil { + return err + } + return nil + }) + + return nil +} + // AddResources add resources to usage func (m *Manager) AddResources(resources types.ResourceList) error { return dao.WithTransaction(func(o orm.Ormer) error { - return m.updateUsage(o, resources, types.Add) + return m.updateUsage(o, resources, types.Add, false) }) } // SubtractResources subtract resources from usage func (m *Manager) SubtractResources(resources types.ResourceList) error { return dao.WithTransaction(func(o orm.Ormer) error { - return m.updateUsage(o, resources, types.Subtract) + return m.updateUsage(o, resources, types.Subtract, true) }) } diff --git a/src/common/quota/manager_test.go b/src/common/quota/manager_test.go index 7de96d998..6ce705575 100644 --- a/src/common/quota/manager_test.go +++ b/src/common/quota/manager_test.go @@ -21,6 +21,7 @@ import ( "testing" "github.com/goharbor/harbor/src/common/dao" + "github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/quota/driver" "github.com/goharbor/harbor/src/common/quota/driver/mocks" "github.com/goharbor/harbor/src/pkg/types" @@ -131,6 +132,66 @@ func (suite *ManagerSuite) TestUpdateQuota() { } } +func (suite *ManagerSuite) TestSetResourceUsage() { + mgr := suite.quotaManager() + id, _ := mgr.NewQuota(hardLimits) + + if err := mgr.SetResourceUsage(types.ResourceCount, 123); suite.Nil(err) { + quota, _ := dao.GetQuota(id) + suite.Equal(hardLimits, mustResourceList(quota.Hard)) + + usage, _ := dao.GetQuotaUsage(id) + suite.Equal(types.ResourceList{types.ResourceCount: 123, types.ResourceStorage: 0}, mustResourceList(usage.Used)) + } + + if err := mgr.SetResourceUsage(types.ResourceStorage, 234); suite.Nil(err) { + usage, _ := dao.GetQuotaUsage(id) + suite.Equal(types.ResourceList{types.ResourceCount: 123, types.ResourceStorage: 234}, mustResourceList(usage.Used)) + } +} + +func (suite *ManagerSuite) TestEnsureQuota() { + // non-existent + nonExistRefID := "3" + mgr := suite.quotaManager(nonExistRefID) + infinite := types.ResourceList{types.ResourceCount: -1, types.ResourceStorage: -1} + usage := types.ResourceList{types.ResourceCount: 10, types.ResourceStorage: 10} + err := mgr.EnsureQuota(usage) + suite.Nil(err) + query := &models.QuotaQuery{ + Reference: reference, + ReferenceID: nonExistRefID, + } + quotas, err := dao.ListQuotas(query) + suite.Nil(err) + suite.Equal(usage, mustResourceList(quotas[0].Used)) + suite.Equal(infinite, mustResourceList(quotas[0].Hard)) + + // existent + existRefID := "4" + mgr = suite.quotaManager(existRefID) + used := types.ResourceList{types.ResourceCount: 11, types.ResourceStorage: 11} + if id, err := mgr.NewQuota(hardLimits, used); suite.Nil(err) { + quota, _ := dao.GetQuota(id) + suite.Equal(hardLimits, mustResourceList(quota.Hard)) + + usage, _ := dao.GetQuotaUsage(id) + suite.Equal(used, mustResourceList(usage.Used)) + } + + usage2 := types.ResourceList{types.ResourceCount: 12, types.ResourceStorage: 12} + err = mgr.EnsureQuota(usage2) + suite.Nil(err) + query2 := &models.QuotaQuery{ + Reference: reference, + ReferenceID: existRefID, + } + quotas2, err := dao.ListQuotas(query2) + suite.Equal(usage2, mustResourceList(quotas2[0].Used)) + suite.Equal(hardLimits, mustResourceList(quotas2[0].Hard)) + +} + func (suite *ManagerSuite) TestQuotaAutoCreation() { for i := 0; i < 10; i++ { mgr := suite.quotaManager(fmt.Sprintf("%d", i)) @@ -157,7 +218,11 @@ func (suite *ManagerSuite) TestAddResources() { } if err := mgr.AddResources(types.ResourceList{types.ResourceStorage: 10000}); suite.Error(err) { - suite.True(IsUnsafeError(err)) + if errs, ok := err.(Errors); suite.True(ok) { + for _, err := range errs { + suite.IsType(&ResourceOverflow{}, err) + } + } } } diff --git a/src/common/quota/util.go b/src/common/quota/util.go index 33f3ce0a3..e57e05170 100644 --- a/src/common/quota/util.go +++ b/src/common/quota/util.go @@ -15,48 +15,43 @@ package quota import ( - "fmt" + "sort" + "strings" "github.com/goharbor/harbor/src/pkg/types" ) -type unsafe struct { - message string -} +func isSafe(hardLimits types.ResourceList, currentUsed types.ResourceList, newUsed types.ResourceList, skipOverflow bool) error { + var errs Errors -func (err *unsafe) Error() string { - return err.message -} - -func newUnsafe(message string) error { - return &unsafe{message: message} -} - -// IsUnsafeError returns true when the err is unsafe error -func IsUnsafeError(err error) bool { - _, ok := err.(*unsafe) - return ok -} - -func isSafe(hardLimits types.ResourceList, used types.ResourceList) error { - for key, value := range used { - if value < 0 { - return newUnsafe(fmt.Sprintf("bad used value: %d", value)) + for resource, value := range newUsed { + hardLimit, found := hardLimits[resource] + if !found { + errs = errs.Add(NewResourceNotFoundError(resource)) + continue } - if hard, found := hardLimits[key]; found { - if hard == types.UNLIMITED { - continue - } - - if value > hard { - return newUnsafe(fmt.Sprintf("over the quota: used %d but only hard %d", value, hard)) - } - } else { - return newUnsafe(fmt.Sprintf("hard limit not found: %s", key)) + if hardLimit == types.UNLIMITED || value == currentUsed[resource] { + continue } + if value > hardLimit && !skipOverflow { + errs = errs.Add(NewResourceOverflowError(resource, hardLimit, currentUsed[resource], value)) + } + } + + if len(errs) > 0 { + return errs } return nil } + +func prettyPrintResourceNames(a []types.ResourceName) string { + values := []string{} + for _, value := range a { + values = append(values, string(value)) + } + sort.Strings(values) + return strings.Join(values, ",") +} diff --git a/src/common/quota/util_test.go b/src/common/quota/util_test.go index 806ae56af..44432348d 100644 --- a/src/common/quota/util_test.go +++ b/src/common/quota/util_test.go @@ -15,45 +15,17 @@ package quota import ( - "errors" "testing" "github.com/goharbor/harbor/src/pkg/types" ) -func TestIsUnsafeError(t *testing.T) { +func Test_isSafe(t *testing.T) { type args struct { - err error - } - tests := []struct { - name string - args args - want bool - }{ - { - "is unsafe error", - args{err: newUnsafe("unsafe")}, - true, - }, - { - "is not unsafe error", - args{err: errors.New("unsafe")}, - false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := IsUnsafeError(tt.args.err); got != tt.want { - t.Errorf("IsUnsafeError() = %v, want %v", got, tt.want) - } - }) - } -} - -func Test_checkQuotas(t *testing.T) { - type args struct { - hardLimits types.ResourceList - used types.ResourceList + hardLimits types.ResourceList + currentUsed types.ResourceList + newUsed types.ResourceList + skipOverflow bool } tests := []struct { name string @@ -62,33 +34,58 @@ func Test_checkQuotas(t *testing.T) { }{ { "unlimited", - args{hardLimits: types.ResourceList{types.ResourceStorage: types.UNLIMITED}, used: types.ResourceList{types.ResourceStorage: 1000}}, + args{ + types.ResourceList{types.ResourceStorage: types.UNLIMITED}, + types.ResourceList{types.ResourceStorage: 1000}, + types.ResourceList{types.ResourceStorage: 1000}, + false, + }, false, }, { "ok", - args{hardLimits: types.ResourceList{types.ResourceStorage: 100}, used: types.ResourceList{types.ResourceStorage: 1}}, + args{ + types.ResourceList{types.ResourceStorage: 100}, + types.ResourceList{types.ResourceStorage: 10}, + types.ResourceList{types.ResourceStorage: 1}, + false, + }, false, }, { - "bad used value", - args{hardLimits: types.ResourceList{types.ResourceStorage: 100}, used: types.ResourceList{types.ResourceStorage: -1}}, + "over the hard limit", + args{ + types.ResourceList{types.ResourceStorage: 100}, + types.ResourceList{types.ResourceStorage: 0}, + types.ResourceList{types.ResourceStorage: 200}, + false, + }, true, }, { - "over the hard limit", - args{hardLimits: types.ResourceList{types.ResourceStorage: 100}, used: types.ResourceList{types.ResourceStorage: 200}}, - true, + "skip overflow", + args{ + types.ResourceList{types.ResourceStorage: 100}, + types.ResourceList{types.ResourceStorage: 0}, + types.ResourceList{types.ResourceStorage: 200}, + true, + }, + false, }, { "hard limit not found", - args{hardLimits: types.ResourceList{types.ResourceStorage: 100}, used: types.ResourceList{types.ResourceCount: 1}}, + args{ + types.ResourceList{types.ResourceStorage: 100}, + types.ResourceList{types.ResourceCount: 0}, + types.ResourceList{types.ResourceCount: 1}, + false, + }, true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := isSafe(tt.args.hardLimits, tt.args.used); (err != nil) != tt.wantErr { + if err := isSafe(tt.args.hardLimits, tt.args.currentUsed, tt.args.newUsed, tt.args.skipOverflow); (err != nil) != tt.wantErr { t.Errorf("isSafe() error = %v, wantErr %v", err, tt.wantErr) } }) diff --git a/src/common/rbac/namespace.go b/src/common/rbac/namespace.go index 7f4f0f6a3..e1f123b10 100644 --- a/src/common/rbac/namespace.go +++ b/src/common/rbac/namespace.go @@ -31,8 +31,8 @@ type Namespace interface { } type projectNamespace struct { - projectIDOrName interface{} - isPublic bool + projectID int64 + isPublic bool } func (ns *projectNamespace) Kind() string { @@ -40,11 +40,11 @@ func (ns *projectNamespace) Kind() string { } func (ns *projectNamespace) Resource(subresources ...Resource) Resource { - return Resource(fmt.Sprintf("/project/%v", ns.projectIDOrName)).Subresource(subresources...) + return Resource(fmt.Sprintf("/project/%d", ns.projectID)).Subresource(subresources...) } func (ns *projectNamespace) Identity() interface{} { - return ns.projectIDOrName + return ns.projectID } func (ns *projectNamespace) IsPublic() bool { @@ -52,10 +52,10 @@ func (ns *projectNamespace) IsPublic() bool { } // NewProjectNamespace returns namespace for project -func NewProjectNamespace(projectIDOrName interface{}, isPublic ...bool) Namespace { +func NewProjectNamespace(projectID int64, isPublic ...bool) Namespace { isPublicNamespace := false if len(isPublic) > 0 { isPublicNamespace = isPublic[0] } - return &projectNamespace{projectIDOrName: projectIDOrName, isPublic: isPublicNamespace} + return &projectNamespace{projectID: projectID, isPublic: isPublicNamespace} } diff --git a/src/common/rbac/namespace_test.go b/src/common/rbac/namespace_test.go index 5fddad0e4..97a8bfbc2 100644 --- a/src/common/rbac/namespace_test.go +++ b/src/common/rbac/namespace_test.go @@ -27,7 +27,7 @@ type ProjectNamespaceTestSuite struct { func (suite *ProjectNamespaceTestSuite) TestResource() { var namespace Namespace - namespace = &projectNamespace{projectIDOrName: int64(1)} + namespace = &projectNamespace{projectID: int64(1)} suite.Equal(namespace.Resource(Resource("image")), Resource("/project/1/image")) } @@ -35,9 +35,6 @@ func (suite *ProjectNamespaceTestSuite) TestResource() { func (suite *ProjectNamespaceTestSuite) TestIdentity() { namespace, _ := Resource("/project/1/image").GetNamespace() suite.Equal(namespace.Identity(), int64(1)) - - namespace, _ = Resource("/project/library/image").GetNamespace() - suite.Equal(namespace.Identity(), "library") } func TestProjectNamespaceTestSuite(t *testing.T) { diff --git a/src/common/rbac/parser.go b/src/common/rbac/parser.go index bb65943e6..e4db275cc 100644 --- a/src/common/rbac/parser.go +++ b/src/common/rbac/parser.go @@ -37,14 +37,10 @@ func projectNamespaceParser(resource Resource) (Namespace, error) { return nil, errors.New("not support resource") } - var projectIDOrName interface{} - - id, err := strconv.ParseInt(matches[1], 10, 64) - if err == nil { - projectIDOrName = id - } else { - projectIDOrName = matches[1] + projectID, err := strconv.ParseInt(matches[1], 10, 64) + if err != nil { + return nil, err } - return &projectNamespace{projectIDOrName: projectIDOrName}, nil + return &projectNamespace{projectID: projectID}, nil } diff --git a/src/common/rbac/parser_test.go b/src/common/rbac/parser_test.go index cf23d517b..2a56a5025 100644 --- a/src/common/rbac/parser_test.go +++ b/src/common/rbac/parser_test.go @@ -26,7 +26,7 @@ type ProjectParserTestSuite struct { func (suite *ProjectParserTestSuite) TestParse() { namespace, err := projectNamespaceParser(Resource("/project/1/image")) - suite.Equal(namespace, &projectNamespace{projectIDOrName: int64(1)}) + suite.Equal(namespace, &projectNamespace{projectID: 1}) suite.Nil(err) namespace, err = projectNamespaceParser(Resource("/fake/1/image")) diff --git a/src/common/rbac/project/visitor_test.go b/src/common/rbac/project/visitor_test.go index 32fa78df6..921f81c1b 100644 --- a/src/common/rbac/project/visitor_test.go +++ b/src/common/rbac/project/visitor_test.go @@ -50,8 +50,8 @@ type VisitorTestSuite struct { } func (suite *VisitorTestSuite) TestGetPolicies() { - namespace := rbac.NewProjectNamespace("library", false) - publicNamespace := rbac.NewProjectNamespace("library", true) + namespace := rbac.NewProjectNamespace(1, false) + publicNamespace := rbac.NewProjectNamespace(1, true) anonymous := NewUser(anonymousCtx, namespace) suite.Nil(anonymous.GetPolicies()) @@ -73,7 +73,7 @@ func (suite *VisitorTestSuite) TestGetPolicies() { } func (suite *VisitorTestSuite) TestGetRoles() { - namespace := rbac.NewProjectNamespace("library", false) + namespace := rbac.NewProjectNamespace(1, false) anonymous := NewUser(anonymousCtx, namespace) suite.Nil(anonymous.GetRoles()) diff --git a/src/common/security/admiral/context.go b/src/common/security/admiral/context.go index 962a6dafb..fcc0a069f 100644 --- a/src/common/security/admiral/context.go +++ b/src/common/security/admiral/context.go @@ -75,10 +75,10 @@ func (s *SecurityContext) Can(action rbac.Action, resource rbac.Resource) bool { if err == nil { switch ns.Kind() { case "project": - projectIDOrName := ns.Identity() - isPublicProject, _ := s.pm.IsPublic(projectIDOrName) - projectNamespace := rbac.NewProjectNamespace(projectIDOrName, isPublicProject) - user := project.NewUser(s, projectNamespace, s.GetProjectRoles(projectIDOrName)...) + projectID := ns.Identity().(int64) + isPublicProject, _ := s.pm.IsPublic(projectID) + projectNamespace := rbac.NewProjectNamespace(projectID, isPublicProject) + user := project.NewUser(s, projectNamespace, s.GetProjectRoles(projectID)...) return rbac.HasPermission(user, resource, action) } } diff --git a/src/common/security/local/context.go b/src/common/security/local/context.go index 907521e2f..b246ae2e8 100644 --- a/src/common/security/local/context.go +++ b/src/common/security/local/context.go @@ -72,10 +72,10 @@ func (s *SecurityContext) Can(action rbac.Action, resource rbac.Resource) bool { if err == nil { switch ns.Kind() { case "project": - projectIDOrName := ns.Identity() - isPublicProject, _ := s.pm.IsPublic(projectIDOrName) - projectNamespace := rbac.NewProjectNamespace(projectIDOrName, isPublicProject) - user := project.NewUser(s, projectNamespace, s.GetProjectRoles(projectIDOrName)...) + projectID := ns.Identity().(int64) + isPublicProject, _ := s.pm.IsPublic(projectID) + projectNamespace := rbac.NewProjectNamespace(projectID, isPublicProject) + user := project.NewUser(s, projectNamespace, s.GetProjectRoles(projectID)...) return rbac.HasPermission(user, resource, action) } } diff --git a/src/common/security/local/context_test.go b/src/common/security/local/context_test.go index ffbb51885..45cd14450 100644 --- a/src/common/security/local/context_test.go +++ b/src/common/security/local/context_test.go @@ -176,12 +176,12 @@ func TestHasPullPerm(t *testing.T) { // public project ctx := NewSecurityContext(nil, pm) - resource := rbac.NewProjectNamespace("library").Resource(rbac.ResourceRepository) + resource := rbac.NewProjectNamespace(1).Resource(rbac.ResourceRepository) assert.True(t, ctx.Can(rbac.ActionPull, resource)) // private project, unauthenticated ctx = NewSecurityContext(nil, pm) - resource = rbac.NewProjectNamespace(private.Name).Resource(rbac.ResourceRepository) + resource = rbac.NewProjectNamespace(private.ProjectID).Resource(rbac.ResourceRepository) assert.False(t, ctx.Can(rbac.ActionPull, resource)) // private project, authenticated, has no perm @@ -203,7 +203,7 @@ func TestHasPullPerm(t *testing.T) { } func TestHasPushPerm(t *testing.T) { - resource := rbac.NewProjectNamespace(private.Name).Resource(rbac.ResourceRepository) + resource := rbac.NewProjectNamespace(private.ProjectID).Resource(rbac.ResourceRepository) // unauthenticated ctx := NewSecurityContext(nil, pm) @@ -226,7 +226,7 @@ func TestHasPushPerm(t *testing.T) { } func TestHasPushPullPerm(t *testing.T) { - resource := rbac.NewProjectNamespace(private.Name).Resource(rbac.ResourceRepository) + resource := rbac.NewProjectNamespace(private.ProjectID).Resource(rbac.ResourceRepository) // unauthenticated ctx := NewSecurityContext(nil, pm) @@ -265,7 +265,7 @@ func TestHasPushPullPermWithGroup(t *testing.T) { developer.GroupIDs = []int{userGroups[0].ID} - resource := rbac.NewProjectNamespace(project.Name).Resource(rbac.ResourceRepository) + resource := rbac.NewProjectNamespace(project.ProjectID).Resource(rbac.ResourceRepository) ctx := NewSecurityContext(developer, pm) assert.True(t, ctx.Can(rbac.ActionPush, resource)) diff --git a/src/common/security/robot/context.go b/src/common/security/robot/context.go index 49d80ef35..8fc622fe0 100644 --- a/src/common/security/robot/context.go +++ b/src/common/security/robot/context.go @@ -76,9 +76,9 @@ func (s *SecurityContext) Can(action rbac.Action, resource rbac.Resource) bool { if err == nil { switch ns.Kind() { case "project": - projectIDOrName := ns.Identity() - isPublicProject, _ := s.pm.IsPublic(projectIDOrName) - projectNamespace := rbac.NewProjectNamespace(projectIDOrName, isPublicProject) + projectID := ns.Identity().(int64) + isPublicProject, _ := s.pm.IsPublic(projectID) + projectNamespace := rbac.NewProjectNamespace(projectID, isPublicProject) robot := NewRobot(s.GetUsername(), projectNamespace, s.policy) return rbac.HasPermission(robot, resource, action) } diff --git a/src/common/security/robot/context_test.go b/src/common/security/robot/context_test.go index e9fb2ce8f..36a8a5316 100644 --- a/src/common/security/robot/context_test.go +++ b/src/common/security/robot/context_test.go @@ -15,6 +15,7 @@ package robot import ( + "fmt" "os" "strconv" "testing" @@ -136,7 +137,7 @@ func TestIsSolutionUser(t *testing.T) { func TestHasPullPerm(t *testing.T) { policies := []*rbac.Policy{ { - Resource: "/project/testrobot/repository", + Resource: rbac.Resource(fmt.Sprintf("/project/%d/repository", private.ProjectID)), Action: rbac.ActionPull, }, } @@ -146,14 +147,14 @@ func TestHasPullPerm(t *testing.T) { } ctx := NewSecurityContext(robot, pm, policies) - resource := rbac.NewProjectNamespace(private.Name).Resource(rbac.ResourceRepository) + resource := rbac.NewProjectNamespace(private.ProjectID).Resource(rbac.ResourceRepository) assert.True(t, ctx.Can(rbac.ActionPull, resource)) } func TestHasPushPerm(t *testing.T) { policies := []*rbac.Policy{ { - Resource: "/project/testrobot/repository", + Resource: rbac.Resource(fmt.Sprintf("/project/%d/repository", private.ProjectID)), Action: rbac.ActionPush, }, } @@ -163,18 +164,18 @@ func TestHasPushPerm(t *testing.T) { } ctx := NewSecurityContext(robot, pm, policies) - resource := rbac.NewProjectNamespace(private.Name).Resource(rbac.ResourceRepository) + resource := rbac.NewProjectNamespace(private.ProjectID).Resource(rbac.ResourceRepository) assert.True(t, ctx.Can(rbac.ActionPush, resource)) } func TestHasPushPullPerm(t *testing.T) { policies := []*rbac.Policy{ { - Resource: "/project/testrobot/repository", + Resource: rbac.Resource(fmt.Sprintf("/project/%d/repository", private.ProjectID)), Action: rbac.ActionPush, }, { - Resource: "/project/testrobot/repository", + Resource: rbac.Resource(fmt.Sprintf("/project/%d/repository", private.ProjectID)), Action: rbac.ActionPull, }, } @@ -184,7 +185,7 @@ func TestHasPushPullPerm(t *testing.T) { } ctx := NewSecurityContext(robot, pm, policies) - resource := rbac.NewProjectNamespace(private.Name).Resource(rbac.ResourceRepository) + resource := rbac.NewProjectNamespace(private.ProjectID).Resource(rbac.ResourceRepository) assert.True(t, ctx.Can(rbac.ActionPush, resource) && ctx.Can(rbac.ActionPull, resource)) } diff --git a/src/common/security/robot/robot_test.go b/src/common/security/robot/robot_test.go index 62acbe11f..ba89fac41 100644 --- a/src/common/security/robot/robot_test.go +++ b/src/common/security/robot/robot_test.go @@ -1,9 +1,24 @@ +// Copyright Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package robot import ( + "testing" + "github.com/goharbor/harbor/src/common/rbac" "github.com/stretchr/testify/assert" - "testing" ) func TestGetPolicies(t *testing.T) { @@ -17,7 +32,7 @@ func TestGetPolicies(t *testing.T) { robot := robot{ username: "test", - namespace: rbac.NewProjectNamespace("library", false), + namespace: rbac.NewProjectNamespace(1, false), policy: policies, } diff --git a/src/common/utils/ldap/ldap.go b/src/common/utils/ldap/ldap.go index e7c453376..512af7618 100644 --- a/src/common/utils/ldap/ldap.go +++ b/src/common/utils/ldap/ldap.go @@ -220,6 +220,27 @@ func (session *Session) SearchUser(username string) ([]models.LdapUser, error) { } u.GroupDNList = groupDNList } + + log.Debugf("Searching for nested groups") + nestedGroupDNList := []string{} + nestedGroupFilter := createNestedGroupFilter(ldapEntry.DN) + result, err := session.SearchLdap(nestedGroupFilter) + if err != nil { + return nil, err + } + + for _, groupEntry := range result.Entries { + if !contains(u.GroupDNList, groupEntry.DN) { + nestedGroupDNList = append(nestedGroupDNList, strings.TrimSpace(groupEntry.DN)) + log.Debugf("Found group %v", groupEntry.DN) + } else { + log.Debugf("%v is already in GroupDNList", groupEntry.DN) + } + } + + u.GroupDNList = append(u.GroupDNList, nestedGroupDNList...) + log.Debugf("Done searching for nested groups") + u.DN = ldapEntry.DN ldapUsers = append(ldapUsers, u) @@ -330,13 +351,13 @@ func (session *Session) createUserFilter(username string) string { filterTag = goldap.EscapeFilter(username) } - ldapFilter := session.ldapConfig.LdapFilter + ldapFilter := normalizeFilter(session.ldapConfig.LdapFilter) ldapUID := session.ldapConfig.LdapUID if ldapFilter == "" { ldapFilter = "(" + ldapUID + "=" + filterTag + ")" } else { - ldapFilter = "(&" + ldapFilter + "(" + ldapUID + "=" + filterTag + "))" + ldapFilter = "(&(" + ldapFilter + ")(" + ldapUID + "=" + filterTag + "))" } log.Debug("ldap filter :", ldapFilter) @@ -404,6 +425,7 @@ func createGroupSearchFilter(oldFilter, groupName, groupNameAttribute string) st filter := "" groupName = goldap.EscapeFilter(groupName) groupNameAttribute = goldap.EscapeFilter(groupNameAttribute) + oldFilter = normalizeFilter(oldFilter) if len(oldFilter) == 0 { if len(groupName) == 0 { filter = groupNameAttribute + "=*" @@ -419,3 +441,26 @@ func createGroupSearchFilter(oldFilter, groupName, groupNameAttribute string) st } return filter } + +func createNestedGroupFilter(userDN string) string { + filter := "" + filter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:=" + userDN + "))" + return filter +} + +func contains(s []string, e string) bool { + for _, a := range s { + if a == e { + return true + } + } + return false +} + +// normalizeFilter - remove '(' and ')' in ldap filter +func normalizeFilter(filter string) string { + norFilter := strings.TrimSpace(filter) + norFilter = strings.TrimPrefix(norFilter, "(") + norFilter = strings.TrimSuffix(norFilter, ")") + return norFilter +} diff --git a/src/common/utils/ldap/ldap_test.go b/src/common/utils/ldap/ldap_test.go index ed80fd17a..e7b3344a6 100644 --- a/src/common/utils/ldap/ldap_test.go +++ b/src/common/utils/ldap/ldap_test.go @@ -369,3 +369,25 @@ func TestSession_SearchGroupByDN(t *testing.T) { }) } } + +func TestNormalizeFilter(t *testing.T) { + type args struct { + filter string + } + tests := []struct { + name string + args args + want string + }{ + {"normal test", args{"(objectclass=user)"}, "objectclass=user"}, + {"with space", args{" (objectclass=user) "}, "objectclass=user"}, + {"nothing", args{"objectclass=user"}, "objectclass=user"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := normalizeFilter(tt.args.filter); got != tt.want { + t.Errorf("normalizeFilter() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/src/common/utils/registry/repository.go b/src/common/utils/registry/repository.go index f7304499c..7a4a1c6c7 100644 --- a/src/common/utils/registry/repository.go +++ b/src/common/utils/registry/repository.go @@ -25,11 +25,9 @@ import ( "sort" "strconv" "strings" - // "time" "github.com/docker/distribution/manifest/schema1" "github.com/docker/distribution/manifest/schema2" - commonhttp "github.com/goharbor/harbor/src/common/http" "github.com/goharbor/harbor/src/common/utils" ) @@ -407,6 +405,7 @@ func (r *Repository) monolithicBlobUpload(location, digest string, size int64, d if err != nil { return err } + req.ContentLength = size resp, err := r.client.Do(req) if err != nil { diff --git a/src/core/api/base.go b/src/core/api/base.go index 7c4dfddf4..195f7f9c8 100644 --- a/src/core/api/base.go +++ b/src/core/api/base.go @@ -15,22 +15,24 @@ package api import ( + "encoding/json" "errors" - - "github.com/goharbor/harbor/src/pkg/retention" - "github.com/goharbor/harbor/src/pkg/scheduler" - + "fmt" "net/http" "github.com/ghodss/yaml" "github.com/goharbor/harbor/src/common/api" + "github.com/goharbor/harbor/src/common/rbac" "github.com/goharbor/harbor/src/common/security" + "github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/filter" "github.com/goharbor/harbor/src/core/promgr" "github.com/goharbor/harbor/src/pkg/project" "github.com/goharbor/harbor/src/pkg/repository" + "github.com/goharbor/harbor/src/pkg/retention" + "github.com/goharbor/harbor/src/pkg/scheduler" ) const ( @@ -47,6 +49,10 @@ var ( retentionController retention.APIController ) +var ( + errNotFound = errors.New("not found") +) + // BaseController ... type BaseController struct { api.BaseAPI @@ -77,6 +83,71 @@ func (b *BaseController) Prepare() { b.ProjectMgr = pm } +// RequireAuthenticated returns true when the request is authenticated +// otherwise send Unauthorized response and returns false +func (b *BaseController) RequireAuthenticated() bool { + if !b.SecurityCtx.IsAuthenticated() { + b.SendUnAuthorizedError(errors.New("Unauthorized")) + return false + } + + return true +} + +// HasProjectPermission returns true when the request has action permission on project subresource +func (b *BaseController) HasProjectPermission(projectIDOrName interface{}, action rbac.Action, subresource ...rbac.Resource) (bool, error) { + projectID, projectName, err := utils.ParseProjectIDOrName(projectIDOrName) + if err != nil { + return false, err + } + + if projectName != "" { + project, err := b.ProjectMgr.Get(projectName) + if err != nil { + return false, err + } + if project == nil { + return false, errNotFound + } + + projectID = project.ProjectID + } + + resource := rbac.NewProjectNamespace(projectID).Resource(subresource...) + if !b.SecurityCtx.Can(action, resource) { + return false, nil + } + + return true, nil +} + +// RequireProjectAccess returns true when the request has action access on project subresource +// otherwise send UnAuthorized or Forbidden response and returns false +func (b *BaseController) RequireProjectAccess(projectIDOrName interface{}, action rbac.Action, subresource ...rbac.Resource) bool { + hasPermission, err := b.HasProjectPermission(projectIDOrName, action, subresource...) + if err != nil { + if err == errNotFound { + b.SendNotFoundError(fmt.Errorf("project %v not found", projectIDOrName)) + } else { + b.SendInternalServerError(err) + } + + return false + } + + if !hasPermission { + if !b.SecurityCtx.IsAuthenticated() { + b.SendUnAuthorizedError(errors.New("UnAuthorized")) + } else { + b.SendForbiddenError(errors.New(b.SecurityCtx.GetUsername())) + } + + return false + } + + return true +} + // WriteJSONData writes the JSON data to the client. func (b *BaseController) WriteJSONData(object interface{}) { b.Data["json"] = object @@ -121,12 +192,16 @@ func Init() error { retentionController = retention.NewAPIController(retentionMgr, projectMgr, repositoryMgr, retentionScheduler, retentionLauncher) callbackFun := func(p interface{}) error { - r, ok := p.(retention.TriggerParam) - if ok { - _, err := retentionController.TriggerRetentionExec(r.PolicyID, r.Trigger, false) - return err + str, ok := p.(string) + if !ok { + return fmt.Errorf("the type of param %v isn't string", p) } - return errors.New("bad retention callback param") + param := &retention.TriggerParam{} + if err := json.Unmarshal([]byte(str), param); err != nil { + return fmt.Errorf("failed to unmarshal the param: %v", err) + } + _, err := retentionController.TriggerRetentionExec(param.PolicyID, param.Trigger, false) + return err } err := scheduler.Register(retention.SchedulerCallback, callbackFun) diff --git a/src/core/api/chart_label.go b/src/core/api/chart_label.go index 02f5a98ee..e70254e77 100644 --- a/src/core/api/chart_label.go +++ b/src/core/api/chart_label.go @@ -58,14 +58,7 @@ func (cla *ChartLabelAPI) Prepare() { } func (cla *ChartLabelAPI) requireAccess(action rbac.Action) bool { - resource := rbac.NewProjectNamespace(cla.project.ProjectID).Resource(rbac.ResourceHelmChartVersionLabel) - - if !cla.SecurityCtx.Can(action, resource) { - cla.SendForbiddenError(errors.New(cla.SecurityCtx.GetUsername())) - return false - } - - return true + return cla.RequireProjectAccess(cla.project.ProjectID, action, rbac.ResourceHelmChartVersionLabel) } // MarkLabel handles the request of marking label to chart. diff --git a/src/core/api/chart_repository.go b/src/core/api/chart_repository.go index 5a67acdb8..7c45d36bc 100755 --- a/src/core/api/chart_repository.go +++ b/src/core/api/chart_repository.go @@ -105,19 +105,8 @@ func (cra *ChartRepositoryAPI) requireAccess(action rbac.Action, subresource ... if len(subresource) == 0 { subresource = append(subresource, rbac.ResourceHelmChart) } - resource := rbac.NewProjectNamespace(cra.namespace).Resource(subresource...) - if !cra.SecurityCtx.Can(action, resource) { - if !cra.SecurityCtx.IsAuthenticated() { - cra.SendUnAuthorizedError(errors.New("Unauthorized")) - } else { - cra.SendForbiddenError(errors.New(cra.SecurityCtx.GetUsername())) - } - - return false - } - - return true + return cra.RequireProjectAccess(cra.namespace, action, subresource...) } // GetHealthStatus handles GET /api/chartrepo/health diff --git a/src/core/api/harborapi_test.go b/src/core/api/harborapi_test.go index 5357a6579..b6ed840b2 100644 --- a/src/core/api/harborapi_test.go +++ b/src/core/api/harborapi_test.go @@ -35,6 +35,7 @@ import ( testutils "github.com/goharbor/harbor/src/common/utils/test" api_models "github.com/goharbor/harbor/src/core/api/models" apimodels "github.com/goharbor/harbor/src/core/api/models" + quota "github.com/goharbor/harbor/src/core/api/quota" _ "github.com/goharbor/harbor/src/core/auth/db" _ "github.com/goharbor/harbor/src/core/auth/ldap" "github.com/goharbor/harbor/src/core/config" @@ -202,11 +203,18 @@ func init() { beego.Router("/api/quotas", quotaAPIType, "get:List") beego.Router("/api/quotas/:id([0-9]+)", quotaAPIType, "get:Get;put:Put") + beego.Router("/api/internal/switchquota", &InternalAPI{}, "put:SwitchQuota") + beego.Router("/api/internal/syncquota", &InternalAPI{}, "post:SyncQuota") + // syncRegistry if err := SyncRegistry(config.GlobalProjectMgr); err != nil { log.Fatalf("failed to sync repositories from registry: %v", err) } + if err := quota.Sync(config.GlobalProjectMgr, false); err != nil { + log.Fatalf("failed to sync quota from backend: %v", err) + } + // Init user Info admin = &usrInfo{adminName, adminPwd} unknownUsr = &usrInfo{"unknown", "unknown"} diff --git a/src/core/api/health.go b/src/core/api/health.go index 6d5a890d1..0d4ef2cac 100644 --- a/src/core/api/health.go +++ b/src/core/api/health.go @@ -34,8 +34,9 @@ import ( ) var ( - timeout = 60 * time.Second - healthCheckerRegistry = map[string]health.Checker{} + timeout = 60 * time.Second + // HealthCheckerRegistry ... + HealthCheckerRegistry = map[string]health.Checker{} ) type overallHealthStatus struct { @@ -67,11 +68,11 @@ type HealthAPI struct { func (h *HealthAPI) CheckHealth() { var isHealthy healthy = true components := []*componentHealthStatus{} - c := make(chan *componentHealthStatus, len(healthCheckerRegistry)) - for name, checker := range healthCheckerRegistry { + c := make(chan *componentHealthStatus, len(HealthCheckerRegistry)) + for name, checker := range HealthCheckerRegistry { go check(name, checker, timeout, c) } - for i := 0; i < len(healthCheckerRegistry); i++ { + for i := 0; i < len(HealthCheckerRegistry); i++ { componentStatus := <-c if len(componentStatus.Error) != 0 { isHealthy = false @@ -290,21 +291,21 @@ func redisHealthChecker() health.Checker { } func registerHealthCheckers() { - healthCheckerRegistry["core"] = coreHealthChecker() - healthCheckerRegistry["portal"] = portalHealthChecker() - healthCheckerRegistry["jobservice"] = jobserviceHealthChecker() - healthCheckerRegistry["registry"] = registryHealthChecker() - healthCheckerRegistry["registryctl"] = registryCtlHealthChecker() - healthCheckerRegistry["database"] = databaseHealthChecker() - healthCheckerRegistry["redis"] = redisHealthChecker() + HealthCheckerRegistry["core"] = coreHealthChecker() + HealthCheckerRegistry["portal"] = portalHealthChecker() + HealthCheckerRegistry["jobservice"] = jobserviceHealthChecker() + HealthCheckerRegistry["registry"] = registryHealthChecker() + HealthCheckerRegistry["registryctl"] = registryCtlHealthChecker() + HealthCheckerRegistry["database"] = databaseHealthChecker() + HealthCheckerRegistry["redis"] = redisHealthChecker() if config.WithChartMuseum() { - healthCheckerRegistry["chartmuseum"] = chartmuseumHealthChecker() + HealthCheckerRegistry["chartmuseum"] = chartmuseumHealthChecker() } if config.WithClair() { - healthCheckerRegistry["clair"] = clairHealthChecker() + HealthCheckerRegistry["clair"] = clairHealthChecker() } if config.WithNotary() { - healthCheckerRegistry["notary"] = notaryHealthChecker() + HealthCheckerRegistry["notary"] = notaryHealthChecker() } } diff --git a/src/core/api/health_test.go b/src/core/api/health_test.go index 8426a74b1..c98d021b5 100644 --- a/src/core/api/health_test.go +++ b/src/core/api/health_test.go @@ -92,9 +92,9 @@ func fakeHealthChecker(healthy bool) health.Checker { } func TestCheckHealth(t *testing.T) { // component01: healthy, component02: healthy => status: healthy - healthCheckerRegistry = map[string]health.Checker{} - healthCheckerRegistry["component01"] = fakeHealthChecker(true) - healthCheckerRegistry["component02"] = fakeHealthChecker(true) + HealthCheckerRegistry = map[string]health.Checker{} + HealthCheckerRegistry["component01"] = fakeHealthChecker(true) + HealthCheckerRegistry["component02"] = fakeHealthChecker(true) status := map[string]interface{}{} err := handleAndParse(&testingRequest{ method: http.MethodGet, @@ -104,9 +104,9 @@ func TestCheckHealth(t *testing.T) { assert.Equal(t, "healthy", status["status"].(string)) // component01: healthy, component02: unhealthy => status: unhealthy - healthCheckerRegistry = map[string]health.Checker{} - healthCheckerRegistry["component01"] = fakeHealthChecker(true) - healthCheckerRegistry["component02"] = fakeHealthChecker(false) + HealthCheckerRegistry = map[string]health.Checker{} + HealthCheckerRegistry["component01"] = fakeHealthChecker(true) + HealthCheckerRegistry["component02"] = fakeHealthChecker(false) status = map[string]interface{}{} err = handleAndParse(&testingRequest{ method: http.MethodGet, @@ -128,7 +128,7 @@ func TestDatabaseHealthChecker(t *testing.T) { } func TestRegisterHealthCheckers(t *testing.T) { - healthCheckerRegistry = map[string]health.Checker{} + HealthCheckerRegistry = map[string]health.Checker{} registerHealthCheckers() - assert.NotNil(t, healthCheckerRegistry["core"]) + assert.NotNil(t, HealthCheckerRegistry["core"]) } diff --git a/src/core/api/internal.go b/src/core/api/internal.go index 71f1f317e..06e6c45a2 100644 --- a/src/core/api/internal.go +++ b/src/core/api/internal.go @@ -15,12 +15,21 @@ package api import ( - "errors" - + "fmt" "github.com/goharbor/harbor/src/common" "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/models" + common_quota "github.com/goharbor/harbor/src/common/quota" "github.com/goharbor/harbor/src/common/utils/log" + + "github.com/goharbor/harbor/src/core/config" + "github.com/goharbor/harbor/src/jobservice/logger" + "github.com/pkg/errors" + "strconv" + + quota "github.com/goharbor/harbor/src/core/api/quota" + + comcfg "github.com/goharbor/harbor/src/common/config" ) // InternalAPI handles request of harbor admin... @@ -69,3 +78,103 @@ func (ia *InternalAPI) RenameAdmin() { log.Debugf("The super user has been renamed to: %s", newName) ia.DestroySession() } + +// QuotaSwitcher ... +type QuotaSwitcher struct { + Enabled bool +} + +// SwitchQuota ... +func (ia *InternalAPI) SwitchQuota() { + var req QuotaSwitcher + if err := ia.DecodeJSONReq(&req); err != nil { + ia.SendBadRequestError(err) + return + } + // quota per project from disable to enable, it needs to update the quota usage bases on the DB records. + if !config.QuotaPerProjectEnable() && req.Enabled { + if err := ia.ensureQuota(); err != nil { + ia.SendInternalServerError(err) + return + } + } + defer func() { + config.GetCfgManager().Set(common.QuotaPerProjectEnable, req.Enabled) + config.GetCfgManager().Save() + }() + return +} + +func (ia *InternalAPI) ensureQuota() error { + projects, err := dao.GetProjects(nil) + if err != nil { + return err + } + for _, project := range projects { + pSize, err := dao.CountSizeOfProject(project.ProjectID) + if err != nil { + logger.Warningf("error happen on counting size of project:%d , error:%v, just skip it.", project.ProjectID, err) + continue + } + afQuery := &models.ArtifactQuery{ + PID: project.ProjectID, + } + afs, err := dao.ListArtifacts(afQuery) + if err != nil { + logger.Warningf("error happen on counting number of project:%d , error:%v, just skip it.", project.ProjectID, err) + continue + } + pCount := int64(len(afs)) + + // it needs to append the chart count + if config.WithChartMuseum() { + count, err := chartController.GetCountOfCharts([]string{project.Name}) + if err != nil { + err = errors.Wrap(err, fmt.Sprintf("get chart count of project %d failed", project.ProjectID)) + logger.Error(err) + continue + } + pCount = pCount + int64(count) + } + + quotaMgr, err := common_quota.NewManager("project", strconv.FormatInt(project.ProjectID, 10)) + if err != nil { + logger.Errorf("Error occurred when to new quota manager %v, just skip it.", err) + continue + } + used := common_quota.ResourceList{ + common_quota.ResourceStorage: pSize, + common_quota.ResourceCount: pCount, + } + if err := quotaMgr.EnsureQuota(used); err != nil { + logger.Errorf("cannot ensure quota for the project: %d, err: %v, just skip it.", project.ProjectID, err) + continue + } + } + return nil +} + +// SyncQuota ... +func (ia *InternalAPI) SyncQuota() { + cur := config.ReadOnly() + cfgMgr := comcfg.NewDBCfgManager() + if cur != true { + cfgMgr.Set(common.ReadOnly, true) + } + // For api call, to avoid the timeout, it should be asynchronous + go func() { + defer func() { + if cur != true { + cfgMgr.Set(common.ReadOnly, false) + } + }() + log.Info("start to sync quota(API), the system will be set to ReadOnly and back it normal once it done.") + err := quota.Sync(ia.ProjectMgr, false) + if err != nil { + log.Errorf("fail to sync quota(API), but with error: %v, please try to do it again.", err) + return + } + log.Info("success to sync quota(API).") + }() + return +} diff --git a/src/core/api/internal_test.go b/src/core/api/internal_test.go new file mode 100644 index 000000000..02903a98b --- /dev/null +++ b/src/core/api/internal_test.go @@ -0,0 +1,89 @@ +// Copyright 2018 Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package api + +import ( + "net/http" + "testing" +) + +// cannot verify the real scenario here +func TestSwitchQuota(t *testing.T) { + cases := []*codeCheckingCase{ + // 401 + { + request: &testingRequest{ + method: http.MethodPut, + url: "/api/internal/switchquota", + }, + code: http.StatusUnauthorized, + }, + // 200 + { + request: &testingRequest{ + method: http.MethodPut, + url: "/api/internal/switchquota", + credential: sysAdmin, + bodyJSON: &QuotaSwitcher{ + Enabled: true, + }, + }, + code: http.StatusOK, + }, + // 403 + { + request: &testingRequest{ + url: "/api/internal/switchquota", + method: http.MethodPut, + credential: nonSysAdmin, + }, + code: http.StatusForbidden, + }, + } + runCodeCheckingCases(t, cases...) +} + +// cannot verify the real scenario here +func TestSyncQuota(t *testing.T) { + cases := []*codeCheckingCase{ + // 401 + { + request: &testingRequest{ + method: http.MethodPost, + url: "/api/internal/syncquota", + }, + code: http.StatusUnauthorized, + }, + // 200 + { + request: &testingRequest{ + method: http.MethodPost, + url: "/api/internal/syncquota", + credential: sysAdmin, + }, + code: http.StatusOK, + }, + // 403 + { + request: &testingRequest{ + url: "/api/internal/syncquota", + method: http.MethodPost, + credential: nonSysAdmin, + }, + code: http.StatusForbidden, + }, + } + runCodeCheckingCases(t, cases...) +} diff --git a/src/core/api/label.go b/src/core/api/label.go index e91001f0f..eb2aaaf88 100644 --- a/src/core/api/label.go +++ b/src/core/api/label.go @@ -78,8 +78,7 @@ func (l *LabelAPI) requireAccess(label *models.Label, action rbac.Action, subres if len(subresources) == 0 { subresources = append(subresources, rbac.ResourceLabel) } - resource := rbac.NewProjectNamespace(label.ProjectID).Resource(subresources...) - hasPermission = l.SecurityCtx.Can(action, resource) + hasPermission, _ = l.HasProjectPermission(label.ProjectID, action, subresources...) } if !hasPermission { @@ -203,13 +202,7 @@ func (l *LabelAPI) List() { return } - resource := rbac.NewProjectNamespace(projectID).Resource(rbac.ResourceLabel) - if !l.SecurityCtx.Can(rbac.ActionList, resource) { - if !l.SecurityCtx.IsAuthenticated() { - l.SendUnAuthorizedError(errors.New("UnAuthorized")) - return - } - l.SendForbiddenError(errors.New(l.SecurityCtx.GetUsername())) + if !l.RequireProjectAccess(projectID, rbac.ActionList, rbac.ResourceLabel) { return } query.ProjectID = projectID diff --git a/src/core/api/metadata.go b/src/core/api/metadata.go index 5dd34b8c0..20cdd35dd 100644 --- a/src/core/api/metadata.go +++ b/src/core/api/metadata.go @@ -22,6 +22,7 @@ import ( "strings" "errors" + "github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/rbac" "github.com/goharbor/harbor/src/common/utils/log" @@ -90,18 +91,7 @@ func (m *MetadataAPI) Prepare() { } func (m *MetadataAPI) requireAccess(action rbac.Action) bool { - resource := rbac.NewProjectNamespace(m.project.ProjectID).Resource(rbac.ResourceMetadata) - - if !m.SecurityCtx.Can(action, resource) { - if !m.SecurityCtx.IsAuthenticated() { - m.SendUnAuthorizedError(errors.New("Unauthorized")) - } else { - m.SendForbiddenError(errors.New(m.SecurityCtx.GetUsername())) - } - return false - } - - return true + return m.RequireProjectAccess(m.project.ProjectID, action, rbac.ResourceMetadata) } // Get ... diff --git a/src/core/api/notification_job.go b/src/core/api/notification_job.go index 775c9fc9f..ed1da61d6 100755 --- a/src/core/api/notification_job.go +++ b/src/core/api/notification_job.go @@ -93,16 +93,5 @@ func (w *NotificationJobAPI) validateRBAC(action rbac.Action, projectID int64) b return true } - project, err := w.ProjectMgr.Get(projectID) - if err != nil { - w.ParseAndHandleError(fmt.Sprintf("failed to get project %d", projectID), err) - return false - } - - resource := rbac.NewProjectNamespace(project.ProjectID).Resource(rbac.ResourceNotificationPolicy) - if !w.SecurityCtx.Can(action, resource) { - w.SendForbiddenError(errors.New(w.SecurityCtx.GetUsername())) - return false - } - return true + return w.RequireProjectAccess(projectID, action, rbac.ResourceNotificationPolicy) } diff --git a/src/core/api/notification_policy.go b/src/core/api/notification_policy.go index c7acdbea2..597e3e4f1 100755 --- a/src/core/api/notification_policy.go +++ b/src/core/api/notification_policy.go @@ -283,18 +283,7 @@ func (w *NotificationPolicyAPI) validateRBAC(action rbac.Action, projectID int64 return true } - project, err := w.ProjectMgr.Get(projectID) - if err != nil { - w.ParseAndHandleError(fmt.Sprintf("failed to get project %d", projectID), err) - return false - } - - resource := rbac.NewProjectNamespace(project.ProjectID).Resource(rbac.ResourceNotificationPolicy) - if !w.SecurityCtx.Can(action, resource) { - w.SendForbiddenError(errors.New(w.SecurityCtx.GetUsername())) - return false - } - return true + return w.RequireProjectAccess(projectID, action, rbac.ResourceNotificationPolicy) } func (w *NotificationPolicyAPI) validateTargets(policy *models.NotificationPolicy) bool { diff --git a/src/core/api/project.go b/src/core/api/project.go index 4a71dd316..77285453c 100644 --- a/src/core/api/project.go +++ b/src/core/api/project.go @@ -86,20 +86,8 @@ func (p *ProjectAPI) requireAccess(action rbac.Action, subresource ...rbac.Resou if len(subresource) == 0 { subresource = append(subresource, rbac.ResourceSelf) } - resource := rbac.NewProjectNamespace(p.project.ProjectID).Resource(subresource...) - if !p.SecurityCtx.Can(action, resource) { - if !p.SecurityCtx.IsAuthenticated() { - p.SendUnAuthorizedError(errors.New("Unauthorized")) - - } else { - p.SendForbiddenError(errors.New(p.SecurityCtx.GetUsername())) - } - - return false - } - - return true + return p.RequireProjectAccess(p.project.ProjectID, action, subresource...) } // Post ... @@ -139,23 +127,26 @@ func (p *ProjectAPI) Post() { return } - setting, err := config.QuotaSetting() - if err != nil { - log.Errorf("failed to get quota setting: %v", err) - p.SendInternalServerError(fmt.Errorf("failed to get quota setting: %v", err)) - return - } + var hardLimits types.ResourceList + if config.QuotaPerProjectEnable() { + setting, err := config.QuotaSetting() + if err != nil { + log.Errorf("failed to get quota setting: %v", err) + p.SendInternalServerError(fmt.Errorf("failed to get quota setting: %v", err)) + return + } - if !p.SecurityCtx.IsSysAdmin() { - pro.CountLimit = &setting.CountPerProject - pro.StorageLimit = &setting.StoragePerProject - } + if !p.SecurityCtx.IsSysAdmin() { + pro.CountLimit = &setting.CountPerProject + pro.StorageLimit = &setting.StoragePerProject + } - hardLimits, err := projectQuotaHardLimits(pro, setting) - if err != nil { - log.Errorf("Invalid project request, error: %v", err) - p.SendBadRequestError(fmt.Errorf("invalid request: %v", err)) - return + hardLimits, err = projectQuotaHardLimits(pro, setting) + if err != nil { + log.Errorf("Invalid project request, error: %v", err) + p.SendBadRequestError(fmt.Errorf("invalid request: %v", err)) + return + } } exist, err := p.ProjectMgr.Exists(pro.Name) @@ -212,14 +203,16 @@ func (p *ProjectAPI) Post() { return } - quotaMgr, err := quota.NewManager("project", strconv.FormatInt(projectID, 10)) - if err != nil { - p.SendInternalServerError(fmt.Errorf("failed to get quota manager: %v", err)) - return - } - if _, err := quotaMgr.NewQuota(hardLimits); err != nil { - p.SendInternalServerError(fmt.Errorf("failed to create quota for project: %v", err)) - return + if config.QuotaPerProjectEnable() { + quotaMgr, err := quota.NewManager("project", strconv.FormatInt(projectID, 10)) + if err != nil { + p.SendInternalServerError(fmt.Errorf("failed to get quota manager: %v", err)) + return + } + if _, err := quotaMgr.NewQuota(hardLimits); err != nil { + p.SendInternalServerError(fmt.Errorf("failed to create quota for project: %v", err)) + return + } } go func() { @@ -653,6 +646,11 @@ func projectQuotaHardLimits(req *models.ProjectRequest, setting *models.QuotaSet } func getProjectQuotaSummary(projectID int64, summary *models.ProjectSummary) { + if !config.QuotaPerProjectEnable() { + log.Debug("Quota per project disabled") + return + } + quotas, err := dao.ListQuotas(&models.QuotaQuery{Reference: "project", ReferenceID: strconv.FormatInt(projectID, 10)}) if err != nil { log.Debugf("failed to get quota for project: %d", projectID) diff --git a/src/core/api/project_test.go b/src/core/api/project_test.go index 2ff65b2fa..2c2d3d8fe 100644 --- a/src/core/api/project_test.go +++ b/src/core/api/project_test.go @@ -172,7 +172,7 @@ func TestListProjects(t *testing.T) { }() // ----------------------------case 1 : Response Code=200----------------------------// - fmt.Println("case 1: respose code:200") + fmt.Println("case 1: response code:200") httpStatusCode, result, err := apiTest.ProjectsGet( &apilib.ProjectQuery{ Name: addProject.ProjectName, @@ -263,7 +263,7 @@ func TestProGetByID(t *testing.T) { }() // ----------------------------case 1 : Response Code=200----------------------------// - fmt.Println("case 1: respose code:200") + fmt.Println("case 1: response code:200") httpStatusCode, result, err := apiTest.ProjectsGetByPID(projectID) if err != nil { t.Error("Error while search project by proID", err.Error()) @@ -295,7 +295,7 @@ func TestDeleteProject(t *testing.T) { } // --------------------------case 2: Response Code=200---------------------------------// - fmt.Println("case2: respose code:200") + fmt.Println("case2: response code:200") httpStatusCode, err = apiTest.ProjectsDelete(*admin, projectID) if err != nil { t.Error("Error while delete project", err.Error()) @@ -335,7 +335,7 @@ func TestProHead(t *testing.T) { apiTest := newHarborAPI() // ----------------------------case 1 : Response Code=200----------------------------// - fmt.Println("case 1: respose code:200") + fmt.Println("case 1: response code:200") httpStatusCode, err := apiTest.ProjectsHead(*admin, "library") if err != nil { t.Error("Error while search project by proName", err.Error()) @@ -345,7 +345,7 @@ func TestProHead(t *testing.T) { } // ----------------------------case 2 : Response Code=404:Project name does not exist.----------------------------// - fmt.Println("case 2: respose code:404,Project name does not exist.") + fmt.Println("case 2: response code:404,Project name does not exist.") httpStatusCode, err = apiTest.ProjectsHead(*admin, "libra") if err != nil { t.Error("Error while search project by proName", err.Error()) @@ -369,22 +369,22 @@ func TestPut(t *testing.T) { }, } - fmt.Println("case 1: respose code:200") + fmt.Println("case 1: response code:200") code, err := apiTest.ProjectsPut(*admin, "1", project) require.Nil(t, err) assert.Equal(int(200), code) - fmt.Println("case 2: respose code:401, User need to log in first.") + fmt.Println("case 2: response code:401, User need to log in first.") code, err = apiTest.ProjectsPut(*unknownUsr, "1", project) require.Nil(t, err) assert.Equal(int(401), code) - fmt.Println("case 3: respose code:400, Invalid project id") + fmt.Println("case 3: response code:400, Invalid project id") code, err = apiTest.ProjectsPut(*admin, "cc", project) require.Nil(t, err) assert.Equal(int(400), code) - fmt.Println("case 4: respose code:404, Not found the project") + fmt.Println("case 4: response code:404, Not found the project") code, err = apiTest.ProjectsPut(*admin, "1234", project) require.Nil(t, err) assert.Equal(int(404), code) @@ -407,7 +407,7 @@ func TestProjectLogsFilter(t *testing.T) { } // -------------------case1: Response Code=200------------------------------// - fmt.Println("case 1: respose code:200") + fmt.Println("case 1: response code:200") projectID := "1" httpStatusCode, _, err := apiTest.ProjectLogs(*admin, projectID, query) if err != nil { @@ -417,7 +417,7 @@ func TestProjectLogsFilter(t *testing.T) { assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200") } // -------------------case2: Response Code=401:User need to log in first.------------------------------// - fmt.Println("case 2: respose code:401:User need to log in first.") + fmt.Println("case 2: response code:401:User need to log in first.") projectID = "1" httpStatusCode, _, err = apiTest.ProjectLogs(*unknownUsr, projectID, query) if err != nil { @@ -427,7 +427,7 @@ func TestProjectLogsFilter(t *testing.T) { assert.Equal(int(401), httpStatusCode, "httpStatusCode should be 401") } // -------------------case3: Response Code=404:Project does not exist.-------------------------// - fmt.Println("case 3: respose code:404:Illegal format of provided ID value.") + fmt.Println("case 3: response code:404:Illegal format of provided ID value.") projectID = "11111" httpStatusCode, _, err = apiTest.ProjectLogs(*admin, projectID, query) if err != nil { @@ -498,7 +498,7 @@ func TestProjectSummary(t *testing.T) { }() // ----------------------------case 1 : Response Code=200----------------------------// - fmt.Println("case 1: respose code:200") + fmt.Println("case 1: response code:200") httpStatusCode, summary, err := apiTest.ProjectSummary(*admin, fmt.Sprintf("%d", projectID)) if err != nil { t.Error("Error while search project by proName", err.Error()) diff --git a/src/core/api/projectmember.go b/src/core/api/projectmember.go index 5495ac26a..c836016f7 100644 --- a/src/core/api/projectmember.go +++ b/src/core/api/projectmember.go @@ -99,19 +99,7 @@ func (pma *ProjectMemberAPI) Prepare() { } func (pma *ProjectMemberAPI) requireAccess(action rbac.Action) bool { - resource := rbac.NewProjectNamespace(pma.project.ProjectID).Resource(rbac.ResourceMember) - - if !pma.SecurityCtx.Can(action, resource) { - if !pma.SecurityCtx.IsAuthenticated() { - pma.SendUnAuthorizedError(errors.New("Unauthorized")) - } else { - pma.SendForbiddenError(errors.New(pma.SecurityCtx.GetUsername())) - } - - return false - } - - return true + return pma.RequireProjectAccess(pma.project.ProjectID, action, rbac.ResourceMember) } // Get ... diff --git a/src/core/api/quota/chart/chart.go b/src/core/api/quota/chart/chart.go new file mode 100644 index 000000000..f3ebc1f11 --- /dev/null +++ b/src/core/api/quota/chart/chart.go @@ -0,0 +1,226 @@ +// Copyright 2018 Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package chart + +import ( + "fmt" + "github.com/goharbor/harbor/src/chartserver" + "github.com/goharbor/harbor/src/common/dao" + "github.com/goharbor/harbor/src/common/models" + common_quota "github.com/goharbor/harbor/src/common/quota" + "github.com/goharbor/harbor/src/common/utils/log" + "github.com/goharbor/harbor/src/core/api" + quota "github.com/goharbor/harbor/src/core/api/quota" + "github.com/goharbor/harbor/src/core/config" + "github.com/goharbor/harbor/src/core/promgr" + "github.com/pkg/errors" + "net/url" + "strings" + "sync" +) + +// Migrator ... +type Migrator struct { + pm promgr.ProjectManager +} + +// NewChartMigrator returns a new RegistryMigrator. +func NewChartMigrator(pm promgr.ProjectManager) quota.QuotaMigrator { + migrator := Migrator{ + pm: pm, + } + return &migrator +} + +var ( + controller *chartserver.Controller + controllerErr error + controllerOnce sync.Once +) + +// Ping ... +func (rm *Migrator) Ping() error { + return api.HealthCheckerRegistry["chartmuseum"].Check() +} + +// Dump ... +// Depends on DB to dump chart data, as chart cannot get all of namespaces. +func (rm *Migrator) Dump() ([]quota.ProjectInfo, error) { + var ( + projects []quota.ProjectInfo + wg sync.WaitGroup + err error + ) + + all, err := dao.GetProjects(nil) + if err != nil { + return nil, err + } + + wg.Add(len(all)) + errChan := make(chan error, 1) + infoChan := make(chan interface{}) + done := make(chan bool, 1) + + go func() { + defer func() { + done <- true + }() + + for { + select { + case result := <-infoChan: + if result == nil { + return + } + project, ok := result.(quota.ProjectInfo) + if ok { + projects = append(projects, project) + } + + case e := <-errChan: + if err == nil { + err = errors.Wrap(e, "quota sync error on getting info of project") + } else { + err = errors.Wrap(e, err.Error()) + } + } + } + }() + + for _, project := range all { + go func(project *models.Project) { + defer wg.Done() + + var repos []quota.RepoData + ctr, err := chartController() + if err != nil { + errChan <- err + return + } + + chartInfo, err := ctr.ListCharts(project.Name) + if err != nil { + errChan <- err + return + } + + // repo + for _, chart := range chartInfo { + var afs []*models.Artifact + chartVersions, err := ctr.GetChart(project.Name, chart.Name) + if err != nil { + errChan <- err + continue + } + for _, chart := range chartVersions { + af := &models.Artifact{ + PID: project.ProjectID, + Repo: chart.Name, + Tag: chart.Version, + Digest: chart.Digest, + Kind: "Chart", + } + afs = append(afs, af) + } + repoData := quota.RepoData{ + Name: project.Name, + Afs: afs, + } + repos = append(repos, repoData) + } + + projectInfo := quota.ProjectInfo{ + Name: project.Name, + Repos: repos, + } + + infoChan <- projectInfo + }(project) + } + + wg.Wait() + close(infoChan) + + <-done + + if err != nil { + return nil, err + } + + return projects, nil +} + +// Usage ... +// Chart will not cover size. +func (rm *Migrator) Usage(projects []quota.ProjectInfo) ([]quota.ProjectUsage, error) { + var pros []quota.ProjectUsage + for _, project := range projects { + var count int64 + // usage count + for _, repo := range project.Repos { + count = count + int64(len(repo.Afs)) + } + proUsage := quota.ProjectUsage{ + Project: project.Name, + Used: common_quota.ResourceList{ + common_quota.ResourceCount: count, + common_quota.ResourceStorage: 0, + }, + } + pros = append(pros, proUsage) + } + return pros, nil + +} + +// Persist ... +// Chart will not persist data into db. +func (rm *Migrator) Persist(projects []quota.ProjectInfo) error { + return nil +} + +func chartController() (*chartserver.Controller, error) { + controllerOnce.Do(func() { + addr, err := config.GetChartMuseumEndpoint() + if err != nil { + controllerErr = fmt.Errorf("failed to get the endpoint URL of chart storage server: %s", err.Error()) + return + } + + addr = strings.TrimSuffix(addr, "/") + url, err := url.Parse(addr) + if err != nil { + controllerErr = errors.New("endpoint URL of chart storage server is malformed") + return + } + + ctr, err := chartserver.NewController(url) + if err != nil { + controllerErr = errors.New("failed to initialize chart API controller") + } + + controller = ctr + + log.Debugf("Chart storage server is set to %s", url.String()) + log.Info("API controller for chart repository server is successfully initialized") + }) + + return controller, controllerErr +} + +func init() { + quota.Register("chart", NewChartMigrator) +} diff --git a/src/core/api/quota/migrator.go b/src/core/api/quota/migrator.go new file mode 100644 index 000000000..bfd2fc164 --- /dev/null +++ b/src/core/api/quota/migrator.go @@ -0,0 +1,173 @@ +// Copyright 2018 Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package api + +import ( + "github.com/goharbor/harbor/src/common/dao" + "github.com/goharbor/harbor/src/common/models" + "github.com/goharbor/harbor/src/common/quota" + "github.com/goharbor/harbor/src/common/utils/log" + "github.com/goharbor/harbor/src/core/config" + "github.com/goharbor/harbor/src/core/promgr" + "github.com/goharbor/harbor/src/pkg/types" + "strconv" +) + +// QuotaMigrator ... +type QuotaMigrator interface { + // Ping validates and wait for backend service ready. + Ping() error + + // Dump exports all data from backend service, registry, chartmuseum + Dump() ([]ProjectInfo, error) + + // Usage computes the quota usage of all the projects + Usage([]ProjectInfo) ([]ProjectUsage, error) + + // Persist record the data to DB, artifact, artifact_blob and blob tabel. + Persist([]ProjectInfo) error +} + +// ProjectInfo ... +type ProjectInfo struct { + Name string + Repos []RepoData +} + +// RepoData ... +type RepoData struct { + Name string + Afs []*models.Artifact + Afnbs []*models.ArtifactAndBlob + Blobs []*models.Blob +} + +// ProjectUsage ... +type ProjectUsage struct { + Project string + Used quota.ResourceList +} + +// Instance ... +type Instance func(promgr.ProjectManager) QuotaMigrator + +var adapters = make(map[string]Instance) + +// Register ... +func Register(name string, adapter Instance) { + if adapter == nil { + panic("quota: Register adapter is nil") + } + if _, ok := adapters[name]; ok { + panic("quota: Register called twice for adapter " + name) + } + adapters[name] = adapter +} + +// Sync ... +func Sync(pm promgr.ProjectManager, populate bool) error { + totalUsage := make(map[string][]ProjectUsage) + for name, instanceFunc := range adapters { + if !config.WithChartMuseum() { + if name == "chart" { + continue + } + } + adapter := instanceFunc(pm) + if err := adapter.Ping(); err != nil { + return err + } + data, err := adapter.Dump() + if err != nil { + return err + } + usage, err := adapter.Usage(data) + if err != nil { + return err + } + totalUsage[name] = usage + if populate { + if err := adapter.Persist(data); err != nil { + return err + } + } + } + merged := mergeUsage(totalUsage) + if err := ensureQuota(merged); err != nil { + return err + } + return nil +} + +// mergeUsage merges the usage of adapters +func mergeUsage(total map[string][]ProjectUsage) []ProjectUsage { + if !config.WithChartMuseum() { + return total["registry"] + } + regUsgs := total["registry"] + chartUsgs := total["chart"] + + var mergedUsage []ProjectUsage + temp := make(map[string]quota.ResourceList) + + for _, regUsg := range regUsgs { + _, exist := temp[regUsg.Project] + if !exist { + temp[regUsg.Project] = regUsg.Used + mergedUsage = append(mergedUsage, ProjectUsage{ + Project: regUsg.Project, + Used: regUsg.Used, + }) + } + } + for _, chartUsg := range chartUsgs { + var usedTemp quota.ResourceList + _, exist := temp[chartUsg.Project] + if !exist { + usedTemp = chartUsg.Used + } else { + usedTemp = types.Add(temp[chartUsg.Project], chartUsg.Used) + } + temp[chartUsg.Project] = usedTemp + mergedUsage = append(mergedUsage, ProjectUsage{ + Project: chartUsg.Project, + Used: usedTemp, + }) + } + return mergedUsage +} + +// ensureQuota updates the quota and quota usage in the data base. +func ensureQuota(usages []ProjectUsage) error { + var pid int64 + for _, usage := range usages { + project, err := dao.GetProjectByName(usage.Project) + if err != nil { + log.Error(err) + return err + } + pid = project.ProjectID + quotaMgr, err := quota.NewManager("project", strconv.FormatInt(pid, 10)) + if err != nil { + log.Errorf("Error occurred when to new quota manager %v", err) + return err + } + if err := quotaMgr.EnsureQuota(usage.Used); err != nil { + log.Errorf("cannot ensure quota for the project: %d, err: %v", pid, err) + return err + } + } + return nil +} diff --git a/src/core/api/quota/registry/registry.go b/src/core/api/quota/registry/registry.go new file mode 100644 index 000000000..e9c2608e4 --- /dev/null +++ b/src/core/api/quota/registry/registry.go @@ -0,0 +1,436 @@ +// Copyright 2018 Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package registry + +import ( + "github.com/docker/distribution/manifest/schema1" + "github.com/docker/distribution/manifest/schema2" + + "github.com/goharbor/harbor/src/common/dao" + "github.com/goharbor/harbor/src/common/models" + common_quota "github.com/goharbor/harbor/src/common/quota" + "github.com/goharbor/harbor/src/common/utils/log" + "github.com/goharbor/harbor/src/common/utils/registry" + "github.com/goharbor/harbor/src/core/api" + quota "github.com/goharbor/harbor/src/core/api/quota" + "github.com/goharbor/harbor/src/core/promgr" + coreutils "github.com/goharbor/harbor/src/core/utils" + "github.com/pkg/errors" + "strings" + "sync" + "time" +) + +// Migrator ... +type Migrator struct { + pm promgr.ProjectManager +} + +// NewRegistryMigrator returns a new Migrator. +func NewRegistryMigrator(pm promgr.ProjectManager) quota.QuotaMigrator { + migrator := Migrator{ + pm: pm, + } + return &migrator +} + +// Ping ... +func (rm *Migrator) Ping() error { + return api.HealthCheckerRegistry["registry"].Check() +} + +// Dump ... +func (rm *Migrator) Dump() ([]quota.ProjectInfo, error) { + var ( + projects []quota.ProjectInfo + wg sync.WaitGroup + err error + ) + + reposInRegistry, err := api.Catalog() + if err != nil { + return nil, err + } + + // repoMap : map[project_name : []repo list] + repoMap := make(map[string][]string) + for _, item := range reposInRegistry { + projectName := strings.Split(item, "/")[0] + pro, err := rm.pm.Get(projectName) + if err != nil { + log.Errorf("failed to get project %s: %v", projectName, err) + continue + } + if pro == nil { + continue + } + _, exist := repoMap[pro.Name] + if !exist { + repoMap[pro.Name] = []string{item} + } else { + repos := repoMap[pro.Name] + repos = append(repos, item) + repoMap[pro.Name] = repos + } + } + + wg.Add(len(repoMap)) + errChan := make(chan error, 1) + infoChan := make(chan interface{}) + done := make(chan bool, 1) + + go func() { + defer func() { + done <- true + }() + + for { + select { + case result := <-infoChan: + if result == nil { + return + } + project, ok := result.(quota.ProjectInfo) + if ok { + projects = append(projects, project) + } + + case e := <-errChan: + if err == nil { + err = errors.Wrap(e, "quota sync error on getting info of project") + } else { + err = errors.Wrap(e, err.Error()) + } + } + } + }() + + for project, repos := range repoMap { + go func(project string, repos []string) { + defer wg.Done() + info, err := infoOfProject(project, repos) + if err != nil { + errChan <- err + return + } + infoChan <- info + }(project, repos) + } + + wg.Wait() + close(infoChan) + + // wait for all of project info + <-done + + if err != nil { + return nil, err + } + + return projects, nil +} + +// Usage ... +// registry needs to merge the shard blobs of different repositories. +func (rm *Migrator) Usage(projects []quota.ProjectInfo) ([]quota.ProjectUsage, error) { + var pros []quota.ProjectUsage + + for _, project := range projects { + var size, count int64 + var blobs = make(map[string]int64) + + // usage count + for _, repo := range project.Repos { + count = count + int64(len(repo.Afs)) + // Because that there are some shared blobs between repositories, it needs to remove the duplicate items. + for _, blob := range repo.Blobs { + _, exist := blobs[blob.Digest] + if !exist { + blobs[blob.Digest] = blob.Size + } + } + } + // size + for _, item := range blobs { + size = size + item + } + + proUsage := quota.ProjectUsage{ + Project: project.Name, + Used: common_quota.ResourceList{ + common_quota.ResourceCount: count, + common_quota.ResourceStorage: size, + }, + } + pros = append(pros, proUsage) + } + + return pros, nil +} + +// Persist ... +func (rm *Migrator) Persist(projects []quota.ProjectInfo) error { + for _, project := range projects { + for _, repo := range project.Repos { + if err := persistAf(repo.Afs); err != nil { + return err + } + if err := persistAfnbs(repo.Afnbs); err != nil { + return err + } + if err := persistBlob(repo.Blobs); err != nil { + return err + } + } + } + if err := persistPB(projects); err != nil { + return err + } + return nil +} + +func persistAf(afs []*models.Artifact) error { + if len(afs) != 0 { + for _, af := range afs { + _, err := dao.AddArtifact(af) + if err != nil { + if err == dao.ErrDupRows { + continue + } + log.Error(err) + return err + } + } + } + return nil +} + +func persistAfnbs(afnbs []*models.ArtifactAndBlob) error { + if len(afnbs) != 0 { + for _, afnb := range afnbs { + _, err := dao.AddArtifactNBlob(afnb) + if err != nil { + if err == dao.ErrDupRows { + continue + } + log.Error(err) + return err + } + } + } + return nil +} + +func persistBlob(blobs []*models.Blob) error { + if len(blobs) != 0 { + for _, blob := range blobs { + _, err := dao.AddBlob(blob) + if err != nil { + if err == dao.ErrDupRows { + continue + } + log.Error(err) + return err + } + } + } + return nil +} + +func persistPB(projects []quota.ProjectInfo) error { + for _, project := range projects { + var blobs = make(map[string]int64) + var blobsOfPro []*models.Blob + for _, repo := range project.Repos { + for _, blob := range repo.Blobs { + _, exist := blobs[blob.Digest] + if exist { + continue + } + blobs[blob.Digest] = blob.Size + blobInDB, err := dao.GetBlob(blob.Digest) + if err != nil { + log.Error(err) + return err + } + if blobInDB != nil { + blobsOfPro = append(blobsOfPro, blobInDB) + } + } + } + pro, err := dao.GetProjectByName(project.Name) + if err != nil { + log.Error(err) + return err + } + _, err = dao.AddBlobsToProject(pro.ProjectID, blobsOfPro...) + if err != nil { + log.Error(err) + return err + } + } + return nil +} + +func infoOfProject(project string, repoList []string) (quota.ProjectInfo, error) { + var ( + repos []quota.RepoData + wg sync.WaitGroup + err error + ) + wg.Add(len(repoList)) + + errChan := make(chan error, 1) + infoChan := make(chan interface{}) + done := make(chan bool, 1) + + pro, err := dao.GetProjectByName(project) + if err != nil { + log.Error(err) + return quota.ProjectInfo{}, err + } + + go func() { + defer func() { + done <- true + }() + + for { + select { + case result := <-infoChan: + if result == nil { + return + } + repoData, ok := result.(quota.RepoData) + if ok { + repos = append(repos, repoData) + } + + case e := <-errChan: + if err == nil { + err = errors.Wrap(e, "quota sync error on getting info of repo") + } else { + err = errors.Wrap(e, err.Error()) + } + } + } + }() + + for _, repo := range repoList { + go func(pid int64, repo string) { + defer func() { + wg.Done() + }() + info, err := infoOfRepo(pid, repo) + if err != nil { + errChan <- err + return + } + infoChan <- info + }(pro.ProjectID, repo) + } + + wg.Wait() + close(infoChan) + + <-done + + if err != nil { + return quota.ProjectInfo{}, err + } + + return quota.ProjectInfo{ + Name: project, + Repos: repos, + }, nil +} + +func infoOfRepo(pid int64, repo string) (quota.RepoData, error) { + repoClient, err := coreutils.NewRepositoryClientForUI("harbor-core", repo) + if err != nil { + return quota.RepoData{}, err + } + tags, err := repoClient.ListTag() + if err != nil { + return quota.RepoData{}, err + } + var afnbs []*models.ArtifactAndBlob + var afs []*models.Artifact + var blobs []*models.Blob + + for _, tag := range tags { + _, mediaType, payload, err := repoClient.PullManifest(tag, []string{ + schema1.MediaTypeManifest, + schema1.MediaTypeSignedManifest, + schema2.MediaTypeManifest, + }) + if err != nil { + log.Error(err) + return quota.RepoData{}, err + } + manifest, desc, err := registry.UnMarshal(mediaType, payload) + if err != nil { + log.Error(err) + return quota.RepoData{}, err + } + // self + afnb := &models.ArtifactAndBlob{ + DigestAF: desc.Digest.String(), + DigestBlob: desc.Digest.String(), + } + afnbs = append(afnbs, afnb) + // add manifest as a blob. + blob := &models.Blob{ + Digest: desc.Digest.String(), + ContentType: desc.MediaType, + Size: desc.Size, + CreationTime: time.Now(), + } + blobs = append(blobs, blob) + for _, layer := range manifest.References() { + afnb := &models.ArtifactAndBlob{ + DigestAF: desc.Digest.String(), + DigestBlob: layer.Digest.String(), + } + afnbs = append(afnbs, afnb) + blob := &models.Blob{ + Digest: layer.Digest.String(), + ContentType: layer.MediaType, + Size: layer.Size, + CreationTime: time.Now(), + } + blobs = append(blobs, blob) + } + af := &models.Artifact{ + PID: pid, + Repo: strings.Split(repo, "/")[1], + Tag: tag, + Digest: desc.Digest.String(), + Kind: "Docker-Image", + CreationTime: time.Now(), + } + afs = append(afs, af) + } + return quota.RepoData{ + Name: repo, + Afs: afs, + Afnbs: afnbs, + Blobs: blobs, + }, nil +} + +func init() { + quota.Register("registry", NewRegistryMigrator) +} diff --git a/src/core/api/repository.go b/src/core/api/repository.go index bea194509..b7219dd59 100755 --- a/src/core/api/repository.go +++ b/src/core/api/repository.go @@ -111,13 +111,7 @@ func (ra *RepositoryAPI) Get() { return } - resource := rbac.NewProjectNamespace(projectID).Resource(rbac.ResourceRepository) - if !ra.SecurityCtx.Can(rbac.ActionList, resource) { - if !ra.SecurityCtx.IsAuthenticated() { - ra.SendUnAuthorizedError(errors.New("Unauthorized")) - return - } - ra.SendForbiddenError(errors.New(ra.SecurityCtx.GetUsername())) + if !ra.RequireProjectAccess(projectID, rbac.ActionList, rbac.ResourceRepository) { return } @@ -228,14 +222,8 @@ func (ra *RepositoryAPI) Delete() { return } - if !ra.SecurityCtx.IsAuthenticated() { - ra.SendUnAuthorizedError(errors.New("UnAuthorized")) - return - } - - resource := rbac.NewProjectNamespace(project.ProjectID).Resource(rbac.ResourceRepository) - if !ra.SecurityCtx.Can(rbac.ActionDelete, resource) { - ra.SendForbiddenError(errors.New(ra.SecurityCtx.GetUsername())) + if !ra.RequireAuthenticated() || + !ra.RequireProjectAccess(project.ProjectID, rbac.ActionDelete, rbac.ResourceRepository) { return } @@ -403,14 +391,9 @@ func (ra *RepositoryAPI) GetTag() { ra.SendNotFoundError(fmt.Errorf("resource: %s:%s not found", repository, tag)) return } - project, _ := utils.ParseRepository(repository) - resource := rbac.NewProjectNamespace(project).Resource(rbac.ResourceRepositoryTag) - if !ra.SecurityCtx.Can(rbac.ActionRead, resource) { - if !ra.SecurityCtx.IsAuthenticated() { - ra.SendUnAuthorizedError(errors.New("UnAuthorized")) - return - } - ra.SendForbiddenError(errors.New(ra.SecurityCtx.GetUsername())) + + projectName, _ := utils.ParseRepository(repository) + if !ra.RequireProjectAccess(projectName, rbac.ActionRead, rbac.ResourceRepositoryTag) { return } @@ -503,16 +486,14 @@ func (ra *RepositoryAPI) Retag() { } // Check whether user has read permission to source project - srcResource := rbac.NewProjectNamespace(srcImage.Project).Resource(rbac.ResourceRepository) - if !ra.SecurityCtx.Can(rbac.ActionPull, srcResource) { + if hasPermission, _ := ra.HasProjectPermission(srcImage.Project, rbac.ActionPull, rbac.ResourceRepository); !hasPermission { log.Errorf("user has no read permission to project '%s'", srcImage.Project) ra.SendForbiddenError(fmt.Errorf("%s has no read permission to project %s", ra.SecurityCtx.GetUsername(), srcImage.Project)) return } // Check whether user has write permission to target project - destResource := rbac.NewProjectNamespace(project).Resource(rbac.ResourceRepository) - if !ra.SecurityCtx.Can(rbac.ActionPush, destResource) { + if hasPermission, _ := ra.HasProjectPermission(project, rbac.ActionPush, rbac.ResourceRepository); !hasPermission { log.Errorf("user has no write permission to project '%s'", project) ra.SendForbiddenError(fmt.Errorf("%s has no write permission to project %s", ra.SecurityCtx.GetUsername(), project)) return @@ -550,13 +531,7 @@ func (ra *RepositoryAPI) GetTags() { return } - resource := rbac.NewProjectNamespace(projectName).Resource(rbac.ResourceRepositoryTag) - if !ra.SecurityCtx.Can(rbac.ActionList, resource) { - if !ra.SecurityCtx.IsAuthenticated() { - ra.SendUnAuthorizedError(errors.New("UnAuthorized")) - return - } - ra.SendForbiddenError(errors.New(ra.SecurityCtx.GetUsername())) + if !ra.RequireProjectAccess(projectName, rbac.ActionList, rbac.ResourceRepositoryTag) { return } @@ -585,7 +560,12 @@ func (ra *RepositoryAPI) GetTags() { } labeledTags := map[string]struct{}{} for _, rl := range rls { - labeledTags[strings.Split(rl.ResourceName, ":")[1]] = struct{}{} + strs := strings.SplitN(rl.ResourceName, ":", 2) + // the "rls" may contain images which don't belong to the repository + if strs[0] != repoName { + continue + } + labeledTags[strs[1]] = struct{}{} } ts := []string{} for _, tag := range tags { @@ -596,11 +576,31 @@ func (ra *RepositoryAPI) GetTags() { tags = ts } + detail, err := ra.GetBool("detail", true) + if !detail && err == nil { + ra.Data["json"] = simpleTags(tags) + ra.ServeJSON() + return + } + ra.Data["json"] = assembleTagsInParallel(client, repoName, tags, ra.SecurityCtx.GetUsername()) ra.ServeJSON() } +func simpleTags(tags []string) []*models.TagResp { + var tagsResp []*models.TagResp + for _, tag := range tags { + tagsResp = append(tagsResp, &models.TagResp{ + TagDetail: models.TagDetail{ + Name: tag, + }, + }) + } + + return tagsResp +} + // get config, signature and scan overview and assemble them into one // struct for each tag in tags func assembleTagsInParallel(client *registry.Repository, repository string, @@ -791,14 +791,7 @@ func (ra *RepositoryAPI) GetManifests() { return } - resource := rbac.NewProjectNamespace(projectName).Resource(rbac.ResourceRepositoryTagManifest) - if !ra.SecurityCtx.Can(rbac.ActionRead, resource) { - if !ra.SecurityCtx.IsAuthenticated() { - ra.SendUnAuthorizedError(errors.New("Unauthorized")) - return - } - - ra.SendForbiddenError(errors.New(ra.SecurityCtx.GetUsername())) + if !ra.RequireProjectAccess(projectName, rbac.ActionRead, rbac.ResourceRepositoryTagManifest) { return } @@ -919,10 +912,8 @@ func (ra *RepositoryAPI) Put() { return } - project, _ := utils.ParseRepository(name) - resource := rbac.NewProjectNamespace(project).Resource(rbac.ResourceRepository) - if !ra.SecurityCtx.Can(rbac.ActionUpdate, resource) { - ra.SendForbiddenError(errors.New(ra.SecurityCtx.GetUsername())) + projectName, _ := utils.ParseRepository(name) + if !ra.RequireProjectAccess(projectName, rbac.ActionUpdate, rbac.ResourceRepository) { return } @@ -958,13 +949,7 @@ func (ra *RepositoryAPI) GetSignatures() { return } - resource := rbac.NewProjectNamespace(projectName).Resource(rbac.ResourceRepository) - if !ra.SecurityCtx.Can(rbac.ActionRead, resource) { - if !ra.SecurityCtx.IsAuthenticated() { - ra.SendUnAuthorizedError(errors.New("Unauthorized")) - return - } - ra.SendForbiddenError(errors.New(ra.SecurityCtx.GetUsername())) + if !ra.RequireProjectAccess(projectName, rbac.ActionRead, rbac.ResourceRepository) { return } @@ -1004,9 +989,7 @@ func (ra *RepositoryAPI) ScanImage() { return } - resource := rbac.NewProjectNamespace(projectName).Resource(rbac.ResourceRepositoryTagScanJob) - if !ra.SecurityCtx.Can(rbac.ActionCreate, resource) { - ra.SendForbiddenError(errors.New(ra.SecurityCtx.GetUsername())) + if !ra.RequireProjectAccess(projectName, rbac.ActionCreate, rbac.ResourceRepositoryTagScanJob) { return } err = coreutils.TriggerImageScan(repoName, tag) @@ -1035,15 +1018,9 @@ func (ra *RepositoryAPI) VulnerabilityDetails() { ra.SendNotFoundError(fmt.Errorf("resource: %s:%s not found", repository, tag)) return } - project, _ := utils.ParseRepository(repository) - resource := rbac.NewProjectNamespace(project).Resource(rbac.ResourceRepositoryTagVulnerability) - if !ra.SecurityCtx.Can(rbac.ActionList, resource) { - if !ra.SecurityCtx.IsAuthenticated() { - ra.SendUnAuthorizedError(errors.New("Unauthorized")) - return - } - ra.SendForbiddenError(errors.New(ra.SecurityCtx.GetUsername())) + projectName, _ := utils.ParseRepository(repository) + if !ra.RequireProjectAccess(projectName, rbac.ActionList, rbac.ResourceRepositoryTagVulnerability) { return } res, err := scan.VulnListByDigest(digest) diff --git a/src/core/api/repository_label.go b/src/core/api/repository_label.go index 53c606507..3d565b0da 100644 --- a/src/core/api/repository_label.go +++ b/src/core/api/repository_label.go @@ -91,19 +91,8 @@ func (r *RepositoryLabelAPI) requireAccess(action rbac.Action, subresource ...rb if len(subresource) == 0 { subresource = append(subresource, rbac.ResourceRepositoryLabel) } - resource := rbac.NewProjectNamespace(r.repository.ProjectID).Resource(rbac.ResourceRepositoryLabel) - if !r.SecurityCtx.Can(action, resource) { - if !r.SecurityCtx.IsAuthenticated() { - r.SendUnAuthorizedError(errors.New("UnAuthorized")) - } else { - r.SendForbiddenError(errors.New(r.SecurityCtx.GetUsername())) - } - - return false - } - - return true + return r.RequireProjectAccess(r.repository.ProjectID, action, subresource...) } func (r *RepositoryLabelAPI) isValidLabelReq() bool { diff --git a/src/core/api/retention.go b/src/core/api/retention.go index 885c0de70..f5d7d026f 100644 --- a/src/core/api/retention.go +++ b/src/core/api/retention.go @@ -67,25 +67,19 @@ func (r *RetentionAPI) GetMetadatas() { ] }, { - "rule_template": "nothing", - "display_text": "none", - "action": "retain", - "params": [] - }, - { - "rule_template": "always", - "display_text": "always", - "action": "retain", - "params": [ - { - "type": "int", - "unit": "COUNT", - "required": true - } - ] - }, + "rule_template": "nDaysSinceLastPush", + "display_text": "pushed within the last # days", + "action": "retain", + "params": [ + { + "type": "int", + "unit": "DAYS", + "required": true + } + ] + }, { - "rule_template": "dayspl", + "rule_template": "nDaysSinceLastPull", "display_text": "pulled within the last # days", "action": "retain", "params": [ @@ -97,17 +91,11 @@ func (r *RetentionAPI) GetMetadatas() { ] }, { - "rule_template": "daysps", - "display_text": "pushed within the last # days", - "action": "retain", - "params": [ - { - "type": "int", - "unit": "DAYS", - "required": true - } - ] - } + "rule_template": "always", + "display_text": "always", + "action": "retain", + "params": [] + } ], "scope_selectors": [ { @@ -120,14 +108,6 @@ func (r *RetentionAPI) GetMetadatas() { } ], "tag_selectors": [ - { - "display_text": "Labels", - "kind": "label", - "decorations": [ - "withLabels", - "withoutLabels" - ] - }, { "display_text": "Tags", "kind": "doublestar", @@ -244,7 +224,7 @@ func (r *RetentionAPI) checkRuleConflict(p *policy.Metadata) error { if old, exists := temp[string(bs)]; exists { return fmt.Errorf("rule %d is conflict with rule %d", n, old) } - temp[string(bs)] = tid + temp[string(bs)] = n rule.ID = tid } return nil @@ -424,8 +404,7 @@ func (r *RetentionAPI) requireAccess(p *policy.Metadata, action rbac.Action, sub if len(subresources) == 0 { subresources = append(subresources, rbac.ResourceTagRetention) } - resource := rbac.NewProjectNamespace(p.Scope.Reference).Resource(subresources...) - hasPermission = r.SecurityCtx.Can(action, resource) + hasPermission, _ = r.HasProjectPermission(p.Scope.Reference, action, subresources...) default: hasPermission = r.SecurityCtx.IsSysAdmin() } diff --git a/src/core/api/robot.go b/src/core/api/robot.go index be49983a4..d098c4059 100644 --- a/src/core/api/robot.go +++ b/src/core/api/robot.go @@ -17,16 +17,16 @@ package api import ( "errors" "fmt" + "net/http" + "strconv" + "time" + "github.com/goharbor/harbor/src/common" "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/rbac" "github.com/goharbor/harbor/src/common/token" - "net/http" - "strconv" - "github.com/goharbor/harbor/src/core/config" - "time" ) // RobotAPI ... @@ -91,13 +91,7 @@ func (r *RobotAPI) Prepare() { } func (r *RobotAPI) requireAccess(action rbac.Action) bool { - resource := rbac.NewProjectNamespace(r.project.ProjectID).Resource(rbac.ResourceRobot) - if !r.SecurityCtx.Can(action, resource) { - r.SendForbiddenError(errors.New(r.SecurityCtx.GetUsername())) - return false - } - - return true + return r.RequireProjectAccess(r.project.ProjectID, action, rbac.ResourceRobot) } // Post ... diff --git a/src/core/api/scan_job.go b/src/core/api/scan_job.go index 446611ccf..7cc38d61e 100644 --- a/src/core/api/scan_job.go +++ b/src/core/api/scan_job.go @@ -55,12 +55,10 @@ func (sj *ScanJobAPI) Prepare() { sj.SendInternalServerError(errors.New("Failed to get Job data")) return } - projectName := strings.SplitN(data.Repository, "/", 2)[0] - resource := rbac.NewProjectNamespace(projectName).Resource(rbac.ResourceRepositoryTagScanJob) - if !sj.SecurityCtx.Can(rbac.ActionRead, resource) { + projectName := strings.SplitN(data.Repository, "/", 2)[0] + if !sj.RequireProjectAccess(projectName, rbac.ActionRead, rbac.ResourceRepositoryTagScanJob) { log.Errorf("User does not have read permission for project: %s", projectName) - sj.SendForbiddenError(errors.New(sj.SecurityCtx.GetUsername())) return } sj.projectName = projectName diff --git a/src/core/api/user_test.go b/src/core/api/user_test.go index 0c2bbc519..a666a4d7b 100644 --- a/src/core/api/user_test.go +++ b/src/core/api/user_test.go @@ -612,7 +612,7 @@ func TestUsersCurrentPermissions(t *testing.T) { assert := assert.New(t) apiTest := newHarborAPI() - httpStatusCode, permissions, err := apiTest.UsersGetPermissions("current", "/project/library", *projAdmin) + httpStatusCode, permissions, err := apiTest.UsersGetPermissions("current", "/project/1", *projAdmin) assert.Nil(err) assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200") assert.NotEmpty(permissions, "permissions should not be empty") @@ -622,11 +622,11 @@ func TestUsersCurrentPermissions(t *testing.T) { assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200") assert.Empty(permissions, "permissions should be empty") - httpStatusCode, _, err = apiTest.UsersGetPermissions(projAdminID, "/project/library", *projAdmin) + httpStatusCode, _, err = apiTest.UsersGetPermissions(projAdminID, "/project/1", *projAdmin) assert.Nil(err) assert.Equal(int(200), httpStatusCode, "httpStatusCode should be 200") - httpStatusCode, _, err = apiTest.UsersGetPermissions(projDeveloperID, "/project/library", *projAdmin) + httpStatusCode, _, err = apiTest.UsersGetPermissions(projDeveloperID, "/project/1", *projAdmin) assert.Nil(err) assert.Equal(int(403), httpStatusCode, "httpStatusCode should be 403") } diff --git a/src/core/api/utils.go b/src/core/api/utils.go index 4b7305524..4fd20d383 100644 --- a/src/core/api/utils.go +++ b/src/core/api/utils.go @@ -38,7 +38,7 @@ func SyncRegistry(pm promgr.ProjectManager) error { log.Infof("Start syncing repositories from registry to DB... ") - reposInRegistry, err := catalog() + reposInRegistry, err := Catalog() if err != nil { log.Error(err) return err @@ -105,7 +105,8 @@ func SyncRegistry(pm promgr.ProjectManager) error { return nil } -func catalog() ([]string, error) { +// Catalog ... +func Catalog() ([]string, error) { repositories := []string{} rc, err := initRegistryClient() diff --git a/src/core/auth/authproxy/auth.go b/src/core/auth/authproxy/auth.go index f3efae49d..1efe42f3e 100644 --- a/src/core/auth/authproxy/auth.go +++ b/src/core/auth/authproxy/auth.go @@ -211,8 +211,6 @@ func (a *Auth) fillInModel(u *models.User) error { u.Comment = userEntryComment if strings.Contains(u.Username, "@") { u.Email = u.Username - } else { - u.Email = fmt.Sprintf("%s@placeholder.com", u.Username) } return nil } diff --git a/src/core/auth/authproxy/auth_test.go b/src/core/auth/authproxy/auth_test.go index 2dbcdf061..b1fb4ab22 100644 --- a/src/core/auth/authproxy/auth_test.go +++ b/src/core/auth/authproxy/auth_test.go @@ -154,7 +154,7 @@ func TestAuth_PostAuthenticate(t *testing.T) { }, expect: models.User{ Username: "jt", - Email: "jt@placeholder.com", + Email: "", Realname: "jt", Password: pwd, Comment: userEntryComment, diff --git a/src/core/auth/ldap/ldap.go b/src/core/auth/ldap/ldap.go index 15a44da12..c5fd86d29 100644 --- a/src/core/auth/ldap/ldap.go +++ b/src/core/auth/ldap/ldap.go @@ -124,8 +124,6 @@ func (l *Auth) OnBoardUser(u *models.User) error { if u.Email == "" { if strings.Contains(u.Username, "@") { u.Email = u.Username - } else { - u.Email = u.Username + "@placeholder.com" } } u.Password = "12345678AbC" // Password is not kept in local db diff --git a/src/core/auth/ldap/ldap_test.go b/src/core/auth/ldap/ldap_test.go index 498ffee2a..9002bd8bf 100644 --- a/src/core/auth/ldap/ldap_test.go +++ b/src/core/auth/ldap/ldap_test.go @@ -224,7 +224,7 @@ func TestOnBoardUser_02(t *testing.T) { t.Errorf("Failed to onboard user") } - assert.Equal(t, "sample02@placeholder.com", user.Email) + assert.Equal(t, "", user.Email) dao.CleanUser(int64(user.UserID)) } diff --git a/src/core/auth/uaa/uaa.go b/src/core/auth/uaa/uaa.go index b4889302c..8ca250fc1 100644 --- a/src/core/auth/uaa/uaa.go +++ b/src/core/auth/uaa/uaa.go @@ -77,9 +77,8 @@ func fillEmailRealName(user *models.User) { if len(user.Realname) == 0 { user.Realname = user.Username } - if len(user.Email) == 0 { - // TODO: handle the case when user.Username itself is an email address. - user.Email = user.Username + "@uaa.placeholder" + if len(user.Email) == 0 && strings.Contains(user.Username, "@") { + user.Email = user.Username } } diff --git a/src/core/auth/uaa/uaa_test.go b/src/core/auth/uaa/uaa_test.go index 7b0ff9ea9..a62bd7d7d 100644 --- a/src/core/auth/uaa/uaa_test.go +++ b/src/core/auth/uaa/uaa_test.go @@ -110,7 +110,7 @@ func TestOnBoardUser(t *testing.T) { user, _ := dao.GetUser(models.User{Username: "test"}) assert.Equal("test", user.Realname) assert.Equal("test", user.Username) - assert.Equal("test@uaa.placeholder", user.Email) + assert.Equal("", user.Email) err3 := dao.ClearTable(models.UserTable) assert.Nil(err3) } @@ -128,7 +128,7 @@ func TestPostAuthenticate(t *testing.T) { } assert.Nil(err) user, _ := dao.GetUser(models.User{Username: "test"}) - assert.Equal("test@uaa.placeholder", user.Email) + assert.Equal("", user.Email) um2.Email = "newEmail@new.com" um2.Realname = "newName" err2 := auth.PostAuthenticate(um2) @@ -145,7 +145,7 @@ func TestPostAuthenticate(t *testing.T) { assert.Nil(err3) user3, _ := dao.GetUser(models.User{Username: "test"}) assert.Equal(user3.UserID, um3.UserID) - assert.Equal("test@uaa.placeholder", user3.Email) + assert.Equal("", user3.Email) assert.Equal("test", user3.Realname) err4 := dao.ClearTable(models.UserTable) assert.Nil(err4) diff --git a/src/core/config/config.go b/src/core/config/config.go index 57c02bad1..b3808745d 100755 --- a/src/core/config/config.go +++ b/src/core/config/config.go @@ -331,12 +331,14 @@ func Database() (*models.Database, error) { database := &models.Database{} database.Type = cfgMgr.Get(common.DatabaseType).GetString() postgresql := &models.PostGreSQL{ - Host: cfgMgr.Get(common.PostGreSQLHOST).GetString(), - Port: cfgMgr.Get(common.PostGreSQLPort).GetInt(), - Username: cfgMgr.Get(common.PostGreSQLUsername).GetString(), - Password: cfgMgr.Get(common.PostGreSQLPassword).GetString(), - Database: cfgMgr.Get(common.PostGreSQLDatabase).GetString(), - SSLMode: cfgMgr.Get(common.PostGreSQLSSLMode).GetString(), + Host: cfgMgr.Get(common.PostGreSQLHOST).GetString(), + Port: cfgMgr.Get(common.PostGreSQLPort).GetInt(), + Username: cfgMgr.Get(common.PostGreSQLUsername).GetString(), + Password: cfgMgr.Get(common.PostGreSQLPassword).GetString(), + Database: cfgMgr.Get(common.PostGreSQLDatabase).GetString(), + SSLMode: cfgMgr.Get(common.PostGreSQLSSLMode).GetString(), + MaxIdleConns: cfgMgr.Get(common.PostGreSQLMaxIdleConns).GetInt(), + MaxOpenConns: cfgMgr.Get(common.PostGreSQLMaxOpenConns).GetInt(), } database.PostGreSQL = postgresql @@ -520,6 +522,11 @@ func NotificationEnable() bool { return cfgMgr.Get(common.NotificationEnable).GetBool() } +// QuotaPerProjectEnable returns a bool to indicates if quota per project enabled in harbor +func QuotaPerProjectEnable() bool { + return cfgMgr.Get(common.QuotaPerProjectEnable).GetBool() +} + // QuotaSetting returns the setting of quota. func QuotaSetting() (*models.QuotaSetting, error) { if err := cfgMgr.Load(); err != nil { diff --git a/src/core/controllers/oidc.go b/src/core/controllers/oidc.go index 1479b8e5a..903b99954 100644 --- a/src/core/controllers/oidc.go +++ b/src/core/controllers/oidc.go @@ -17,6 +17,9 @@ package controllers import ( "encoding/json" "fmt" + "net/http" + "strings" + "github.com/goharbor/harbor/src/common" "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/models" @@ -26,8 +29,6 @@ import ( "github.com/goharbor/harbor/src/core/api" "github.com/goharbor/harbor/src/core/config" "github.com/pkg/errors" - "net/http" - "strings" ) const tokenKey = "oidc_token" @@ -189,9 +190,6 @@ func (oc *OIDCController) Onboard() { } email := d.Email - if email == "" { - email = utils.GenerateRandomString() + "@placeholder.com" - } user := models.User{ Username: username, Realname: d.Username, diff --git a/src/core/main.go b/src/core/main.go index 6ea199757..b70c61700 100755 --- a/src/core/main.go +++ b/src/core/main.go @@ -17,16 +17,12 @@ package main import ( "encoding/gob" "fmt" - "os" - "os/signal" - "strconv" - "syscall" - "github.com/astaxie/beego" _ "github.com/astaxie/beego/session/redis" "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/job" "github.com/goharbor/harbor/src/common/models" + common_quota "github.com/goharbor/harbor/src/common/quota" "github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/core/api" @@ -34,6 +30,15 @@ import ( _ "github.com/goharbor/harbor/src/core/auth/db" _ "github.com/goharbor/harbor/src/core/auth/ldap" _ "github.com/goharbor/harbor/src/core/auth/uaa" + "os" + "os/signal" + "strconv" + "syscall" + + quota "github.com/goharbor/harbor/src/core/api/quota" + _ "github.com/goharbor/harbor/src/core/api/quota/chart" + _ "github.com/goharbor/harbor/src/core/api/quota/registry" + "github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/filter" "github.com/goharbor/harbor/src/core/middlewares" @@ -41,6 +46,7 @@ import ( "github.com/goharbor/harbor/src/core/service/token" "github.com/goharbor/harbor/src/pkg/notification" "github.com/goharbor/harbor/src/pkg/scheduler" + "github.com/goharbor/harbor/src/pkg/types" "github.com/goharbor/harbor/src/replication" ) @@ -67,13 +73,71 @@ func updateInitPassword(userID int, password string) error { return fmt.Errorf("Failed to update user encrypted password, userID: %d, err: %v", userID, err) } - log.Infof("User id: %d updated its encypted password successfully.", userID) + log.Infof("User id: %d updated its encrypted password successfully.", userID) } else { log.Infof("User id: %d already has its encrypted password.", userID) } return nil } +// Quota migration +func quotaSync() error { + usages, err := dao.ListQuotaUsages() + if err != nil { + log.Errorf("list quota usage error, %v", err) + return err + } + projects, err := dao.GetProjects(nil) + if err != nil { + log.Errorf("list project error, %v", err) + return err + } + + // The condition handles these two cases: + // 1, len(project) > 1 && len(usages) == 1. existing projects without usage, as we do always has 'library' usage in DB. + // 2, migration fails at the phase of inserting usage into DB, and parts of them are inserted successfully. + if len(projects) != len(usages) { + log.Info("Start to sync quota data .....") + if err := quota.Sync(config.GlobalProjectMgr, true); err != nil { + log.Errorf("Fail to sync quota data, %v", err) + return err + } + log.Info("Success to sync quota data .....") + return nil + } + + // Only has one project without usage + zero := common_quota.ResourceList{ + common_quota.ResourceCount: 0, + common_quota.ResourceStorage: 0, + } + if len(projects) == 1 && len(usages) == 1 { + totalRepo, err := dao.GetTotalOfRepositories() + if totalRepo == 0 { + return nil + } + refID, err := strconv.ParseInt(usages[0].ReferenceID, 10, 64) + if err != nil { + log.Error(err) + return err + } + usedRes, err := types.NewResourceList(usages[0].Used) + if err != nil { + log.Error(err) + return err + } + if types.Equals(usedRes, zero) && refID == projects[0].ProjectID { + log.Info("Start to sync quota data .....") + if err := quota.Sync(config.GlobalProjectMgr, true); err != nil { + log.Errorf("Fail to sync quota data, %v", err) + return err + } + log.Info("Success to sync quota data .....") + } + } + return nil +} + func gracefulShutdown(closing chan struct{}) { signals := make(chan os.Signal, 1) signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT) @@ -117,7 +181,7 @@ func main() { password, err := config.InitialAdminPassword() if err != nil { - log.Fatalf("failed to get admin's initia password: %v", err) + log.Fatalf("failed to get admin's initial password: %v", err) } if err := updateInitPassword(adminUserID, password); err != nil { log.Error(err) @@ -174,6 +238,9 @@ func main() { log.Fatalf("init proxy error, %v", err) } - // go proxy.StartProxy() + if err := quotaSync(); err != nil { + log.Fatalf("quota migration error, %v", err) + } + beego.Run() } diff --git a/src/core/middlewares/chart/builder.go b/src/core/middlewares/chart/builder.go index 669509ff4..ba54cd2de 100644 --- a/src/core/middlewares/chart/builder.go +++ b/src/core/middlewares/chart/builder.go @@ -21,6 +21,7 @@ import ( "strconv" "github.com/goharbor/harbor/src/common/dao" + "github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/middlewares/interceptor" "github.com/goharbor/harbor/src/core/middlewares/interceptor/quota" "github.com/goharbor/harbor/src/core/middlewares/util" @@ -69,6 +70,7 @@ func (*chartVersionDeletionBuilder) Build(req *http.Request) (interceptor.Interc } opts := []quota.Option{ + quota.EnforceResources(config.QuotaPerProjectEnable()), quota.WithManager("project", strconv.FormatInt(project.ProjectID, 10)), quota.WithAction(quota.SubtractAction), quota.StatusCode(http.StatusOK), @@ -101,22 +103,26 @@ func (*chartVersionCreationBuilder) Build(req *http.Request) (interceptor.Interc return nil, fmt.Errorf("project %s not found", namespace) } - chart, err := parseChart(req) - if err != nil { - return nil, fmt.Errorf("failed to parse chart from body, error: %v", err) - } - chartName, version := chart.Metadata.Name, chart.Metadata.Version + info, ok := util.ChartVersionInfoFromContext(req.Context()) + if !ok { + chart, err := parseChart(req) + if err != nil { + return nil, fmt.Errorf("failed to parse chart from body, error: %v", err) + } + chartName, version := chart.Metadata.Name, chart.Metadata.Version - info := &util.ChartVersionInfo{ - ProjectID: project.ProjectID, - Namespace: namespace, - ChartName: chartName, - Version: version, + info = &util.ChartVersionInfo{ + ProjectID: project.ProjectID, + Namespace: namespace, + ChartName: chartName, + Version: version, + } + // Chart version info will be used by computeQuotaForUpload + *req = *req.WithContext(util.NewChartVersionInfoContext(req.Context(), info)) } - // Chart version info will be used by computeQuotaForUpload - *req = *req.WithContext(util.NewChartVersionInfoContext(req.Context(), info)) opts := []quota.Option{ + quota.EnforceResources(config.QuotaPerProjectEnable()), quota.WithManager("project", strconv.FormatInt(project.ProjectID, 10)), quota.WithAction(quota.AddAction), quota.StatusCode(http.StatusCreated), diff --git a/src/core/middlewares/chart/handler_test.go b/src/core/middlewares/chart/handler_test.go new file mode 100644 index 000000000..aedf1218e --- /dev/null +++ b/src/core/middlewares/chart/handler_test.go @@ -0,0 +1,137 @@ +// Copyright Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package chart + +import ( + "fmt" + "net/http" + "net/http/httptest" + "net/url" + "testing" + + "github.com/goharbor/harbor/src/chartserver" + "github.com/goharbor/harbor/src/common/dao" + "github.com/goharbor/harbor/src/core/middlewares/util" + "github.com/goharbor/harbor/src/pkg/types" + htesting "github.com/goharbor/harbor/src/testing" + "github.com/stretchr/testify/suite" +) + +func deleteChartVersion(projectName, chartName, version string) { + url := fmt.Sprintf("/api/chartrepo/%s/charts/%s/%s", projectName, chartName, version) + req, _ := http.NewRequest(http.MethodDelete, url, nil) + + next := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + w.WriteHeader(http.StatusOK) + }) + + rr := httptest.NewRecorder() + h := New(next) + h.ServeHTTP(util.NewCustomResponseWriter(rr), req) +} + +func uploadChartVersion(projectID int64, projectName, chartName, version string) { + url := fmt.Sprintf("/api/chartrepo/%s/charts/", projectName) + req, _ := http.NewRequest(http.MethodPost, url, nil) + + info := &util.ChartVersionInfo{ + ProjectID: projectID, + Namespace: projectName, + ChartName: chartName, + Version: version, + } + *req = *req.WithContext(util.NewChartVersionInfoContext(req.Context(), info)) + + next := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + w.WriteHeader(http.StatusCreated) + }) + + rr := httptest.NewRecorder() + h := New(next) + h.ServeHTTP(util.NewCustomResponseWriter(rr), req) +} + +func mockChartController() (*httptest.Server, *chartserver.Controller, error) { + mockServer := httptest.NewServer(htesting.MockChartRepoHandler) + + var oldController, newController *chartserver.Controller + url, err := url.Parse(mockServer.URL) + if err == nil { + newController, err = chartserver.NewController(url) + } + + if err != nil { + mockServer.Close() + return nil, nil, err + } + + chartController() // Init chart controller + + // Override current controller and keep the old one for restoring + oldController = controller + controller = newController + + return mockServer, oldController, nil +} + +type HandlerSuite struct { + htesting.Suite + oldController *chartserver.Controller + mockChartServer *httptest.Server +} + +func (suite *HandlerSuite) SetupTest() { + mockServer, oldController, err := mockChartController() + suite.Nil(err, "Mock chart controller failed") + + suite.oldController = oldController + suite.mockChartServer = mockServer +} + +func (suite *HandlerSuite) TearDownTest() { + for _, table := range []string{ + "quota", "quota_usage", + } { + dao.ClearTable(table) + } + + controller = suite.oldController + suite.mockChartServer.Close() +} + +func (suite *HandlerSuite) TestUpload() { + suite.WithProject(func(projectID int64, projectName string) { + uploadChartVersion(projectID, projectName, "harbor", "0.2.1") + suite.AssertResourceUsage(1, types.ResourceCount, projectID) + + // harbor:0.2.0 exists in repo1, upload it again + uploadChartVersion(projectID, projectName, "harbor", "0.2.0") + suite.AssertResourceUsage(1, types.ResourceCount, projectID) + }, "repo1") +} + +func (suite *HandlerSuite) TestDelete() { + suite.WithProject(func(projectID int64, projectName string) { + uploadChartVersion(projectID, projectName, "harbor", "0.2.1") + suite.AssertResourceUsage(1, types.ResourceCount, projectID) + + deleteChartVersion(projectName, "harbor", "0.2.1") + suite.AssertResourceUsage(0, types.ResourceCount, projectID) + }, "repo1") +} + +func TestRunHandlerSuite(t *testing.T) { + suite.Run(t, new(HandlerSuite)) +} diff --git a/src/core/middlewares/countquota/builder.go b/src/core/middlewares/countquota/builder.go index 5de9a2735..e84d9a454 100644 --- a/src/core/middlewares/countquota/builder.go +++ b/src/core/middlewares/countquota/builder.go @@ -20,6 +20,7 @@ import ( "strconv" "github.com/goharbor/harbor/src/common/dao" + "github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/middlewares/interceptor" "github.com/goharbor/harbor/src/core/middlewares/interceptor/quota" "github.com/goharbor/harbor/src/core/middlewares/util" @@ -52,6 +53,7 @@ func (*manifestDeletionBuilder) Build(req *http.Request) (interceptor.Intercepto } opts := []quota.Option{ + quota.EnforceResources(config.QuotaPerProjectEnable()), quota.WithManager("project", strconv.FormatInt(info.ProjectID, 10)), quota.WithAction(quota.SubtractAction), quota.StatusCode(http.StatusAccepted), @@ -75,7 +77,7 @@ func (*manifestCreationBuilder) Build(req *http.Request) (interceptor.Intercepto info, ok := util.ManifestInfoFromContext(req.Context()) if !ok { var err error - info, err = util.ParseManifestInfo(req) + info, err = util.ParseManifestInfoFromReq(req) if err != nil { return nil, fmt.Errorf("failed to parse manifest, error %v", err) } @@ -85,6 +87,7 @@ func (*manifestCreationBuilder) Build(req *http.Request) (interceptor.Intercepto } opts := []quota.Option{ + quota.EnforceResources(config.QuotaPerProjectEnable()), quota.WithManager("project", strconv.FormatInt(info.ProjectID, 10)), quota.WithAction(quota.AddAction), quota.StatusCode(http.StatusCreated), diff --git a/src/core/middlewares/countquota/handler.go b/src/core/middlewares/countquota/handler.go index 1b05a4cf5..7564b1a5e 100644 --- a/src/core/middlewares/countquota/handler.go +++ b/src/core/middlewares/countquota/handler.go @@ -21,6 +21,7 @@ import ( "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/core/middlewares/interceptor" "github.com/goharbor/harbor/src/core/middlewares/util" + "strings" ) type countQuotaHandler struct { @@ -57,6 +58,10 @@ func (h *countQuotaHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) if err := interceptor.HandleRequest(req); err != nil { log.Warningf("Error occurred when to handle request in count quota handler: %v", err) + if strings.Contains(err.Error(), "resource overflow the hard limit") { + http.Error(rw, util.MarshalError("DENIED", fmt.Sprintf("Not enough quota is available to process the request: %v", err)), http.StatusForbidden) + return + } http.Error(rw, util.MarshalError("InternalError", fmt.Sprintf("Error occurred when to handle request in count quota handler: %v", err)), http.StatusInternalServerError) return diff --git a/src/core/middlewares/countquota/handler_test.go b/src/core/middlewares/countquota/handler_test.go index a25166734..84833e4de 100644 --- a/src/core/middlewares/countquota/handler_test.go +++ b/src/core/middlewares/countquota/handler_test.go @@ -26,6 +26,7 @@ import ( "github.com/docker/distribution" "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/models" + "github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/middlewares/util" "github.com/goharbor/harbor/src/pkg/types" "github.com/opencontainers/go-digest" @@ -201,12 +202,12 @@ func (suite *HandlerSuite) TestPutManifestFailed() { }() next := func(w http.ResponseWriter, req *http.Request) { - w.WriteHeader(http.StatusInternalServerError) + w.WriteHeader(http.StatusForbidden) } dgt := digest.FromString(randomString(15)).String() code := doPutManifestRequest(projectID, projectName, "photon", "latest", dgt, next) - suite.Equal(http.StatusInternalServerError, code) + suite.Equal(http.StatusForbidden, code) suite.checkCountUsage(0, projectID) total, err := dao.GetTotalOfArtifacts(&models.ArtifactQuery{Digest: dgt}) @@ -290,6 +291,7 @@ func (suite *HandlerSuite) TestDeleteManifestInMultiProjects() { } func TestMain(m *testing.M) { + config.Init() dao.PrepareTestForPostgresSQL() if result := m.Run(); result != 0 { diff --git a/src/core/middlewares/interceptor/quota/options.go b/src/core/middlewares/interceptor/quota/options.go index ca43c4165..ddf102a74 100644 --- a/src/core/middlewares/interceptor/quota/options.go +++ b/src/core/middlewares/interceptor/quota/options.go @@ -36,6 +36,8 @@ const ( // Options ... type Options struct { + enforceResources *bool + Action Action Manager *quota.Manager MutexKeys []string @@ -48,6 +50,15 @@ type Options struct { OnFinally func(http.ResponseWriter, *http.Request) error } +// EnforceResources ... +func (opts *Options) EnforceResources() bool { + return opts.enforceResources != nil && *opts.enforceResources +} + +func boolPtr(v bool) *bool { + return &v +} + func newOptions(opt ...Option) Options { opts := Options{} @@ -63,9 +74,20 @@ func newOptions(opt ...Option) Options { opts.StatusCode = http.StatusOK } + if opts.enforceResources == nil { + opts.enforceResources = boolPtr(true) + } + return opts } +// EnforceResources sets the interceptor enforceResources +func EnforceResources(enforceResources bool) Option { + return func(o *Options) { + o.enforceResources = boolPtr(enforceResources) + } +} + // WithAction sets the interceptor action func WithAction(a Action) Option { return func(o *Options) { diff --git a/src/core/middlewares/interceptor/quota/quota.go b/src/core/middlewares/interceptor/quota/quota.go index 85c289ff3..1ae530078 100644 --- a/src/core/middlewares/interceptor/quota/quota.go +++ b/src/core/middlewares/interceptor/quota/quota.go @@ -16,7 +16,9 @@ package quota import ( "fmt" + "math/rand" "net/http" + "time" "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/common/utils/redis" @@ -24,6 +26,10 @@ import ( "github.com/goharbor/harbor/src/pkg/types" ) +func init() { + rand.Seed(time.Now().UnixNano()) +} + // New .... func New(opts ...Option) interceptor.Interceptor { options := newOptions(opts...) @@ -49,28 +55,19 @@ func (qi *quotaInterceptor) HandleRequest(req *http.Request) (err error) { } }() - opts := qi.opts - - for _, key := range opts.MutexKeys { - m, err := redis.RequireLock(key) - if err != nil { - return err - } - qi.mutexes = append(qi.mutexes, m) - } - - resources := opts.Resources - if len(resources) == 0 && opts.OnResources != nil { - resources, err = opts.OnResources(req) - if err != nil { - return fmt.Errorf("failed to compute the resources for quota, error: %v", err) - } - } - qi.resources = resources - - err = qi.reserve() + err = qi.requireMutexes() if err != nil { - log.Errorf("Failed to %s resources, error: %v", opts.Action, err) + return + } + + err = qi.computeResources(req) + if err != nil { + return + } + + err = qi.doTry() + if err != nil { + log.Errorf("Failed to %s resources, error: %v", qi.opts.Action, err) } return @@ -89,14 +86,18 @@ func (qi *quotaInterceptor) HandleResponse(w http.ResponseWriter, req *http.Requ switch sr.Status() { case opts.StatusCode: + if err := qi.doConfirm(); err != nil { + log.Errorf("Failed to confirm for resource, error: %v", err) + } + if opts.OnFulfilled != nil { if err := opts.OnFulfilled(w, req); err != nil { log.Errorf("Failed to handle on fulfilled, error: %v", err) } } default: - if err := qi.unreserve(); err != nil { - log.Errorf("Failed to %s resources, error: %v", opts.Action, err) + if err := qi.doCancel(); err != nil { + log.Errorf("Failed to cancel for resource, error: %v", err) } if opts.OnRejected != nil { @@ -113,6 +114,23 @@ func (qi *quotaInterceptor) HandleResponse(w http.ResponseWriter, req *http.Requ } } +func (qi *quotaInterceptor) requireMutexes() error { + if !qi.opts.EnforceResources() { + // Do nothing for locks when quota interceptor not enforce resources + return nil + } + + for _, key := range qi.opts.MutexKeys { + m, err := redis.RequireLock(key) + if err != nil { + return err + } + qi.mutexes = append(qi.mutexes, m) + } + + return nil +} + func (qi *quotaInterceptor) freeMutexes() { for i := len(qi.mutexes) - 1; i >= 0; i-- { if err := redis.FreeLock(qi.mutexes[i]); err != nil { @@ -121,32 +139,84 @@ func (qi *quotaInterceptor) freeMutexes() { } } -func (qi *quotaInterceptor) reserve() error { - if len(qi.resources) == 0 { +func (qi *quotaInterceptor) computeResources(req *http.Request) error { + if !qi.opts.EnforceResources() { + // Do nothing in compute resources when quota interceptor not enforce resources return nil } - switch qi.opts.Action { - case AddAction: - return qi.opts.Manager.AddResources(qi.resources) - case SubtractAction: - return qi.opts.Manager.SubtractResources(qi.resources) + qi.resources = qi.opts.Resources + if len(qi.resources) == 0 && qi.opts.OnResources != nil { + resources, err := qi.opts.OnResources(req) + if err != nil { + return fmt.Errorf("failed to compute the resources for quota, error: %v", err) + } + + qi.resources = resources } return nil } -func (qi *quotaInterceptor) unreserve() error { - if len(qi.resources) == 0 { +func (qi *quotaInterceptor) doTry() error { + if !qi.opts.EnforceResources() { + // Do nothing in try stage when quota interceptor not enforce resources return nil } - switch qi.opts.Action { - case AddAction: - return qi.opts.Manager.SubtractResources(qi.resources) - case SubtractAction: + // Add resources in try stage when it is add action + // And do nothing in confirm stage for add action + if len(qi.resources) != 0 && qi.opts.Action == AddAction { return qi.opts.Manager.AddResources(qi.resources) } return nil } + +func (qi *quotaInterceptor) doConfirm() error { + if !qi.opts.EnforceResources() { + // Do nothing in confirm stage when quota interceptor not enforce resources + return nil + } + + // Subtract resources in confirm stage when it is subtract action + // And do nothing in try stage for subtract action + if len(qi.resources) != 0 && qi.opts.Action == SubtractAction { + return retry(3, 100*time.Millisecond, func() error { + return qi.opts.Manager.SubtractResources(qi.resources) + }) + } + + return nil +} + +func (qi *quotaInterceptor) doCancel() error { + if !qi.opts.EnforceResources() { + // Do nothing in cancel stage when quota interceptor not enforce resources + return nil + } + + // Subtract resources back when process failed for add action + if len(qi.resources) != 0 && qi.opts.Action == AddAction { + return retry(3, 100*time.Millisecond, func() error { + return qi.opts.Manager.SubtractResources(qi.resources) + }) + } + + return nil +} + +func retry(attempts int, sleep time.Duration, f func() error) error { + if err := f(); err != nil { + if attempts--; attempts > 0 { + r := time.Duration(rand.Int63n(int64(sleep))) + sleep = sleep + r/2 + + time.Sleep(sleep) + return retry(attempts, 2*sleep, f) + } + return err + } + + return nil +} diff --git a/src/core/middlewares/sizequota/builder.go b/src/core/middlewares/sizequota/builder.go index 310c6e5bc..37c3c145b 100644 --- a/src/core/middlewares/sizequota/builder.go +++ b/src/core/middlewares/sizequota/builder.go @@ -20,8 +20,8 @@ import ( "strconv" "github.com/goharbor/harbor/src/common/dao" - "github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/utils/log" + "github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/middlewares/interceptor" "github.com/goharbor/harbor/src/core/middlewares/interceptor/quota" "github.com/goharbor/harbor/src/core/middlewares/util" @@ -89,6 +89,7 @@ func (*blobStorageQuotaBuilder) Build(req *http.Request) (interceptor.Intercepto *req = *(req.WithContext(util.NewBlobInfoContext(req.Context(), info))) opts := []quota.Option{ + quota.EnforceResources(config.QuotaPerProjectEnable()), quota.WithManager("project", strconv.FormatInt(info.ProjectID, 10)), quota.WithAction(quota.AddAction), quota.StatusCode(http.StatusCreated), // NOTICE: mount blob and blob upload complete both return 201 when success @@ -110,7 +111,7 @@ func (*manifestCreationBuilder) Build(req *http.Request) (interceptor.Intercepto return nil, nil } - info, err := util.ParseManifestInfo(req) + info, err := util.ParseManifestInfoFromReq(req) if err != nil { return nil, err } @@ -119,6 +120,7 @@ func (*manifestCreationBuilder) Build(req *http.Request) (interceptor.Intercepto *req = *req.WithContext(util.NewManifestInfoContext(req.Context(), info)) opts := []quota.Option{ + quota.EnforceResources(config.QuotaPerProjectEnable()), quota.WithManager("project", strconv.FormatInt(info.ProjectID, 10)), quota.WithAction(quota.AddAction), quota.StatusCode(http.StatusCreated), @@ -181,6 +183,7 @@ func (*manifestDeletionBuilder) Build(req *http.Request) (interceptor.Intercepto } opts := []quota.Option{ + quota.EnforceResources(config.QuotaPerProjectEnable()), quota.WithManager("project", strconv.FormatInt(info.ProjectID, 10)), quota.WithAction(quota.SubtractAction), quota.StatusCode(http.StatusAccepted), @@ -188,18 +191,6 @@ func (*manifestDeletionBuilder) Build(req *http.Request) (interceptor.Intercepto quota.MutexKeys(mutexKeys...), quota.OnFulfilled(func(http.ResponseWriter, *http.Request) error { blobs := info.ExclusiveBlobs - - total, err := dao.GetTotalOfArtifacts(&models.ArtifactQuery{ - PID: info.ProjectID, - Digest: info.Digest, - }) - if err == nil && total > 0 { - blob, err := dao.GetBlob(info.Digest) - if err == nil { - blobs = append(blobs, blob) - } - } - return dao.RemoveBlobsFromProject(info.ProjectID, blobs...) }), } diff --git a/src/core/middlewares/sizequota/handler.go b/src/core/middlewares/sizequota/handler.go index 68ae4258e..638d560e3 100644 --- a/src/core/middlewares/sizequota/handler.go +++ b/src/core/middlewares/sizequota/handler.go @@ -21,6 +21,7 @@ import ( "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/core/middlewares/interceptor" "github.com/goharbor/harbor/src/core/middlewares/util" + "strings" ) type sizeQuotaHandler struct { @@ -44,6 +45,7 @@ func New(next http.Handler, builders ...interceptor.Builder) http.Handler { func (h *sizeQuotaHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) { interceptor, err := h.getInterceptor(req) if err != nil { + log.Warningf("Error occurred when to handle request in size quota handler: %v", err) http.Error(rw, util.MarshalError("InternalError", fmt.Sprintf("Error occurred when to handle request in size quota handler: %v", err)), http.StatusInternalServerError) return @@ -56,6 +58,10 @@ func (h *sizeQuotaHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) if err := interceptor.HandleRequest(req); err != nil { log.Warningf("Error occurred when to handle request in size quota handler: %v", err) + if strings.Contains(err.Error(), "resource overflow the hard limit") { + http.Error(rw, util.MarshalError("DENIED", fmt.Sprintf("Not enough quota is available to process the request: %v", err)), http.StatusForbidden) + return + } http.Error(rw, util.MarshalError("InternalError", fmt.Sprintf("Error occurred when to handle request in size quota handler: %v", err)), http.StatusInternalServerError) return diff --git a/src/core/middlewares/sizequota/handler_test.go b/src/core/middlewares/sizequota/handler_test.go index cd9ca972f..a8d416394 100644 --- a/src/core/middlewares/sizequota/handler_test.go +++ b/src/core/middlewares/sizequota/handler_test.go @@ -30,8 +30,10 @@ import ( "github.com/docker/distribution" "github.com/docker/distribution/manifest" "github.com/docker/distribution/manifest/schema2" + "github.com/goharbor/harbor/src/common" "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/models" + "github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/middlewares/countquota" "github.com/goharbor/harbor/src/core/middlewares/util" "github.com/goharbor/harbor/src/pkg/types" @@ -451,10 +453,10 @@ func (suite *HandlerSuite) TestPushImageToDifferentRepositories() { suite.checkStorageUsage(size, projectID) pushImage(projectName, "redis", "latest", manifest) - suite.checkStorageUsage(size+sizeOfManifest(manifest), projectID) + suite.checkStorageUsage(size, projectID) pushImage(projectName, "postgres", "latest", manifest) - suite.checkStorageUsage(size+2*sizeOfManifest(manifest), projectID) + suite.checkStorageUsage(size, projectID) }) } @@ -560,7 +562,7 @@ func (suite *HandlerSuite) TestDeleteManifestInDifferentRepositories() { pushImage(projectName, "redis", "latest", manifest) suite.checkCountUsage(3, projectID) - suite.checkStorageUsage(size+sizeOfManifest(manifest), projectID) + suite.checkStorageUsage(size, projectID) deleteManifest(projectName, "redis", digestOfManifest(manifest)) suite.checkCountUsage(2, projectID) @@ -568,7 +570,7 @@ func (suite *HandlerSuite) TestDeleteManifestInDifferentRepositories() { pushImage(projectName, "redis", "latest", manifest) suite.checkCountUsage(3, projectID) - suite.checkStorageUsage(size+sizeOfManifest(manifest), projectID) + suite.checkStorageUsage(size, projectID) }) } @@ -662,7 +664,40 @@ func (suite *HandlerSuite) TestDeleteImageRace() { }) } +func (suite *HandlerSuite) TestDisableProjectQuota() { + withProject(func(projectID int64, projectName string) { + manifest := makeManifest(1, []int64{2, 3, 4, 5}) + pushImage(projectName, "photon", "latest", manifest) + + quotas, err := dao.ListQuotas(&models.QuotaQuery{ + Reference: "project", + ReferenceID: strconv.FormatInt(projectID, 10), + }) + + suite.Nil(err) + suite.Len(quotas, 1) + }) + + withProject(func(projectID int64, projectName string) { + cfg := config.GetCfgManager() + cfg.Set(common.QuotaPerProjectEnable, false) + defer cfg.Set(common.QuotaPerProjectEnable, true) + + manifest := makeManifest(1, []int64{2, 3, 4, 5}) + pushImage(projectName, "photon", "latest", manifest) + + quotas, err := dao.ListQuotas(&models.QuotaQuery{ + Reference: "project", + ReferenceID: strconv.FormatInt(projectID, 10), + }) + + suite.Nil(err) + suite.Len(quotas, 0) + }) +} + func TestMain(m *testing.M) { + config.Init() dao.PrepareTestForPostgresSQL() if result := m.Run(); result != 0 { diff --git a/src/core/middlewares/sizequota/util.go b/src/core/middlewares/sizequota/util.go index edcf92631..b01c7dd6f 100644 --- a/src/core/middlewares/sizequota/util.go +++ b/src/core/middlewares/sizequota/util.go @@ -146,7 +146,7 @@ func parseBlobInfoFromComplete(req *http.Request) (*util.BlobInfo, error) { func parseBlobInfoFromManifest(req *http.Request) (*util.BlobInfo, error) { info, ok := util.ManifestInfoFromContext(req.Context()) if !ok { - manifest, err := util.ParseManifestInfo(req) + manifest, err := util.ParseManifestInfoFromReq(req) if err != nil { return nil, err } @@ -295,14 +295,7 @@ func computeResourcesForManifestDeletion(req *http.Request) (types.ResourceList, info.ExclusiveBlobs = blobs - blob, err := dao.GetBlob(info.Digest) - if err != nil { - return nil, err - } - - // manifest size will always be released - size := blob.Size - + var size int64 for _, blob := range blobs { size = size + blob.Size } diff --git a/src/core/middlewares/util/util.go b/src/core/middlewares/util/util.go index 7b8d2839e..1c9d86034 100644 --- a/src/core/middlewares/util/util.go +++ b/src/core/middlewares/util/util.go @@ -228,7 +228,6 @@ func (info *ManifestInfo) ManifestExists() (bool, error) { info.manifestExistOnce.Do(func() { total, err := dao.GetTotalOfArtifacts(&models.ArtifactQuery{ PID: info.ProjectID, - Repo: info.Repository, Digest: info.Digest, }) @@ -441,8 +440,8 @@ func NewManifestInfoContext(ctx context.Context, info *ManifestInfo) context.Con return context.WithValue(ctx, manifestInfoKey, info) } -// ParseManifestInfo prase manifest from request -func ParseManifestInfo(req *http.Request) (*ManifestInfo, error) { +// ParseManifestInfoFromReq parse manifest from request +func ParseManifestInfoFromReq(req *http.Request) (*ManifestInfo, error) { match, repository, reference := MatchManifestURL(req) if !match { return nil, fmt.Errorf("not match url %s for manifest", req.URL.Path) @@ -496,7 +495,7 @@ func ParseManifestInfo(req *http.Request) (*ManifestInfo, error) { }, nil } -// ParseManifestInfoFromPath prase manifest from request path +// ParseManifestInfoFromPath parse manifest from request path func ParseManifestInfoFromPath(req *http.Request) (*ManifestInfo, error) { match, repository, reference := MatchManifestURL(req) if !match { diff --git a/src/core/middlewares/util/util_test.go b/src/core/middlewares/util/util_test.go index e02229ad9..2e6c9d609 100644 --- a/src/core/middlewares/util/util_test.go +++ b/src/core/middlewares/util/util_test.go @@ -326,13 +326,13 @@ func TestParseManifestInfo(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := ParseManifestInfo(tt.req()) + got, err := ParseManifestInfoFromReq(tt.req()) if (err != nil) != tt.wantErr { - t.Errorf("ParseManifestInfo() error = %v, wantErr %v", err, tt.wantErr) + t.Errorf("ParseManifestInfoFromReq() error = %v, wantErr %v", err, tt.wantErr) return } if !reflect.DeepEqual(got, tt.want) { - t.Errorf("ParseManifestInfo() = %v, want %v", got, tt.want) + t.Errorf("ParseManifestInfoFromReq() = %v, want %v", got, tt.want) } }) } diff --git a/src/core/promgr/promgr.go b/src/core/promgr/promgr.go index 5a0a9bc12..3ac8f6ca8 100644 --- a/src/core/promgr/promgr.go +++ b/src/core/promgr/promgr.go @@ -94,7 +94,7 @@ func (d *defaultProjectManager) Create(project *models.Project) (int64, error) { return 0, err } if d.metaMgrEnabled { - d.whitelistMgr.CreateEmpty(project.ProjectID) + d.whitelistMgr.CreateEmpty(id) if len(project.Metadata) > 0 { if err = d.metaMgr.Add(id, project.Metadata); err != nil { log.Errorf("failed to add metadata for project %s: %v", project.Name, err) diff --git a/src/core/router.go b/src/core/router.go index 04fd1a173..7e01b934e 100755 --- a/src/core/router.go +++ b/src/core/router.go @@ -134,6 +134,8 @@ func initRouters() { beego.Router("/api/internal/syncregistry", &api.InternalAPI{}, "post:SyncRegistry") beego.Router("/api/internal/renameadmin", &api.InternalAPI{}, "post:RenameAdmin") + beego.Router("/api/internal/switchquota", &api.InternalAPI{}, "put:SwitchQuota") + beego.Router("/api/internal/syncquota", &api.InternalAPI{}, "post:SyncQuota") // external service that hosted on harbor process: beego.Router("/service/notifications", ®istry.NotificationHandler{}) diff --git a/src/core/service/notifications/jobs/handler.go b/src/core/service/notifications/jobs/handler.go index 30361eb43..12a7e44fd 100755 --- a/src/core/service/notifications/jobs/handler.go +++ b/src/core/service/notifications/jobs/handler.go @@ -20,11 +20,11 @@ import ( "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/job" - jobmodels "github.com/goharbor/harbor/src/common/job/models" "github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/core/api" "github.com/goharbor/harbor/src/core/notifier/event" + jjob "github.com/goharbor/harbor/src/jobservice/job" "github.com/goharbor/harbor/src/pkg/notification" "github.com/goharbor/harbor/src/pkg/retention" "github.com/goharbor/harbor/src/replication" @@ -34,12 +34,11 @@ import ( var statusMap = map[string]string{ job.JobServiceStatusPending: models.JobPending, + job.JobServiceStatusScheduled: models.JobScheduled, job.JobServiceStatusRunning: models.JobRunning, job.JobServiceStatusStopped: models.JobStopped, - job.JobServiceStatusCancelled: models.JobCanceled, job.JobServiceStatusError: models.JobError, job.JobServiceStatusSuccess: models.JobFinished, - job.JobServiceStatusScheduled: models.JobScheduled, } // Handler handles reqeust on /service/notifications/jobs/*, which listens to the webhook of jobservice. @@ -49,6 +48,7 @@ type Handler struct { status string rawStatus string checkIn string + revision int64 } // Prepare ... @@ -61,7 +61,7 @@ func (h *Handler) Prepare() { return } h.id = id - var data jobmodels.JobStatusChange + var data jjob.StatusChange err = json.Unmarshal(h.Ctx.Input.CopyBody(1<<32), &data) if err != nil { log.Errorf("Failed to decode job status change, job ID: %d, error: %v", id, err) @@ -77,6 +77,9 @@ func (h *Handler) Prepare() { } h.status = status h.checkIn = data.CheckIn + if data.Metadata != nil { + h.revision = data.Metadata.Revision + } } // HandleScan handles the webhook of scan job @@ -127,39 +130,36 @@ func (h *Handler) HandleReplicationTask() { // HandleRetentionTask handles the webhook of retention task func (h *Handler) HandleRetentionTask() { - log.Debugf("received retention task status update event: task-%d, status-%s", h.id, h.status) + taskID := h.id + status := h.rawStatus + log.Debugf("received retention task status update event: task-%d, status-%s", taskID, status) mgr := &retention.DefaultManager{} - props := []string{"Status"} - task := &retention.Task{ - ID: h.id, - Status: h.status, - } - if h.status == models.JobFinished || h.status == models.JobError || - h.status == models.JobStopped { - task.EndTime = time.Now() - props = append(props, "EndTime") - } else if h.status == models.JobRunning { - if h.checkIn != "" { - var retainObj struct { - Total int `json:"total"` - Retained int `json:"retained"` - } - if err := json.Unmarshal([]byte(h.checkIn), &retainObj); err != nil { - log.Errorf("failed to resolve checkin of retention task %d: %v", h.id, err) - } else { - if retainObj.Total > 0 { - task.Total = retainObj.Total - props = append(props, "Total") - } - if retainObj.Retained > 0 { - task.Retained = retainObj.Retained - props = append(props, "Retained") - } - } + // handle checkin + if h.checkIn != "" { + var retainObj struct { + Total int `json:"total"` + Retained int `json:"retained"` } + if err := json.Unmarshal([]byte(h.checkIn), &retainObj); err != nil { + log.Errorf("failed to resolve checkin of retention task %d: %v", taskID, err) + return + } + task := &retention.Task{ + ID: taskID, + Total: retainObj.Total, + Retained: retainObj.Retained, + } + if err := mgr.UpdateTask(task, "Total", "Retained"); err != nil { + log.Errorf("failed to update of retention task %d: %v", taskID, err) + h.SendInternalServerError(err) + return + } + return } - if err := mgr.UpdateTask(task, props...); err != nil { - log.Errorf("failed to update the status of retention task %d: %v", h.id, err) + + // handle status updating + if err := mgr.UpdateTaskStatus(taskID, status, h.revision); err != nil { + log.Errorf("failed to update the status of retention task %d: %v", taskID, err) h.SendInternalServerError(err) return } diff --git a/src/core/service/notifications/registry/handler.go b/src/core/service/notifications/registry/handler.go index 3887001ad..66fba6102 100755 --- a/src/core/service/notifications/registry/handler.go +++ b/src/core/service/notifications/registry/handler.go @@ -112,7 +112,7 @@ func (n *NotificationHandler) Post() { }() } - if !coreutils.WaitForManifestReady(repository, tag, 5) { + if !coreutils.WaitForManifestReady(repository, tag, 6) { log.Errorf("Manifest for image %s:%s is not ready, skip the follow up actions.", repository, tag) return } diff --git a/src/core/service/notifications/scheduler/handler.go b/src/core/service/notifications/scheduler/handler.go index a3592f072..b07cfd5b6 100644 --- a/src/core/service/notifications/scheduler/handler.go +++ b/src/core/service/notifications/scheduler/handler.go @@ -21,6 +21,7 @@ import ( "github.com/goharbor/harbor/src/common/job/models" "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/core/api" + "github.com/goharbor/harbor/src/pkg/scheduler" "github.com/goharbor/harbor/src/pkg/scheduler/hook" ) @@ -31,7 +32,13 @@ type Handler struct { // Handle ... func (h *Handler) Handle() { + log.Debugf("received scheduler hook event for schedule %s", h.GetStringFromPath(":id")) + var data models.JobStatusChange + if err := json.Unmarshal(h.Ctx.Input.CopyBody(1<<32), &data); err != nil { + log.Errorf("failed to decode hook event: %v", err) + return + } // status update if len(data.CheckIn) == 0 { schedulerID, err := h.GetInt64FromPath(":id") @@ -43,6 +50,7 @@ func (h *Handler) Handle() { h.SendInternalServerError(fmt.Errorf("failed to update status of job %s: %v", data.JobID, err)) return } + log.Debugf("handle status update hook event for schedule %s completed", h.GetStringFromPath(":id")) return } @@ -53,7 +61,7 @@ func (h *Handler) Handle() { log.Errorf("failed to unmarshal parameters from check in message: %v", err) return } - callbackFuncNameParam, exist := params["callback_func_name"] + callbackFuncNameParam, exist := params[scheduler.JobParamCallbackFunc] if !exist { log.Error("cannot get the parameter \"callback_func_name\" from the check in message") return @@ -63,8 +71,9 @@ func (h *Handler) Handle() { log.Errorf("invalid \"callback_func_name\": %v", callbackFuncName) return } - if err := hook.GlobalController.Run(callbackFuncName, params["params"]); err != nil { + if err := hook.GlobalController.Run(callbackFuncName, params[scheduler.JobParamCallbackFuncParams]); err != nil { log.Errorf("failed to run the callback function %s: %v", callbackFuncName, err) return } + log.Debugf("callback function %s called for schedule %s", callbackFuncName, h.GetStringFromPath(":id")) } diff --git a/src/core/service/token/creator.go b/src/core/service/token/creator.go index fbd229783..feca191e6 100644 --- a/src/core/service/token/creator.go +++ b/src/core/service/token/creator.go @@ -162,17 +162,17 @@ func (rep repositoryFilter) filter(ctx security.Context, pm promgr.ProjectManage projectName := img.namespace permission := "" - exist, err := pm.Exists(projectName) + project, err := pm.Get(projectName) if err != nil { return err } - if !exist { + if project == nil { log.Debugf("project %s does not exist, set empty permission", projectName) a.Actions = []string{} return nil } - resource := rbac.NewProjectNamespace(projectName).Resource(rbac.ResourceRepository) + resource := rbac.NewProjectNamespace(project.ProjectID).Resource(rbac.ResourceRepository) if ctx.Can(rbac.ActionPush, resource) && ctx.Can(rbac.ActionPull, resource) { permission = "RWM" } else if ctx.Can(rbac.ActionPush, resource) { diff --git a/src/core/utils/utils.go b/src/core/utils/utils.go index 7997227a8..e55f8a010 100644 --- a/src/core/utils/utils.go +++ b/src/core/utils/utils.go @@ -62,14 +62,19 @@ func newRepositoryClient(endpoint, username, repository string) (*registry.Repos // WaitForManifestReady implements exponential sleeep to wait until manifest is ready in registry. // This is a workaround for https://github.com/docker/distribution/issues/2625 func WaitForManifestReady(repository string, tag string, maxRetry int) bool { - // The initial wait interval, hard-coded to 50ms - interval := 50 * time.Millisecond + // The initial wait interval, hard-coded to 80ms, interval will be 80ms,200ms,500ms,1.25s,3.124999936s + interval := 80 * time.Millisecond repoClient, err := NewRepositoryClientForUI("harbor-core", repository) if err != nil { log.Errorf("Failed to create repo client.") return false } for i := 0; i < maxRetry; i++ { + if i != 0 { + log.Warningf("manifest for image %s:%s is not ready, retry after %v", repository, tag, interval) + time.Sleep(interval) + interval = time.Duration(int64(float32(interval) * 2.5)) + } _, exist, err := repoClient.ManifestExist(tag) if err != nil { log.Errorf("Unexpected error when checking manifest existence, image: %s:%s, error: %v", repository, tag, err) @@ -78,9 +83,6 @@ func WaitForManifestReady(repository string, tag string, maxRetry int) bool { if exist { return true } - log.Warningf("manifest for image %s:%s is not ready, retry after %v", repository, tag, interval) - time.Sleep(interval) - interval = interval * 2 } return false } diff --git a/src/core/views/404.tpl b/src/core/views/404.tpl index 88213a5d5..e6d0d6f2e 100644 --- a/src/core/views/404.tpl +++ b/src/core/views/404.tpl @@ -67,7 +67,7 @@ a.underline, .underline{ Page Not Found
-

Home

+

Home

diff --git a/src/jobservice/job/impl/gc/job.go b/src/jobservice/job/impl/gc/job.go index fef5bd30a..6c6b5f82b 100644 --- a/src/jobservice/job/impl/gc/job.go +++ b/src/jobservice/job/impl/gc/job.go @@ -22,10 +22,14 @@ import ( "github.com/garyburd/redigo/redis" "github.com/goharbor/harbor/src/common" "github.com/goharbor/harbor/src/common/config" + "github.com/goharbor/harbor/src/common/dao" + common_quota "github.com/goharbor/harbor/src/common/quota" "github.com/goharbor/harbor/src/common/registryctl" "github.com/goharbor/harbor/src/jobservice/job" "github.com/goharbor/harbor/src/jobservice/logger" + "github.com/goharbor/harbor/src/pkg/types" "github.com/goharbor/harbor/src/registryctl/client" + "strconv" ) const ( @@ -88,6 +92,9 @@ func (gc *GarbageCollector) Run(ctx job.Context, params job.Parameters) error { if err := gc.cleanCache(); err != nil { return err } + if err := gc.ensureQuota(); err != nil { + gc.logger.Warningf("failed to align quota data in gc job, with error: %v", err) + } gc.logger.Infof("GC results: status: %t, message: %s, start: %s, end: %s.", gcr.Status, gcr.Msg, gcr.StartTime, gcr.EndTime) gc.logger.Infof("success to run gc in job.") return nil @@ -193,3 +200,27 @@ func delKeys(con redis.Conn, pattern string) error { } return nil } + +func (gc *GarbageCollector) ensureQuota() error { + projects, err := dao.GetProjects(nil) + if err != nil { + return err + } + for _, project := range projects { + pSize, err := dao.CountSizeOfProject(project.ProjectID) + if err != nil { + gc.logger.Warningf("error happen on counting size of project:%d by artifact, error:%v, just skip it.", project.ProjectID, err) + continue + } + quotaMgr, err := common_quota.NewManager("project", strconv.FormatInt(project.ProjectID, 10)) + if err != nil { + gc.logger.Errorf("Error occurred when to new quota manager %v, just skip it.", err) + continue + } + if err := quotaMgr.SetResourceUsage(types.ResourceStorage, pSize); err != nil { + gc.logger.Errorf("cannot ensure quota for the project: %d, err: %v, just skip it.", project.ProjectID, err) + continue + } + } + return nil +} diff --git a/src/jobservice/job/impl/sample/job.go b/src/jobservice/job/impl/sample/job.go index 81101ecce..be860ec0e 100644 --- a/src/jobservice/job/impl/sample/job.go +++ b/src/jobservice/job/impl/sample/job.go @@ -17,6 +17,7 @@ package sample import ( "errors" "fmt" + "os" "strings" "time" @@ -67,6 +68,13 @@ func (j *Job) Run(ctx job.Context, params job.Parameters) error { fmt.Printf("Get prop form context: sample=%s\n", v) } + // For failure case + if len(os.Getenv("JOB_FAILED")) > 0 { + <-time.After(3 * time.Second) + logger.Info("Job exit with error because `JOB_FAILED` env is set") + return errors.New("`JOB_FAILED` env is set") + } + ctx.Checkin("progress data: %30") <-time.After(1 * time.Second) ctx.Checkin("progress data: %60") diff --git a/src/jobservice/job/models.go b/src/jobservice/job/models.go index 16c4ad708..1ae70679e 100644 --- a/src/jobservice/job/models.go +++ b/src/jobservice/job/models.go @@ -67,6 +67,7 @@ type StatsInfo struct { UpstreamJobID string `json:"upstream_job_id,omitempty"` // Ref the upstream job if existing NumericPID int64 `json:"numeric_policy_id,omitempty"` // The numeric policy ID of the periodic job Parameters Parameters `json:"parameters,omitempty"` + Revision int64 `json:"revision,omitempty"` // For differentiating the each retry of the same job } // ActionRequest defines for triggering job action like stop/cancel. diff --git a/src/jobservice/job/tracker.go b/src/jobservice/job/tracker.go index 0e70d338a..cbd3b2011 100644 --- a/src/jobservice/job/tracker.go +++ b/src/jobservice/job/tracker.go @@ -17,20 +17,23 @@ package job import ( "context" "encoding/json" + "math/rand" + "strconv" + "time" + "github.com/goharbor/harbor/src/jobservice/common/rds" "github.com/goharbor/harbor/src/jobservice/common/utils" "github.com/goharbor/harbor/src/jobservice/errs" "github.com/goharbor/harbor/src/jobservice/logger" "github.com/gomodule/redigo/redis" "github.com/pkg/errors" - "math/rand" - "strconv" - "time" ) const ( - // Try best to keep the job stats data but anyway clear it after a long time - statDataExpireTime = 180 * 24 * 3600 + // Try best to keep the job stats data but anyway clear it after a reasonable time + statDataExpireTime = 7 * 24 * 3600 + // 1 hour to discard the job stats of success jobs + statDataExpireTimeForSuccess = 3600 ) // Tracker is designed to track the life cycle of the job described by the stats @@ -96,6 +99,9 @@ type Tracker interface { // Switch the status to success Succeed() error + + // Reset the status to `pending` + Reset() error } // basicTracker implements Tracker interface based on redis @@ -233,22 +239,7 @@ func (bt *basicTracker) CheckIn(message string) error { // Expire job stats func (bt *basicTracker) Expire() error { - conn := bt.pool.Get() - defer func() { - _ = conn.Close() - }() - - key := rds.KeyJobStats(bt.namespace, bt.jobID) - num, err := conn.Do("EXPIRE", key, statDataExpireTime) - if err != nil { - return err - } - - if num == 0 { - return errors.Errorf("job stats for expiring %s does not exist", bt.jobID) - } - - return nil + return bt.expire(statDataExpireTime) } // Run job @@ -302,6 +293,13 @@ func (bt *basicTracker) Succeed() error { err := bt.UpdateStatusWithRetry(SuccessStatus) if !errs.IsStatusMismatchError(err) { bt.refresh(SuccessStatus) + + // Expire the stat data of the successful job + if er := bt.expire(statDataExpireTimeForSuccess); er != nil { + // Only logged + logger.Errorf("Expire stat data for the success job `%s` failed with error: %s", bt.jobID, er) + } + if er := bt.fireHookEvent(SuccessStatus); err == nil && er != nil { return er } @@ -361,6 +359,8 @@ func (bt *basicTracker) Save() (err error) { } // Set update timestamp args = append(args, "update_time", time.Now().Unix()) + // Set the first revision + args = append(args, "revision", time.Now().Unix()) // Do it in a transaction err = conn.Send("MULTI") @@ -419,6 +419,29 @@ func (bt *basicTracker) UpdateStatusWithRetry(targetStatus Status) error { return err } +// Reset the job status to `pending` and update the revision. +// Usually for the retry jobs +func (bt *basicTracker) Reset() error { + conn := bt.pool.Get() + defer func() { + closeConn(conn) + }() + + now := time.Now().Unix() + err := bt.Update( + "status", + PendingStatus.String(), + "revision", + now, + ) + if err == nil { + bt.refresh(PendingStatus) + bt.jobStats.Info.Revision = now + } + + return err +} + // Refresh the job stats in mem func (bt *basicTracker) refresh(targetStatus Status, checkIn ...string) { now := time.Now().Unix() @@ -571,20 +594,16 @@ func (bt *basicTracker) retrieve() error { res.Info.RefLink = value break case "enqueue_time": - v, _ := strconv.ParseInt(value, 10, 64) - res.Info.EnqueueTime = v + res.Info.EnqueueTime = parseInt64(value) break case "update_time": - v, _ := strconv.ParseInt(value, 10, 64) - res.Info.UpdateTime = v + res.Info.UpdateTime = parseInt64(value) break case "run_at": - v, _ := strconv.ParseInt(value, 10, 64) - res.Info.RunAt = v + res.Info.RunAt = parseInt64(value) break case "check_in_at": - v, _ := strconv.ParseInt(value, 10, 64) - res.Info.CheckInAt = v + res.Info.CheckInAt = parseInt64(value) break case "check_in": res.Info.CheckIn = value @@ -596,14 +615,12 @@ func (bt *basicTracker) retrieve() error { res.Info.WebHookURL = value break case "die_at": - v, _ := strconv.ParseInt(value, 10, 64) - res.Info.DieAt = v + res.Info.DieAt = parseInt64(value) case "upstream_job_id": res.Info.UpstreamJobID = value break case "numeric_policy_id": - v, _ := strconv.ParseInt(value, 10, 64) - res.Info.NumericPID = v + res.Info.NumericPID = parseInt64(value) break case "parameters": params := make(Parameters) @@ -611,6 +628,9 @@ func (bt *basicTracker) retrieve() error { res.Info.Parameters = params } break + case "revision": + res.Info.Revision = parseInt64(value) + break default: break } @@ -621,6 +641,25 @@ func (bt *basicTracker) retrieve() error { return nil } +func (bt *basicTracker) expire(expireTime int64) error { + conn := bt.pool.Get() + defer func() { + _ = conn.Close() + }() + + key := rds.KeyJobStats(bt.namespace, bt.jobID) + num, err := conn.Do("EXPIRE", key, expireTime) + if err != nil { + return err + } + + if num == 0 { + return errors.Errorf("job stats for expiring %s does not exist", bt.jobID) + } + + return nil +} + func getStatus(conn redis.Conn, key string) (Status, error) { values, err := rds.HmGet(conn, key, "status") if err != nil { @@ -640,3 +679,21 @@ func getStatus(conn redis.Conn, key string) (Status, error) { func setStatus(conn redis.Conn, key string, status Status) error { return rds.HmSet(conn, key, "status", status.String(), "update_time", time.Now().Unix()) } + +func closeConn(conn redis.Conn) { + if conn != nil { + if err := conn.Close(); err != nil { + logger.Errorf("Close redis connection failed with error: %s", err) + } + } +} + +func parseInt64(v string) int64 { + intV, err := strconv.ParseInt(v, 10, 64) + if err != nil { + logger.Errorf("Parse int64 error: %s", err) + return 0 + } + + return intV +} diff --git a/src/jobservice/period/enqueuer.go b/src/jobservice/period/enqueuer.go index 6303ac80e..7de9e54dd 100644 --- a/src/jobservice/period/enqueuer.go +++ b/src/jobservice/period/enqueuer.go @@ -15,11 +15,11 @@ package period import ( + "context" "fmt" "math/rand" "time" - "context" "github.com/gocraft/work" "github.com/goharbor/harbor/src/jobservice/common/rds" "github.com/goharbor/harbor/src/jobservice/common/utils" @@ -175,23 +175,14 @@ func (e *enqueuer) scheduleNextJobs(p *Policy, conn redis.Conn) { e.lastEnqueueErr = err logger.Errorf("Invalid corn spec in periodic policy %s %s: %s", p.JobName, p.ID, err) } else { - if p.JobParameters == nil { - p.JobParameters = make(job.Parameters) - } - - // Clone job parameters - wJobParams := make(job.Parameters) - if p.JobParameters != nil && len(p.JobParameters) > 0 { - for k, v := range p.JobParameters { - wJobParams[k] = v - } - } - // Add extra argument for job running - // Notes: Only for system using - wJobParams[PeriodicExecutionMark] = true for t := schedule.Next(nowTime); t.Before(horizon); t = schedule.Next(t) { epoch := t.Unix() + // Clone parameters + // Add extra argument for job running too. + // Notes: Only for system using + wJobParams := cloneParameters(p.JobParameters, epoch) + // Create an execution (job) based on the periodic job template (policy) j := &work.Job{ Name: p.JobName, @@ -316,3 +307,16 @@ func (e *enqueuer) shouldEnqueue() bool { return false } + +func cloneParameters(params job.Parameters, epoch int64) job.Parameters { + p := make(job.Parameters) + + // Clone parameters to a new param map + for k, v := range params { + p[k] = v + } + + p[PeriodicExecutionMark] = fmt.Sprintf("%d", epoch) + + return p +} diff --git a/src/jobservice/runner/redis.go b/src/jobservice/runner/redis.go index f8409b2d7..69cc94714 100644 --- a/src/jobservice/runner/redis.go +++ b/src/jobservice/runner/redis.go @@ -15,17 +15,18 @@ package runner import ( - "github.com/goharbor/harbor/src/jobservice/job/impl" - "runtime" - "fmt" + "runtime" + "time" + "github.com/gocraft/work" "github.com/goharbor/harbor/src/jobservice/env" "github.com/goharbor/harbor/src/jobservice/job" + "github.com/goharbor/harbor/src/jobservice/job/impl" "github.com/goharbor/harbor/src/jobservice/lcm" "github.com/goharbor/harbor/src/jobservice/logger" + "github.com/goharbor/harbor/src/jobservice/period" "github.com/pkg/errors" - "time" ) // RedisJob is a job wrapper to wrap the job.Interface to the style which can be recognized by the redis worker. @@ -67,8 +68,10 @@ func (rj *RedisJob) Run(j *work.Job) (err error) { // Track the running job now jID := j.ID - if isPeriodicJobExecution(j) { - jID = fmt.Sprintf("%s@%d", j.ID, j.EnqueuedAt) + + // Check if the job is a periodic one as periodic job has its own ID format + if eID, yes := isPeriodicJobExecution(j); yes { + jID = eID } if tracker, err = rj.ctl.Track(jID); err != nil { @@ -85,11 +88,38 @@ func (rj *RedisJob) Run(j *work.Job) (err error) { return } - if job.RunningStatus.Compare(job.Status(tracker.Job().Info.Status)) <= 0 { + // Do operation based on the job status + jStatus := job.Status(tracker.Job().Info.Status) + switch jStatus { + case job.PendingStatus, job.ScheduledStatus: + // do nothing now + break + case job.StoppedStatus: // Probably jobs has been stopped by directly mark status to stopped. // Directly exit and no retry markStopped = bp(true) return nil + case job.ErrorStatus: + if j.FailedAt > 0 && j.Fails > 0 { + // Retry job + // Reset job info + if er := tracker.Reset(); er != nil { + // Log error and return the original error if existing + er = errors.Wrap(er, fmt.Sprintf("retrying job %s:%s failed", j.Name, j.ID)) + logger.Error(er) + + if len(j.LastErr) > 0 { + return errors.New(j.LastErr) + } + + return err + } + + logger.Infof("|*_*| Retrying job %s:%s, revision: %d", j.Name, j.ID, tracker.Job().Info.Revision) + } + break + default: + return errors.Errorf("mismatch status for running job: expected <%s <> got %s", job.RunningStatus.String(), jStatus.String()) } // Defer to switch status @@ -162,7 +192,7 @@ func (rj *RedisJob) Run(j *work.Job) (err error) { // Handle retry rj.retry(runningJob, j) // Handle periodic job execution - if isPeriodicJobExecution(j) { + if _, yes := isPeriodicJobExecution(j); yes { if er := tracker.PeriodicExecutionDone(); er != nil { // Just log it logger.Error(er) @@ -181,14 +211,9 @@ func (rj *RedisJob) retry(j job.Interface, wj *work.Job) { } } -func isPeriodicJobExecution(j *work.Job) bool { - if isPeriodic, ok := j.Args["_job_kind_periodic_"]; ok { - if isPeriodicV, yes := isPeriodic.(bool); yes && isPeriodicV { - return true - } - } - - return false +func isPeriodicJobExecution(j *work.Job) (string, bool) { + epoch, ok := j.Args[period.PeriodicExecutionMark] + return fmt.Sprintf("%s@%s", j.ID, epoch), ok } func bp(b bool) *bool { diff --git a/src/jobservice/worker/cworker/c_worker.go b/src/jobservice/worker/cworker/c_worker.go index 6de36856f..ffa8428f1 100644 --- a/src/jobservice/worker/cworker/c_worker.go +++ b/src/jobservice/worker/cworker/c_worker.go @@ -406,6 +406,7 @@ func (w *basicWorker) registerJob(name string, j interface{}) (err error) { name, work.JobOptions{ MaxFails: theJ.MaxFails(), + SkipDead: true, }, // Use generic handler to handle as we do not accept context with this way. func(job *work.Job) error { diff --git a/src/pkg/retention/controller.go b/src/pkg/retention/controller.go index d156bd8ce..d12ef3996 100644 --- a/src/pkg/retention/controller.go +++ b/src/pkg/retention/controller.go @@ -92,7 +92,7 @@ func (r *DefaultAPIController) GetRetention(id int64) (*policy.Metadata, error) func (r *DefaultAPIController) CreateRetention(p *policy.Metadata) (int64, error) { if p.Trigger.Kind == policy.TriggerKindSchedule { cron, ok := p.Trigger.Settings[policy.TriggerSettingsCron] - if ok { + if ok && len(cron.(string)) > 0 { jobid, err := r.scheduler.Schedule(cron.(string), SchedulerCallback, TriggerParam{ PolicyID: p.ID, Trigger: ExecutionTriggerSchedule, diff --git a/src/pkg/retention/controller_test.go b/src/pkg/retention/controller_test.go index 28202dd71..e8c150d97 100644 --- a/src/pkg/retention/controller_test.go +++ b/src/pkg/retention/controller_test.go @@ -152,12 +152,7 @@ func (s *ControllerTestSuite) TestExecution() { }, TagSelectors: []*rule.Selector{ { - Kind: "label", - Decoration: "with", - Pattern: "latest", - }, - { - Kind: "regularExpression", + Kind: "doublestar", Decoration: "matches", Pattern: "release-[\\d\\.]+", }, @@ -165,7 +160,7 @@ func (s *ControllerTestSuite) TestExecution() { ScopeSelectors: map[string][]*rule.Selector{ "repository": { { - Kind: "regularExpression", + Kind: "doublestar", Decoration: "matches", Pattern: ".+", }, diff --git a/src/pkg/retention/dao/models/retention.go b/src/pkg/retention/dao/models/retention.go index f1c5cce7b..b101a87dc 100644 --- a/src/pkg/retention/dao/models/retention.go +++ b/src/pkg/retention/dao/models/retention.go @@ -49,13 +49,15 @@ type RetentionExecution struct { // RetentionTask ... type RetentionTask struct { - ID int64 `orm:"pk;auto;column(id)"` - ExecutionID int64 `orm:"column(execution_id)"` - Repository string `orm:"column(repository)"` - JobID string `orm:"column(job_id)"` - Status string `orm:"column(status)"` - StartTime time.Time `orm:"column(start_time)"` - EndTime time.Time `orm:"column(end_time)"` - Total int `orm:"column(total)"` - Retained int `orm:"column(retained)"` + ID int64 `orm:"pk;auto;column(id)"` + ExecutionID int64 `orm:"column(execution_id)"` + Repository string `orm:"column(repository)"` + JobID string `orm:"column(job_id)"` + Status string `orm:"column(status)"` + StatusCode int `orm:"column(status_code)"` // For order the different statuses + StatusRevision int64 `orm:"column(status_revision)"` // For differentiating the each retry of the same job + StartTime time.Time `orm:"column(start_time)"` + EndTime time.Time `orm:"column(end_time)"` + Total int `orm:"column(total)"` + Retained int `orm:"column(retained)"` } diff --git a/src/pkg/retention/dao/retention.go b/src/pkg/retention/dao/retention.go index e10cf12e4..2a4e5970d 100644 --- a/src/pkg/retention/dao/retention.go +++ b/src/pkg/retention/dao/retention.go @@ -3,12 +3,14 @@ package dao import ( "errors" "fmt" + "strconv" + "time" + "github.com/astaxie/beego/orm" "github.com/goharbor/harbor/src/common/dao" - jobmodels "github.com/goharbor/harbor/src/common/models" + "github.com/goharbor/harbor/src/jobservice/job" "github.com/goharbor/harbor/src/pkg/retention/dao/models" "github.com/goharbor/harbor/src/pkg/retention/q" - "strconv" ) // CreatePolicy Create Policy @@ -30,9 +32,6 @@ func DeletePolicyAndExec(id int64) error { if _, err := o.Raw("delete from retention_task where execution_id in (select id from retention_execution where policy_id = ?) ", id).Exec(); err != nil { return nil } - if _, err := o.Raw("delete from retention_execution where policy_id = ?", id).Exec(); err != nil { - return err - } if _, err := o.Delete(&models.RetentionExecution{ PolicyID: id, }); err != nil { @@ -72,7 +71,13 @@ func UpdateExecution(e *models.RetentionExecution, cols ...string) error { // DeleteExecution Delete Execution func DeleteExecution(id int64) error { o := dao.GetOrmer() - _, err := o.Delete(&models.RetentionExecution{ + _, err := o.Delete(&models.RetentionTask{ + ExecutionID: id, + }) + if err != nil { + return err + } + _, err = o.Delete(&models.RetentionExecution{ ID: id, }) return err @@ -111,21 +116,17 @@ func fillStatus(exec *models.RetentionExecution) error { } total += v switch k { - case jobmodels.JobScheduled: + case job.ScheduledStatus.String(): running += v - case jobmodels.JobPending: + case job.PendingStatus.String(): running += v - case jobmodels.JobRunning: + case job.RunningStatus.String(): running += v - case jobmodels.JobRetrying: - running += v - case jobmodels.JobFinished: + case job.SuccessStatus.String(): succeed += v - case jobmodels.JobCanceled: + case job.StoppedStatus.String(): stopped += v - case jobmodels.JobStopped: - stopped += v - case jobmodels.JobError: + case job.ErrorStatus.String(): failed += v } } @@ -228,6 +229,29 @@ func UpdateTask(task *models.RetentionTask, cols ...string) error { return err } +// UpdateTaskStatus updates the status of task according to the status code and revision to avoid +// override when running in concurrency +func UpdateTaskStatus(taskID int64, status string, statusCode int, statusRevision int64) error { + params := []interface{}{} + // use raw sql rather than the ORM as the sql generated by ORM isn't a "single" statement + // which means the operation isn't atomic + sql := `update retention_task set status = ?, status_code = ?, status_revision = ?, end_time = ? ` + params = append(params, status, statusCode, statusRevision) + var t time.Time + // when the task is in final status, update the endtime + // when the task re-runs again, the endtime should be cleared + // so set the endtime to null if the task isn't in final status + if IsFinalStatus(status) { + t = time.Now() + } + params = append(params, t) + sql += `where id = ? and + (status_revision = ? and status_code < ? or status_revision < ?) ` + params = append(params, taskID, statusRevision, statusCode, statusRevision) + _, err := dao.GetOrmer().Raw(sql, params).Exec() + return err +} + // DeleteTask deletes the task record specified by ID in database func DeleteTask(id int64) error { _, err := dao.GetOrmer().Delete(&models.RetentionTask{ @@ -276,3 +300,12 @@ func GetTotalOfTasks(executionID int64) (int64, error) { qs = qs.Filter("ExecutionID", executionID) return qs.Count() } + +// IsFinalStatus checks whether the status is a final status +func IsFinalStatus(status string) bool { + if status == job.StoppedStatus.String() || status == job.SuccessStatus.String() || + status == job.ErrorStatus.String() { + return true + } + return false +} diff --git a/src/pkg/retention/dao/retention_test.go b/src/pkg/retention/dao/retention_test.go index df7c757c7..b3fcdc85b 100644 --- a/src/pkg/retention/dao/retention_test.go +++ b/src/pkg/retention/dao/retention_test.go @@ -194,8 +194,12 @@ func TestTask(t *testing.T) { // update task.ID = id - task.Status = "running" - err = UpdateTask(task, "Status") + task.Total = 1 + err = UpdateTask(task, "Total") + require.Nil(t, err) + + // update status + err = UpdateTaskStatus(id, "running", 1, 1) require.Nil(t, err) // list @@ -205,8 +209,11 @@ func TestTask(t *testing.T) { }) require.Nil(t, err) require.Equal(t, 1, len(tasks)) + assert.Equal(t, 1, tasks[0].Total) assert.Equal(t, int64(1), tasks[0].ExecutionID) assert.Equal(t, "running", tasks[0].Status) + assert.Equal(t, 1, tasks[0].StatusCode) + assert.Equal(t, int64(1), tasks[0].StatusRevision) // delete err = DeleteTask(id) diff --git a/src/pkg/retention/job_test.go b/src/pkg/retention/job_test.go index cd9c137f1..cf7155b34 100644 --- a/src/pkg/retention/job_test.go +++ b/src/pkg/retention/job_test.go @@ -30,7 +30,6 @@ import ( "github.com/goharbor/harbor/src/pkg/retention/policy/rule/latestps" "github.com/goharbor/harbor/src/pkg/retention/res" "github.com/goharbor/harbor/src/pkg/retention/res/selectors/doublestar" - "github.com/goharbor/harbor/src/pkg/retention/res/selectors/label" "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" ) @@ -90,10 +89,6 @@ func (suite *JobTestSuite) TestRunSuccess() { Template: latestps.TemplateID, Parameters: ruleParams, TagSelectors: []*rule.Selector{{ - Kind: label.Kind, - Decoration: label.With, - Pattern: "L3", - }, { Kind: doublestar.Kind, Decoration: doublestar.Matches, Pattern: "**", diff --git a/src/pkg/retention/launcher_test.go b/src/pkg/retention/launcher_test.go index fa94087ca..c63b7bf28 100644 --- a/src/pkg/retention/launcher_test.go +++ b/src/pkg/retention/launcher_test.go @@ -126,6 +126,9 @@ func (f *fakeRetentionManager) CreateTask(task *Task) (int64, error) { func (f *fakeRetentionManager) UpdateTask(task *Task, cols ...string) error { return nil } +func (f *fakeRetentionManager) UpdateTaskStatus(int64, string, int64) error { + return nil +} func (f *fakeRetentionManager) GetTaskLog(taskID int64) ([]byte, error) { return nil, nil } diff --git a/src/pkg/retention/manager.go b/src/pkg/retention/manager.go index ccb2f6339..4d3121f94 100644 --- a/src/pkg/retention/manager.go +++ b/src/pkg/retention/manager.go @@ -21,7 +21,8 @@ import ( "time" "github.com/astaxie/beego/orm" - "github.com/goharbor/harbor/src/common/job" + cjob "github.com/goharbor/harbor/src/common/job" + "github.com/goharbor/harbor/src/jobservice/job" "github.com/goharbor/harbor/src/pkg/retention/dao" "github.com/goharbor/harbor/src/pkg/retention/dao/models" "github.com/goharbor/harbor/src/pkg/retention/policy" @@ -58,6 +59,10 @@ type Manager interface { CreateTask(task *Task) (int64, error) // Update the specified task UpdateTask(task *Task, cols ...string) error + // Update the status of the specified task + // The status is updated only when (the statusRevision > the current revision) + // or (the the statusRevision = the current revision and status > the current status) + UpdateTaskStatus(taskID int64, status string, statusRevision int64) error // Get the task specified by the task ID GetTask(taskID int64) (*Task, error) // Get the log of the specified task @@ -188,14 +193,16 @@ func (d *DefaultManager) CreateTask(task *Task) (int64, error) { return 0, errors.New("nil task") } t := &models.RetentionTask{ - ExecutionID: task.ExecutionID, - Repository: task.Repository, - JobID: task.JobID, - Status: task.Status, - StartTime: task.StartTime, - EndTime: task.EndTime, - Total: task.Total, - Retained: task.Retained, + ExecutionID: task.ExecutionID, + Repository: task.Repository, + JobID: task.JobID, + Status: task.Status, + StatusCode: task.StatusCode, + StatusRevision: task.StatusRevision, + StartTime: task.StartTime, + EndTime: task.EndTime, + Total: task.Total, + Retained: task.Retained, } return dao.CreateTask(t) } @@ -212,15 +219,17 @@ func (d *DefaultManager) ListTasks(query ...*q.TaskQuery) ([]*Task, error) { tasks := make([]*Task, 0) for _, t := range ts { tasks = append(tasks, &Task{ - ID: t.ID, - ExecutionID: t.ExecutionID, - Repository: t.Repository, - JobID: t.JobID, - Status: t.Status, - StartTime: t.StartTime, - EndTime: t.EndTime, - Total: t.Total, - Retained: t.Retained, + ID: t.ID, + ExecutionID: t.ExecutionID, + Repository: t.Repository, + JobID: t.JobID, + Status: t.Status, + StatusCode: t.StatusCode, + StatusRevision: t.StatusRevision, + StartTime: t.StartTime, + EndTime: t.EndTime, + Total: t.Total, + Retained: t.Retained, }) } return tasks, nil @@ -240,18 +249,29 @@ func (d *DefaultManager) UpdateTask(task *Task, cols ...string) error { return fmt.Errorf("invalid task ID: %d", task.ID) } return dao.UpdateTask(&models.RetentionTask{ - ID: task.ID, - ExecutionID: task.ExecutionID, - Repository: task.Repository, - JobID: task.JobID, - Status: task.Status, - StartTime: task.StartTime, - EndTime: task.EndTime, - Total: task.Total, - Retained: task.Retained, + ID: task.ID, + ExecutionID: task.ExecutionID, + Repository: task.Repository, + JobID: task.JobID, + Status: task.Status, + StatusCode: task.StatusCode, + StatusRevision: task.StatusRevision, + StartTime: task.StartTime, + EndTime: task.EndTime, + Total: task.Total, + Retained: task.Retained, }, cols...) } +// UpdateTaskStatus updates the status of the specified task +func (d *DefaultManager) UpdateTaskStatus(taskID int64, status string, statusRevision int64) error { + if taskID <= 0 { + return fmt.Errorf("invalid task ID: %d", taskID) + } + st := job.Status(status) + return dao.UpdateTaskStatus(taskID, status, st.Code(), statusRevision) +} + // GetTask returns the task specified by task ID func (d *DefaultManager) GetTask(taskID int64) (*Task, error) { if taskID <= 0 { @@ -262,15 +282,17 @@ func (d *DefaultManager) GetTask(taskID int64) (*Task, error) { return nil, err } return &Task{ - ID: task.ID, - ExecutionID: task.ExecutionID, - Repository: task.Repository, - JobID: task.JobID, - Status: task.Status, - StartTime: task.StartTime, - EndTime: task.EndTime, - Total: task.Total, - Retained: task.Retained, + ID: task.ID, + ExecutionID: task.ExecutionID, + Repository: task.Repository, + JobID: task.JobID, + Status: task.Status, + StatusCode: task.StatusCode, + StatusRevision: task.StatusRevision, + StartTime: task.StartTime, + EndTime: task.EndTime, + Total: task.Total, + Retained: task.Retained, }, nil } @@ -283,7 +305,7 @@ func (d *DefaultManager) GetTaskLog(taskID int64) ([]byte, error) { if task == nil { return nil, fmt.Errorf("task %d not found", taskID) } - return job.GlobalClient.GetJobLog(task.JobID) + return cjob.GlobalClient.GetJobLog(task.JobID) } // NewManager ... diff --git a/src/pkg/retention/manager_test.go b/src/pkg/retention/manager_test.go index b8310af8c..83e1ab0ef 100644 --- a/src/pkg/retention/manager_test.go +++ b/src/pkg/retention/manager_test.go @@ -6,8 +6,8 @@ import ( "time" "github.com/goharbor/harbor/src/common/dao" - "github.com/goharbor/harbor/src/common/job" + jjob "github.com/goharbor/harbor/src/jobservice/job" "github.com/goharbor/harbor/src/pkg/retention/policy" "github.com/goharbor/harbor/src/pkg/retention/policy/rule" "github.com/goharbor/harbor/src/pkg/retention/q" @@ -168,11 +168,16 @@ func TestExecution(t *testing.T) { func TestTask(t *testing.T) { m := NewManager() + err := m.DeleteExecution(1000) + require.Nil(t, err) task := &Task{ - ExecutionID: 1, - JobID: "1", - Status: TaskStatusPending, - StartTime: time.Now(), + ExecutionID: 1000, + JobID: "1", + Status: jjob.PendingStatus.String(), + StatusCode: jjob.PendingStatus.Code(), + StatusRevision: 1, + Total: 0, + StartTime: time.Now(), } // create id, err := m.CreateTask(task) @@ -181,27 +186,39 @@ func TestTask(t *testing.T) { // get tk, err := m.GetTask(id) require.Nil(t, err) - assert.EqualValues(t, 1, tk.ExecutionID) + assert.EqualValues(t, 1000, tk.ExecutionID) // update task.ID = id - task.Status = TaskStatusInProgress - err = m.UpdateTask(task, "Status") + task.Total = 1 + err = m.UpdateTask(task, "Total") + require.Nil(t, err) + + // update status to success which is a final status + err = m.UpdateTaskStatus(id, jjob.SuccessStatus.String(), 1) + require.Nil(t, err) + + // try to update status to running, as the status has already + // been updated to a final status and the stautus revision doesn't change, + // this updating shouldn't take effect + err = m.UpdateTaskStatus(id, jjob.RunningStatus.String(), 1) + require.Nil(t, err) + + // update the revision and try to update status to running again + err = m.UpdateTaskStatus(id, jjob.RunningStatus.String(), 2) require.Nil(t, err) // list tasks, err := m.ListTasks(&q.TaskQuery{ - ExecutionID: 1, - Status: TaskStatusInProgress, + ExecutionID: 1000, }) require.Nil(t, err) require.Equal(t, 1, len(tasks)) - assert.Equal(t, int64(1), tasks[0].ExecutionID) - assert.Equal(t, TaskStatusInProgress, tasks[0].Status) - - task.Status = TaskStatusFailed - err = m.UpdateTask(task, "Status") - require.Nil(t, err) + assert.Equal(t, int64(1000), tasks[0].ExecutionID) + assert.Equal(t, 1, tasks[0].Total) + assert.Equal(t, jjob.RunningStatus.String(), tasks[0].Status) + assert.Equal(t, jjob.RunningStatus.Code(), tasks[0].StatusCode) + assert.Equal(t, int64(2), tasks[0].StatusRevision) // get task log job.GlobalClient = &tjob.MockJobClient{ diff --git a/src/pkg/retention/models.go b/src/pkg/retention/models.go index 6b2daab9a..920b98e7d 100644 --- a/src/pkg/retention/models.go +++ b/src/pkg/retention/models.go @@ -23,12 +23,6 @@ const ( ExecutionStatusFailed string = "Failed" ExecutionStatusStopped string = "Stopped" - TaskStatusPending string = "Pending" - TaskStatusInProgress string = "InProgress" - TaskStatusSucceed string = "Succeed" - TaskStatusFailed string = "Failed" - TaskStatusStopped string = "Stopped" - CandidateKindImage string = "image" CandidateKindChart string = "chart" @@ -49,15 +43,17 @@ type Execution struct { // Task of retention type Task struct { - ID int64 `json:"id"` - ExecutionID int64 `json:"execution_id"` - Repository string `json:"repository"` - JobID string `json:"job_id"` - Status string `json:"status"` - StartTime time.Time `json:"start_time"` - EndTime time.Time `json:"end_time"` - Total int `json:"total"` - Retained int `json:"retained"` + ID int64 `json:"id"` + ExecutionID int64 `json:"execution_id"` + Repository string `json:"repository"` + JobID string `json:"job_id"` + Status string `json:"status"` + StatusCode int `json:"status_code"` + StatusRevision int64 `json:"status_revision"` + StartTime time.Time `json:"start_time"` + EndTime time.Time `json:"end_time"` + Total int `json:"total"` + Retained int `json:"retained"` } // History of retention diff --git a/src/pkg/retention/policy/models.go b/src/pkg/retention/policy/models.go index 7fd48c205..94a6adff0 100644 --- a/src/pkg/retention/policy/models.go +++ b/src/pkg/retention/policy/models.go @@ -67,7 +67,6 @@ func (m *Metadata) Valid(v *validation.Validation) { _ = v.SetError("Trigger.Settings", "cron in Trigger.Settings is required") } } - } } diff --git a/src/pkg/retention/policy/rule/dayspl/evaluator.go b/src/pkg/retention/policy/rule/dayspl/evaluator.go index 9b2fb34e9..c0fd76256 100644 --- a/src/pkg/retention/policy/rule/dayspl/evaluator.go +++ b/src/pkg/retention/policy/rule/dayspl/evaluator.go @@ -58,12 +58,13 @@ func (e *evaluator) Action() string { func New(params rule.Parameters) rule.Evaluator { if params != nil { if p, ok := params[ParameterN]; ok { - if v, ok := p.(int); ok && v >= 0 { - return &evaluator{n: v} + if v, ok := p.(float64); ok && v >= 0 { + return &evaluator{n: int(v)} } } } - log.Debugf("default parameter %d used for rule %s", DefaultN, TemplateID) + log.Warningf("default parameter %d used for rule %s", DefaultN, TemplateID) + return &evaluator{n: DefaultN} } diff --git a/src/pkg/retention/policy/rule/dayspl/evaluator_test.go b/src/pkg/retention/policy/rule/dayspl/evaluator_test.go index 0c8ba1ec1..a8587ccd8 100644 --- a/src/pkg/retention/policy/rule/dayspl/evaluator_test.go +++ b/src/pkg/retention/policy/rule/dayspl/evaluator_test.go @@ -15,7 +15,7 @@ package dayspl import ( - "strconv" + "fmt" "testing" "time" @@ -36,8 +36,8 @@ func (e *EvaluatorTestSuite) TestNew() { args rule.Parameters expectedN int }{ - {Name: "Valid", args: map[string]rule.Parameter{ParameterN: 5}, expectedN: 5}, - {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterN: -1}, expectedN: DefaultN}, + {Name: "Valid", args: map[string]rule.Parameter{ParameterN: float64(5)}, expectedN: 5}, + {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterN: float64(-1)}, expectedN: DefaultN}, {Name: "Default If Not Set", args: map[string]rule.Parameter{}, expectedN: DefaultN}, {Name: "Default If Wrong Type", args: map[string]rule.Parameter{ParameterN: "foo"}, expectedN: DefaultN}, } @@ -65,7 +65,7 @@ func (e *EvaluatorTestSuite) TestProcess() { } tests := []struct { - n int + n float64 expected int minPullTime int64 }{ @@ -80,7 +80,7 @@ func (e *EvaluatorTestSuite) TestProcess() { } for _, tt := range tests { - e.T().Run(strconv.Itoa(tt.n), func(t *testing.T) { + e.T().Run(fmt.Sprintf("%v", tt.n), func(t *testing.T) { sut := New(map[string]rule.Parameter{ParameterN: tt.n}) result, err := sut.Process(data) diff --git a/src/pkg/retention/policy/rule/daysps/evaluator.go b/src/pkg/retention/policy/rule/daysps/evaluator.go index 2c121dde7..ee4dd436d 100644 --- a/src/pkg/retention/policy/rule/daysps/evaluator.go +++ b/src/pkg/retention/policy/rule/daysps/evaluator.go @@ -58,12 +58,13 @@ func (e *evaluator) Action() string { func New(params rule.Parameters) rule.Evaluator { if params != nil { if p, ok := params[ParameterN]; ok { - if v, ok := p.(int); ok && v >= 0 { - return &evaluator{n: v} + if v, ok := p.(float64); ok && v >= 0 { + return &evaluator{n: int(v)} } } } - log.Debugf("default parameter %d used for rule %s", DefaultN, TemplateID) + log.Warningf("default parameter %d used for rule %s", DefaultN, TemplateID) + return &evaluator{n: DefaultN} } diff --git a/src/pkg/retention/policy/rule/daysps/evaluator_test.go b/src/pkg/retention/policy/rule/daysps/evaluator_test.go index 07c9f9bdd..75287ce4f 100644 --- a/src/pkg/retention/policy/rule/daysps/evaluator_test.go +++ b/src/pkg/retention/policy/rule/daysps/evaluator_test.go @@ -15,7 +15,7 @@ package daysps import ( - "strconv" + "fmt" "testing" "time" @@ -36,8 +36,8 @@ func (e *EvaluatorTestSuite) TestNew() { args rule.Parameters expectedN int }{ - {Name: "Valid", args: map[string]rule.Parameter{ParameterN: 5}, expectedN: 5}, - {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterN: -1}, expectedN: DefaultN}, + {Name: "Valid", args: map[string]rule.Parameter{ParameterN: float64(5)}, expectedN: 5}, + {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterN: float64(-1)}, expectedN: DefaultN}, {Name: "Default If Not Set", args: map[string]rule.Parameter{}, expectedN: DefaultN}, {Name: "Default If Wrong Type", args: map[string]rule.Parameter{ParameterN: "foo"}, expectedN: DefaultN}, } @@ -65,7 +65,7 @@ func (e *EvaluatorTestSuite) TestProcess() { } tests := []struct { - n int + n float64 expected int minPushTime int64 }{ @@ -80,7 +80,7 @@ func (e *EvaluatorTestSuite) TestProcess() { } for _, tt := range tests { - e.T().Run(strconv.Itoa(tt.n), func(t *testing.T) { + e.T().Run(fmt.Sprintf("%v", tt.n), func(t *testing.T) { sut := New(map[string]rule.Parameter{ParameterN: tt.n}) result, err := sut.Process(data) diff --git a/src/pkg/retention/policy/rule/index/index.go b/src/pkg/retention/policy/rule/index/index.go index 40a4cccc0..7360a2cb8 100644 --- a/src/pkg/retention/policy/rule/index/index.go +++ b/src/pkg/retention/policy/rule/index/index.go @@ -26,7 +26,6 @@ import ( "github.com/goharbor/harbor/src/pkg/retention/policy/rule/latestk" "github.com/goharbor/harbor/src/pkg/retention/policy/rule/latestpl" "github.com/goharbor/harbor/src/pkg/retention/policy/rule/latestps" - "github.com/goharbor/harbor/src/pkg/retention/policy/rule/nothing" "github.com/pkg/errors" ) @@ -122,11 +121,11 @@ func init() { }, lastx.New) // Register nothing - Register(&Metadata{ - TemplateID: nothing.TemplateID, - Action: action.Retain, - Parameters: []*IndexedParam{}, - }, nothing.New) + // Register(&Metadata{ + // TemplateID: nothing.TemplateID, + // Action: action.Retain, + // Parameters: []*IndexedParam{}, + // }, nothing.New) // Register always Register(&Metadata{ diff --git a/src/pkg/retention/policy/rule/index/index_test.go b/src/pkg/retention/policy/rule/index/index_test.go index b55d29f79..fd8268f18 100644 --- a/src/pkg/retention/policy/rule/index/index_test.go +++ b/src/pkg/retention/policy/rule/index/index_test.go @@ -84,7 +84,7 @@ func (suite *IndexTestSuite) TestGet() { // TestIndex tests Index func (suite *IndexTestSuite) TestIndex() { metas := Index() - require.Equal(suite.T(), 9, len(metas)) + require.Equal(suite.T(), 8, len(metas)) assert.Condition(suite.T(), func() bool { for _, m := range metas { if m.TemplateID == "fakeEvaluator" && diff --git a/src/pkg/retention/policy/rule/lastx/evaluator.go b/src/pkg/retention/policy/rule/lastx/evaluator.go index 6d98c5c2d..b466f5eda 100644 --- a/src/pkg/retention/policy/rule/lastx/evaluator.go +++ b/src/pkg/retention/policy/rule/lastx/evaluator.go @@ -59,15 +59,15 @@ func (e *evaluator) Action() string { func New(params rule.Parameters) rule.Evaluator { if params != nil { if param, ok := params[ParameterX]; ok { - if v, ok := param.(int); ok && v >= 0 { + if v, ok := param.(float64); ok && v >= 0 { return &evaluator{ - x: v, + x: int(v), } } } } - log.Debugf("default parameter %d used for rule %s", DefaultX, TemplateID) + log.Warningf("default parameter %d used for rule %s", DefaultX, TemplateID) return &evaluator{ x: DefaultX, diff --git a/src/pkg/retention/policy/rule/lastx/evaluator_test.go b/src/pkg/retention/policy/rule/lastx/evaluator_test.go index eafc30f2f..becd79234 100644 --- a/src/pkg/retention/policy/rule/lastx/evaluator_test.go +++ b/src/pkg/retention/policy/rule/lastx/evaluator_test.go @@ -21,8 +21,8 @@ func (e *EvaluatorTestSuite) TestNew() { args rule.Parameters expectedX int }{ - {Name: "Valid", args: map[string]rule.Parameter{ParameterX: 3}, expectedX: 3}, - {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterX: -3}, expectedX: DefaultX}, + {Name: "Valid", args: map[string]rule.Parameter{ParameterX: float64(3)}, expectedX: 3}, + {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterX: float64(-3)}, expectedX: DefaultX}, {Name: "Default If Not Set", args: map[string]rule.Parameter{}, expectedX: DefaultX}, {Name: "Default If Wrong Type", args: map[string]rule.Parameter{}, expectedX: DefaultX}, } @@ -48,7 +48,7 @@ func (e *EvaluatorTestSuite) TestProcess() { } tests := []struct { - days int + days float64 expected int }{ {days: 0, expected: 0}, @@ -62,7 +62,7 @@ func (e *EvaluatorTestSuite) TestProcess() { } for _, tt := range tests { - e.T().Run(fmt.Sprintf("%d days - should keep %d", tt.days, tt.expected), func(t *testing.T) { + e.T().Run(fmt.Sprintf("%v days - should keep %d", tt.days, tt.expected), func(t *testing.T) { e := New(rule.Parameters{ParameterX: tt.days}) result, err := e.Process(data) diff --git a/src/pkg/retention/policy/rule/latestk/evaluator.go b/src/pkg/retention/policy/rule/latestk/evaluator.go index bb1d246de..f6d73599a 100644 --- a/src/pkg/retention/policy/rule/latestk/evaluator.go +++ b/src/pkg/retention/policy/rule/latestk/evaluator.go @@ -65,9 +65,9 @@ func (e *evaluator) Action() string { func New(params rule.Parameters) rule.Evaluator { if params != nil { if param, ok := params[ParameterK]; ok { - if v, ok := param.(int); ok && v >= 0 { + if v, ok := param.(float64); ok && v >= 0 { return &evaluator{ - k: v, + k: int(v), } } } diff --git a/src/pkg/retention/policy/rule/latestk/evaluator_test.go b/src/pkg/retention/policy/rule/latestk/evaluator_test.go index ab2967f51..24b04fb9e 100644 --- a/src/pkg/retention/policy/rule/latestk/evaluator_test.go +++ b/src/pkg/retention/policy/rule/latestk/evaluator_test.go @@ -15,7 +15,7 @@ package latestk import ( - "strconv" + "fmt" "testing" "github.com/goharbor/harbor/src/pkg/retention/policy/rule" @@ -58,7 +58,7 @@ func (e *EvaluatorTestSuite) TestProcess() { {k: 99, expected: len(e.artifacts)}, } for _, tt := range tests { - e.T().Run(strconv.Itoa(tt.k), func(t *testing.T) { + e.T().Run(fmt.Sprintf("%v", tt.k), func(t *testing.T) { sut := &evaluator{k: tt.k} result, err := sut.Process(e.artifacts) @@ -79,8 +79,8 @@ func (e *EvaluatorTestSuite) TestNew() { params rule.Parameters expectedK int }{ - {name: "Valid", params: rule.Parameters{ParameterK: 5}, expectedK: 5}, - {name: "Default If Negative", params: rule.Parameters{ParameterK: -5}, expectedK: DefaultK}, + {name: "Valid", params: rule.Parameters{ParameterK: float64(5)}, expectedK: 5}, + {name: "Default If Negative", params: rule.Parameters{ParameterK: float64(-5)}, expectedK: DefaultK}, {name: "Default If Wrong Type", params: rule.Parameters{ParameterK: "5"}, expectedK: DefaultK}, {name: "Default If Wrong Key", params: rule.Parameters{"n": 5}, expectedK: DefaultK}, {name: "Default If Empty", params: rule.Parameters{}, expectedK: DefaultK}, diff --git a/src/pkg/retention/policy/rule/latestpl/evaluator.go b/src/pkg/retention/policy/rule/latestpl/evaluator.go index 620790a73..bed7b6e4e 100644 --- a/src/pkg/retention/policy/rule/latestpl/evaluator.go +++ b/src/pkg/retention/policy/rule/latestpl/evaluator.go @@ -59,13 +59,13 @@ func (e *evaluator) Action() string { func New(params rule.Parameters) rule.Evaluator { if params != nil { if p, ok := params[ParameterN]; ok { - if v, ok := p.(int); ok && v >= 0 { - return &evaluator{n: v} + if v, ok := p.(float64); ok && v >= 0 { + return &evaluator{n: int(v)} } } } - log.Debugf("default parameter %d used for rule %s", DefaultN, TemplateID) + log.Warningf("default parameter %d used for rule %s", DefaultN, TemplateID) return &evaluator{n: DefaultN} } diff --git a/src/pkg/retention/policy/rule/latestpl/evaluator_test.go b/src/pkg/retention/policy/rule/latestpl/evaluator_test.go index 443481649..69b0605f5 100644 --- a/src/pkg/retention/policy/rule/latestpl/evaluator_test.go +++ b/src/pkg/retention/policy/rule/latestpl/evaluator_test.go @@ -15,8 +15,8 @@ package latestpl import ( + "fmt" "math/rand" - "strconv" "testing" "github.com/goharbor/harbor/src/pkg/retention/policy/rule" @@ -35,8 +35,8 @@ func (e *EvaluatorTestSuite) TestNew() { args rule.Parameters expectedK int }{ - {Name: "Valid", args: map[string]rule.Parameter{ParameterN: 5}, expectedK: 5}, - {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterN: -1}, expectedK: DefaultN}, + {Name: "Valid", args: map[string]rule.Parameter{ParameterN: float64(5)}, expectedK: 5}, + {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterN: float64(-1)}, expectedK: DefaultN}, {Name: "Default If Not Set", args: map[string]rule.Parameter{}, expectedK: DefaultN}, {Name: "Default If Wrong Type", args: map[string]rule.Parameter{ParameterN: "foo"}, expectedK: DefaultN}, } @@ -57,7 +57,7 @@ func (e *EvaluatorTestSuite) TestProcess() { }) tests := []struct { - n int + n float64 expected int minPullTime int64 }{ @@ -69,7 +69,7 @@ func (e *EvaluatorTestSuite) TestProcess() { } for _, tt := range tests { - e.T().Run(strconv.Itoa(tt.n), func(t *testing.T) { + e.T().Run(fmt.Sprintf("%v", tt.n), func(t *testing.T) { ev := New(map[string]rule.Parameter{ParameterN: tt.n}) result, err := ev.Process(data) diff --git a/src/pkg/retention/policy/rule/latestps/evaluator.go b/src/pkg/retention/policy/rule/latestps/evaluator.go index 8ac090b3f..ac000a302 100644 --- a/src/pkg/retention/policy/rule/latestps/evaluator.go +++ b/src/pkg/retention/policy/rule/latestps/evaluator.go @@ -62,15 +62,15 @@ func (e *evaluator) Action() string { func New(params rule.Parameters) rule.Evaluator { if params != nil { if param, ok := params[ParameterK]; ok { - if v, ok := param.(int); ok && v >= 0 { + if v, ok := param.(float64); ok && v >= 0 { return &evaluator{ - k: v, + k: int(v), } } } } - log.Debugf("default parameter %d used for rule %s", DefaultK, TemplateID) + log.Warningf("default parameter %d used for rule %s", DefaultK, TemplateID) return &evaluator{ k: DefaultK, diff --git a/src/pkg/retention/policy/rule/latestps/evaluator_test.go b/src/pkg/retention/policy/rule/latestps/evaluator_test.go index 7136b69d6..6e303c3c4 100644 --- a/src/pkg/retention/policy/rule/latestps/evaluator_test.go +++ b/src/pkg/retention/policy/rule/latestps/evaluator_test.go @@ -1,8 +1,8 @@ package latestps import ( + "fmt" "math/rand" - "strconv" "testing" "github.com/stretchr/testify/suite" @@ -22,8 +22,8 @@ func (e *EvaluatorTestSuite) TestNew() { args rule.Parameters expectedK int }{ - {Name: "Valid", args: map[string]rule.Parameter{ParameterK: 5}, expectedK: 5}, - {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterK: -1}, expectedK: DefaultK}, + {Name: "Valid", args: map[string]rule.Parameter{ParameterK: float64(5)}, expectedK: 5}, + {Name: "Default If Negative", args: map[string]rule.Parameter{ParameterK: float64(-1)}, expectedK: DefaultK}, {Name: "Default If Not Set", args: map[string]rule.Parameter{}, expectedK: DefaultK}, {Name: "Default If Wrong Type", args: map[string]rule.Parameter{ParameterK: "foo"}, expectedK: DefaultK}, } @@ -44,7 +44,7 @@ func (e *EvaluatorTestSuite) TestProcess() { }) tests := []struct { - k int + k float64 expected int }{ {k: 0, expected: 0}, @@ -55,7 +55,7 @@ func (e *EvaluatorTestSuite) TestProcess() { } for _, tt := range tests { - e.T().Run(strconv.Itoa(tt.k), func(t *testing.T) { + e.T().Run(fmt.Sprintf("%v", tt.k), func(t *testing.T) { e := New(map[string]rule.Parameter{ParameterK: tt.k}) result, err := e.Process(data) diff --git a/src/pkg/retention/policy/rule/models.go b/src/pkg/retention/policy/rule/models.go index 448b10183..4e85872be 100644 --- a/src/pkg/retention/policy/rule/models.go +++ b/src/pkg/retention/policy/rule/models.go @@ -45,11 +45,11 @@ type Metadata struct { // Selector to narrow down the list type Selector struct { // Kind of the selector - // "regularExpression" or "label" - Kind string `json:"kind" valid:"Required"` + // "doublestar" or "label" + Kind string `json:"kind" valid:"Required;Match(doublestar)"` // Decorated the selector - // for "regularExpression" : "matches" and "excludes" + // for "doublestar" : "matching" and "excluding" // for "label" : "with" and "without" Decoration string `json:"decoration" valid:"Required"` diff --git a/src/pkg/retention/res/selectors/index/index.go b/src/pkg/retention/res/selectors/index/index.go index fe00c4f4b..690beef2d 100644 --- a/src/pkg/retention/res/selectors/index/index.go +++ b/src/pkg/retention/res/selectors/index/index.go @@ -17,8 +17,6 @@ package index import ( "sync" - "github.com/goharbor/harbor/src/pkg/retention/res/selectors/label" - "github.com/goharbor/harbor/src/pkg/retention/res" "github.com/goharbor/harbor/src/pkg/retention/res/selectors/doublestar" "github.com/pkg/errors" @@ -36,7 +34,7 @@ func init() { }, doublestar.New) // Register label selector - Register(label.Kind, []string{label.With, label.Without}, label.New) + // Register(label.Kind, []string{label.With, label.Without}, label.New) } // index for keeping the mapping between selector meta and its implementation diff --git a/src/pkg/scan/whitelist/manager.go b/src/pkg/scan/whitelist/manager.go index 5aa793b9a..d582e3f10 100644 --- a/src/pkg/scan/whitelist/manager.go +++ b/src/pkg/scan/whitelist/manager.go @@ -17,6 +17,7 @@ package whitelist import ( "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/models" + "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/jobservice/logger" ) @@ -41,7 +42,7 @@ func (d *defaultManager) CreateEmpty(projectID int64) error { l := models.CVEWhitelist{ ProjectID: projectID, } - _, err := dao.UpdateCVEWhitelist(l) + _, err := dao.CreateCVEWhitelist(l) if err != nil { logger.Errorf("Failed to create empty CVE whitelist for project: %d, error: %v", projectID, err) } @@ -60,7 +61,12 @@ func (d *defaultManager) Set(projectID int64, list models.CVEWhitelist) error { // Get gets the whitelist for given project func (d *defaultManager) Get(projectID int64) (*models.CVEWhitelist, error) { - return dao.GetCVEWhitelist(projectID) + wl, err := dao.GetCVEWhitelist(projectID) + if wl == nil && err == nil { + log.Debugf("No CVE whitelist found for project %d, returning empty list.", projectID) + return &models.CVEWhitelist{ProjectID: projectID, Items: []models.CVEWhitelistItem{}}, nil + } + return wl, err } // SetSys sets the system level whitelist diff --git a/src/pkg/scan/whitelist/manager_test.go b/src/pkg/scan/whitelist/manager_test.go new file mode 100644 index 000000000..8dbf6da37 --- /dev/null +++ b/src/pkg/scan/whitelist/manager_test.go @@ -0,0 +1,46 @@ +package whitelist + +import ( + "github.com/goharbor/harbor/src/common/dao" + "github.com/goharbor/harbor/src/common/utils/log" + "github.com/stretchr/testify/assert" + "os" + "testing" +) + +func TestMain(m *testing.M) { + + // databases := []string{"mysql", "sqlite"} + databases := []string{"postgresql"} + for _, database := range databases { + log.Infof("run test cases for database: %s", database) + + result := 1 + switch database { + case "postgresql": + dao.PrepareTestForPostgresSQL() + default: + log.Fatalf("invalid database: %s", database) + } + + result = m.Run() + + if result != 0 { + os.Exit(result) + } + } +} + +func TestDefaultManager_CreateEmpty(t *testing.T) { + dm := NewDefaultManager() + assert.NoError(t, dm.CreateEmpty(99)) + assert.Error(t, dm.CreateEmpty(99)) +} + +func TestDefaultManager_Get(t *testing.T) { + dm := NewDefaultManager() + // return empty list + l, err := dm.Get(1234) + assert.Nil(t, err) + assert.Empty(t, l.Items) +} diff --git a/src/pkg/scheduler/scheduler.go b/src/pkg/scheduler/scheduler.go index c0fa44d68..6fb7d7e87 100644 --- a/src/pkg/scheduler/scheduler.go +++ b/src/pkg/scheduler/scheduler.go @@ -15,6 +15,7 @@ package scheduler import ( + "encoding/json" "fmt" "net/http" "sync" @@ -29,9 +30,10 @@ import ( "github.com/pkg/errors" ) +// const definitions const ( - jobParamCallbackFunc = "callback_func" - jobParamCallbackFuncParams = "params" + JobParamCallbackFunc = "callback_func" + JobParamCallbackFuncParams = "params" ) var ( @@ -46,6 +48,8 @@ type CallbackFunc func(interface{}) error // Scheduler provides the capability to run a periodic task, a callback function // needs to be registered before using the scheduler +// The "params" is passed to the callback function specified by "callbackFuncName" +// as encoded json string, so the callback function must decode it before using type Scheduler interface { Schedule(cron string, callbackFuncName string, params interface{}) (int64, error) UnSchedule(id int64) error @@ -119,6 +123,15 @@ func (s *scheduler) Schedule(cron string, callbackFuncName string, params interf if err != nil { return 0, err } + // if got error in the following steps, delete the schedule record in database + defer func() { + if err != nil { + e := s.manager.Delete(scheduleID) + if e != nil { + log.Errorf("failed to delete the schedule %d: %v", scheduleID, e) + } + } + }() log.Debugf("the schedule record %d created", scheduleID) // submit scheduler job to Jobservice @@ -126,8 +139,7 @@ func (s *scheduler) Schedule(cron string, callbackFuncName string, params interf jd := &models.JobData{ Name: JobNameScheduler, Parameters: map[string]interface{}{ - jobParamCallbackFunc: callbackFuncName, - jobParamCallbackFuncParams: params, + JobParamCallbackFunc: callbackFuncName, }, Metadata: &models.JobMetadata{ JobKind: job.JobKindPeriodic, @@ -135,15 +147,26 @@ func (s *scheduler) Schedule(cron string, callbackFuncName string, params interf }, StatusHook: statusHookURL, } + if params != nil { + var paramsData []byte + paramsData, err = json.Marshal(params) + if err != nil { + return 0, err + } + jd.Parameters[JobParamCallbackFuncParams] = string(paramsData) + } jobID, err := s.jobserviceClient.SubmitJob(jd) if err != nil { - // if failed to submit to Jobservice, delete the schedule record in database - e := s.manager.Delete(scheduleID) - if e != nil { - log.Errorf("failed to delete the schedule %d: %v", scheduleID, e) - } return 0, err } + // if got error in the following steps, stop the scheduler job + defer func() { + if err != nil { + if e := s.jobserviceClient.PostAction(jobID, job.JobActionStop); e != nil { + log.Errorf("failed to stop the scheduler job %s: %v", jobID, e) + } + } + }() log.Debugf("the scheduler job submitted to Jobservice, job ID: %s", jobID) // populate the job ID for the schedule @@ -152,14 +175,6 @@ func (s *scheduler) Schedule(cron string, callbackFuncName string, params interf JobID: jobID, }, "JobID") if err != nil { - // stop the scheduler job - if e := s.jobserviceClient.PostAction(jobID, job.JobActionStop); e != nil { - log.Errorf("failed to stop the scheduler job %s: %v", jobID, e) - } - // delete the schedule record - if e := s.manager.Delete(scheduleID); e != nil { - log.Errorf("failed to delete the schedule record %d: %v", scheduleID, e) - } return 0, err } @@ -172,7 +187,8 @@ func (s *scheduler) UnSchedule(id int64) error { return err } if schedule == nil { - return fmt.Errorf("the schedule record %d not found", id) + log.Warningf("the schedule record %d not found", id) + return nil } if err = s.jobserviceClient.PostAction(schedule.JobID, job.JobActionStop); err != nil { herr, ok := err.(*chttp.Error) diff --git a/src/pkg/types/format.go b/src/pkg/types/format.go new file mode 100644 index 000000000..cc97f0764 --- /dev/null +++ b/src/pkg/types/format.go @@ -0,0 +1,40 @@ +// Copyright Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package types + +import ( + "fmt" +) + +var ( + resourceValueFormats = map[ResourceName]func(int64) string{ + ResourceStorage: byteCountToDisplaySize, + } +) + +func byteCountToDisplaySize(value int64) string { + const unit = 1024 + if value < unit { + return fmt.Sprintf("%d B", value) + } + + div, exp := int64(unit), 0 + for n := value / unit; n >= unit; n /= unit { + div *= unit + exp++ + } + + return fmt.Sprintf("%.1f %ciB", float64(value)/float64(div), "KMGTPE"[exp]) +} diff --git a/src/pkg/types/format_test.go b/src/pkg/types/format_test.go new file mode 100644 index 000000000..19f6607eb --- /dev/null +++ b/src/pkg/types/format_test.go @@ -0,0 +1,45 @@ +// Copyright Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package types + +import "testing" + +func Test_byteCountToDisplaySize(t *testing.T) { + type args struct { + value int64 + } + tests := []struct { + name string + args args + want string + }{ + {"100 B", args{100}, "100 B"}, + {"1.0 KiB", args{1024}, "1.0 KiB"}, + {"1.5 KiB", args{1024 * 3 / 2}, "1.5 KiB"}, + {"1.0 MiB", args{1024 * 1024}, "1.0 MiB"}, + {"1.5 MiB", args{1024 * 1024 * 3 / 2}, "1.5 MiB"}, + {"1.0 GiB", args{1024 * 1024 * 1024}, "1.0 GiB"}, + {"1.5 GiB", args{1024 * 1024 * 1024 * 3 / 2}, "1.5 GiB"}, + {"1.0 TiB", args{1024 * 1024 * 1024 * 1024}, "1.0 TiB"}, + {"1.5 TiB", args{1024 * 1024 * 1024 * 1024 * 3 / 2}, "1.5 TiB"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := byteCountToDisplaySize(tt.args.value); got != tt.want { + t.Errorf("byteCountToDisplaySize() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/src/pkg/types/resources.go b/src/pkg/types/resources.go index f30d91934..95a98fdff 100644 --- a/src/pkg/types/resources.go +++ b/src/pkg/types/resources.go @@ -16,6 +16,7 @@ package types import ( "encoding/json" + "strconv" ) const ( @@ -31,6 +32,16 @@ const ( // ResourceName is the name identifying various resources in a ResourceList. type ResourceName string +// FormatValue returns string for the resource value +func (resource ResourceName) FormatValue(value int64) string { + format, ok := resourceValueFormats[resource] + if ok { + return format(value) + } + + return strconv.FormatInt(value, 10) +} + // ResourceList is a set of (resource name, value) pairs. type ResourceList map[ResourceName]int64 @@ -113,3 +124,14 @@ func Zero(a ResourceList) ResourceList { } return result } + +// IsNegative returns the set of resource names that have a negative value. +func IsNegative(a ResourceList) []ResourceName { + results := []ResourceName{} + for k, v := range a { + if v < 0 { + results = append(results, k) + } + } + return results +} diff --git a/src/pkg/types/resources_test.go b/src/pkg/types/resources_test.go index 20f164707..473fa13a3 100644 --- a/src/pkg/types/resources_test.go +++ b/src/pkg/types/resources_test.go @@ -76,6 +76,15 @@ func (suite *ResourcesSuite) TestZero() { suite.Equal(ResourceList{ResourceStorage: 0, ResourceCount: 0}, Zero(res2)) } +func (suite *ResourcesSuite) TestIsNegative() { + suite.Len(IsNegative(ResourceList{ResourceStorage: -100, ResourceCount: 100}), 1) + suite.Contains(IsNegative(ResourceList{ResourceStorage: -100, ResourceCount: 100}), ResourceStorage) + + suite.Len(IsNegative(ResourceList{ResourceStorage: -100, ResourceCount: -100}), 2) + suite.Contains(IsNegative(ResourceList{ResourceStorage: -100, ResourceCount: -100}), ResourceStorage) + suite.Contains(IsNegative(ResourceList{ResourceStorage: -100, ResourceCount: -100}), ResourceCount) +} + func TestRunResourcesSuite(t *testing.T) { suite.Run(t, new(ResourcesSuite)) } diff --git a/src/portal/lib/src/config/gc/gc-history/gc-history.component.ts b/src/portal/lib/src/config/gc/gc-history/gc-history.component.ts index dfcc0c4e8..2a8c55c18 100644 --- a/src/portal/lib/src/config/gc/gc-history/gc-history.component.ts +++ b/src/portal/lib/src/config/gc/gc-history/gc-history.component.ts @@ -4,6 +4,7 @@ import { GcJobViewModel } from "../gcLog"; import { GcViewModelFactory } from "../gc.viewmodel.factory"; import { ErrorHandler } from "../../../error-handler/index"; import { Subscription, timer } from "rxjs"; +import { REFRESH_TIME_DIFFERENCE } from '../../../shared/shared.const'; const JOB_STATUS = { PENDING: "pending", RUNNING: "running" @@ -34,7 +35,7 @@ export class GcHistoryComponent implements OnInit, OnDestroy { this.loading = false; // to avoid some jobs not finished. if (!this.timerDelay) { - this.timerDelay = timer(3000, 3000).subscribe(() => { + this.timerDelay = timer(REFRESH_TIME_DIFFERENCE, REFRESH_TIME_DIFFERENCE).subscribe(() => { let count: number = 0; this.jobs.forEach(job => { if ( diff --git a/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.html b/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.html index 98e57589a..c9bd48440 100644 --- a/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.html +++ b/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.html @@ -25,8 +25,8 @@ {{'PROJECT.QUOTA_UNLIMIT_TIP' | translate }}
-
+
@@ -60,8 +60,9 @@ {{'PROJECT.QUOTA_UNLIMIT_TIP' | translate }}
-
- +
diff --git a/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.scss b/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.scss index 024a058d6..43f9bf3bc 100644 --- a/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.scss +++ b/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.scss @@ -1,21 +1,25 @@ - ::ng-deep .modal-dialog { width: 25rem; } + .modal-body { padding-top: 0.8rem; overflow-y: visible; overflow-x: visible; + .clr-form-compact { div.form-group { padding-left: 8.5rem; + .mr-3px { margin-right: 3px; } + .quota-input { width: 2rem; padding-right: 0.8rem; } + .select-div { width: 2.5rem; @@ -51,6 +55,22 @@ width: 9rem; } +::ng-deep { + .progress { + &.warning>progress { + color: orange; + + &::-webkit-progress-value { + background-color: orange; + } + + &::-moz-progress-bar { + background-color: orange; + } + } + } +} + .progress-label { position: absolute; right: -2.3rem; @@ -58,4 +78,7 @@ width: 3.5rem; font-weight: 100; font-size: 10px; + + overflow: hidden; + text-overflow: ellipsis; } \ No newline at end of file diff --git a/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.ts b/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.ts index a0e435c91..ca3248b32 100644 --- a/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.ts +++ b/src/portal/lib/src/config/project-quotas/edit-project-quotas/edit-project-quotas.component.ts @@ -6,15 +6,12 @@ import { OnInit, } from '@angular/core'; import { NgForm, Validators } from '@angular/forms'; -import { ActivatedRoute } from "@angular/router"; - -import { TranslateService } from '@ngx-translate/core'; import { InlineAlertComponent } from '../../../inline-alert/inline-alert.component'; -import { QuotaUnits, QuotaUnlimited } from "../../../shared/shared.const"; +import { QuotaUnits, QuotaUnlimited, QUOTA_DANGER_COEFFICIENT, QUOTA_WARNING_COEFFICIENT } from "../../../shared/shared.const"; -import { clone, getSuitableUnit, getByte, GetIntegerAndUnit, validateLimit } from '../../../utils'; +import { clone, getSuitableUnit, getByte, GetIntegerAndUnit, validateCountLimit, validateLimit } from '../../../utils'; import { EditQuotaQuotaInterface, QuotaHardLimitInterface } from '../../../service'; import { distinctUntilChanged } from 'rxjs/operators'; @@ -47,9 +44,9 @@ export class EditProjectQuotasComponent implements OnInit { @ViewChild('quotaForm') currentForm: NgForm; @Output() confirmAction = new EventEmitter(); - constructor( - private translateService: TranslateService, - private route: ActivatedRoute) { } + quotaDangerCoefficient: number = QUOTA_DANGER_COEFFICIENT; + quotaWarningCoefficient: number = QUOTA_WARNING_COEFFICIENT; + constructor() { } ngOnInit() { } @@ -106,10 +103,16 @@ export class EditProjectQuotasComponent implements OnInit { Validators.pattern('(^-1$)|(^([1-9]+)([0-9]+)*$)'), validateLimit(this.currentForm.form.controls['storageUnit']) ]); + this.currentForm.form.controls['count'].setValidators( + [ + Validators.required, + Validators.pattern('(^-1$)|(^([1-9]+)([0-9]+)*$)'), + validateCountLimit() + ]); this.currentForm.form.valueChanges .pipe(distinctUntilChanged((a, b) => JSON.stringify(a) === JSON.stringify(b))) .subscribe((data) => { - ['storage', 'storageUnit'].forEach(fieldName => { + ['storage', 'storageUnit', 'count'].forEach(fieldName => { if (this.currentForm.form.get(fieldName) && this.currentForm.form.get(fieldName).value !== null) { this.currentForm.form.get(fieldName).updateValueAndValidity(); } @@ -134,10 +137,18 @@ export class EditProjectQuotasComponent implements OnInit { } return 0; } - getDangerStyle(limit: number | string, used: number | string, unit?: string) { + isDangerColor(limit: number | string, used: number | string, unit?: string) { if (unit) { - return limit !== QuotaUnlimited ? +used / getByte(+limit, unit) > 0.9 : false; + return limit !== QuotaUnlimited ? +used / getByte(+limit, unit) >= this.quotaDangerCoefficient : false; } - return limit !== QuotaUnlimited ? +used / +limit > 0.9 : false; + return limit !== QuotaUnlimited ? +used / +limit >= this.quotaDangerCoefficient : false; + } + isWarningColor(limit: number | string, used: number | string, unit?: string) { + if (unit) { + return limit !== QuotaUnlimited ? + +used / getByte(+limit, unit) >= this.quotaWarningCoefficient && +used / getByte(+limit, unit) <= this.quotaDangerCoefficient : false; + } + return limit !== QuotaUnlimited ? + +used / +limit >= this.quotaWarningCoefficient && +used / +limit <= this.quotaDangerCoefficient : false; } } diff --git a/src/portal/lib/src/config/project-quotas/project-quotas.component.html b/src/portal/lib/src/config/project-quotas/project-quotas.component.html index 6f9e9cad2..22af1333d 100644 --- a/src/portal/lib/src/config/project-quotas/project-quotas.component.html +++ b/src/portal/lib/src/config/project-quotas/project-quotas.component.html @@ -37,7 +37,9 @@
+ [class.danger]="quota.hard.count!==-1?quota.used.count/quota.hard.count>quotaDangerCoefficient:false" + [class.warning]="quota.hard.count!==-1?quota.used.count/quota.hard.count<=quotaDangerCoefficient &"a.used.count/quota.hard.count>=quotaWarningCoefficient:false" + >
@@ -48,7 +50,9 @@
+ [class.danger]="quota.hard.storage!==-1?quota.used.storage/quota.hard.storage>quotaDangerCoefficient:false" + [class.warning]="quota.hard.storage!==-1?quota.used.storage/quota.hard.storage>=quotaWarningCoefficient&"a.used.storage/quota.hard.storage<=quotaDangerCoefficient:false" + >
diff --git a/src/portal/lib/src/config/project-quotas/project-quotas.component.ts b/src/portal/lib/src/config/project-quotas/project-quotas.component.ts index df5effd32..fa457b03e 100644 --- a/src/portal/lib/src/config/project-quotas/project-quotas.component.ts +++ b/src/portal/lib/src/config/project-quotas/project-quotas.component.ts @@ -8,7 +8,7 @@ import { , getByte, GetIntegerAndUnit } from '../../utils'; import { ErrorHandler } from '../../error-handler/index'; -import { QuotaUnits, QuotaUnlimited } from '../../shared/shared.const'; +import { QuotaUnits, QuotaUnlimited, QUOTA_DANGER_COEFFICIENT, QUOTA_WARNING_COEFFICIENT } from '../../shared/shared.const'; import { EditProjectQuotasComponent } from './edit-project-quotas/edit-project-quotas.component'; import { ConfigurationService @@ -46,6 +46,8 @@ export class ProjectQuotasComponent implements OnChanges { currentPage = 1; totalCount = 0; pageSize = 15; + quotaDangerCoefficient: number = QUOTA_DANGER_COEFFICIENT; + quotaWarningCoefficient: number = QUOTA_WARNING_COEFFICIENT; @Input() get allConfig(): Configuration { return this.config; diff --git a/src/portal/lib/src/config/system/system-settings.component.html b/src/portal/lib/src/config/system/system-settings.component.html index 82f83f024..72b9458f6 100644 --- a/src/portal/lib/src/config/system/system-settings.component.html +++ b/src/portal/lib/src/config/system/system-settings.component.html @@ -95,7 +95,7 @@
-
@@ -103,13 +103,13 @@
- {{'CVE_WHITELIST.HELP'|translate}}
-
diff --git a/src/portal/lib/src/config/system/system-settings.component.scss b/src/portal/lib/src/config/system/system-settings.component.scss index 18a577cc3..5b708737f 100644 --- a/src/portal/lib/src/config/system/system-settings.component.scss +++ b/src/portal/lib/src/config/system/system-settings.component.scss @@ -27,8 +27,6 @@ width: 222px; color: #0079bb; overflow-y: auto; - white-space: nowrap; - li { height: 24px; line-height: 24px; diff --git a/src/portal/lib/src/create-edit-rule/create-edit-rule.component.ts b/src/portal/lib/src/create-edit-rule/create-edit-rule.component.ts index 0508e4c14..2ecf2ffca 100644 --- a/src/portal/lib/src/create-edit-rule/create-edit-rule.component.ts +++ b/src/portal/lib/src/create-edit-rule/create-edit-rule.component.ts @@ -434,7 +434,7 @@ export class CreateEditRuleComponent implements OnInit, OnDestroy { // get supportedFilterLabels labels from supportedFilters this.getLabelListFromAdapter(element); // only when edit replication rule - if (ruleInfo && this.supportedFilterLabels.length) { + if (ruleInfo && ruleInfo.filters && this.supportedFilterLabels.length ) { this.getLabelListFromRuleInfo(ruleInfo); } }); diff --git a/src/portal/lib/src/cron-schedule/cron-schedule.component.html b/src/portal/lib/src/cron-schedule/cron-schedule.component.html index 315560e47..5c19753d9 100644 --- a/src/portal/lib/src/cron-schedule/cron-schedule.component.html +++ b/src/portal/lib/src/cron-schedule/cron-schedule.component.html @@ -17,7 +17,7 @@ {{ "SCHEDULE.CRON" | translate }} : {{ oriCron }}
-
diff --git a/src/portal/lib/src/cron-schedule/cron-schedule.component.ts b/src/portal/lib/src/cron-schedule/cron-schedule.component.ts index ba9abae5b..bf1e764ad 100644 --- a/src/portal/lib/src/cron-schedule/cron-schedule.component.ts +++ b/src/portal/lib/src/cron-schedule/cron-schedule.component.ts @@ -27,6 +27,7 @@ export class CronScheduleComponent implements OnChanges { @Input() originCron: OriginCron; @Input() labelEdit: string; @Input() labelCurrent: string; + @Input() disabled: boolean; dateInvalid: boolean; originScheduleType: string; oriCron: string; diff --git a/src/portal/lib/src/image-name-input/image-name-input.component.ts b/src/portal/lib/src/image-name-input/image-name-input.component.ts index 30bd4e126..1a3170a62 100644 --- a/src/portal/lib/src/image-name-input/image-name-input.component.ts +++ b/src/portal/lib/src/image-name-input/image-name-input.component.ts @@ -52,10 +52,10 @@ export class ImageNameInputComponent implements OnInit, OnDestroy { const prolist: any = this.proService.listProjects(name, undefined); if (prolist.subscribe) { prolist.subscribe(response => { - if (response) { - this.selectedProjectList = response.slice(0, 10); + if (response.body) { + this.selectedProjectList = response.body.slice(0, 10); // if input project name exist in the project list - let exist = response.find((data: any) => data.name === name); + let exist = response.body.find((data: any) => data.name === name); if (!exist) { this.noProjectInfo = "REPLICATION.NO_PROJECT_INFO"; } else { diff --git a/src/portal/lib/src/log/recent-log.component.spec.ts b/src/portal/lib/src/log/recent-log.component.spec.ts index 39425c8b2..bdb7cc4c0 100644 --- a/src/portal/lib/src/log/recent-log.component.spec.ts +++ b/src/portal/lib/src/log/recent-log.component.spec.ts @@ -203,7 +203,7 @@ describe('RecentLogComponent (inline template)', () => { fixture.detectChanges(); expect(component.recentLogs).toBeTruthy(); expect(component.logsCache).toBeTruthy(); - expect(component.recentLogs.length).toEqual(3); + expect(component.recentLogs.length).toEqual(15); }); }); diff --git a/src/portal/lib/src/log/recent-log.component.ts b/src/portal/lib/src/log/recent-log.component.ts index b791e7bfb..8a187c9df 100644 --- a/src/portal/lib/src/log/recent-log.component.ts +++ b/src/portal/lib/src/log/recent-log.component.ts @@ -67,7 +67,8 @@ export class RecentLogComponent implements OnInit { } public doFilter(terms: string): void { - if (!terms) { + // allow search by null characters + if (terms === undefined || terms === null) { return; } this.currentTerm = terms.trim(); diff --git a/src/portal/lib/src/project-policy-config/project-policy-config.component.html b/src/portal/lib/src/project-policy-config/project-policy-config.component.html index 31912edc3..8d5e69f81 100644 --- a/src/portal/lib/src/project-policy-config/project-policy-config.component.html +++ b/src/portal/lib/src/project-policy-config/project-policy-config.component.html @@ -89,12 +89,12 @@
- - @@ -102,10 +102,10 @@
- -
@@ -113,12 +113,12 @@
- + {{'CVE_WHITELIST.HELP'|translate}}
-
@@ -144,17 +144,17 @@
- -
-
diff --git a/src/portal/lib/src/project-policy-config/project-policy-config.component.scss b/src/portal/lib/src/project-policy-config/project-policy-config.component.scss index 4b7cab641..05d4bc5d1 100644 --- a/src/portal/lib/src/project-policy-config/project-policy-config.component.scss +++ b/src/portal/lib/src/project-policy-config/project-policy-config.component.scss @@ -17,8 +17,6 @@ width: 222px; color: #0079bb; overflow-y: auto; - white-space: nowrap; - li { height: 24px; line-height: 24px; diff --git a/src/portal/lib/src/project-policy-config/project-policy-config.component.ts b/src/portal/lib/src/project-policy-config/project-policy-config.component.ts index 58a68227e..a6ab59495 100644 --- a/src/portal/lib/src/project-policy-config/project-policy-config.component.ts +++ b/src/portal/lib/src/project-policy-config/project-policy-config.component.ts @@ -170,6 +170,9 @@ export class ProjectPolicyConfigComponent implements OnInit { if (!response.cve_whitelist['expires_at']) { response.cve_whitelist['expires_at'] = null; } + if (!response.metadata.reuse_sys_cve_whitelist) { + response.metadata.reuse_sys_cve_whitelist = "true"; + } if (response && response.cve_whitelist) { this.projectWhitelist = clone(response.cve_whitelist); this.projectWhitelistOrigin = clone(response.cve_whitelist); diff --git a/src/portal/lib/src/replication/replication-tasks/replication-tasks.component.html b/src/portal/lib/src/replication/replication-tasks/replication-tasks.component.html index d441c799b..633f020e6 100644 --- a/src/portal/lib/src/replication/replication-tasks/replication-tasks.component.html +++ b/src/portal/lib/src/replication/replication-tasks/replication-tasks.component.html @@ -92,7 +92,7 @@
- + {{'REPLICATION.TASK_ID'| translate}} {{'REPLICATION.RESOURCE_TYPE' | translate}} {{'REPLICATION.SOURCE' | translate}} @@ -102,7 +102,7 @@ {{'REPLICATION.CREATION_TIME' | translate}} {{'REPLICATION.END_TIME' | translate}} {{'REPLICATION.LOGS' | translate}} - + {{t.id}} {{t.resource_type}} {{t.src_resource}} @@ -118,8 +118,8 @@ - {{pagination.firstItem + 1}} - {{pagination.lastItem +1 }} {{'REPLICATION.OF' | translate}} {{pagination.totalItems }} {{'REPLICATION.ITEMS' | translate}} - + {{pagination.firstItem + 1}} - {{pagination.lastItem +1 }} {{'REPLICATION.OF' | translate}} {{totalCount }} {{'REPLICATION.ITEMS' | translate}} +
diff --git a/src/portal/lib/src/replication/replication-tasks/replication-tasks.component.ts b/src/portal/lib/src/replication/replication-tasks/replication-tasks.component.ts index a9984d47f..d80320319 100644 --- a/src/portal/lib/src/replication/replication-tasks/replication-tasks.component.ts +++ b/src/portal/lib/src/replication/replication-tasks/replication-tasks.component.ts @@ -6,8 +6,9 @@ import { finalize } from "rxjs/operators"; import { Subscription, timer } from "rxjs"; import { ErrorHandler } from "../../error-handler/error-handler"; import { ReplicationJob, ReplicationTasks, Comparator, ReplicationJobItem, State } from "../../service/interface"; -import { CustomComparator, DEFAULT_PAGE_SIZE, calculatePage, doFiltering, doSorting } from "../../utils"; +import { CustomComparator, DEFAULT_PAGE_SIZE } from "../../utils"; import { RequestQueryParams } from "../../service/RequestQueryParams"; +import { REFRESH_TIME_DIFFERENCE } from '../../shared/shared.const'; const executionStatus = 'InProgress'; @Component({ selector: 'replication-tasks', @@ -18,8 +19,8 @@ export class ReplicationTasksComponent implements OnInit, OnDestroy { isOpenFilterTag: boolean; inProgress: boolean = false; currentPage: number = 1; - selectedRow: []; pageSize: number = DEFAULT_PAGE_SIZE; + totalCount: number; loading = true; searchTask: string; defaultFilter = "resource_type"; @@ -47,7 +48,6 @@ export class ReplicationTasksComponent implements OnInit, OnDestroy { ngOnInit(): void { this.searchTask = ''; this.getExecutionDetail(); - this.clrLoadTasks(); } getExecutionDetail(): void { @@ -67,14 +67,17 @@ export class ReplicationTasksComponent implements OnInit, OnDestroy { clrLoadPage(): void { if (!this.timerDelay) { - this.timerDelay = timer(10000, 10000).subscribe(() => { + this.timerDelay = timer(REFRESH_TIME_DIFFERENCE, REFRESH_TIME_DIFFERENCE).subscribe(() => { let count: number = 0; - if (this.executions['status'] === executionStatus) { - count++; - } + if (this.executions['status'] === executionStatus) { + count++; + } if (count > 0) { this.getExecutionDetail(); - this.clrLoadTasks(); + let state: State = { + page: {} + }; + this.clrLoadTasks(state); } else { this.timerDelay.unsubscribe(); this.timerDelay = null; @@ -136,16 +139,30 @@ export class ReplicationTasksComponent implements OnInit, OnDestroy { } } - clrLoadTasks(): void { - this.loading = true; + clrLoadTasks(state: State): void { + if (!state || !state.page || !this.executionId) { + return; + } + let params: RequestQueryParams = new RequestQueryParams(); + params = params.set('page_size', this.pageSize + '').set('page', this.currentPage + ''); if (this.searchTask && this.searchTask !== "") { params = params.set(this.defaultFilter, this.searchTask); } + + this.loading = true; this.replicationService.getReplicationTasks(this.executionId, params) - .pipe(finalize(() => (this.loading = false))) + .pipe(finalize(() => { + this.loading = false; + })) .subscribe(res => { - this.tasks = res; // Keep the data + if (res.headers) { + let xHeader: string = res.headers.get("X-Total-Count"); + if (xHeader) { + this.totalCount = parseInt(xHeader, 0); + } + } + this.tasks = res.body; // Keep the data }, error => { this.errorHandler.error(error); @@ -162,23 +179,20 @@ export class ReplicationTasksComponent implements OnInit, OnDestroy { // refresh icon refreshTasks(): void { - this.loading = true; this.currentPage = 1; - this.replicationService.getReplicationTasks(this.executionId) - .subscribe(res => { - this.tasks = res; - this.loading = false; - }, - error => { - this.loading = false; - this.errorHandler.error(error); - }); + let state: State = { + page: {} + }; + this.clrLoadTasks(state); } public doSearch(value: string): void { + this.currentPage = 1; this.searchTask = value.trim(); - this.loading = true; - this.clrLoadTasks(); + let state: State = { + page: {} + }; + this.clrLoadTasks(state); } openFilter(isOpen: boolean): void { diff --git a/src/portal/lib/src/replication/replication.component.ts b/src/portal/lib/src/replication/replication.component.ts index e211af9ea..1bdbfe200 100644 --- a/src/portal/lib/src/replication/replication.component.ts +++ b/src/portal/lib/src/replication/replication.component.ts @@ -48,7 +48,8 @@ import { import { ConfirmationTargets, ConfirmationButtons, - ConfirmationState + ConfirmationState, + REFRESH_TIME_DIFFERENCE } from "../shared/shared.const"; import { ConfirmationMessage } from "../confirmation-dialog/confirmation-message"; import { ConfirmationDialogComponent } from "../confirmation-dialog/confirmation-dialog.component"; @@ -214,7 +215,7 @@ export class ReplicationComponent implements OnInit, OnDestroy { this.totalCount = response.metadata.xTotalCount; this.jobs = response.data; if (!this.timerDelay) { - this.timerDelay = timer(10000, 10000).subscribe(() => { + this.timerDelay = timer(REFRESH_TIME_DIFFERENCE, REFRESH_TIME_DIFFERENCE).subscribe(() => { let count: number = 0; this.jobs.forEach(job => { if ( diff --git a/src/portal/lib/src/service/interface.ts b/src/portal/lib/src/service/interface.ts index 5de814f2b..17e739d91 100644 --- a/src/portal/lib/src/service/interface.ts +++ b/src/portal/lib/src/service/interface.ts @@ -66,6 +66,8 @@ export interface Tag extends Base { signature?: string; scan_overview?: VulnerabilitySummary; labels: Label[]; + push_time?: string; + pull_time?: string; } /** diff --git a/src/portal/lib/src/service/replication.service.ts b/src/portal/lib/src/service/replication.service.ts index 135f04b8c..3da31077f 100644 --- a/src/portal/lib/src/service/replication.service.ts +++ b/src/portal/lib/src/service/replication.service.ts @@ -296,8 +296,7 @@ export class ReplicationDefaultService extends ReplicationService { } let url: string = `${this._replicateUrl}/executions/${executionId}/tasks`; return this.http - .get(url, - queryParams ? buildHttpRequestOptions(queryParams) : HTTP_GET_OPTIONS) + .get(url, buildHttpRequestOptionsWithObserveResponse(queryParams)) .pipe(map(response => response as ReplicationTasks) , catchError(error => observableThrowError(error))); } diff --git a/src/portal/lib/src/service/tag.service.ts b/src/portal/lib/src/service/tag.service.ts index 9020200f3..336fa2369 100644 --- a/src/portal/lib/src/service/tag.service.ts +++ b/src/portal/lib/src/service/tag.service.ts @@ -140,7 +140,7 @@ export class TagDefaultService extends TagService { queryParams = queryParams = new RequestQueryParams(); } - queryParams = queryParams.set("detail", "1"); + queryParams = queryParams.set("detail", "true"); let url: string = `${this._baseUrl}/${repositoryName}/tags`; return this.http diff --git a/src/portal/lib/src/shared/shared.const.ts b/src/portal/lib/src/shared/shared.const.ts index 8a310b086..ff1935071 100644 --- a/src/portal/lib/src/shared/shared.const.ts +++ b/src/portal/lib/src/shared/shared.const.ts @@ -90,6 +90,7 @@ export const QuotaUnits = [ ]; export const QuotaUnlimited = -1; export const StorageMultipleConstant = 1024; +export const LimitCount = 100000000; export enum QuotaUnit { TB = "TB", GB = "GB", MB = "MB", KB = "KB", BIT = "Byte" } @@ -122,6 +123,8 @@ export const CONFIG_AUTH_MODE = { OIDC_AUTH: "oidc_auth", UAA_AUTH: "uaa_auth" }; +export const QUOTA_DANGER_COEFFICIENT = 0.9; +export const QUOTA_WARNING_COEFFICIENT = 0.7; export const PROJECT_ROOTS = [ { NAME: "admin", @@ -149,3 +152,4 @@ export enum GroupType { LDAP_TYPE = 1, HTTP_TYPE = 2 } +export const REFRESH_TIME_DIFFERENCE = 10000; diff --git a/src/portal/lib/src/tag/tag.component.html b/src/portal/lib/src/tag/tag.component.html index 362030eb2..9df2ddad1 100644 --- a/src/portal/lib/src/tag/tag.component.html +++ b/src/portal/lib/src/tag/tag.component.html @@ -85,8 +85,8 @@ {{'REPOSITORY.CREATED' | translate}} {{'REPOSITORY.DOCKER_VERSION' | translate}} {{'REPOSITORY.LABELS' | translate}} - {{'REPOSITORY.PULL_TIME' | translate}} - {{'REPOSITORY.PUSH_TIME' | translate}} + {{'REPOSITORY.PUSH_TIME' | translate}} + {{'REPOSITORY.PULL_TIME' | translate}} {{'TAG.PLACEHOLDER' | translate }} @@ -125,8 +125,8 @@
- {{t.pull_time | date: 'short'}} {{t.push_time | date: 'short'}} + {{t.pull_time | date: 'short'}} {{pagination.firstItem + 1}} - {{pagination.lastItem + 1}} {{'REPOSITORY.OF' | translate}} {{pagination.totalItems}} {{'REPOSITORY.ITEMS' | translate}}     diff --git a/src/portal/lib/src/tag/tag.component.ts b/src/portal/lib/src/tag/tag.component.ts index b74f790c8..61dd6ac36 100644 --- a/src/portal/lib/src/tag/tag.component.ts +++ b/src/portal/lib/src/tag/tag.component.ts @@ -66,7 +66,7 @@ export interface LabelState { label: Label; show: boolean; } - +export const AVAILABLE_TIME = '0001-01-01T00:00:00Z'; @Component({ selector: 'hbr-tag', templateUrl: './tag.component.html', @@ -107,6 +107,8 @@ export class TagComponent implements OnInit, AfterViewInit { showlabel: boolean; createdComparator: Comparator = new CustomComparator("created", "date"); + pullComparator: Comparator = new CustomComparator("pull_time", "date"); + pushComparator: Comparator = new CustomComparator("push_time", "date"); loading = false; copyFailed = false; @@ -271,7 +273,10 @@ export class TagComponent implements OnInit, AfterViewInit { // Do filtering and sorting this.tags = doFiltering(tags, state); this.tags = doSorting(this.tags, state); - + this.tags = this.tags.map(tag => { + tag.pull_time = tag.pull_time === AVAILABLE_TIME ? '' : tag.pull_time; + return tag; + }); this.loading = false; }, error => { this.loading = false; @@ -539,7 +544,10 @@ export class TagComponent implements OnInit, AfterViewInit { signatures.push(t.name); } }); - this.tags = items; + this.tags = items.map(tag => { + tag.pull_time = tag.pull_time === AVAILABLE_TIME ? '' : tag.pull_time; + return tag; + }); let signedName: { [key: string]: string[] } = {}; signedName[this.repoName] = signatures; this.signatureOutput.emit(signedName); diff --git a/src/portal/lib/src/utils.ts b/src/portal/lib/src/utils.ts index 7c3ede678..a44f889f2 100644 --- a/src/portal/lib/src/utils.ts +++ b/src/portal/lib/src/utils.ts @@ -4,8 +4,9 @@ import { HttpHeaders } from '@angular/common/http'; import { RequestQueryParams } from './service/RequestQueryParams'; import { DebugElement } from '@angular/core'; import { Comparator, State, HttpOptionInterface, HttpOptionTextInterface, QuotaUnitInterface } from './service/interface'; -import { QuotaUnits, StorageMultipleConstant } from './shared/shared.const'; +import { QuotaUnits, StorageMultipleConstant, LimitCount } from './shared/shared.const'; import { AbstractControl } from "@angular/forms"; + /** * Convert the different async channels to the Promise type. * @@ -504,15 +505,30 @@ export const GetIntegerAndUnit = (hardNumber: number, quotaUnitsDeep: QuotaUnitI } } }; -export const validateLimit = (unitContrl) => { - return (control: AbstractControl) => { - if (getByte(control.value, unitContrl.value) > StorageMultipleConstant * StorageMultipleConstant - * StorageMultipleConstant * StorageMultipleConstant * StorageMultipleConstant) { - return { - error: true - }; - } - return null; - }; + +export const validateCountLimit = () => { + return (control: AbstractControl) => { + if (control.value > LimitCount) { + return { + error: true + }; + } + return null; + }; +}; + +export const validateLimit = unitContrl => { + return (control: AbstractControl) => { + if ( + // 1024TB + getByte(control.value, unitContrl.value) > + Math.pow(StorageMultipleConstant, 5) + ) { + return { + error: true + }; + } + return null; + }; }; diff --git a/src/portal/lib/src/vulnerability-scanning/result-bar-chart.component.ts b/src/portal/lib/src/vulnerability-scanning/result-bar-chart.component.ts index d4648a6ce..947ba031c 100644 --- a/src/portal/lib/src/vulnerability-scanning/result-bar-chart.component.ts +++ b/src/portal/lib/src/vulnerability-scanning/result-bar-chart.component.ts @@ -48,8 +48,12 @@ export class ResultBarChartComponent implements OnInit, OnDestroy { ) { } ngOnInit(): void { - if (this.tagStatus === "running") { - this.scanNow(); + if ((this.tagStatus === VULNERABILITY_SCAN_STATUS.running || this.tagStatus === VULNERABILITY_SCAN_STATUS.pending) + && !this.stateCheckTimer) { + // Avoid duplicated subscribing + this.stateCheckTimer = timer(0, STATE_CHECK_INTERVAL).subscribe(() => { + this.getSummary(); + }); } this.scanSubscription = this.channel.scanCommand$.subscribe((tagId: string) => { let myFullTag: string = this.repoName + "/" + this.tagId; diff --git a/src/portal/lib/src/vulnerability-scanning/result-grid.component.ts b/src/portal/lib/src/vulnerability-scanning/result-grid.component.ts index 9ec18a35a..e9740bed8 100644 --- a/src/portal/lib/src/vulnerability-scanning/result-grid.component.ts +++ b/src/portal/lib/src/vulnerability-scanning/result-grid.component.ts @@ -39,7 +39,9 @@ export class ResultGridComponent implements OnInit { this.scanningService.getVulnerabilityScanningResults(repositoryId, tagId) .subscribe((results: VulnerabilityItem[]) => { this.dataCache = results; - this.scanningResults = this.dataCache.filter((item: VulnerabilityItem) => item.id !== ''); + if (results) { + this.scanningResults = this.dataCache.filter((item: VulnerabilityItem) => item.id !== ''); + } }, error => { this.errorHandler.error(error); }); } diff --git a/src/portal/src/app/app.module.ts b/src/portal/src/app/app.module.ts index 5d0cd92f8..bb21b63ae 100644 --- a/src/portal/src/app/app.module.ts +++ b/src/portal/src/app/app.module.ts @@ -33,14 +33,17 @@ import zh from '@angular/common/locales/zh-Hans'; import es from '@angular/common/locales/es'; import localeFr from '@angular/common/locales/fr'; import localePt from '@angular/common/locales/pt-PT'; +import localeTr from '@angular/common/locales/tr'; import { DevCenterComponent } from './dev-center/dev-center.component'; import { VulnerabilityPageComponent } from './vulnerability-page/vulnerability-page.component'; import { GcPageComponent } from './gc-page/gc-page.component'; import { OidcOnboardModule } from './oidc-onboard/oidc-onboard.module'; +import { LicenseModule } from './license/license.module'; registerLocaleData(zh, 'zh-cn'); registerLocaleData(es, 'es-es'); registerLocaleData(localeFr, 'fr-fr'); registerLocaleData(localePt, 'pt-br'); +registerLocaleData(localeTr, 'tr-tr'); export function initConfig(configService: AppConfigService, skinableService: SkinableConfig) { @@ -70,7 +73,8 @@ export function getCurrentLanguage(translateService: TranslateService) { HarborRoutingModule, ConfigurationModule, DeveloperCenterModule, - OidcOnboardModule + OidcOnboardModule, + LicenseModule ], exports: [ ], diff --git a/src/portal/src/app/base/navigator/navigator.component.html b/src/portal/src/app/base/navigator/navigator.component.html index f7721a66e..7c3cc19af 100644 --- a/src/portal/src/app/base/navigator/navigator.component.html +++ b/src/portal/src/app/base/navigator/navigator.component.html @@ -25,6 +25,7 @@ Español Français Português do Brasil + Türkçe diff --git a/src/portal/src/app/harbor-routing.module.ts b/src/portal/src/app/harbor-routing.module.ts index 0c8e10d35..662b51fe9 100644 --- a/src/portal/src/app/harbor-routing.module.ts +++ b/src/portal/src/app/harbor-routing.module.ts @@ -57,6 +57,7 @@ import { ListChartsComponent } from './project/helm-chart/list-charts.component' import { ListChartVersionsComponent } from './project/helm-chart/list-chart-versions/list-chart-versions.component'; import { HelmChartDetailComponent } from './project/helm-chart/helm-chart-detail/chart-detail.component'; import { OidcOnboardComponent } from './oidc-onboard/oidc-onboard.component'; +import { LicenseComponent } from './license/license.component'; import { SummaryComponent } from './project/summary/summary.component'; import { TagRetentionComponent } from "./project/tag-retention/tag-retention.component"; @@ -73,6 +74,10 @@ const harborRoutes: Routes = [ component: OidcOnboardComponent, canActivate: [OidcGuard, SignInGuard] }, + { + path: 'license', + component: LicenseComponent + }, { path: 'harbor/sign-in', component: SignInComponent, diff --git a/src/portal/src/app/license/license.component.html b/src/portal/src/app/license/license.component.html new file mode 100644 index 000000000..caa00cb9e --- /dev/null +++ b/src/portal/src/app/license/license.component.html @@ -0,0 +1 @@ +
{{licenseContent}}
diff --git a/src/portal/src/app/license/license.component.scss b/src/portal/src/app/license/license.component.scss new file mode 100644 index 000000000..6d00fe18b --- /dev/null +++ b/src/portal/src/app/license/license.component.scss @@ -0,0 +1,8 @@ +.license { + display: block; + font-family: monospace; + word-wrap: break-word; + white-space: pre-wrap; + margin: 1em 0px; + font-size: 1rem; +} \ No newline at end of file diff --git a/src/portal/src/app/license/license.component.spec.ts b/src/portal/src/app/license/license.component.spec.ts new file mode 100644 index 000000000..f1d41ee71 --- /dev/null +++ b/src/portal/src/app/license/license.component.spec.ts @@ -0,0 +1,25 @@ +import { async, ComponentFixture, TestBed } from '@angular/core/testing'; + +import { LicenseComponent } from './license.component'; + +describe('LicenseComponent', () => { + let component: LicenseComponent; + let fixture: ComponentFixture; + + beforeEach(async(() => { + TestBed.configureTestingModule({ + declarations: [ LicenseComponent ] + }) + .compileComponents(); + })); + + beforeEach(() => { + fixture = TestBed.createComponent(LicenseComponent); + component = fixture.componentInstance; + fixture.detectChanges(); + }); + + it('should create', () => { + expect(component).toBeTruthy(); + }); +}); diff --git a/src/portal/src/app/license/license.component.ts b/src/portal/src/app/license/license.component.ts new file mode 100644 index 000000000..218b2492a --- /dev/null +++ b/src/portal/src/app/license/license.component.ts @@ -0,0 +1,25 @@ +import { Component, OnInit } from '@angular/core'; +import { HttpClient } from '@angular/common/http'; +import { throwError as observableThrowError } from 'rxjs'; +import { catchError } from 'rxjs/operators'; +import { Title } from '@angular/platform-browser'; +@Component({ + selector: 'app-license', + viewProviders: [Title], + templateUrl: './license.component.html', + styleUrls: ['./license.component.scss'] +}) +export class LicenseComponent implements OnInit { + + constructor( + private http: HttpClient + ) { } + public licenseContent: any; + ngOnInit() { + this.http.get("/LICENSE", { responseType: 'text'}) + .pipe(catchError(error => observableThrowError(error))) + .subscribe(json => { + this.licenseContent = json; + }); + } +} diff --git a/src/portal/src/app/license/license.module.ts b/src/portal/src/app/license/license.module.ts new file mode 100644 index 000000000..543dcddc4 --- /dev/null +++ b/src/portal/src/app/license/license.module.ts @@ -0,0 +1,11 @@ +import { NgModule } from '@angular/core'; +import { CommonModule } from '@angular/common'; +import { LicenseComponent } from './license.component'; + +@NgModule({ + declarations: [LicenseComponent], + imports: [ + CommonModule + ] +}) +export class LicenseModule { } diff --git a/src/portal/src/app/project/create-project/create-project.component.html b/src/portal/src/app/project/create-project/create-project.component.html index e3fa55024..1d9c8e068 100644 --- a/src/portal/src/app/project/create-project/create-project.component.html +++ b/src/portal/src/app/project/create-project/create-project.component.html @@ -35,11 +35,11 @@
- - +
- - + - diff --git a/src/portal/src/app/project/create-project/create-project.component.ts b/src/portal/src/app/project/create-project/create-project.component.ts index eff57e473..aa662176a 100644 --- a/src/portal/src/app/project/create-project/create-project.component.ts +++ b/src/portal/src/app/project/create-project/create-project.component.ts @@ -34,7 +34,7 @@ import { InlineAlertComponent } from "../../shared/inline-alert/inline-alert.com import { Project } from "../project"; import { ProjectService, QuotaUnits, QuotaHardInterface, QuotaUnlimited, getByte - , GetIntegerAndUnit, clone, StorageMultipleConstant, validateLimit} from "@harbor/ui"; + , GetIntegerAndUnit, clone, StorageMultipleConstant, validateLimit, validateCountLimit} from "@harbor/ui"; import { errorHandler } from '@angular/platform-browser/src/browser'; @Component({ @@ -118,17 +118,23 @@ export class CreateProjectComponent implements OnInit, OnChanges, OnDestroy { this.storageDefaultLimit = this.storageLimit; this.storageDefaultLimitUnit = this.storageLimitUnit; if (this.isSystemAdmin) { - this.currentForm.form.controls['create_project_storage-limit'].setValidators( + this.currentForm.form.controls['create_project_storage_limit'].setValidators( [ Validators.required, Validators.pattern('(^-1$)|(^([1-9]+)([0-9]+)*$)'), - validateLimit(this.currentForm.form.controls['create_project_storage-limit-unit']) + validateLimit(this.currentForm.form.controls['create_project_storage_limit_unit']) ]); + this.currentForm.form.controls['create_project_count_limit'].setValidators( + [ + Validators.required, + Validators.pattern('(^-1$)|(^([1-9]+)([0-9]+)*$)'), + validateCountLimit() + ]); } this.currentForm.form.valueChanges .pipe(distinctUntilChanged((a, b) => JSON.stringify(a) === JSON.stringify(b))) .subscribe((data) => { - ['create_project_storage-limit', 'create_project_storage-limit-unit'].forEach(fieldName => { + ['create_project_storage_limit', 'create_project_storage_limit_unit', 'create_project_count_limit'].forEach(fieldName => { if (this.currentForm.form.get(fieldName) && this.currentForm.form.get(fieldName).value !== null) { this.currentForm.form.get(fieldName).updateValueAndValidity(); } diff --git a/src/portal/src/app/project/robot-account/robot-account.service.ts b/src/portal/src/app/project/robot-account/robot-account.service.ts index 9898b0998..4438a4b27 100644 --- a/src/portal/src/app/project/robot-account/robot-account.service.ts +++ b/src/portal/src/app/project/robot-account/robot-account.service.ts @@ -26,23 +26,23 @@ export class RobotService { ) { } /** addRobotAccount - * projecId + * projectId * robot: Robot * projectName */ - public addRobotAccount(projecId: number, robot: Robot, projectName: string): Observable { + public addRobotAccount(projectId: number, robot: Robot, projectName: string): Observable { let access = []; if (robot.access.isPullImage) { - access.push({ "resource": `/project/${projectName}/repository`, "action": "pull" }); + access.push({ "resource": `/project/${projectId}/repository`, "action": "pull" }); } if (robot.access.isPushOrPullImage) { - access.push({ "resource": `/project/${projectName}/repository`, "action": "push" }); + access.push({ "resource": `/project/${projectId}/repository`, "action": "push" }); } if (robot.access.isPullChart) { - access.push({ "resource": `/project/${projectName}/helm-chart`, "action": "read" }); + access.push({ "resource": `/project/${projectId}/helm-chart`, "action": "read" }); } if (robot.access.isPushChart) { - access.push({ "resource": `/project/${projectName}/helm-chart-version`, "action": "create" }); + access.push({ "resource": `/project/${projectId}/helm-chart-version`, "action": "create" }); } let param = { @@ -51,25 +51,25 @@ export class RobotService { access }; - return this.robotApiRepository.postRobot(projecId, param); + return this.robotApiRepository.postRobot(projectId, param); } - public deleteRobotAccount(projecId, id): Observable { - return this.robotApiRepository.deleteRobot(projecId, id); + public deleteRobotAccount(projectId, id): Observable { + return this.robotApiRepository.deleteRobot(projectId, id); } - public listRobotAccount(projecId): Observable { - return this.robotApiRepository.listRobot(projecId); + public listRobotAccount(projectId): Observable { + return this.robotApiRepository.listRobot(projectId); } - public getRobotAccount(projecId, id): Observable { - return this.robotApiRepository.getRobot(projecId, id); + public getRobotAccount(projectId, id): Observable { + return this.robotApiRepository.getRobot(projectId, id); } - public toggleDisabledAccount(projecId, id, isDisabled): Observable { + public toggleDisabledAccount(projectId, id, isDisabled): Observable { let data = { Disabled: isDisabled }; - return this.robotApiRepository.toggleDisabledAccount(projecId, id, data); + return this.robotApiRepository.toggleDisabledAccount(projectId, id, data); } } diff --git a/src/portal/src/app/project/summary/summary.component.html b/src/portal/src/app/project/summary/summary.component.html index d53588b42..70d640c1a 100644 --- a/src/portal/src/app/project/summary/summary.component.html +++ b/src/portal/src/app/project/summary/summary.component.html @@ -35,7 +35,8 @@
-
+
@@ -58,7 +59,8 @@
+ [class.danger]="summaryInformation?.quota?.hard?.storage!==-1?summaryInformation?.quota?.used?.storage/summaryInformation?.quota?.hard?.storage>quotaDangerCoefficient:false" + [class.warning]="summaryInformation?.quota?.hard?.storage!==-1?summaryInformation?.quota?.used?.storage/summaryInformation?.quota?.hard?.storage<=quotaDangerCoefficient&&summaryInformation?.quota?.used?.storage/summaryInformation?.quota?.hard?.storage>=quotaWarningCoefficient:false"> diff --git a/src/portal/src/app/project/summary/summary.component.scss b/src/portal/src/app/project/summary/summary.component.scss index 3ce73946c..7f53fb84a 100644 --- a/src/portal/src/app/project/summary/summary.component.scss +++ b/src/portal/src/app/project/summary/summary.component.scss @@ -36,4 +36,19 @@ progress { max-height: 0.48rem; } +} +::ng-deep { + .progress { + &.warning>progress { + color: orange; + + &::-webkit-progress-value { + background-color: orange; + } + + &::-moz-progress-bar { + background-color: orange; + } + } + } } \ No newline at end of file diff --git a/src/portal/src/app/project/summary/summary.component.ts b/src/portal/src/app/project/summary/summary.component.ts index 00bdaf146..457d7fbb2 100644 --- a/src/portal/src/app/project/summary/summary.component.ts +++ b/src/portal/src/app/project/summary/summary.component.ts @@ -1,9 +1,9 @@ -import { Component, OnInit, Input } from '@angular/core'; -import { ProjectService, clone, QuotaUnits, getSuitableUnit, ErrorHandler, GetIntegerAndUnit } from '@harbor/ui'; -import { Router, ActivatedRoute } from '@angular/router'; -import { forkJoin } from 'rxjs'; +import { Component, OnInit } from '@angular/core'; +import { ProjectService, clone, QuotaUnits, getSuitableUnit, ErrorHandler, GetIntegerAndUnit + , QUOTA_DANGER_COEFFICIENT, QUOTA_WARNING_COEFFICIENT } from '@harbor/ui'; +import { ActivatedRoute } from '@angular/router'; + import { AppConfigService } from "../../app-config.service"; -export const riskRatio = 0.9; @Component({ selector: 'summary', templateUrl: './summary.component.html', @@ -12,6 +12,8 @@ export const riskRatio = 0.9; export class SummaryComponent implements OnInit { projectId: number; summaryInformation: any; + quotaDangerCoefficient: number = QUOTA_DANGER_COEFFICIENT; + quotaWarningCoefficient: number = QUOTA_WARNING_COEFFICIENT; constructor( private projectService: ProjectService, private errorHandler: ErrorHandler, diff --git a/src/portal/src/app/project/tag-retention/add-rule/add-rule.component.html b/src/portal/src/app/project/tag-retention/add-rule/add-rule.component.html index 397883cab..87a961d79 100644 --- a/src/portal/src/app/project/tag-retention/add-rule/add-rule.component.html +++ b/src/portal/src/app/project/tag-retention/add-rule/add-rule.component.html @@ -63,7 +63,7 @@
@@ -81,32 +81,6 @@
-
-
-
- -
-
-
- -
-
-
-
- -
-
-
-
-
-
- {{'TAG_RETENTION.REP_LABELS' | translate}} -
-
-
diff --git a/src/portal/src/app/project/tag-retention/add-rule/add-rule.component.ts b/src/portal/src/app/project/tag-retention/add-rule/add-rule.component.ts index c08c71e11..271c8c1d0 100644 --- a/src/portal/src/app/project/tag-retention/add-rule/add-rule.component.ts +++ b/src/portal/src/app/project/tag-retention/add-rule/add-rule.component.ts @@ -68,7 +68,13 @@ export class AddRuleComponent implements OnInit, OnDestroy { } set num(num) { - this.rule.params[this.template] = parseInt(num, 10); + if (num) { + num = num.trim(); + } + if (parseInt(num, 10) > 0) { + num = parseInt(num, 10); + } + this.rule.params[this.template] = num; } get repoSelect() { @@ -128,8 +134,8 @@ export class AddRuleComponent implements OnInit, OnDestroy { } canNotAdd(): boolean { - if (!this.isAdd) { - return compareValue(this.editRuleOrigin, this.rule); + if (!this.isAdd && compareValue(this.editRuleOrigin, this.rule)) { + return true; } if (!this.hasParam()) { return !(this.rule.template @@ -138,6 +144,7 @@ export class AddRuleComponent implements OnInit, OnDestroy { } else { return !(this.rule.template && this.rule.params[this.template] + && parseInt(this.rule.params[this.template], 10) >= 0 && this.rule.scope_selectors.repository[0].pattern && this.rule.tag_selectors[0].pattern); } diff --git a/src/portal/src/app/project/tag-retention/retention.ts b/src/portal/src/app/project/tag-retention/retention.ts index b2427751e..8d30f5879 100644 --- a/src/portal/src/app/project/tag-retention/retention.ts +++ b/src/portal/src/app/project/tag-retention/retention.ts @@ -16,6 +16,7 @@ export class Retention { rules: Array; trigger: { kind: string; + references: object; settings: { cron: string; } @@ -31,8 +32,9 @@ export class Retention { this.algorithm = "or"; this.trigger = { kind: "Schedule", + references: {}, settings: { - cron: "0 0 0 * * *", + cron: "", } }; } @@ -68,11 +70,6 @@ export class Rule { kind: 'doublestar', decoration: 'matches', pattern: '**' - }, - { - kind: 'label', - decoration: "withLabels", - pattern: null } ]; } diff --git a/src/portal/src/app/project/tag-retention/tag-retention.component.html b/src/portal/src/app/project/tag-retention/tag-retention.component.html index 580b6a074..8a3d35204 100644 --- a/src/portal/src/app/project/tag-retention/tag-retention.component.html +++ b/src/portal/src/app/project/tag-retention/tag-retention.component.html @@ -11,27 +11,27 @@
  • - - + +
    +
    + + + + +
    +
    - -
    -
    - - - - -
    -
    + +     - + {{'TAG_RETENTION.IN_REPOSITORIES' | translate}} {{getI18nKey(rule?.scope_selectors?.repository[0]?.decoration)|translate}} {{formatPattern(rule?.scope_selectors?.repository[0]?.pattern)}} @@ -64,11 +64,11 @@
    - +
    -
    +
    @@ -174,7 +184,7 @@
    + [clrModalStaticBackdrop]="true" [clrModalClosable]="true">

    {{'TAG_RETENTION.RETENTION_RUN_ABORTED' | translate}}

    {{'TAG_RETENTION.RETENTION_RUN_ABORTED_EXPLAIN' | translate}}

    @@ -184,4 +194,25 @@ (click)="abortRetention()">{{'BUTTON.OK' | translate}}
    + +

    {{'TAG_RETENTION.SCHEDULE' | translate}}

    +
    + +
    +
    + +
    +
    \ No newline at end of file diff --git a/src/portal/src/app/project/tag-retention/tag-retention.component.scss b/src/portal/src/app/project/tag-retention/tag-retention.component.scss index abab3d670..1a0a4ce41 100644 --- a/src/portal/src/app/project/tag-retention/tag-retention.component.scss +++ b/src/portal/src/app/project/tag-retention/tag-retention.component.scss @@ -57,4 +57,7 @@ } .font-size-54 { font-size: .541667rem; +} +.padding-left-4 { + padding-left: 4px; } \ No newline at end of file diff --git a/src/portal/src/app/project/tag-retention/tag-retention.component.ts b/src/portal/src/app/project/tag-retention/tag-retention.component.ts index f5fa9a10f..a39ec13c6 100644 --- a/src/portal/src/app/project/tag-retention/tag-retention.component.ts +++ b/src/portal/src/app/project/tag-retention/tag-retention.component.ts @@ -58,6 +58,8 @@ export class TagRetentionComponent implements OnInit { projectId: number; isRetentionRunOpened: boolean = false; isAbortedOpened: boolean = false; + isConfirmOpened: boolean = false; + cron: string; selectedItem: any = null; ruleIndex: number = -1; index: number = -1; @@ -84,8 +86,8 @@ export class TagRetentionComponent implements OnInit { } originCron(): OriginCron { let originCron: OriginCron = { - type: SCHEDULE_TYPE.DAILY, - cron: "0 0 0 * * *" + type: SCHEDULE_TYPE.NONE, + cron: "" }; originCron.cron = this.retention.trigger.settings.cron; if (originCron.cron === "") { @@ -118,6 +120,18 @@ export class TagRetentionComponent implements OnInit { this.getRetention(); this.getMetadata(); } + openConfirm(cron: string) { + if (cron) { + this.isConfirmOpened = true; + this.cron = cron; + } else { + this.updateCron(cron); + } + } + closeConfirm() { + this.isConfirmOpened = false; + this.updateCron(this.cron); + } updateCron(cron: string) { let retention: Retention = clone(this.retention); retention.trigger.settings.cron = cron; @@ -133,7 +147,7 @@ export class TagRetentionComponent implements OnInit { this.tagRetentionService.updateRetention(this.retentionId, retention).subscribe( response => { this.cronScheduleComponent.isEditMode = false; - this.retention = retention; + this.getRetention(); }, error => { this.errorHandler.error(error); }); @@ -169,15 +183,14 @@ export class TagRetentionComponent implements OnInit { this.addRuleComponent.isAdd = false; this.ruleIndex = -1; } - toggleDisable(index, isActionDisable) { + toggleDisable(index, isActionDisable) { let retention: Retention = clone(this.retention); retention.rules[index].disabled = isActionDisable; this.ruleIndex = -1; this.loadingRule = true; this.tagRetentionService.updateRetention(this.retentionId, retention).subscribe( response => { - this.loadingRule = false; - this.retention = retention; + this.getRetention(); }, error => { this.loadingRule = false; this.errorHandler.error(error); @@ -186,12 +199,15 @@ export class TagRetentionComponent implements OnInit { deleteRule(index) { let retention: Retention = clone(this.retention); retention.rules.splice(index, 1); + // if rules is empty, clear schedule. + if (retention.rules && retention.rules.length === 0) { + retention.trigger.settings.cron = ""; + } this.ruleIndex = -1; this.loadingRule = true; this.tagRetentionService.updateRetention(this.retentionId, retention).subscribe( response => { - this.loadingRule = false; - this.retention = retention; + this.getRetention(); }, error => { this.loadingRule = false; this.errorHandler.error(error); @@ -340,8 +356,7 @@ export class TagRetentionComponent implements OnInit { } else { this.tagRetentionService.updateRetention(this.retentionId, retention).subscribe( response => { - this.loadingRule = false; - this.retention = retention; + this.getRetention(); }, error => { this.loadingRule = false; this.errorHandler.error(error); @@ -352,8 +367,7 @@ export class TagRetentionComponent implements OnInit { retention.rules[this.editIndex] = rule; this.tagRetentionService.updateRetention(this.retentionId, retention).subscribe( response => { - this.retention = retention; - this.loadingRule = false; + this.getRetention(); }, error => { this.errorHandler.error(error); this.loadingRule = false; diff --git a/src/portal/src/app/project/tag-retention/tag-retention.service.ts b/src/portal/src/app/project/tag-retention/tag-retention.service.ts index 0792fb622..76940c324 100644 --- a/src/portal/src/app/project/tag-retention/tag-retention.service.ts +++ b/src/portal/src/app/project/tag-retention/tag-retention.service.ts @@ -28,8 +28,8 @@ export class TagRetentionService { "latestPushedK": "RULE_NAME_3", "latestPulledN": "RULE_NAME_4", "always": "RULE_NAME_5", - "dayspl": "RULE_NAME_6", - "daysps": "RULE_NAME_7", + "nDaysSinceLastPull": "RULE_NAME_6", + "nDaysSinceLastPush": "RULE_NAME_7", "the images from the last # days": "RULE_TEMPLATE_1", "the most recent active # images": "RULE_TEMPLATE_2", "the most recently pushed # images": "RULE_TEMPLATE_3", diff --git a/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.html b/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.html index 29073e9be..a7efb71a4 100644 --- a/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.html +++ b/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.html @@ -1,4 +1,5 @@
    +
    @@ -39,7 +40,7 @@
    - +
    diff --git a/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.scss b/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.scss index a91cb90b1..d6ba4a2d0 100644 --- a/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.scss +++ b/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.scss @@ -1,12 +1,3 @@ -.align-center { - text-align: center; -} - -.webhook-section { - margin-left: calc(50% - 10rem); - text-align: left; -} - .icon-tooltip { margin-top: 4px; } \ No newline at end of file diff --git a/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.ts b/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.ts index 96d23ecb1..3bcce9618 100644 --- a/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.ts +++ b/src/portal/src/app/project/webhook/add-webhook-form/add-webhook-form.component.ts @@ -14,6 +14,7 @@ import {ClrLoadingState} from "@clr/angular"; import { finalize } from "rxjs/operators"; import { WebhookService } from "../webhook.service"; import { WebhookEventTypes } from '../../../shared/shared.const'; +import { InlineAlertComponent } from "../../../shared/inline-alert/inline-alert.component"; import { MessageHandlerService } from "../../../shared/message-handler/message-handler.service"; @Component({ @@ -37,6 +38,7 @@ export class AddWebhookFormComponent implements OnInit, OnChanges { @Output() edit = new EventEmitter(); @Output() close = new EventEmitter(); @ViewChild("webhookForm") currentForm: NgForm; + @ViewChild(InlineAlertComponent) inlineAlert: InlineAlertComponent; constructor( @@ -64,11 +66,21 @@ export class AddWebhookFormComponent implements OnInit, OnChanges { .pipe(finalize(() => (this.checking = false))) .subscribe( response => { - this.checkBtnState = ClrLoadingState.SUCCESS; + if (this.isModify) { + this.inlineAlert.showInlineSuccess({ + message: "WEBHOOK.TEST_ENDPOINT_SUCCESS" + }); + } else { + this.checkBtnState = ClrLoadingState.SUCCESS; + } }, error => { - this.checkBtnState = ClrLoadingState.DEFAULT; - this.messageHandlerService.handleError(error); + if (this.isModify) { + this.inlineAlert.showInlineError("WEBHOOK.TEST_ENDPOINT_FAILURE"); + } else { + this.checkBtnState = ClrLoadingState.DEFAULT; + this.messageHandlerService.handleError(error); + } } ); } @@ -92,7 +104,9 @@ export class AddWebhookFormComponent implements OnInit, OnChanges { this.edit.emit(this.isModify); }, error => { - this.messageHandlerService.handleError(error); + this.isModify + ? this.inlineAlert.showInlineError(error) + : this.messageHandlerService.handleError(error); } ); } diff --git a/src/portal/src/app/project/webhook/webhook.component.html b/src/portal/src/app/project/webhook/webhook.component.html index 6a8ad2ce5..ff6d92769 100644 --- a/src/portal/src/app/project/webhook/webhook.component.html +++ b/src/portal/src/app/project/webhook/webhook.component.html @@ -1,4 +1,7 @@ -
    +
    + +
    +
    @@ -20,7 +23,7 @@ {{'WEBHOOK.STATUS' | translate}} {{'WEBHOOK.CREATED' | translate}} {{'WEBHOOK.LAST_TRIGGERED' | translate}} - + {{item.event_type}}
    @@ -37,6 +40,7 @@ 1 - {{lastTriggerCount}} {{'WEBHOOK.OF' | translate}} {{lastTriggerCount}} {{'WEBHOOK.ITEMS' | translate}} +
    diff --git a/src/portal/src/app/project/webhook/webhook.component.scss b/src/portal/src/app/project/webhook/webhook.component.scss index c9254f6e1..14bc6e654 100644 --- a/src/portal/src/app/project/webhook/webhook.component.scss +++ b/src/portal/src/app/project/webhook/webhook.component.scss @@ -8,11 +8,11 @@ .webhook-form-wrap { width: 19rem; - margin: 0 auto; + margin: 0 ; } .create-text { - margin: 0 auto; + margin: 0; width: 19rem; } @@ -34,4 +34,8 @@ .enabled-icon { margin: -2px 5px 0 0; -} \ No newline at end of file +} +.center { + justify-content: center; + align-items: center; +} diff --git a/src/portal/src/app/project/webhook/webhook.component.ts b/src/portal/src/app/project/webhook/webhook.component.ts index d19759f46..dddf7eb4a 100644 --- a/src/portal/src/app/project/webhook/webhook.component.ts +++ b/src/portal/src/app/project/webhook/webhook.component.ts @@ -50,6 +50,7 @@ export class WebhookComponent implements OnInit { isEnabled: boolean; loading: boolean = false; showCreate: boolean = false; + loadingWebhook: boolean = true; projectId: number; projectName: string; constructor( @@ -92,6 +93,7 @@ export class WebhookComponent implements OnInit { getWebhook(projectId: number) { this.webhookService .listWebhook(projectId) + .pipe(finalize(() => (this.loadingWebhook = false))) .subscribe( response => { if (response.length) { diff --git a/src/portal/src/app/shared/about-dialog/about-dialog.component.html b/src/portal/src/app/shared/about-dialog/about-dialog.component.html index 3734a76e0..75ec45695 100644 --- a/src/portal/src/app/shared/about-dialog/about-dialog.component.html +++ b/src/portal/src/app/shared/about-dialog/about-dialog.component.html @@ -11,7 +11,7 @@
    diff --git a/src/portal/src/app/shared/shared.const.ts b/src/portal/src/app/shared/shared.const.ts index bb3f7146c..07ed9a844 100644 --- a/src/portal/src/app/shared/shared.const.ts +++ b/src/portal/src/app/shared/shared.const.ts @@ -11,14 +11,15 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -export const supportedLangs = ['en-us', 'zh-cn', 'es-es', 'fr-fr', 'pt-br']; +export const supportedLangs = ['en-us', 'zh-cn', 'es-es', 'fr-fr', 'pt-br', 'tr-tr']; export const enLang = "en-us"; export const languageNames = { "en-us": "English", "zh-cn": "中文简体", "es-es": "Español", "fr-fr": "Français", - "pt-br": "Português do Brasil" + "pt-br": "Português do Brasil", + "tr-tr": "Türkçe" }; export const enum AlertType { DANGER, WARNING, INFO, SUCCESS diff --git a/src/portal/src/app/user/user.component.html b/src/portal/src/app/user/user.component.html index 9e855c479..fcec60f99 100644 --- a/src/portal/src/app/user/user.component.html +++ b/src/portal/src/app/user/user.component.html @@ -33,7 +33,7 @@ {{user.creation_time | date: 'short'}} - {{pagination.firstItem + 1}} - {{pagination.lastItem + 1}} {{'USER.OF' | translate }} + {{pagination.firstItem + 1}} - {{pagination.lastItem + 1}} {{'USER.OF' | translate }} {{pagination.totalItems}} {{'USER.ITEMS' | translate }} diff --git a/src/portal/src/i18n/lang/en-us-lang.json b/src/portal/src/i18n/lang/en-us-lang.json index f174394fd..e7a751b16 100644 --- a/src/portal/src/i18n/lang/en-us-lang.json +++ b/src/portal/src/i18n/lang/en-us-lang.json @@ -226,9 +226,9 @@ "OF": "of", "COUNT_QUOTA": "Count quota", "STORAGE_QUOTA": "Storage quota", - "COUNT_QUOTA_TIP": "The upper limit of Count Quota should be integers.", - "STORAGE_QUOTA_TIP": "The upper limit of Storage Quota should be integers,and maximum upper limit is 1024TB", - "QUOTA_UNLIMIT_TIP": "If you want to unlimited this quota, please input -1." + "COUNT_QUOTA_TIP": "Please enter an integer between '1' & '100,000,000', '-1' for unlimited.", + "STORAGE_QUOTA_TIP": "The upper limit of Storage Quota only takes integer values, capped at '1024TB'. Enter '-1' for unlimited quota", + "QUOTA_UNLIMIT_TIP": "For unlimited quota, please enter '-1'." }, "PROJECT_DETAIL": { "SUMMARY": "Summary", @@ -341,8 +341,8 @@ }, "WEBHOOK": { "EDIT_BUTTON": "EDIT", - "ENABLED_BUTTON": "ENABLED", - "DISABLED_BUTTON": "DISABLED", + "ENABLED_BUTTON": "ENABLE", + "DISABLED_BUTTON": "DISABLE", "TYPE": "Webhook", "STATUS": "Status", "CREATED": "Created", @@ -362,6 +362,8 @@ "TEST_ENDPOINT_BUTTON": "TEST ENDPOINT", "CANCEL_BUTTON": "CANCEL", "SAVE_BUTTON": "SAVE", + "TEST_ENDPOINT_SUCCESS": "Connection tested successfully.", + "TEST_ENDPOINT_FAILURE": "Failed to ping endpoint.", "ENABLED_WEBHOOK_TITLE": "Enable Project Webhooks", "ENABLED_WEBHOOK_SUMMARY": "Do you want to enable webhooks for project ", "DISABLED_WEBHOOK_TITLE": "Disable Project Webhooks", @@ -1124,8 +1126,8 @@ "EXPIRES_AT": "Expires at", "NEVER_EXPIRES": "Never expires", "PRO_WHITELIST_EXPLAIN": "Project whitelist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.", - "PRO_OR_SYS": "Use the system whitelist as is or select “Project whitelist” to create a new whitelist.", - "MERGE_INTO": "Merge the system whitelist into this project, add individual CVE IDs.", + "PRO_OR_SYS": "You can either use the default whitelist configured at the system level or click on 'Project whitelist' to create a new whitelist", + "MERGE_INTO": "Add individual CVE IDs before clicking 'ADD SYSTEM' to add system whitelist as well.", "SYS_WHITELIST": "System whitelist", "PRO_WHITELIST": "Project whitelist", "ADD_SYSTEM": "ADD SYSTEM" @@ -1206,7 +1208,9 @@ "RULE_NAME_6": " the images pulled within the last {{number}} days", "RULE_NAME_7": " the images pushed within the last {{number}} days", "RULE_TEMPLATE_6": " the images pulled within the last # days", - "RULE_TEMPLATE_7": " the images pushed within the last # days" + "RULE_TEMPLATE_7": " the images pushed within the last # days", + "SCHEDULE": "Schedule", + "SCHEDULE_WARNING": "Executing the retention policy can have adverse effects to the images in this project and affected image tags will be deleted." } } diff --git a/src/portal/src/i18n/lang/es-es-lang.json b/src/portal/src/i18n/lang/es-es-lang.json index 2bc164682..9104253f4 100644 --- a/src/portal/src/i18n/lang/es-es-lang.json +++ b/src/portal/src/i18n/lang/es-es-lang.json @@ -227,9 +227,9 @@ "OF": "of", "COUNT_QUOTA": "Count quota", "STORAGE_QUOTA": "Storage quota", - "COUNT_QUOTA_TIP": "The upper limit of Count Quota should be integers.", - "STORAGE_QUOTA_TIP": "The upper limit of Storage Quota should be integers,and maximum upper limit is 1024TB", - "QUOTA_UNLIMIT_TIP": "If you want to unlimited this quota, please input -1." + "COUNT_QUOTA_TIP": "Please enter an integer between '1' & '100,000,000', '-1' for unlimited", + "STORAGE_QUOTA_TIP": "The upper limit of Storage Quota only takes integer values, capped at '1024TB'. Enter '-1' for unlimited quota", + "QUOTA_UNLIMIT_TIP": "For unlimited quota, please enter '-1'." }, "PROJECT_DETAIL": { "SUMMARY": "Summary", @@ -342,8 +342,8 @@ }, "WEBHOOK": { "EDIT_BUTTON": "EDIT", - "ENABLED_BUTTON": "ENABLED", - "DISABLED_BUTTON": "DISABLED", + "ENABLED_BUTTON": "ENABLE", + "DISABLED_BUTTON": "DISABLE", "TYPE": "Webhook", "STATUS": "Status", "CREATED": "Created", @@ -363,6 +363,8 @@ "TEST_ENDPOINT_BUTTON": "TEST ENDPOINT", "CANCEL_BUTTON": "CANCEL", "SAVE_BUTTON": "SAVE", + "TEST_ENDPOINT_SUCCESS": "Connection tested successfully.", + "TEST_ENDPOINT_FAILURE": "Failed to ping endpoint.", "ENABLED_WEBHOOK_TITLE": "Enable Project Webhooks", "ENABLED_WEBHOOK_SUMMARY": "Do you want to enable webhooks for project ", "DISABLED_WEBHOOK_TITLE": "Disable Project Webhooks", @@ -1121,8 +1123,8 @@ "EXPIRES_AT": "Expires at", "NEVER_EXPIRES": "Never expires", "PRO_WHITELIST_EXPLAIN": "Project whitelist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.", - "PRO_OR_SYS": "Use the system whitelist as is or select “Project whitelist” to create a new whitelist.", - "MERGE_INTO": "Merge the system whitelist into this project, add individual CVE IDs.", + "PRO_OR_SYS": "You can either use the default whitelist configured at the system level or click on 'Project whitelist' to create a new whitelist", + "MERGE_INTO": "Add individual CVE IDs before clicking 'ADD SYSTEM' to add system whitelist as well.", "SYS_WHITELIST": "System whitelist", "PRO_WHITELIST": "Project whitelist", "ADD_SYSTEM": "ADD SYSTEM" @@ -1203,7 +1205,9 @@ "RULE_NAME_6": " the images pulled within the last {{number}} days", "RULE_NAME_7": " the images pushed within the last {{number}} days", "RULE_TEMPLATE_6": " the images pulled within the last # days", - "RULE_TEMPLATE_7": " the images pushed within the last # days" + "RULE_TEMPLATE_7": " the images pushed within the last # days", + "SCHEDULE": "Schedule", + "SCHEDULE_WARNING": "Executing the retention policy can have adverse effects to the images in this project and affected image tags will be deleted." } } diff --git a/src/portal/src/i18n/lang/fr-fr-lang.json b/src/portal/src/i18n/lang/fr-fr-lang.json index 37195e3bf..a6dec954b 100644 --- a/src/portal/src/i18n/lang/fr-fr-lang.json +++ b/src/portal/src/i18n/lang/fr-fr-lang.json @@ -220,9 +220,9 @@ "OF": "de", "COUNT_QUOTA": "Count quota", "STORAGE_QUOTA": "Storage quota", - "COUNT_QUOTA_TIP": "The upper limit of Count Quota should be integers.", - "STORAGE_QUOTA_TIP": "The upper limit of Storage Quota should be integers,and maximum upper limit is 1024TB", - "QUOTA_UNLIMIT_TIP": "If you want to unlimited this quota, please input -1." + "COUNT_QUOTA_TIP": "Please enter an integer between '1' & '100,000,000', '-1' for unlimited", + "STORAGE_QUOTA_TIP": "The upper limit of Storage Quota only takes integer values, capped at '1024TB'. Enter '-1' for unlimited quota", + "QUOTA_UNLIMIT_TIP": "For unlimited quota, please enter '-1'." }, "PROJECT_DETAIL": { "SUMMARY": "Summary", @@ -334,8 +334,8 @@ }, "WEBHOOK": { "EDIT_BUTTON": "EDIT", - "ENABLED_BUTTON": "ENABLED", - "DISABLED_BUTTON": "DISABLED", + "ENABLED_BUTTON": "ENABLE", + "DISABLED_BUTTON": "DISABLE", "TYPE": "Webhook", "STATUS": "Status", "CREATED": "Created", @@ -355,6 +355,8 @@ "TEST_ENDPOINT_BUTTON": "TEST ENDPOINT", "CANCEL_BUTTON": "CANCEL", "SAVE_BUTTON": "SAVE", + "TEST_ENDPOINT_SUCCESS": "Connection tested successfully.", + "TEST_ENDPOINT_FAILURE": "Failed to ping endpoint.", "ENABLED_WEBHOOK_TITLE": "Enable Project Webhooks", "ENABLED_WEBHOOK_SUMMARY": "Do you want to enable webhooks for project ", "DISABLED_WEBHOOK_TITLE": "Disable Project Webhooks", @@ -1093,8 +1095,8 @@ "EXPIRES_AT": "Expires at", "NEVER_EXPIRES": "Never expires", "PRO_WHITELIST_EXPLAIN": "Project whitelist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.", - "PRO_OR_SYS": "Use the system whitelist as is or select “Project whitelist” to create a new whitelist.", - "MERGE_INTO": "Merge the system whitelist into this project, add individual CVE IDs.", + "PRO_OR_SYS": "You can either use the default whitelist configured at the system level or click on 'Project whitelist' to create a new whitelist", + "MERGE_INTO": "Add individual CVE IDs before clicking 'ADD SYSTEM' to add system whitelist as well.", "SYS_WHITELIST": "System whitelist", "PRO_WHITELIST": "Project whitelist", "ADD_SYSTEM": "ADD SYSTEM" @@ -1175,7 +1177,9 @@ "RULE_NAME_6": " the images pulled within the last {{number}} days", "RULE_NAME_7": " the images pushed within the last {{number}} days", "RULE_TEMPLATE_6": " the images pulled within the last # days", - "RULE_TEMPLATE_7": " the images pushed within the last # days" + "RULE_TEMPLATE_7": " the images pushed within the last # days", + "SCHEDULE": "Schedule", + "SCHEDULE_WARNING": "Executing the retention policy can have adverse effects to the images in this project and affected image tags will be deleted." } } diff --git a/src/portal/src/i18n/lang/pt-br-lang.json b/src/portal/src/i18n/lang/pt-br-lang.json index 47ce64732..c8bf14188 100644 --- a/src/portal/src/i18n/lang/pt-br-lang.json +++ b/src/portal/src/i18n/lang/pt-br-lang.json @@ -224,9 +224,9 @@ "OF": "de", "COUNT_QUOTA": "Count quota", "STORAGE_QUOTA": "Storage quota", - "COUNT_QUOTA_TIP": "The upper limit of Count Quota should be integers.", - "STORAGE_QUOTA_TIP": "The upper limit of Storage Quota should be integers,and maximum upper limit is 1024TB", - "QUOTA_UNLIMIT_TIP": "If you want to unlimited this quota, please input -1." + "COUNT_QUOTA_TIP": "Please enter an integer between '1' & '100,000,000', '-1' for unlimited", + "STORAGE_QUOTA_TIP": "The upper limit of Storage Quota only takes integer values, capped at '1024TB'. Enter '-1' for unlimited quota", + "QUOTA_UNLIMIT_TIP": "For unlimited quota, please enter '-1'." }, "PROJECT_DETAIL": { "SUMMARY": "Summary", @@ -368,8 +368,8 @@ }, "WEBHOOK": { "EDIT_BUTTON": "EDIT", - "ENABLED_BUTTON": "ENABLED", - "DISABLED_BUTTON": "DISABLED", + "ENABLED_BUTTON": "ENABLE", + "DISABLED_BUTTON": "DISABLE", "TYPE": "Webhook", "STATUS": "Status", "CREATED": "Created", @@ -389,6 +389,8 @@ "TEST_ENDPOINT_BUTTON": "TEST ENDPOINT", "CANCEL_BUTTON": "CANCEL", "SAVE_BUTTON": "SAVE", + "TEST_ENDPOINT_SUCCESS": "Connection tested successfully.", + "TEST_ENDPOINT_FAILURE": "Failed to ping endpoint.", "ENABLED_WEBHOOK_TITLE": "Enable Project Webhooks", "ENABLED_WEBHOOK_SUMMARY": "Do you want to enable webhooks for project ", "DISABLED_WEBHOOK_TITLE": "Disable Project Webhooks", @@ -1118,8 +1120,8 @@ "EXPIRES_AT": "Expires at", "NEVER_EXPIRES": "Never expires", "PRO_WHITELIST_EXPLAIN": "Project whitelist allows vulnerabilities in this list to be ignored in this project when pushing and pulling images.", - "PRO_OR_SYS": "Use the system whitelist as is or select “Project whitelist” to create a new whitelist.", - "MERGE_INTO": "Merge the system whitelist into this project, add individual CVE IDs.", + "PRO_OR_SYS": "You can either use the default whitelist configured at the system level or click on 'Project whitelist' to create a new whitelist", + "MERGE_INTO": "Add individual CVE IDs before clicking 'ADD SYSTEM' to add system whitelist as well.", "SYS_WHITELIST": "System whitelist", "PRO_WHITELIST": "Project whitelist", "ADD_SYSTEM": "ADD SYSTEM" @@ -1200,7 +1202,9 @@ "RULE_NAME_6": " the images pulled within the last {{number}} days", "RULE_NAME_7": " the images pushed within the last {{number}} days", "RULE_TEMPLATE_6": " the images pulled within the last # days", - "RULE_TEMPLATE_7": " the images pushed within the last # days" + "RULE_TEMPLATE_7": " the images pushed within the last # days", + "SCHEDULE": "Schedule", + "SCHEDULE_WARNING": "Executing the retention policy can have adverse effects to the images in this project and affected image tags will be deleted." } diff --git a/src/portal/src/i18n/lang/tr-tr-lang.json b/src/portal/src/i18n/lang/tr-tr-lang.json new file mode 100644 index 000000000..65691ef8a --- /dev/null +++ b/src/portal/src/i18n/lang/tr-tr-lang.json @@ -0,0 +1,1216 @@ +{ + "APP_TITLE": { + "VMW_HARBOR": "Harbor", + "HARBOR": "Harbor", + "VIC": "vSphere Entegre Konteynerler", + "MGMT": "Yönetim", + "REG": "Kayıt", + "HARBOR_SWAGGER": "Harbor Swagger" + }, + "SIGN_IN": { + "REMEMBER": "Beni Hatırla", + "INVALID_MSG": "Geçersiz kullanıcı adı veya şifre.", + "FORGOT_PWD": "Parolamı Unuttum", + "HEADER_LINK": "Oturum aç" + }, + "SIGN_UP": { + "TITLE": "Kayıt ol" + }, + "BUTTON": { + "STOP": "DUR", + "CANCEL": "İPTAL", + "OK": "TAMAM", + "DELETE": "SİL", + "LOG_IN": "OTURUM AÇ", + "LOG_IN_OIDC": "OIDC sağlayıcı üzerinden giriş yapın", + "SIGN_UP_LINK": "Bir hesap için kayıt olun", + "SIGN_UP": "KAYIT OL", + "CONFIRM": "ONAYLA", + "SEND": "GÖNDER", + "SAVE": "KAYDET", + "TEST_MAIL": "MAİL SUNUCUSUNU TEST ET", + "CLOSE": "KAPAT", + "TEST_LDAP": "LDAP SUNUCUSUNU TEST ET", + "TEST_OIDC": "OIDC SUNUCUSUNU TEST ET", + "MORE_INFO": "Daha fazla bilgi...", + "YES": "EVET", + "NO": "HAYIR", + "NEGATIVE": "OLUMSUZ", + "COPY": "KOPYALA", + "EDIT": "DÜZENLE", + "SWITCH": "DİĞİŞTİR", + "REPLICATE": "TEKRARLA", + "ACTIONS": "Eylemler", + "BROWSE": "Araştır", + "UPLOAD": "Yükle", + "NO_FILE": "Hiç bir dosya seçilmedi", + "ADD": "EKLE", + "RUN": "ÇALIŞTIR", + "CONTINUE": "DEVAM ET", + "ENABLE": "AKTİF ET", + "DISABLE": "DEVRE DIŞI BIRAK" + }, + "BATCH": { + "DELETED_SUCCESS": "Başarı ile silindi.", + "DELETED_FAILURE": "Silme başarısız.", + "SWITCH_SUCCESS": "Değiştirme başarılı", + "SWITCH_FAILURE": "Değiştirme başarısız", + "REPLICATE_SUCCESS": "Başlatma başarılı.", + "REPLICATE_FAILURE": "Başlatma başarısız.", + "STOP_SUCCESS": "Durdurma başarılı.", + "STOP_FAILURE": "Durdurma işlemi başarısız.", + "TIME_OUT": "Ağ geçidi zaman aşımına uğradı." + }, + "TOOLTIP": { + "NAME_FILTER": "Kaynağın adını filtreleyin. Boş bırakın veya hepsine uyacak şekilde '**' kullanın. 'library / **' sadece 'library' altındaki kaynaklarla eşleşiyor. Daha fazla desen için lütfen kullanım kılavuzuna bakın.", + "TAG_FILTER": "Kaynakların etiket / sürüm bölümünü filtreleyin. Boş bırakın veya hepsine uyacak şekilde '**' kullanın. '1.0 *' sadece '1.0' ile başlayan etiketlerle eşleşir. Daha fazla desen için lütfen kullanım kılavuzuna bakın.", + "LABEL_FILTER": "Kaynakları etiketlere göre filtreleyin.", + "RESOURCE_FILTER": "Kaynak türünü filtreleyin.", + "PUSH_BASED": "Kaynakları yerel Harbordan uzak kayıt defterine yükleyin.", + "PULL_BASED": "Kaynakları uzak kayıt defterinden yerel Harbora çekin.", + "DESTINATION_NAMESPACE": "Hedef ad alanını belirtin. Boşsa, kaynaklar, kaynak ile aynı ad alanına yerleştirilir.", + "OVERRIDE": "Aynı adı taşıyan bir kaynak varsa, hedefteki kaynakları geçersiz kılmayacağınızı belirtin.", + "EMAIL": "E-posta, ad@example.com gibi geçerli bir e-posta adresi olmalıdır.", + "USER_NAME": "Özel karakterler içeremez ve maksimum uzunluk 255 karakter olmalıdır.", + "FULL_NAME": "Maksimum uzunluk 20 karakter olmalıdır.", + "COMMENT": "Yorumun uzunluğu 30 karakterden az olmalıdır.", + "CURRENT_PWD": "Geçerli şifre gerekli.", + "PASSWORD": "Şifre en az 1 büyük harf, 1 küçük harf ve 1 sayı ile 8-20 karakter uzunluğunda olmalıdır.", + "CONFIRM_PWD": "Parolalar uyuşmuyor.", + "SIGN_IN_USERNAME": "Kullanıcı adı gerekli.", + "SIGN_IN_PWD": "Şifre gereklidir.", + "SIGN_UP_MAIL": "E-posta yalnızca şifrenizi sıfırlamak için kullanılır.", + "SIGN_UP_REAL_NAME": "Ad ve soyad", + "ITEM_REQUIRED": "Alan gereklidir.", + "SCOPE_REQUIRED": "Alan zorunludur ve kapsam biçiminde olmalıdır.", + "NUMBER_REQUIRED": "Alan gereklidir ve sayılar olmalıdır.", + "PORT_REQUIRED": "Alan zorunludur ve geçerli liman numarası olmalıdır.", + "CRON_REQUIRED": "Alan zorunludur ve cron formatında olmalıdır.", + "EMAIL_EXISTING": "E-posta adresi zaten var.", + "USER_EXISTING": "Kullanıcı adı zaten kullanımda.", + "RULE_USER_EXISTING": "İsim zaten kullanımda.", + "EMPTY": "İsim gerekli", + "NONEMPTY": "Boş olamaz", + "REPO_TOOLTIP": "Kullanıcılar bu moddaki görüntülerde hiçbir işlem yapamazlar.", + "ENDPOINT_FORMAT": "Bitiş noktası HTTP: // veya HTTPS: // ile başlamalıdır.", + "OIDC_ENDPOIT_FORMAT": "Bitiş noktası HTTPS: // ile başlamalıdır.", + "OIDC_NAME": "OIDC sağlayıcısının adı.", + "OIDC_ENDPOINT": "Bir OIDC şikayet sunucusunun URL'si.", + "OIDC_SCOPE": "Kapsam, kimlik doğrulama sırasında OIDC sunucusuna gönderildi. “Openid” ve “offline_access” içermelidir. Google kullanıyorsanız, lütfen “offline_access“'i bu alandan kaldırın.", + "OIDC_VERIFYCERT": "OIDC sunucunuz kendinden imzalı sertifika ile barındırılıyorsa bu kutunun işaretini kaldırın." + }, + "PLACEHOLDER": { + "CURRENT_PWD": "Güncel şifrenizi giriniz", + "NEW_PWD": "Yeni şifrenizi giriniz.", + "CONFIRM_PWD": "Yeni şifrenizi onaylayınız.", + "USER_NAME": "Kullanıcı adınızı giriniz.", + "MAIL": "E-posta adresinizi giriniz.", + "FULL_NAME": "Adınızı giriniz.", + "SIGN_IN_NAME": "Kullanıcı Adı", + "SIGN_IN_PWD": "Şifre" + }, + "PROFILE": { + "TITLE": "Kullanıcı Profili", + "USER_NAME": "Kullanıcı Adı", + "EMAIL": "E-posta", + "FULL_NAME": "Ad ve soyad", + "COMMENT": "Yorumlar", + "PASSWORD": "Şifre", + "SAVE_SUCCESS": "Kullanıcı profili başarıyla kaydedildi.", + "ADMIN_RENAME_BUTTON": "Kullanıcı adını değiştir", + "ADMIN_RENAME_TIP": "Kullanıcı adını \"admin@harbor.local\" olarak değiştirmek için düğmeyi seçin. Bu işlem geri alınamaz.", + "RENAME_SUCCESS": "Yeniden adlandırma başarılı!", + "RENAME_CONFIRM_INFO": "Uyarı, ismi admin@harbor.local olarak değiştirmek geri alınamaz.", + "CLI_PASSWORD": "CLI şifresi", + "CLI_PASSWORD_TIP": "Harbour'a erişmek için docker / helm cli kullanırken bu cli sırrını şifre olarak kullanabilirsiniz.", + "COPY_SUCCESS": "kopyalama başarılı", + "COPY_ERROR": "kopyalama başarısız", + "ADMIN_CIL_SECRET_BUTTON": "ŞİFRE OLUŞTUR", + "GENERATE_SUCCESS": "CLI şifresi oluşturma başarılı", + "GENERATE_ERROR": "CLI şifresi oluşturma başarısız", + "CONFIRM_TITLE_CLI_GENERATE": "Şifreyi yeniden oluşturabileceğine emin misin?", + "CONFIRM_BODY_CLI_GENERATE": "Eğer cli şifresini yeniden oluşturursanız, eski cli şifresi atılır" + }, + "CHANGE_PWD": { + "TITLE": "Şifreyi değiştir", + "CURRENT_PWD": "Mevcut Şifre", + "NEW_PWD": "Yeni Şifre", + "CONFIRM_PWD": "Şifreyi Onayla", + "SAVE_SUCCESS": "Kullanıcı şifresi başarıyla değiştirildi.", + "PASS_TIPS": "1 büyük harf, 1 küçük harf ve 1 sayı ile 8-20 karakter" + }, + "ACCOUNT_SETTINGS": { + "PROFILE": "Kullanıcı Profili", + "CHANGE_PWD": "Şifreyi Değiştir", + "ABOUT": "Hakkında", + "LOGOUT": "Çıkış" + }, + "GLOBAL_SEARCH": { + "PLACEHOLDER": "Ara {{param}}...", + "PLACEHOLDER_VIC": "Arama Kaydı..." + }, + "SIDE_NAV": { + "DASHBOARD": "Kontrol Paneli", + "PROJECTS": "Projeler", + "SYSTEM_MGMT": { + "NAME": "Yönetim", + "USER": "Kullanıcılar", + "GROUP": "Gruplar", + "REGISTRY": "Kayıt", + "REPLICATION": "Kopyalama", + "CONFIG": "Yapılandırma", + "VULNERABILITY": "Güvenlik Açığı", + "GARBAGE_COLLECTION": "Çöp toplama" + }, + "LOGS": "Kayıtlar", + "TASKS": "Görevler", + "API_EXPLORER": "API KEŞFİ" + }, + "USER": { + "ADD_ACTION": "Yeni Kullanıcı", + "ENABLE_ADMIN_ACTION": "ADMIN OLARAK ATA", + "DISABLE_ADMIN_ACTION": "ADMIN HAKKINI AL", + "DEL_ACTION": "Sil", + "FILTER_PLACEHOLDER": "Kullanıcıları filtrele", + "COLUMN_NAME": "İsim", + "COLUMN_ADMIN": "Yönetici", + "COLUMN_EMAIL": "E-posta", + "COLUMN_REG_NAME": "Kayıt süresi", + "IS_ADMIN": "Evet", + "IS_NOT_ADMIN": "Hayır", + "ADD_USER_TITLE": "Yeni Kullanıcı", + "SAVE_SUCCESS": "Yeni kullanıcı başarıyla oluşturuldu.", + "DELETION_TITLE": "Kullanıcı silme işlemini onayla", + "DELETION_SUMMARY": "Kullanıcıyı silmek istiyor musun {{param}}?", + "DELETE_SUCCESS": "Kullanıcılar başarıyla silindi.", + "ITEMS": "ürün", + "OF": "of", + "RESET_Ok": "Kullanıcılar parola başarıyla sıfırlandı", + "EXISTING_PASSWORD": "Yeni şifre eskisi ile aynı olamaz" + }, + "PROJECT": { + "PROJECTS": "Projeler", + "NAME": "Proje İsmi", + "ROLE": "Rol", + "PUBLIC_OR_PRIVATE": "Erişim Seviyesi", + "REPO_COUNT": "Depo Sayısı", + "CHART_COUNT": "Grafik Sayısı", + "CREATION_TIME": "Oluşturma zamanı", + "ACCESS_LEVEL": "Erişim Seviyesi", + "PUBLIC": "Genel", + "PRIVATE": "Özel", + "MAKE": "Oluşturmak", + "NEW_POLICY": "Yeni Çoğaltma Kuralı", + "DELETE": "Sil", + "ALL_PROJECTS": "Tüm Projeler", + "PRIVATE_PROJECTS": "Özel Projeler", + "PUBLIC_PROJECTS": "Genel Projeler", + "PROJECT": "Proje", + "NEW_PROJECT": "Yeni Proje", + "NAME_TOOLTIP": "Proje adı, en az 2 karakter uzunluğunda, küçük harf, rakam ve ._- ile yazılmalı ve karakter veya rakamlarla başlamalıdır.", + "NAME_IS_REQUIRED": "Proje adı gerekli.", + "NAME_MINIMUM_LENGTH": "Proje adı çok kısa, 2 karakterden büyük olmalıdır.", + "NAME_ALREADY_EXISTS": "Proje adı zaten var.", + "NAME_IS_ILLEGAL": "Proje adı geçersiz.", + "UNKNOWN_ERROR": "Proje oluşturulurken bilinmeyen bir hata oluştu.", + "ITEMS": "çeşit", + "DELETION_TITLE": "Proje üyelerinin kaldırılmasını onaylayın", + "DELETION_SUMMARY": "Projeyi silmek istiyor musun {{param}}?", + "FILTER_PLACEHOLDER": "Projeleri Filtrele", + "REPLICATION_RULE": "Çoğaltma Kuralı", + "CREATED_SUCCESS": "Proje başarıyla oluşturuldu.", + "DELETED_SUCCESS": "Projeler başarıyla silindi.", + "TOGGLED_SUCCESS": "Proje başarıyla değiştirildi.", + "FAILED_TO_DELETE_PROJECT": "Proje havuzları veya çoğaltma kurallarını içeriyor veya helm tabloları silinemiyor.", + "INLINE_HELP_PUBLIC": "Bir proje herkese açık olarak ayarlandığında, herkes bu proje altındaki depoları okuma iznine sahiptir ve kullanıcının bu proje altındaki imajları çekmeden önce \"docker login\" çalıştırması gerekmez.", + "OF": "of", + "COUNT_QUOTA": "Kota", + "STORAGE_QUOTA": "Depolama kotası", + "COUNT_QUOTA_TIP": "Sayı Kotasının üst sınırı tamsayı olmalıdır.\n", + "STORAGE_QUOTA_TIP": "Depolama Kotasının üst sınırı tamsayı olmalı ve maksimum üst sınır 1024 TB", + "QUOTA_UNLIMIT_TIP": "Bu kotayı sınırsız istiyorsanız, lütfen -1 girin." + }, + "PROJECT_DETAIL": { + "SUMMARY": "Özet", + "REPOSITORIES": "Depolar", + "REPLICATION": "Kopya", + "USERS": "Üyeler", + "LOGS": "Kayıtlar", + "LABELS": "Etiketler", + "PROJECTS": "Projeler", + "CONFIG": "Ayarlar", + "HELMCHART": "Helm Tabloları", + "ROBOT_ACCOUNTS": "Robot Hesapları", + "WEBHOOKS": "Ağ Kancaları" + }, + "PROJECT_CONFIG": { + "REGISTRY": "Proje kaydı", + "PUBLIC_TOGGLE": "Genel", + "PUBLIC_POLICY": "Bir proje sicilini halka açmak, bütün depoları herkesin erişebileceği hale getirecektir.", + "SECURITY": "Dağıtım güvenliği", + "CONTENT_TRUST_TOGGLE": "İçerik güvenini etkinleştir", + "CONTENT_TRUST_POLCIY": "Yalnızca doğrulanmış imajların yüklenilmesine izin verin.", + "PREVENT_VULNERABLE_TOGGLE": "Güvenlik açığı bulunan görüntülerin çalışmasını önleyin.", + "PREVENT_VULNERABLE_1": "Güvenlik açığı ciddiyeti olan imajları önleyin", + "PREVENT_VULNERABLE_2": "ve yukarıda yüklenilmekte.", + "SCAN": "Güvenlik açığı taraması", + "AUTOSCAN_TOGGLE": "İmajları yüklerken anında tarayın", + "AUTOSCAN_POLICY": "İmajlar proje kayıt defterine yüklenildiğinde otomatik olarak tarayın." + }, + "MEMBER": { + "NEW_USER": "Kullanıcı Üyesi Ekle", + "NEW_MEMBER": "Yeni Üye", + "MEMBER": "Üye", + "NAME": "İsim", + "ROLE": "Rol", + "SYS_ADMIN": "Sistem Yöneticisi", + "PROJECT_ADMIN": "Proje Yöneticisi", + "PROJECT_MASTER": "Uzman", + "DEVELOPER": "Geliştirici", + "GUEST": "Konuk", + "DELETE": "Sil", + "ITEMS": "çeşit", + "ACTIONS": "Eylemler", + "USER": " Kullanıcı", + "USERS": "Kullanıcılar", + "EMAIL": "E-posta", + "ADD_USER": "Kullanıcı Ekle", + "NEW_USER_INFO": "Belirtilen rolle bu projeye üye olmak için bir kullanıcı ekleyin", + "NEW_GROUP": "Yeni Grup", + "IMPORT_GROUP": "Grup Üyesi Ekle", + "NEW_GROUP_INFO": "Mevcut bir kullanıcı grubu ekleyin veya LDAP / AD'den proje üyesine bir kullanıcı grubu seçin", + "ADD_GROUP_SELECT": "Proje üyesine mevcut bir kullanıcı grubu ekle", + "CREATE_GROUP_SELECT": "LDAP'den proje üyesine bir grup ekle", + "LDAP_SEARCH_DN": "LDAP Grup DN", + "LDAP_SEARCH_NAME": "İsim", + "LDAP_GROUP": "Grup", + "LDAP_GROUPS": "Gruplar", + "LDAP_PROPERTY": "özellik", + "ACTION": "EYLEM", + "MEMBER_TYPE": "Üye Tipi", + "GROUP_TYPE": "Grup", + "USER_TYPE": "Kullanıcı", + "USERNAME_IS_REQUIRED": "Kullanıcı adı gerekli", + "USERNAME_DOES_NOT_EXISTS": "Kullanıcı adı mevcut değil.", + "USERNAME_ALREADY_EXISTS": "Kullanıcı adı zaten var.", + "UNKNOWN_ERROR": "Üye eklenirken bilinmeyen bir hata oluştu.", + "FILTER_PLACEHOLDER": "Üyeleri Filtrele", + "DELETION_TITLE": "Proje üyelerinin silinmesini onayla", + "DELETION_SUMMARY": "Proje üyelerini silmek istiyor musunuz? {{param}}?", + "ADDED_SUCCESS": "Üye başarıyla eklendi.", + "DELETED_SUCCESS": "Üye başarıyla silindi.", + "SWITCHED_SUCCESS": "Üye rolünü başarıyla değiştirdi.", + "OF": "of", + "SWITCH_TITLE": "Proje üyelerinin geçişini onayla", + "SWITCH_SUMMARY": "Proje üyelerini değiştirmek ister misiniz? {{param}}?", + "SET_ROLE": "ROL ATA", + "REMOVE": "Sil" + }, + "ROBOT_ACCOUNT": { + "NAME": "İsim", + "PERMISSIONS": "İzinler", + "TOKEN": "Token", + "NEW_ROBOT_ACCOUNT": "YENİ ROBOT HESABI", + "ENABLED_STATE": "Etkin durum", + "NUMBER_REQUIRED":"Alan zorunludur ve 0 dışında bir tam sayı olmalıdır.", + "DESCRIPTION": "Açıklama", + "EXPIRATION": "Süre Sonu", + "TOKEN_EXPIRATION":"Robot Token Sona Ermesi (Günler)", + "ACTION": "Eylem", + "EDIT": "Düzenle", + "ITEMS": "parça", + "OF": "of", + "DISABLE_ACCOUNT": "Hesabı devre dışı bırak", + "ENABLE_ACCOUNT": "Hesabı Etkinleştir", + "DELETE": "Sil", + "CREAT_ROBOT_ACCOUNT": "Robot Hesabı Yarat", + "PERMISSIONS_IMAGE": "İmaj", + "PERMISSIONS_HELMCHART": "Helm Tablosu", + "PUSH": "Yükle", + "PULL": "Çek", + "FILTER_PLACEHOLDER": "Robot Hesaplarını Filtrele", + "ROBOT_NAME": "Özel karakterler içeremez (~ # $%) ve maksimum uzunluk 255 karakter olmalıdır.", + "ACCOUNT_EXISTING": "Robot Hesabı zaten var.", + "ALERT_TEXT": "Kişisel erişim kartınızı kopyalamanın tek zamanı bu. Başka bir fırsatınız olmaz", + "CREATED_SUCCESS": "Başarıyla '{{param}}' oluşturuldu.", + "COPY_SUCCESS": "Token başarıyla kopyala '{{param}}'", + "DELETION_TITLE": "Robot hesaplarının kaldırılmasını onaylayın", + "DELETION_SUMMARY": "Robot hesaplarını silmek istiyor musunuz {{param}}?", + "PULL_IS_MUST" : "Çekme izni varsayılan olarak kontrol edilir ve değiştirilemez.", + "EXPORT_TO_FILE" : "dosyayı dışarı aktar" + }, + "WEBHOOK": { + "EDIT_BUTTON": "DÜZENLE", + "ENABLED_BUTTON": "AKTİF ET", + "DISABLED_BUTTON": "DEVRE DIŞI BIRAK", + "TYPE": "Ağ Kancası", + "STATUS": "Durumlar", + "CREATED": "Yaratıldı", + "ENABLED": "Aktif Hale Geldi", + "DISABLED": "Devre Dışı Bırakıldı", + "OF": "of", + "ITEMS": "adetler", + "LAST_TRIGGERED": "Son Tetiklenen", + "EDIT_WEBHOOK": "Ağ Kancası Uç Noktası", + "CREATE_WEBHOOK": "Ağ kancaları ile başladı", + "EDIT_WEBHOOK_DESC": "Ağ kancası bildirimleri almak için bitiş noktasını belirtin", + "CREATE_WEBHOOK_DESC": "Ağ kancalarına başlamak için, web kanca sunucusuna erişmek için bir uç nokta ve kimlik bilgisi sağlayın.", + "ENDPOINT_URL": "Uç Nokta URL", + "URL_IS_REQUIRED": "Uç Nokra URL gereklidir.", + "AUTH_HEADER": "Yetkilendirme Başlığı", + "VERIFY_REMOTE_CERT": "Uzak Sertifikayı Doğrula", + "TEST_ENDPOINT_BUTTON": "UÇ NOKTAYI DOĞRULA", + "CANCEL_BUTTON": "İPTAL ET", + "SAVE_BUTTON": "KAYDET", + "TEST_ENDPOINT_SUCCESS": "Connection tested successfully.", + "TEST_ENDPOINT_FAILURE": "Failed to ping endpoint.", + "ENABLED_WEBHOOK_TITLE": "Proje Ağ Kancalarını Etkinleştir", + "ENABLED_WEBHOOK_SUMMARY": "Proje için ağ kancalarını etkinleştirmek istiyor musunuz?", + "DISABLED_WEBHOOK_TITLE": "Proje Ağ kancalarını Devre Dışı Bırak", + "DISABLED_WEBHOOK_SUMMARY": "Proje için ağ kancalarını devre dışı bırakmak istiyor musunuz?" + }, + "GROUP": { + "GROUP": "Grup", + "GROUPS": "Gruplar", + "IMPORT_LDAP_GROUP": "LDAP Grubunu İçe Aktar", + "IMPORT_HTTP_GROUP": "Yeni HTTP Grubu", + "ADD": "Yeni Grup", + "EDIT": "Düzenle", + "DELETE": "Sil", + "NAME": "İsim", + "TYPE": "Tip", + "DN": "DN", + "GROUP_DN": "Ldap Grup DN", + "PROPERTY": "Özellik", + "REG_TIME": "Kayıt Zamanı", + "ADD_GROUP_SUCCESS": "Grup başarıyla eklendi", + "EDIT_GROUP_SUCCESS": "Grup başarıyla düzenlendi", + "LDAP_TYPE": "LDAP", + "HTTP_TYPE": "HTTP", + "OF": "of", + "ITEMS": "madde", + "NEW_MEMBER": "Yeni grup Üyesi", + "NEW_USER_INFO": "Belirtilen rolle bu projeye üye olmak için bir grup ekleyin", + "ROLE": "Rol", + "SYS_ADMIN": "Sistem Yöneticisi", + "PROJECT_ADMIN": "Proje Yöneticisi", + "PROJECT_MASTER": "Uzman", + "DEVELOPER": "Geliştirici", + "GUEST": "Misafir" + }, + "AUDIT_LOG": { + "USERNAME": "Kullanıcı Adı", + "REPOSITORY_NAME": "Depo İsmi", + "TAGS": "Etiketler", + "OPERATION": "Operasyon", + "OPERATIONS": "Operasyonlar", + "TIMESTAMP": "Zaman Damgası", + "ALL_OPERATIONS": "Tüm Operasyonlar", + "PULL": "Çek", + "PUSH": "Yükle", + "CREATE": "Oluştur", + "DELETE": "Sil", + "OTHERS": "Diğerleri", + "ADVANCED": "Gelişmiş", + "SIMPLE": "Basit", + "ITEMS": "adet", + "FILTER_PLACEHOLDER": "Günlükleri Filtrele", + "INVALID_DATE": "Geçersiz tarih.", + "OF": "of" + }, + "REPLICATION": { + "YES": "Evet", + "SECONDS": "Saniye", + "MINUTES": "Dakika", + "HOURS": "Saat", + "MONTH": "Ay", + "DAY_MONTH": "Ayın günü", + "DAY_WEEK": "Ayın haftası", + "CRON-TITLE": "Cron için kalıp açıklaması '* * * * * *'", + "FIELD_NAME": "Alan adı", + "MANDATORY": "Zorunlu?", + "ALLOWED_VALUES": "İzin verilen değerler", + "ALLOWED_CHARACTERS": "İzin verilen özel karakterler", + "TOTAL": "Toplam", + "OVERRIDE": "Geçersiz Kıl", + "ENABLED_RULE": "Kuralı etkinleştir", + "OVERRIDE_INFO": "Geçersiz Kıl", + "OPERATION": "Operasyon", + "CURRENT": "şimdiki", + "FILTER_PLACEHOLDER": "Görevleri Filtrele", + "STOP_TITLE": "Durdurma İşlemlerini Onayla", + "BOTH": "her ikisi de", + "STOP_SUCCESS": "Yürütmeyi Durdur {{param}} Başarılı", + "STOP_SUMMARY": "Yürütmeyi durdurmayı iptal istiyor musunuz? {{param}}?", + "TASK_ID":"Görev ID", + "RESOURCE_TYPE": "Kaynak tipi", + "SOURCE": "Kaynak", + "DESTINATION": "Hedef", + "POLICY": "Poliçe", + "DURATION": "Süre", + "SUCCESS_RATE": "Başarı oranı", + "SUCCESS": "BAŞARI", + "FAILURE": "BAŞARISIZLIK", + "IN_PROGRESS": "DEVAM ETMEKTE", + "REPLICATION_RULE": "Çoğaltma Kuralı", + "NEW_REPLICATION_RULE": "Yeni Çoğaltma Kuralı", + "ENDPOINTS": "Uç noktalar", + "FILTER_POLICIES_PLACEHOLDER": "Filtre Kuralları", + "FILTER_EXECUTIONS_PLACEHOLDER": "Filtre İşlemleri", + "DELETION_TITLE": "Kural Silme İşlemini Onayla", + "DELETION_SUMMARY": "Kuralları silmek istiyor musun {{param}}?", + "REPLICATION_TITLE": "Kural çoğaltmasını onayla", + "REPLICATION_SUMMARY": "Kuralları çoğaltmak istiyor musunuz? {{param}}?", + "DELETION_TITLE_FAILURE": "Kural Silme işlemi başarısız", + "DELETION_SUMMARY_FAILURE": "beklemede / çalışmakta / tekrar denemek durumunda olmak", + "REPLICATE_SUMMARY_FAILURE": "beklemede / çalışıyor durumda", + "FILTER_TARGETS_PLACEHOLDER": "Uç Noktaları Filtrele", + "DELETION_TITLE_TARGET": "Uç Noktası Silme İşlemini Onaylayın", + "DELETION_SUMMARY_TARGET": "Uç noktasını silmek istiyor musunuz? {{param}}?", + "ADD_POLICY": "Yeni Çoğaltma Kuralı", + "EDIT_POLICY": "Düzenle", + "EDIT_POLICY_TITLE": "Çoğaltma Kuralını Düzenle", + "DELETE_POLICY": "Sil", + "TEST_CONNECTION": "Test bağlantısı", + "TESTING_CONNECTION": "Bağlantı Testi...", + "TEST_CONNECTION_SUCCESS": "Bağlantı başarıyla test edildi.", + "TEST_CONNECTION_FAILURE": "Ping atılamadı", + "ID":"ID", + "NAME": "İsim", + "NAME_IS_REQUIRED": "İsim gerekli.", + "DESCRIPTION": "Açıklama", + "ENABLE": "Etkinleştir", + "DISABLE": "Devre dışı bırak", + "REPLICATION_MODE": "Çoğaltma modu", + "SRC_REGISTRY": "Kaynak kaydı", + "DESTINATION_NAMESPACE": "Hedef kayıt defteri: Ad alanı", + "LAST_REPLICATION":"Son Çoğaltma", + "DESTINATION_NAME_IS_REQUIRED": "Uç noktası adı gerekli.", + "NEW_DESTINATION": "Yeni Uç Noktası", + "DESTINATION_URL": "Uç Noktası URL", + "DESTINATION_URL_IS_REQUIRED": "Uç noktası URL gerekli.", + "DESTINATION_USERNAME": "Kullanıcı Adı", + "DESTINATION_PASSWORD": "Şifre", + "ALL_STATUS": "Tüm Durumlar", + "ENABLED": "Etkin", + "DISABLED": "Hizmet Dışı", + "LAST_START_TIME": "Son başlangıç zamanı", + "ACTIVATION": "Etkinleştirme", + "REPLICATION_EXECUTION": "Durdurma", + "REPLICATION_EXECUTIONS": "Durdurmalar", + "STOPJOB": "Dur", + "ALL": "Hepsi", + "PENDING": "Askıda", + "RUNNING": "Çalışıyor", + "ERROR": "Hata", + "RETRYING": "Tekrar deniyor", + "STOPPED": "DURDURULDU", + "FINISHED": "Bitti", + "CANCELED": "İptal Edildi", + "SIMPLE": "Basit", + "ADVANCED": "İleri", + "STATUS": "Durum", + "REPLICATION_TRIGGER": "Tetikleme", + "CREATION_TIME": "Başlangıç Zamanı", + "UPDATE_TIME": "Güncelleme Zamanı", + "END_TIME": "Sonlanma Zamanı", + "LOGS": "Kayıtlar", + "OF": "of", + "ITEMS": "adetler", + "NO_LOGS": "Kayıt Yok", + "TOGGLE_ENABLE_TITLE": "Kuralı Etkinleştir", + "CONFIRM_TOGGLE_ENABLE_POLICY": "Çoğaltma kuralını etkinleştirdikten sonra, proje altındaki tüm depolar hedef kayıt defterine çoğaltılır. \nLütfen devam etmek için onaylayın.", + "TOGGLE_DISABLE_TITLE": "Kuralı Devre Dışı Bırak", + "CONFIRM_TOGGLE_DISABLE_POLICY": "Kural devre dışı bırakıldıktan sonra, bu kuralın bitmemiş tüm çoğaltma işleri durdurulur ve iptal edilir. \nLütfen devam etmek için onaylayın.", + "CREATED_SUCCESS": "Çoğaltma kuralı başarıyla oluşturuldu.", + "UPDATED_SUCCESS": "Çoğaltma kuralı başarıyla güncellendi.", + "DELETED_SUCCESS": "Çoğaltma kuralları başarıyla silindi.", + "DELETED_FAILED": "Silinen çoğaltma kuralı başarısız oldu.", + "TOGGLED_SUCCESS": "Geçiş çoğaltma kuralı durumu başarıyla değiştirildi.", + "CANNOT_EDIT": "Çoğaltma kuralı etkinken değiştirilemez.", + "POLICY_ALREADY_EXISTS": "Çoğaltma kuralı zaten var.", + "FAILED_TO_DELETE_POLICY_ENABLED": "Kural silinemiyor: kuralın bitmemiş işi(leri) var", + "FOUND_ERROR_IN_JOBS": "Çoğaltma işinde(lerinde) hatalar bulundu, lütfen kontrol edin.", + "INVALID_DATE": "Geçersiz tarih.", + "PLACEHOLDER": "Herhangi bir çoğaltma kuralı bulamadık!", + "JOB_PLACEHOLDER": "Çoğaltma işi bulamadık!", + "JOB_LOG_VIEWER": "Çoğaltma İş Günlüğünü Göster", + "NO_ENDPOINT_INFO": "Lütfen önce bir uç noktası ekleyin", + "NO_PROJECT_INFO": "Bu proje mevcut değil", + "SOURCE_RESOURCE_FILTER": "Kaynak vasıtası filtresi", + "SCHEDULED": "Belirlenmiş", + "MANUAL": "Manuel", + "EVENT_BASED":"Etkinlik Tabanı", + "DAILY": "Günlük", + "WEEKLY": "Haftalık", + "SETTING": "Ayarlar", + "TRIGGER": "Tetikleme Durumu", + "TARGETS": "Hedef", + "MODE": "Yöntem", + "TRIGGER_MODE": "Tetikleme Modu", + "SOURCE_PROJECT": "Kaynak proje", + "REPLICATE": "Tekrarlamak", + "DELETE_REMOTE_IMAGES": "Yerel olarak silindiğinde uzak kaynakları sil", + "DELETE_ENABLED": "Bu politika etkinleştirildi", + "REPLICATE_IMMEDIATE": "Mevcut imajları hemen çoğalt", + "NEW": "Yeni", + "NAME_TOOLTIP": "Çoğaltma kuralı adı, en küçük harf, sayı ve ._- ile en az 2 karakter uzunluğunda olmalı ve karakter ya da sayılarla başlamalıdır.", + "DESTINATION_NAME_TOOLTIP": "Hedef adı, en az 2 karakter uzunluğunda, küçük harf, rakam ve ._ ile yazılmalı ve karakter veya rakamlarla başlamalıdır.", + "ACKNOWLEDGE": "Onaylamak", + "RULE_DISABLED": "Bu kural, filtresinde kullanılan bir etiket silindiğinden dolayı devre dışı bırakıldı. \n Kuralı düzenleyin ve etkinleştirmek için filtresini güncelleyin.", + "REPLI_MODE": "Çoğaltma modu", + "SOURCE_REGISTRY":"Kaynak kaydı", + "SOURCE_NAMESPACES":"Kaynak ad alanları", + "DEST_REGISTRY":"Hedef kaydı", + "DEST_NAMESPACE":"Hedef ad alanı", + "NAMESPACE_TOOLTIP": "İsim alanı ismi en az 2 karakter uzunluğunda, küçük harfli karakterler, sayılar ve ._- ile başlamalı ve karakter veya sayılarla başlamalıdır. Ad alanı adı en az 2 karakter uzunluğunda, küçük harf, rakam ve ._- ile başlamalı ve karakter veya rakamlarla başlamalıdır.", + "TAG":"Etiketlemek", + "LABEL":"Etiket", + "RESOURCE":"Kaynak" + }, + "DESTINATION": { + "NEW_ENDPOINT": "Yeni Uç Nokta", + "PROVIDER": "Sağlayıcı", + "ENDPOINT": "Uç Nokta", + "NAME": "İsim", + "NAME_IS_REQUIRED": "Uç noktası adı gerekli.", + "URL": "Uç noktası adı gerekli.", + "URL_IS_REQUIRED": "Uç noktası URL gerekli.", + "AUTHENTICATION":"Doğrulama", + "ACCESS_ID": "Erişim kimliği", + "ACCESS_SECRET": "Erişim Şifresi", + "STATUS": "Durum", + "TEST_CONNECTION": "Test Bağlantısı", + "TITLE_EDIT": "Uç Noktayı Düzenle", + "TITLE_ADD": "Yeni Kayıt Defteri Uç Noktası", + "EDIT": "Düzenle", + "DELETE": "Sil", + "TESTING_CONNECTION": "Bağlantı Testi...", + "TEST_CONNECTION_SUCCESS": "Bağlantı başarıyla test edildi.", + "TEST_CONNECTION_FAILURE": "Uç noktası ping hatası.", + "CONFLICT_NAME": "Uç noktası adı zaten var.", + "INVALID_NAME": "Geçersiz uç noktası adı.", + "FAILED_TO_GET_TARGET": "Uç noktası alınamadı.", + "CREATION_TIME": "Yaratma zamanı", + "OF": "of", + "ITEMS": "adetler", + "CREATED_SUCCESS": "Uç nokta başarıyla oluşturuldu.", + "UPDATED_SUCCESS": "Uç noktası başarıyla güncellendi.", + "DELETED_SUCCESS": "Uç noktaları başarıyla silindi.", + "DELETED_FAILED": "Silinen uç noktalar başarısız oldu.", + "CANNOT_EDIT": "Çoğaltma kuralı etkinken uç noktası değiştirilemez.", + "FAILED_TO_DELETE_TARGET_IN_USED": "Kullanılan uç nokta silinemedi.", + "PLACEHOLDER": "Uç noktaları bulamadık!" + }, + "REPOSITORY": { + "COPY_DIGEST_ID": "Özet Kopyala", + "DELETE": "Sil", + "NAME": "İsim", + "TAGS_COUNT": "Etiketler", + "PULL_COUNT": "İndirmeler", + "PULL_COMMAND": "İndirme Komutu", + "PULL_TIME": "İndirme Zamanı", + "PUSH_TIME": "Yükleme Zamanı", + "MY_REPOSITORY": "Depom", + "PUBLIC_REPOSITORY": "Genel Depo", + "DELETION_TITLE_REPO": "Depo Silme İşlemini Onaylayın", + "DELETION_TITLE_REPO_SIGNED": "Depo silinemez", + "DELETION_SUMMARY_REPO_SIGNED": "Depo '{{repoName}}' aşağıdaki imzalanmış görüntüler mevcut olduğu için silinemez. \n {{signedImages}} \nBir depoyu silmeden önce imzalı tüm imajları imzalamanız gerekir!", + "DELETION_SUMMARY_REPO": "Depoyu silmek istiyor musunuz?{{repoName}}?", + "DELETION_TITLE_TAG": "Etiket Silme İşlemini Onayla", + "DELETION_SUMMARY_TAG": "Etiketi silmek ister misiniz {{param}}?", + "DELETION_TITLE_TAG_DENIED": "İmzalı etiket silinemez", + "DELETION_SUMMARY_TAG_DENIED": "Etiket silinmeden önce Harbordan kaldırılmalıdır. \nBu komutla Harbor'den silin: \n", + "TAGS_NO_DELETE": "Salt okunur modda silmek yasaktır.", + "FILTER_FOR_REPOSITORIES": "Depoları Filtrele", + "TAG": "Etiket", + "SIZE": "Boyut", + "VULNERABILITY": "Güvenlik Açığı", + "BUILD_HISTORY": "Geçmişi Oluştur", + "SIGNED": "İmzalanmış", + "AUTHOR": "Yazar", + "CREATED": "Yaratılma Zamanı", + "DOCKER_VERSION": "Docker Versiyonu", + "ARCHITECTURE": "Mimari", + "OS": "İŞ", + "SHOW_DETAILS": "Detayları göster", + "REPOSITORIES": "Depolar", + "OF": "of", + "ITEMS": "adetler", + "NO_ITEMS": "ÖĞELER YOK", + "POP_REPOS": "Popüler Depolar", + "DELETED_REPO_SUCCESS": "Depolar başarıyla silindi.", + "DELETED_TAG_SUCCESS": "Etiketler başarıyla silindi.", + "COPY": "Kopyala", + "NOTARY_IS_UNDETERMINED": "Bu etiketin imzası belirlenemiyor.", + "PLACEHOLDER": "Depo bulamadık!", + "INFO": "Bilgi", + "NO_INFO": "Bu depo için açıklama yok. Bu depoya ekleyebilirsiniz.", + "IMAGE": "İmajlar", + "LABELS": "Etiketler", + "ADD_LABEL_TO_IMAGE": "Bu imaja etiketler ekle", + "FILTER_BY_LABEL": "İmajları etikete göre filtrele", + "ADD_LABELS": "Etiketler Ekle", + "RETAG": "Yeniden etiketleme", + "ACTION": "AKSİYON", + "DEPLOY": "YÜKLE", + "ADDITIONAL_INFO": "Ek Bilgi Ekle", + "REPO_NAME": "Depo", + "MARKDOWN": "Markdown ile stil desteklenir" + }, + "HELM_CHART": { + "HELMCHARTS": "Tablolar", + "CHARTVERSIONS": "Versiyonlar", + "UPLOAD_TITLE": "Tabloları dosyalarını yükle", + "CHART_FILE": "Tablo Dosyası", + "CHART_PROV": "Prov Dosyası", + "DOWNLOAD": "Yükle", + "SUMMARY": "Özet", + "DEPENDENCIES": "Bağımlılıklar", + "VALUES": "Değerler", + "OVERVIEW": "Genel bakış", + "HOME": "Ev", + "SRC_REPO": "Kaynak Deposu", + "CREATED": "Yaratılış Zamanı", + "MAINTAINERS": "Sürdürenler", + "OTHER_MAINTAINERS": "{{ name }} ve {{ number }} diğerleri", + "PULLS": "İndirme Sayısı", + "VERSION": "Versiyon", + "APP_VERSION": "Uygulama Versiyonu", + "INSTALL": "Yükle", + "INSTALL_CHART": "Tablo Yükle", + "NAME": "İsim", + "REPO": "Depo", + "FILTER_FOR_CHARTS": "Tabloları filtrele", + "DELETE": "Sil", + "OF": "of", + "VERSIONS": "versiyonlar", + "IMAGES": "İmajlar", + "ENGINE": "Motor", + "ACTION": "Aksiyon", + "UPLOAD": "Yükle", + "DELETE_CHART_VERSION_TITLE": "Tablo versiyonlarını sil", + "DELETE_CHART_VERSION": "Sürümü silmek istiyor musunuz {{param}}?", + "IMPORT": "İçe Aktar", + "EXPORT": "Dışa Aktar", + "ADD_REPO": "Depo Ekle", + "SHOW_KV": "Anahtar Değer Çiftleri", + "SHOW_YAML": "YAML Dosyası", + "PLACEHOLDER": "Hiçbir tablo bulamadık!", + "NO_VERSION_PLACEHOLDER": "Herhangi bir sürüm bulamadık!", + "FILE_UPLOADED": "Dosya başarıyla yüklendi", + "SIGN": "İmza", + "SIGNED": "İmzalandı", + "UNSIGNED": "İmzalanmadı", + "ITEMS": "öğeler", + "NO_README": "Bu tablo tarafından sağlanan beni oku dosyası yok.", + "SECURITY": "Güvenlik", + "ACTIVE": "Aktif", + "DEPRECATED": "Kullanımdan kaldırılan", + "VERIFY_CHART": "Tabloyu doğrula", + "COMMAND": "Komutlar", + "PROV_FILE": "Prov Dosyası", + "READY": "Hazır", + "NOT_READY": "Hazır Değil", + "LABELS": "Etiketler", + "ADD_LABEL_TO_CHART_VERSION": "Bu tablo sürümüne etiketler ekle", + "STATUS": "Durum" + }, + "SUMMARY": { + "QUOTAS": "kotalar", + "PROJECT_REPOSITORY": "Proje depoları", + "PROJECT_HELM_CHART": "Proje Helm Tablosu", + "PROJECT_MEMBER": "Proje Üyeleri", + "PROJECT_QUOTAS": "Proje kotaları", + "ARTIFACT_COUNT": "Buluntu adeti", + "STORAGE_CONSUMPTION": "Depolama tüketimi", + "ADMIN": "Yönetici(ler)", + "MASTER": "Uzman(lar)", + "DEVELOPER": "Geliştirici(ler)", + "GUEST": "Misafir(ler)" + }, + "ALERT": { + "FORM_CHANGE_CONFIRMATION": "Bazı değişiklikler henüz kaydedilmedi. İptal etmek istiyor musun?" + }, + "RESET_PWD": { + "TITLE": "Şifreyi yenile", + "CAPTION": "Şifrenizi sıfırlamak için e-posta adresinizi girin ", + "EMAIL": "E-posta", + "SUCCESS": "Şifre sıfırlama bağlantısı olan postalar başarıyla gönderildi. Bu iletişim kutusunu kapatabilir ve posta kutunuzu kontrol edebilirsiniz.", + "CAPTION2": "Yeni şifrenizi giriniz", + "RESET_OK": "Şifre başarıyla sıfırlandı. Yeni şifre ile giriş yapmak için Tamam'ı tıklayın." + }, + "RECENT_LOG": { + "SUB_TITLE": "Göster", + "SUB_TITLE_SUFIX": "kayıtlar" + }, + "CONFIG": { + "HISTORY": "Geçmiş", + "TITLE": "Ayarlar", + "AUTH": "Doğrulama", + "REPLICATION": "Kopya", + "EMAIL": "E-posta", + "LABEL": "Etiketler", + "REPOSITORY": "Depo", + "REPO_READ_ONLY": "Depo Salt Okunur", + "WEBHOOK_NOTIFICATION_ENABLED": "Ağ Kancaları Aktif Halde", + "SYSTEM": "Sistem Ayarları", + "PROJECT_QUOTAS": "Proje Kotaları", + "VULNERABILITY": "Güvenlik Açığı", + "GC": "Çöp toplama", + "CONFIRM_TITLE": "İptal etmeyi onayla", + "CONFIRM_SUMMARY": "Bazı değişiklikler kaydedilmedi. Onları silmek ister misin?", + "SAVE_SUCCESS": "Yapılandırma başarıyla kaydedildi.", + "MAIL_SERVER": "E-posta Sunucusu", + "MAIL_SERVER_PORT": "E-posta Sunucu Portu", + "MAIL_USERNAME": "E-posta Kullanıcı Adı", + "MAIL_PASSWORD": "E-posta Şifresi", + "MAIL_FROM": "E-posta kimden", + "MAIL_SSL": "E-posta SSL", + "MAIL_INSECURE": "Sertifikayı Doğrula", + "INSECURE_TOOLTIP": "E-posta sunucusunun sertifikasının doğrulanıp doğrulanmayacağını belirleyin. E-posta sunucusu kendinden imzalı veya güvenilmeyen bir sertifika kullandığında bu kutunun işaretini kaldırın.", + "SSL_TOOLTIP": "E-posta sunucusu bağlantısı için SSL'yi etkinleştir", + "VERIFY_REMOTE_CERT": "Uzaktan Sertifikayı Doğrula", + "TOKEN_EXPIRATION": "Token Sonu (Dakika)", + "AUTH_MODE": "Yetkilendirme Modu", + "PRO_CREATION_RESTRICTION": "Proje oluşturma", + "SELF_REGISTRATION": "Kendi Kendine Kayıt Yapmaya İzin Ver", + "AUTH_MODE_DB": "Veritabanı", + "AUTH_MODE_LDAP": "LDAP", + "AUTH_MODE_UAA": "UAA", + "AUTH_MODE_HTTP": "http_auth", + "AUTH_MODE_OIDC": "OIDC", + "SCOPE_BASE": "Temel", + "SCOPE_ONE_LEVEL": "İlk Seviye", + "SCOPE_SUBTREE": "Alt ağaç", + "PRO_CREATION_EVERYONE": "Herkes", + "PRO_CREATION_ADMIN": "Sadece Yetkili", + "ROOT_CERT": "Kayıt Kökü Sertifikası", + "ROOT_CERT_LINK": "Yükle", + "REGISTRY_CERTIFICATE": "Kayıt defteri sertifikası", + "NO_CHANGE": "İptal et, çünkü hiçbir şey değişmedi", + "TOOLTIP": { + "SELF_REGISTRATION_ENABLE": "Kaydolmayı etkinleştir.", + "SELF_REGISTRATION_DISABLE": "Kaydolmayı devre dışı bırak.", + "VERIFY_REMOTE_CERT": "İmaj çoğaltmanın uzak Harbor kayıt defterinin sertifikasını doğrulaması gerekip gerekmediğini belirleyin. Uzak kayıt defteri kendinden imzalı veya güvenilmeyen bir sertifika kullandığında bu kutunun işaretini kaldırın.", + "AUTH_MODE": "Varsayılan olarak kimlik doğrulama modu veritabanıdır, yani kimlik bilgileri yerel bir veritabanında saklanır. Bir LDAP sunucusunda bir kullanıcının kimlik bilgilerini doğrulamak istiyorsanız, LDAP olarak ayarlayın.", + "LDAP_SEARCH_DN": "LDAP / AD sunucusunu arama iznine sahip bir kullanıcının DN'si. LDAP / AD sunucunuz anonim aramayı desteklemiyorsa, bu DN ve ldap_search_pwd'yi yapılandırmanız gerekir.", + "LDAP_BASE_DN": "LDAP / AD'de bir kullanıcı aranacak temel DN.", + "LDAP_UID": "Bir kullanıcıyla eşleşmek için aramada kullanılan özellik. LDAP / AD'nize bağlı olarak, kullanıcı kimliği, cn, e-posta, sAMAccountName veya diğer özellikler olabilir.", + "LDAP_SCOPE": "Kullanıcıları aramak için kapsam.", + "TOKEN_EXPIRATION": "Token servisi tarafından oluşturulan bir tokenın sona erme süresi (dakika cinsinden). Varsayılan 30 dakikadır.", + "ROBOT_TOKEN_EXPIRATION": "Robot hesabının token son kullanma süresi (gün olarak), Varsayılan 30 gündür. Dakika ve yuvarlamadan dönüştürülen gün sayısını göster", + "PRO_CREATION_RESTRICTION": "Hangi kullanıcıların proje oluşturma iznine sahip olduğunu belirten bayrak. Varsayılan olarak, herkes bir proje oluşturabilir. 'Yalnızca Yönetici' olarak ayarlayın, böylece yalnızca bir yönetici bir proje oluşturabilir.", + "ROOT_CERT_DOWNLOAD": "Kayıt defteri kök sertifikasını indirin.", + "SCANNING_POLICY": "Farklı gereksinimlere göre imaj tarama politikasını ayarlayın. 'Yok': Aktif politika yok; 'Günlük': Her gün belirtilen saatte taramayı tetikler.", + "VERIFY_CERT": "LDAP Sunucusundan Sertifika Doğrula", + "READONLY_TOOLTIP": "Salt okunur modda, depoları veya imajları silemez veya görüntüleri yükleyemezsiniz.", + "REPO_TOOLTIP": "Kullanıcılar bu moddaki imajlarda hiçbir işlem yapamazlar.", + "WEBHOOK_TOOLTIP": "Görüntü veya grafik olarak basılan, çekilmiş, silinen, taranan gibi bazı eylemler gerçekleştirildiğinde ağ kancalarının belirtilen bitiş noktalarınızdan geri aramalar almasını sağlayın", + "HOURLY_CRON":"Saat başı bir saat, saat başı çalıştırın. Eşittir 0 0 * * * *.", + "WEEKLY_CRON":"Haftada bir kez, gece yarısı Cmt / Paz arasında koşun. Eşittir 0 0 0 * * 0.", + "DAILY_CRON":"Günde bir kez, gece yarısı çalıştırın. Eşittir0 0 0 * * *." + }, + "LDAP": { + "URL": "LDAP URL", + "SEARCH_DN": "LDAP Arama DN", + "SEARCH_PWD": "LDAP Arama Şifresi", + "BASE_DN": "LDAP Temel DN", + "FILTER": "LDAP Filtresi", + "UID": "LDAP UID", + "SCOPE": "LDAP Kapsam", + "VERIFY_CERT": "LDAP Doğrulama Sertifikası", + "LDAP_GROUP_BASE_DN": "LDAP Grup Tabanı DN", + "LDAP_GROUP_BASE_DN_INFO": "LDAP / AD'de bir grubun aranacağı temel DN.", + "LDAP_GROUP_FILTER": "LDAP Grup Filtresi", + "LDAP_GROUP_FILTER_INFO": "Bir LDAP / AD grubunu aramak için filtre, varsayılan olarak objectclass = groupOfNames öğesini kullanın.", + "LDAP_GROUP_GID": "LDAP Grup GID", + "LDAP_GROUP_GID_INFO": "Aramada bir kullanıcıyı eşleştirmek için kullanılan özellik, LDAP / AD'nize bağlı olarak kullanıcı kimliği, cn veya diğer özellikler olabilir. Harbor'daki grup, varsayılan olarak bu özellik ile adlandırılır.", + "LDAP_GROUP_ADMIN_DN": "LDAP Grup Yöneticisi DN", + "LDAP_GROUP_ADMIN_DN_INFO": "Bir LDAP grubu DN belirtin. Bu gruptaki tüm LDAP kullanıcıları liman yönetici haklarına sahip olacak. İstemiyorsanız boş bırakın.", + "LDAP_GROUP_MEMBERSHIP": "LDAP Grup Üyeliği", + "LDAP_GROUP_MEMBERSHIP_INFO": "Öznitelik, LDAP grubunun üyeliğini gösterir, varsayılan değer memberof, bazı LDAP sunucularında \"ismemberof\" olabilir", + "GROUP_SCOPE": "LDAP Grup Kapsamı", + "GROUP_SCOPE_INFO": "Grupları aramak için kapsamı, Varsayılan olarak Alt Ağaç'ı seçin." + + }, + "UAA": { + "ENDPOINT": "UAA Uç Noktası", + "CLIENT_ID": "UAA Alıcı ID", + "CLIENT_SECRET": "UAA Alıcı Şifre", + "VERIFY_CERT": "UAA Sertifikayı Doğrula" + }, + "HTTP_AUTH": { + "ENDPOINT": "Sunucu Uç Noktası", + "TOKEN_REVIEW": "Token Uç Noktasını İnceleyin", + "SKIP_SEARCH": "Aramayı Atla", + "VERIFY_CERT": "Sertifikayı Doğrula" + }, + "OIDC": { + "OIDC_PROVIDER": "OIDC Sağlayıcı Adı", + "OIDC_REDIREC_URL": "Lütfen OIDC sağlayıcısındaki Redirect URI’nın girildiğine emin olun", + "ENDPOINT": "OIDC Uç Noktası", + "CLIENT_ID": "OIDC Alıcı ID", + "CLIENTSECRET": "OIDC Alıcı Şifresi", + "SCOPE": "OIDC Kapsamı", + "OIDC_VERIFYCERT": "Sertifikayı Doğrula", + "OIDC_SETNAME": "OIDC Kullanıcı Adını Ayarla", + "OIDC_SETNAMECONTENT": "Üçüncü tarafla (OIDC) kimlik doğrulaması yaparken ilk kez bir Harbor kullanıcı adı oluşturmalısınız. Bu, harbor projeler, roller vb. ile ilişkilendirilmek üzere kullanılacaktır.", + "OIDC_USERNAME": "Kullanıcı Adı" + }, + "SCANNING": { + "TRIGGER_SCAN_ALL_SUCCESS": "Tümünü başarılı bir şekilde tara!", + "TRIGGER_SCAN_ALL_FAIL": "Tüm taramayı hatayla tetikleyemedi:{{error}", + "TITLE": "Güvenlik açığı taraması", + "SCAN_ALL": "Hepsini Tara", + "SCAN_NOW": "ŞİMDİ TARA", + "NONE_POLICY": "Hiçbiri", + "DAILY_POLICY": "Günlük", + "REFRESH_POLICY": "Yenileme üzerine", + "DB_REFRESH_TIME": "Veri tabanı güncellendi", + "DB_NOT_READY": "Güvenlik açığı veritabanı tam olarak hazır olmayabilir!", + "NEXT_SCAN": "Sonra kullanılabilir" + }, + "TEST_MAIL_SUCCESS": "Posta sunucusuyla bağlantı doğrulandı.", + "TEST_LDAP_SUCCESS": "LDAP sunucusuna bağlantı doğrulandı.", + "TEST_MAIL_FAILED": "Posta sunucusu hatayla doğrulanamadı:{{param}}.", + "TEST_LDAP_FAILED": "LDAP sunucusunu hatayla doğrulayamadı: {{param}}.", + "LEAVING_CONFIRMATION_TITLE": "Ayrılmayı onayla", + "LEAVING_CONFIRMATION_SUMMARY": "Değişiklikler henüz kaydedilmedi. Mevcut sayfadan ayrılmak istiyor musunuz?", + "TEST_OIDC_SUCCESS": "OIDC sunucusuna bağlantı doğrulandı." + }, + "PAGE_NOT_FOUND": { + "MAIN_TITLE": "Sayfa Bulunamadı", + "SUB_TITLE": "Ana sayfaya yönlendiriliyor", + "UNIT": "saniyeler..." + }, + "ABOUT": { + "VERSION": "Versiyon", + "BUILD": "Kurulum", + "COPYRIGHT": "Project Harbor, içeriği depolayan, imzalayan ve tarayan açık kaynaklı, güvenilir bir bulut yerel kayıt defteri projesidir. Harbor, güvenlik, kimlik ve yönetim gibi kullanıcılar tarafından genellikle istenen işlevleri ekleyerek açık kaynaklı Docker Dağıtımını genişletir. Harbor, kullanıcı yönetimi, erişim kontrolü, etkinlik izleme ve örnekler arasında çoğaltma gibi gelişmiş özellikleri destekler. Yapı ve çalıştırma ortamına daha yakın bir kayıt defterine sahip olmak da görüntü aktarma verimliliğini artırabilir.", + "COPYRIGHT_SUFIX": ".", + "TRADEMARK": "VMware, VMware, Inc.'in Amerika Birleşik Devletleri'nde ve diğer yargı bölgelerinde tescilli ticari markası veya ticari markasıdır. Burada belirtilen diğer tüm markalar ve isimler, ilgili firmalarının ticari markaları olabilir.", + "END_USER_LICENSE": "Son kullanıcı Lisans Anlaşması", + "OPEN_SOURCE_LICENSE": "Açık Kaynak / Üçüncü Parti Lisansı" + }, + "START_PAGE": { + "GETTING_START": "", + "GETTING_START_TITLE": "Başlamak" + }, + "TOP_REPO": "Popüler Depolar", + "STATISTICS": { + "TITLE": "İSTATİSTİK", + "PRO_ITEM": "PROJELER", + "REPO_ITEM": "DEPOLAR", + "INDEX_PRIVATE": "ÖZEL", + "INDEX_MY_PROJECTS": "BENİM PROJELERİM", + "INDEX_MY_REPOSITORIES": "BENİM DEPOLARIM", + "INDEX_PUB": "GENEL", + "INDEX_TOTAL": "TOPLAM", + "STORAGE": "DEPOLAMA", + "LIMIT": "Limit" + }, + "SEARCH": { + "IN_PROGRESS": "Ara...", + "BACK": "Geri" + }, + "VULNERABILITY": { + "STATE": { + "STOPPED": "Taranmadı", + "QUEUED": "Sıraya alındı", + "ERROR": "Günlüğü Görüntüle", + "SCANNING": "Taranıyor", + "UNKNOWN": "Bilinmeyen" + }, + "GRID": { + "PLACEHOLDER": "Herhangi bir tarama sonucu bulamadık!", + "COLUMN_ID": "Güvenlik Açığı", + "COLUMN_SEVERITY": "Şiddet", + "COLUMN_PACKAGE": "Paket", + "COLUMN_PACKAGES": "Paketler", + "COLUMN_VERSION": "Şimdiki versiyon", + "COLUMN_FIXED": "Sürümde düzeltildi", + "COLUMN_DESCRIPTION": "Açıklama", + "FOOT_ITEMS": "Öğeler", + "FOOT_OF": "of" + }, + "CHART": { + "SCANNING_TIME": "Tarama tamamlanma zamanı:", + "TOOLTIPS_TITLE": "{{totalVulnerability}} 'nın {{totalPackages}} {{package}} bilinen {{vulnerability}}.", + "TOOLTIPS_TITLE_SINGULAR": "{{totalVulnerability}} 'nın {{totalPackages}} {{package}} bilinen {{vulnerability}}.", + "TOOLTIPS_TITLE_ZERO": "Tanınabilir bir güvenlik açığı paketi bulunamadı" + }, + "SEVERITY": { + "HIGH": "Yüksek", + "MEDIUM": "Orta", + "LOW": "Düşük", + "NEGLIGIBLE": "Önemsiz", + "UNKNOWN": "Bilinmiyor", + "NONE": "Hiç" + }, + "SINGULAR": "güvenlik açığı", + "OVERALL_SEVERITY": "Güvenlik açığı ciddiyeti:", + "NO_VULNERABILITY": "Güvenlik açığı yok", + "PLURAL": " güvenlik açıkları", + "PLACEHOLDER": "Güvenlik Açıklarını Filtrele", + "PACKAGE": "paket", + "PACKAGES": "paketler", + "SCAN_NOW": "Tara", + "JOB_LOG_VIEWER": "Tarama Günlüğünü Göster" + }, + "PUSH_IMAGE": { + "TITLE": "İmajı Yükle", + "TOOLTIP": "Bu projeye bir imaj yüklemek için komut referansları.", + "TAG_COMMAND": "Bu proje için bir imaj etiketleyin:", + "PUSH_COMMAND": "Bu projeye bir imaj gönder:", + "COPY_ERROR": "Kopyalama başarısız oldu, lütfen komut referanslarını el ile kopyalamayı deneyin." + }, + "TAG": { + "CREATION_TIME_PREFIX": "Oluştur", + "CREATOR_PREFIX": "tarafından", + "ANONYMITY": "anonimlik", + "IMAGE_DETAILS": "İmaj Detayları", + "DOCKER_VERSION": "Docker Versiyonu", + "ARCHITECTURE": "Mimari", + "OS": "İŞ", + "OS_VERSION": "İŞ Versiyonu", + "HAVE": "sahip", + "HAS": "sahip", + "SCAN_COMPLETION_TIME": "Tarama Tamamlandı", + "IMAGE_VULNERABILITIES": "İmaj Güvenlik Açıkları", + "LEVEL_VULNERABILITIES": "Seviye Güvenlik Açıkları", + "PLACEHOLDER": "Etiket bulamadık!", + "COPY_ERROR": "Kopyalama başarısız oldu, lütfen el ile kopyalamayı deneyin.", + "FILTER_FOR_TAGS": "Etiketleri Filtrele", + "AUTHOR": "Yazar", + "LABELS": "Etiketler", + "CREATION": "Oluşturma", + "COMMAND": "Komutlar" + }, + "LABEL": { + "LABEL": "Etiket", + "DESCRIPTION": "Açıklama", + "CREATION_TIME": "Yaratılma Zamanı", + "NEW_LABEL": "Yeni Etiket", + "EDIT": "Düzenle", + "DELETE": "Sil", + "LABEL_NAME": "Etiket İsmi", + "COLOR": "Renk", + "FILTER_LABEL_PLACEHOLDER": "Etiketleri Filtrele", + "NO_LABELS": "Etiket Yok", + "DELETION_TITLE_TARGET": "Etiket silmeyi onayla", + "DELETION_SUMMARY_TARGET": "Silmek istiyor musunuz {{param}}?", + "PLACEHOLDER": "Etiket bulamadık!", + "NAME_ALREADY_EXISTS": "Etiket adı zaten var." + }, + "QUOTA": { + "PROJECT": "Proje", + "OWNER": "Sahip", + "COUNT": "Adet", + "STORAGE": "Saklama", + "EDIT": "Düzenle", + "DELETE": "Sil", + "OF": "of", + "PROJECT_QUOTA_DEFAULT_ARTIFACT": "Proje başına varsayılan yapay eser sayısı", + "PROJECT_QUOTA_DEFAULT_DISK": "Proje başına varsayılan disk alanı", + "EDIT_PROJECT_QUOTAS": "Proje Kotalarını Düzenle", + "EDIT_DEFAULT_PROJECT_QUOTAS": "Varsayılan Proje Kotalarını Düzenle", + "SET_QUOTAS": "Proje 'kütüphanesi' için proje kotalarını ayarlayın", + "SET_DEFAULT_QUOTAS": "Yeni projeler oluştururken varsayılan proje kotalarını ayarlayın", + "COUNT_QUOTA": "Eser Adeti", + "COUNT_DEFAULT_QUOTA": "Varsayılan eser sayısı", + "STORAGE_QUOTA": "Depolama tüketimi", + "STORAGE_DEFAULT_QUOTA": "Varsayılan depolama tüketimi", + "SAVE_SUCCESS": "Kota düzenleme başarısı", + "UNLIMITED": "sınırsız", + "INVALID_INPUT": "geçersiz giriş" + }, + "WEEKLY": { + "MONDAY": "Pazartesi", + "TUESDAY": "Salı", + "WEDNESDAY": "Çarşamba", + "THURSDAY": "Perşembe", + "FRIDAY": "Cuma", + "SATURDAY": "Cumartesi", + "SUNDAY": "Pazar" + }, + "OPERATION": { + "LOCAL_EVENT": "Yerel etkinlikler", + "ALL": "Hepsi", + "RUNNING": "Çalışıyor", + "FAILED": "Başarısız oldu", + "STOP_EXECUTIONS": "Yürütmeyi durdur", + "DELETE_PROJECT": "Projeyi sil", + "DELETE_REPO": "Depoyu sil", + "DELETE_TAG": "Etiketi sil", + "DELETE_USER": "Kullanıcıyı sil", + "DELETE_ROBOT": "Robotu sil", + "DELETE_REGISTRY": "Kayıt defterini sil", + "DELETE_REPLICATION": "Çoğaltmayı sil", + "DELETE_MEMBER": "Kullanıcı üyesini sil", + "DELETE_GROUP": "Grup üyesini sil", + "DELETE_CHART_VERSION": "Tablo versiyonunu sil", + "DELETE_CHART": "Tabloyu sil", + "SWITCH_ROLE": "Rol değiştir", + "ADD_GROUP": "Grup üyesi ekle", + "ADD_USER": "Kullanıcı üyesi ekle", + "DELETE_LABEL": "Etiketi sil", + "REPLICATION": "Çoğaltma", + "DAY_AGO": " gün(ler) önce", + "HOUR_AGO": " saat(ler) önce", + "MINUTE_AGO": " dakika(lar) önce", + "SECOND_AGO": "1 dakikadan az", + "EVENT_LOG": "OLAY KAYDI" + }, + "UNKNOWN_ERROR": "Bilinmeyen hatalar oluştu. Lütfen daha sonra tekrar deneyiniz.", + "UNAUTHORIZED_ERROR": "Oturumunuz geçersiz veya süresi dolmuş. İşleminize devam etmek için oturum açmanız gerekir.", + "REPO_READ_ONLY": "Harbor salt okunur moduna ayarlandı, Depoyu silme, etiketleme ve imaj yükleme salt okunur modda devre dışı bırakılacak.", + "FORBIDDEN_ERROR": "İşlemi gerçekleştirmek için gereken ayrıcalıklarınız yok.", + "GENERAL_ERROR": "Servis çağrısı yapılırken hatalar oluştu: {{param}}.", + "BAD_REQUEST_ERROR": "Kötü bir istek nedeniyle işleminizi gerçekleştiremiyoruz.", + "NOT_FOUND_ERROR": "Nesne bulunmadığından isteğiniz tamamlanamıyor.", + "CONFLICT_ERROR": "Gönderiminizde çakışmalar olduğundan eyleminizi gerçekleştiremiyoruz.", + "PRECONDITION_FAILED": "Önkoşul arızası nedeniyle işleminizi gerçekleştiremiyoruz.", + "SERVER_ERROR": "Dahili sunucu hataları oluştuğundan işleminizi gerçekleştiremiyoruz.", + "INCONRRECT_OLD_PWD": "Eski şifre yanlış.", + "UNKNOWN": "n/a", + "STATUS": "Durum", + "START_TIME": "Başlama Zamanı", + "UPDATE_TIME": "Güncelleme Zamanı", + "LOGS": "Kayıtlar", + "PENDING": "Askıda", + "FINISHED": "Bitti", + "STOPPED": "Durdu", + "RUNNING": "Çalışıyor", + "ERROR": "Hata", + "SCHEDULE": { + "NONE": "Hiç", + "DAILY": "Günlük", + "WEEKLY": "Haftalık", + "HOURLY": "Saatlik", + "CUSTOM": "Özel", + "MANUAL": "Manuel", + "CRON": "cron", + "ON": "on", + "AT": "at", + "NOSCHEDULE": "Takvimlendirme de bir hata oluştu" + + }, + "GC": { + "CURRENT_SCHEDULE": "Mevcut Program", + "GC_NOW": "ŞİMDİ ÇT", + "JOB_HISTORY": "ÇT Geçmişi", + "JOB_ID": "İş ID", + "TRIGGER_TYPE": "Tetik tipi", + "LATEST_JOBS": "Son {{param}} İşler", + "MSG_SUCCESS": "Çöp Toplama Başarılı", + "MSG_SCHEDULE_SET": "Çöp Toplama programı belirlendi", + "MSG_SCHEDULE_RESET": "Çöp Toplama programı sıfırlandı" + }, + "RETAG": { + "MSG_SUCCESS": "Başarıyla yeniden etiketle", + "TIP_REPO": "Bir depo adı yol bileşenlerine bölünmüştür. Depo adının bir bileşeni, isteğe bağlı olarak nokta, kısa çizgi veya alt çizgi ile ayrılmış en az bir küçük harf, alfa sayısal karakterler olmalıdır. Daha kesin olarak, [a-z0-9] + (?: [._-] [a-z0-9] +) * normal ifadesiyle eşleşmelidir. Eğer bir depo adı iki veya daha fazla yol bileşenine sahipse, eğik çizgi ile ayrılmış ('/').Eğik çizgi içeren bir depo adının toplam uzunluğu, 256 karakterden az olmalıdır.", + "TIP_TAG": "Etiket, bir depodaki Docker imajına uygulanan bir etikettir. Etiketler, bir depodaki çeşitli imajların birbirlerinden nasıl ayırt edildikleridir. Regex ile eşleşmesi gerekir: (`[\\ w] [\\ w .-] {0,127}`)" + }, + "CVE_WHITELIST": { + "DEPLOYMENT_SECURITY": "Dağıtım güvenliği", + "CVE_WHITELIST": "CVE beyaz listesi", + "SYS_WHITELIST_EXPLAIN": "Sistem beyaz listesi, bir görüntünün güvenlik açığını hesaplarken bu listedeki güvenlik açıklarının göz ardı edilmesine izin verir.", + "ADD_SYS": "Sistemin beyaz listesine CVE kimlikleri ekle", + "WARNING_SYS": "Sistem CVE beyaz listesinin süresi doldu. Beyaz listeyi son kullanma tarihini uzatarak etkinleştirebilirsiniz.", + "WARNING_PRO": "Proje CVE beyaz listesinin süresi doldu. Beyaz listeyi son kullanma tarihini uzatarak etkinleştirebilirsiniz.", + "ADD": "EKLE", + "ENTER": "CVE ID(leri) Gir", + "HELP": "Ayırıcı: virgül veya yeni satır karakterleri", + "NONE": "Hiç", + "EXPIRES_AT": "Sonunda sona eriyor", + "NEVER_EXPIRES": "Hiçbir zaman sona ermez", + "PRO_WHITELIST_EXPLAIN": "Proje beyaz listesi, görüntüleri iterken ve çekerken bu listedeki güvenlik açıklarının bu projede göz ardı edilmesine izin verir.", + "PRO_OR_SYS": "Sistemin beyaz listesini olduğu gibi kullanın veya yeni bir beyaz liste oluşturmak için “Proje beyaz listesini” seçin.", + "MERGE_INTO": "Sistemin beyaz listesini bu projeye dahil edin, bireysel CVE ID'leri ekleyin.", + "SYS_WHITELIST": "Sistem beyaz listesi", + "PRO_WHITELIST": "Proje beyaz listesi", + "ADD_SYSTEM": "SİSTEM EKLE" + }, + "TAG_RETENTION": { + "TAG_RETENTION": "Etiket Tutma", + "RETENTION_RULES": "Saklama kuralları", + "RULE_NAME_1": " son {{number}} günden görüntüler", + "RULE_NAME_2": " en son aktif {{number}} görüntüleri", + "RULE_NAME_3": " en son {{number}} görüntülerine basılmış", + "RULE_NAME_4": " en son çekilen {{number}} görüntüleri", + "RULE_NAME_5": " her zaman", + "ADD_RULE": "KURAL EKLE", + "ADD_RULE_HELP_1": "Kural eklemek için KURAL EKLE düğmesini tıklayın.", + "ADD_RULE_HELP_2": "Etiket tutma politikası günde bir kez yayınlanır.", + "RETENTION_RUNS": "Tutma çalışır", + "RUN_NOW": "ŞİMDİ ÇALIŞTIR", + "WHAT_IF_RUN": "SİMÜLE ET", + "ABORT": "İPTAL ET", + "SERIAL": "ID", + "STATUS": "Durum", + "DRY_RUN": "Simülasyon", + "START_TIME": "Başlangıç Zamanı", + "DURATION": "Çalışma Süresi", + "DETAILS": "Detaylar", + "REPOSITORY": "Depo", + "EDIT": "Düzenle", + "DISABLE": "Devre dışı bırak", + "ENABLE": "Aktif et", + "DELETE": "Sil", + "ADD_TITLE": "Etiket Tutma Kuralı Ekle", + "ADD_SUBTITLE": "Bu proje için bir etiket saklama kuralı belirtin. Tüm etiket tutma kuralları bağımsız olarak hesaplanır ve her kural, seçilen bir havuz listesine uygulanabilir.", + "BY_WHAT": "Resim sayısına veya gün sayısına göre", + "RULE_TEMPLATE_1": " Son # güne ait görüntüler", + "RULE_TEMPLATE_2": " En yeni aktif # imajlar", + "RULE_TEMPLATE_3": " En son eklenen # imajlar", + "RULE_TEMPLATE_4": " en son çekilmiş # imajlar", + "RULE_TEMPLATE_5": " her zaman", + "ACTION_RETAIN": " tutmak", + "UNIT_DAY": "GÜNLER", + "UNIT_COUNT": "SAYAÇ", + "NUMBER": "SAYI", + "IN_REPOSITORIES": "Depolar için", + "REP_SEPARATOR": "Birden çok virgülle ayrılmış depolar, depo* veya ** girin", + "TAGS": "Etiketler", + "MATCHES_TAGS": "Etiketleri eşleşir", + "MATCHES_EXCEPT_TAGS": "Etiketler hariç eşleşir", + "TAG_SEPARATOR": "Birden çok virgülle ayrılmış etiket, etiket *, ** veya regex girin", + "LABELS": "Etiketler", + "MATCHES_LABELS": "Eşleşen Etiketler", + "MATCHES_EXCEPT_LABELS": "Etiketler hariç eşleşmeler", + "REP_LABELS": "Birden çok virgülle ayrılmış etiket girin", + "RETENTION_RUN": "Tutma Çalıştırması", + "RETENTION_RUN_EXPLAIN": "Tutma ilkesinin yürütülmesinin bu projedeki imajlar üzerinde olumsuz etkileri olabilir ve etkilenen imaj etiketleri silinecektir. Bu politikanın etkisini simüle etmek için İPTAL'e basın ve SİMÜLE ET'i kullanın. Aksi halde devam etmek için ÇALIŞTIR düğmesine basın.", + "RETENTION_RUN_ABORTED": "Retention Run Aborted", + "RETENTION_RUN_ABORTED_EXPLAIN": "Bu saklama koşulu iptal edildi. Zaten silinen imajlar geri alınamaz. İmajları silmeye devam etmek için başka bir çalışma başlatabilirsiniz. Bir koşuyu simüle etmek için “SİMÜLE ET”.", + "LOADING": "Yükleniyor...", + "NO_EXECUTION": "Çalıştırma bulamadık!", + "NO_HISTORY": "Hiçbir tarih bulamadık!", + "DELETION": "Silinenler", + "EDIT_TITLE": "Etiket Tutma Kuralını Düzenle", + "LOG": "Kayıt", + "EXCLUDES": "Çalıştırmalar", + "MATCHES": "Eşleşmeler", + "REPO": " depolar", + "EXC": " çalıştırılıyor ", + "MAT": " eşleşiyor ", + "AND": " ve", + "WITH": " birlikte ", + "WITHOUT": " olmadan ", + "LOWER_LABELS": " etiketler", + "WITH_CONDITION": " birlikte", + "LOWER_TAGS": " etiketler", + "TRIGGER": "Program", + "RETAINED": "Tutulan", + "TOTAL": "Toplam", + "NONE": " hiç", + "RULE_NAME_6": " son {{number}} gün içinde çekilmiş imajlar", + "RULE_NAME_7": " imajlar son {{number}} gün içinde yüklendi", + "RULE_TEMPLATE_6": " imajlar son # gün içinde imdirilmiş", + "RULE_TEMPLATE_7": " imajlar son # gün içinde yüklendi.", + "SCHEDULE": "Program", + "SCHEDULE_WARNING": "Tutma ilkesinin yürütülmesinin bu projedeki görüntüler üzerinde olumsuz etkileri olabilir ve etkilenen imajların etiketleri silinecektir." + } + +} diff --git a/src/portal/src/i18n/lang/zh-cn-lang.json b/src/portal/src/i18n/lang/zh-cn-lang.json index 230d1870f..fc3ea978d 100644 --- a/src/portal/src/i18n/lang/zh-cn-lang.json +++ b/src/portal/src/i18n/lang/zh-cn-lang.json @@ -225,9 +225,9 @@ "INLINE_HELP_PUBLIC": "当项目设为公开后,任何人都有此项目下镜像的读权限。命令行用户不需要“docker login”就可以拉取此项目下的镜像。", "COUNT_QUOTA": "存储数量", "STORAGE_QUOTA": "存储容量", - "COUNT_QUOTA_TIP": "存储数量上限应该是整数.", - "STORAGE_QUOTA_TIP": "存储容量的上限应该设置成为整数.并且最大值不能超过1024TB", - "QUOTA_UNLIMIT_TIP": "如果你想要对存储不设置上限,请输入-1." + "COUNT_QUOTA_TIP": "请输入一个'1' ~ '100000000'之间的整数, '-1'表示不设置上限。", + "STORAGE_QUOTA_TIP": "存储配额的上限仅采用整数值,上限为1024TB。输入“-1”作为无限制配额。", + "QUOTA_UNLIMIT_TIP": "如果你想要对存储不设置上限,请输入-1。" }, "PROJECT_DETAIL": { "SUMMARY": "概要", @@ -361,6 +361,8 @@ "TEST_ENDPOINT_BUTTON": "测试 ENDPOINT", "CANCEL_BUTTON": "取消", "SAVE_BUTTON": "保存", + "TEST_ENDPOINT_SUCCESS": "测试连接成功。", + "TEST_ENDPOINT_FAILURE": "测试连接失败。", "ENABLED_WEBHOOK_TITLE": "启用项目的 Webhooks", "ENABLED_WEBHOOK_SUMMARY": "你希望开启项目的 Webhooks 吗?", "DISABLED_WEBHOOK_TITLE": "停用项目的 Webhooks", @@ -802,8 +804,7 @@ "ROOT_CERT_DOWNLOAD": "下载镜像库根证书。", "SCANNING_POLICY": "基于不同需求设置镜像扫描策略。‘无’:不设置任何策略;‘每日定时’:每天在设置的时间定时执行扫描。", "VERIFY_CERT": "检查来自LDAP服务端的证书", - "READONLY_TOOLTIP": "选中,表示正在维护状态,不可删除仓库及标签,也不可以推送镜像。", - "REPO_TOOLTIP": "用户在此模式下无法对图像执行任何操作。", + "REPO_TOOLTIP": "用户在此模式下无法对镜像执行任何操作。", "WEBHOOK_TOOLTIP": "当执行推送,拉动,删除,扫描图像或图表等特定操作时,启用 webhooks 以在指定端点接收回调", "HOURLY_CRON":"每小时运行一次。相当于 0 0 * * * *", "WEEKLY_CRON":"每周一次,周六/周日午夜之间开始。相当于 0 0 * * * *", @@ -1202,7 +1203,9 @@ "RULE_NAME_6": "最近{{number}}天被拉取过的镜像", "RULE_NAME_7": "最近{{number}}天被推送过的镜像", "RULE_TEMPLATE_6": "最近#天被拉取过的镜像", - "RULE_TEMPLATE_7": "最近#天被推送过的镜像" + "RULE_TEMPLATE_7": "最近#天被推送过的镜像", + "SCHEDULE": "定时任务", + "SCHEDULE_WARNING": "执行保留策略将对该项目中的镜像产生反向影响,受影响的镜像tags将会被删除。" } } diff --git a/src/replication/adapter/harbor/adapter.go b/src/replication/adapter/harbor/adapter.go index c24940d61..4c8a26597 100644 --- a/src/replication/adapter/harbor/adapter.go +++ b/src/replication/adapter/harbor/adapter.go @@ -156,7 +156,7 @@ func (a *adapter) PrepareForPush(resources []*model.Resource) error { paths := strings.Split(resource.Metadata.Repository.Name, "/") projectName := paths[0] // handle the public properties - metadata := resource.Metadata.Repository.Metadata + metadata := abstractPublicMetadata(resource.Metadata.Repository.Metadata) pro, exist := projects[projectName] if exist { metadata = mergeMetadata(pro.Metadata, metadata) @@ -187,6 +187,19 @@ func (a *adapter) PrepareForPush(resources []*model.Resource) error { return nil } +func abstractPublicMetadata(metadata map[string]interface{}) map[string]interface{} { + if metadata == nil { + return nil + } + public, exist := metadata["public"] + if !exist { + return nil + } + return map[string]interface{}{ + "public": public, + } +} + // currently, mergeMetadata only handles the public metadata func mergeMetadata(metadata1, metadata2 map[string]interface{}) map[string]interface{} { public := parsePublic(metadata1) && parsePublic(metadata2) diff --git a/src/replication/adapter/harbor/adapter_test.go b/src/replication/adapter/harbor/adapter_test.go index 085a62533..844e536cf 100644 --- a/src/replication/adapter/harbor/adapter_test.go +++ b/src/replication/adapter/harbor/adapter_test.go @@ -210,3 +210,26 @@ func TestMergeMetadata(t *testing.T) { assert.Equal(t, strconv.FormatBool(c.public), m["public"].(string)) } } + +func TestAbstractPublicMetadata(t *testing.T) { + // nil input metadata + meta := abstractPublicMetadata(nil) + assert.Nil(t, meta) + + // contains no public metadata + metadata := map[string]interface{}{ + "other": "test", + } + meta = abstractPublicMetadata(metadata) + assert.Nil(t, meta) + + // contains public metadata + metadata = map[string]interface{}{ + "other": "test", + "public": "true", + } + meta = abstractPublicMetadata(metadata) + require.NotNil(t, meta) + require.Equal(t, 1, len(meta)) + require.Equal(t, "true", meta["public"].(string)) +} diff --git a/src/replication/adapter/harbor/chart_registry.go b/src/replication/adapter/harbor/chart_registry.go index 81856ced3..a93cc3feb 100644 --- a/src/replication/adapter/harbor/chart_registry.go +++ b/src/replication/adapter/harbor/chart_registry.go @@ -164,6 +164,13 @@ func (a *adapter) DownloadChart(name, version string) (io.ReadCloser, error) { if err != nil { return nil, err } + if resp.StatusCode != http.StatusOK { + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + return nil, err + } + return nil, fmt.Errorf("failed to download the chart %s: %d %s", req.URL.String(), resp.StatusCode, string(body)) + } return resp.Body, nil } diff --git a/src/replication/adapter/harbor/chart_registry_test.go b/src/replication/adapter/harbor/chart_registry_test.go index a2830666d..5231c0940 100644 --- a/src/replication/adapter/harbor/chart_registry_test.go +++ b/src/replication/adapter/harbor/chart_registry_test.go @@ -137,7 +137,7 @@ func TestDownloadChart(t *testing.T) { }, { Method: http.MethodGet, - Pattern: "/api/chartrepo/library/charts/harbor-1.0.tgz", + Pattern: "/chartrepo/library/charts/harbor-1.0.tgz", Handler: func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) }, diff --git a/src/replication/adapter/helmhub/chart_registry.go b/src/replication/adapter/helmhub/chart_registry.go index daba32952..d59cf73ad 100644 --- a/src/replication/adapter/helmhub/chart_registry.go +++ b/src/replication/adapter/helmhub/chart_registry.go @@ -17,6 +17,7 @@ package helmhub import ( "fmt" "io" + "io/ioutil" "net/http" "strings" @@ -123,7 +124,7 @@ func (a *adapter) download(version *chartVersion) (io.ReadCloser, error) { url := strings.ToLower(version.Attributes.URLs[0]) if !(strings.HasPrefix(url, "http://") || strings.HasPrefix(url, "https://")) { - url = fmt.Sprintf("%s/charts/%s", version.Relationships.Chart.Data.Repo.URL, url) + url = fmt.Sprintf("%s/%s", version.Relationships.Chart.Data.Repo.URL, url) } req, err := http.NewRequest(http.MethodGet, url, nil) @@ -134,6 +135,13 @@ func (a *adapter) download(version *chartVersion) (io.ReadCloser, error) { if err != nil { return nil, err } + if resp.StatusCode != http.StatusOK { + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + return nil, err + } + return nil, fmt.Errorf("failed to download the chart %s: %d %s", req.URL.String(), resp.StatusCode, string(body)) + } return resp.Body, nil } diff --git a/src/replication/adapter/native/adapter.go b/src/replication/adapter/native/adapter.go index 8f42f6a61..887448ed7 100644 --- a/src/replication/adapter/native/adapter.go +++ b/src/replication/adapter/native/adapter.go @@ -58,9 +58,8 @@ type Adapter struct { // NewAdapter returns an instance of the Adapter func NewAdapter(registry *model.Registry) (*Adapter, error) { - var authorizer modifier.Modifier + var cred modifier.Modifier if registry.Credential != nil && len(registry.Credential.AccessSecret) != 0 { - var cred modifier.Modifier if registry.Credential.Type == model.CredentialTypeSecret { cred = common_http_auth.NewSecretAuthorizer(registry.Credential.AccessSecret) } else { @@ -68,10 +67,11 @@ func NewAdapter(registry *model.Registry) (*Adapter, error) { registry.Credential.AccessKey, registry.Credential.AccessSecret) } - authorizer = auth.NewStandardTokenAuthorizer(&http.Client{ - Transport: util.GetHTTPTransport(registry.Insecure), - }, cred, registry.TokenServiceURL) } + authorizer := auth.NewStandardTokenAuthorizer(&http.Client{ + Transport: util.GetHTTPTransport(registry.Insecure), + }, cred, registry.TokenServiceURL) + return NewAdapterWithCustomizedAuthorizer(registry, authorizer) } diff --git a/src/replication/dao/execution.go b/src/replication/dao/execution.go index 030b57ef0..1fbd54ba2 100644 --- a/src/replication/dao/execution.go +++ b/src/replication/dao/execution.go @@ -322,25 +322,39 @@ func UpdateTask(task *models.Task, props ...string) (int64, error) { return o.Update(task, props...) } -// UpdateTaskStatus ... +// UpdateTaskStatus updates the status of task. +// The implementation uses raw sql rather than QuerySetter.Filter... as QuerySetter +// will generate sql like: +// `UPDATE "replication_task" SET "end_time" = $1, "status" = $2 +// WHERE "id" IN ( SELECT T0."id" FROM "replication_task" T0 WHERE T0."id" = $3 +// AND T0."status" IN ($4, $5, $6))]` +// which is not a "single" sql statement, this will cause issues when running in concurrency func UpdateTaskStatus(id int64, status string, statusCondition ...string) (int64, error) { - qs := dao.GetOrmer().QueryTable(&models.Task{}). - Filter("id", id) - if len(statusCondition) > 0 { - qs = qs.Filter("status", statusCondition[0]) - } - params := orm.Params{ - "status": status, - } + params := []interface{}{} + sql := `update replication_task set status = ? ` + params = append(params, status) + if taskFinished(status) { // should update endTime - params["end_time"] = time.Now() + sql += `, end_time = ? ` + params = append(params, time.Now()) } - n, err := qs.Update(params) + + sql += `where id = ? ` + params = append(params, id) + if len(statusCondition) > 0 { + sql += fmt.Sprintf(`and status in (%s) `, dao.ParamPlaceholderForIn(len(statusCondition))) + params = append(params, statusCondition) + } + + result, err := dao.GetOrmer().Raw(sql, params...).Exec() if err != nil { return 0, err } - log.Debugf("update task status %d: -> %s", id, status) + n, _ := result.RowsAffected() + if n > 0 { + log.Debugf("update task status %d: -> %s", id, status) + } return n, err } diff --git a/src/replication/operation/controller.go b/src/replication/operation/controller.go index 878325e7e..35d6e84fe 100644 --- a/src/replication/operation/controller.go +++ b/src/replication/operation/controller.go @@ -16,10 +16,12 @@ package operation import ( "fmt" + "regexp" "time" "github.com/goharbor/harbor/src/common/job" "github.com/goharbor/harbor/src/common/utils/log" + hjob "github.com/goharbor/harbor/src/jobservice/job" "github.com/goharbor/harbor/src/replication/dao/models" "github.com/goharbor/harbor/src/replication/model" "github.com/goharbor/harbor/src/replication/operation/execution" @@ -45,6 +47,11 @@ const ( maxReplicators = 1024 ) +var ( + statusBehindErrorPattern = "mismatch job status for stopping job: .*, job status (.*) is behind Running" + statusBehindErrorReg = regexp.MustCompile(statusBehindErrorPattern) +) + // NewController returns a controller implementation func NewController(js job.Client) Controller { ctl := &controller{ @@ -149,19 +156,36 @@ func (c *controller) StopReplication(executionID int64) error { } // got tasks, stopping the tasks one by one for _, task := range tasks { - if !isTaskRunning(task) { - log.Debugf("the task %d(job ID: %s) isn't running, its status is %s, skip", task.ID, task.JobID, task.Status) + if isTaskInFinalStatus(task) { + log.Debugf("the task %d(job ID: %s) is in final status, its status is %s, skip", task.ID, task.JobID, task.Status) continue } if err = c.scheduler.Stop(task.JobID); err != nil { - return err + status, flag := isStatusBehindError(err) + if flag { + switch hjob.Status(status) { + case hjob.ErrorStatus: + status = models.TaskStatusFailed + case hjob.SuccessStatus: + status = models.TaskStatusSucceed + } + e := c.executionMgr.UpdateTaskStatus(task.ID, status) + if e != nil { + log.Errorf("failed to update the status the task %d(job ID: %s): %v", task.ID, task.JobID, e) + } else { + log.Debugf("got status behind error for task %d, update it's status to %s directly", task.ID, status) + } + continue + } + log.Errorf("failed to stop the task %d(job ID: %s): %v", task.ID, task.JobID, err) + continue } log.Debugf("the stop request for task %d(job ID: %s) sent", task.ID, task.JobID) } return nil } -func isTaskRunning(task *models.Task) bool { +func isTaskInFinalStatus(task *models.Task) bool { if task == nil { return false } @@ -169,9 +193,20 @@ func isTaskRunning(task *models.Task) bool { case models.TaskStatusSucceed, models.TaskStatusStopped, models.TaskStatusFailed: - return false + return true } - return true + return false +} + +func isStatusBehindError(err error) (string, bool) { + if err == nil { + return "", false + } + strs := statusBehindErrorReg.FindStringSubmatch(err.Error()) + if len(strs) != 2 { + return "", false + } + return strs[1], true } func (c *controller) ListExecutions(query ...*models.ExecutionQuery) (int64, []*models.Execution, error) { diff --git a/src/replication/operation/controller_test.go b/src/replication/operation/controller_test.go index c19daa8c9..b6f4f5d77 100644 --- a/src/replication/operation/controller_test.go +++ b/src/replication/operation/controller_test.go @@ -15,6 +15,7 @@ package operation import ( + "errors" "io" "os" "testing" @@ -344,40 +345,57 @@ func TestGetTaskLog(t *testing.T) { func TestIsTaskRunning(t *testing.T) { cases := []struct { - task *models.Task - isRunning bool + task *models.Task + isFinalStatus bool }{ { - task: nil, - isRunning: false, + task: nil, + isFinalStatus: false, }, { task: &models.Task{ Status: models.TaskStatusSucceed, }, - isRunning: false, + isFinalStatus: true, }, { task: &models.Task{ Status: models.TaskStatusFailed, }, - isRunning: false, + isFinalStatus: true, }, { task: &models.Task{ Status: models.TaskStatusStopped, }, - isRunning: false, + isFinalStatus: true, }, { task: &models.Task{ Status: models.TaskStatusInProgress, }, - isRunning: true, + isFinalStatus: false, }, } for _, c := range cases { - assert.Equal(t, c.isRunning, isTaskRunning(c.task)) + assert.Equal(t, c.isFinalStatus, isTaskInFinalStatus(c.task)) } } + +func TestIsStatusBehindError(t *testing.T) { + // nil error + status, flag := isStatusBehindError(nil) + assert.False(t, flag) + + // not status behind error + err := errors.New("not status behind error") + status, flag = isStatusBehindError(err) + assert.False(t, flag) + + // status behind error + err = errors.New("mismatch job status for stopping job: 9feedf9933jffs, job status Error is behind Running") + status, flag = isStatusBehindError(err) + assert.True(t, flag) + assert.Equal(t, "Error", status) +} diff --git a/src/replication/operation/execution/execution.go b/src/replication/operation/execution/execution.go index ba9189826..0d4db946c 100644 --- a/src/replication/operation/execution/execution.go +++ b/src/replication/operation/execution/execution.go @@ -152,13 +152,9 @@ func (dm *DefaultManager) UpdateTask(task *models.Task, props ...string) error { // UpdateTaskStatus ... func (dm *DefaultManager) UpdateTaskStatus(taskID int64, status string, statusCondition ...string) error { - n, err := dao.UpdateTaskStatus(taskID, status, statusCondition...) - if err != nil { + if _, err := dao.UpdateTaskStatus(taskID, status, statusCondition...); err != nil { return err } - if n == 0 { - return fmt.Errorf("Update task status failed %d: -> %s ", taskID, status) - } return nil } diff --git a/src/replication/operation/hook/task.go b/src/replication/operation/hook/task.go index 576d0deab..220763dbd 100644 --- a/src/replication/operation/hook/task.go +++ b/src/replication/operation/hook/task.go @@ -25,17 +25,23 @@ func UpdateTask(ctl operation.Controller, id int64, status string) error { jobStatus := job.Status(status) // convert the job status to task status s := "" + preStatus := []string{} switch jobStatus { case job.PendingStatus: s = models.TaskStatusPending + preStatus = append(preStatus, models.TaskStatusInitialized) case job.ScheduledStatus, job.RunningStatus: s = models.TaskStatusInProgress + preStatus = append(preStatus, models.TaskStatusInitialized, models.TaskStatusPending) case job.StoppedStatus: s = models.TaskStatusStopped + preStatus = append(preStatus, models.TaskStatusInitialized, models.TaskStatusPending, models.TaskStatusInProgress) case job.ErrorStatus: s = models.TaskStatusFailed + preStatus = append(preStatus, models.TaskStatusInitialized, models.TaskStatusPending, models.TaskStatusInProgress) case job.SuccessStatus: s = models.TaskStatusSucceed + preStatus = append(preStatus, models.TaskStatusInitialized, models.TaskStatusPending, models.TaskStatusInProgress) } - return ctl.UpdateTaskStatus(id, s) + return ctl.UpdateTaskStatus(id, s, preStatus...) } diff --git a/src/testing/suite.go b/src/testing/suite.go new file mode 100644 index 000000000..679de182a --- /dev/null +++ b/src/testing/suite.go @@ -0,0 +1,93 @@ +// Copyright Project Harbor Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package testing + +import ( + "fmt" + "math/rand" + "strconv" + "time" + + "github.com/goharbor/harbor/src/common/dao" + "github.com/goharbor/harbor/src/common/models" + "github.com/goharbor/harbor/src/core/config" + "github.com/goharbor/harbor/src/pkg/types" + "github.com/stretchr/testify/suite" +) + +func init() { + rand.Seed(time.Now().UnixNano()) +} + +// Suite ... +type Suite struct { + suite.Suite +} + +// SetupSuite ... +func (suite *Suite) SetupSuite() { + config.Init() + dao.PrepareTestForPostgresSQL() +} + +// RandString ... +func (suite *Suite) RandString(n int, letters ...string) string { + if len(letters) == 0 || len(letters[0]) == 0 { + letters = []string{"abcdefghijklmnopqrstuvwxyz"} + } + + letterBytes := []byte(letters[0]) + + b := make([]byte, n) + for i := range b { + b[i] = letterBytes[rand.Intn(len(letterBytes))] + } + return string(b) +} + +// WithProject ... +func (suite *Suite) WithProject(f func(int64, string), projectNames ...string) { + var projectName string + if len(projectNames) > 0 { + projectName = projectNames[0] + } else { + projectName = suite.RandString(5) + } + + projectID, err := dao.AddProject(models.Project{ + Name: projectName, + OwnerID: 1, + }) + if err != nil { + panic(err) + } + + defer func() { + dao.DeleteProject(projectID) + }() + + f(projectID, projectName) +} + +// AssertResourceUsage ... +func (suite *Suite) AssertResourceUsage(expected int64, resource types.ResourceName, projectID int64) { + usage := models.QuotaUsage{Reference: "project", ReferenceID: strconv.FormatInt(projectID, 10)} + err := dao.GetOrmer().Read(&usage, "reference", "reference_id") + suite.Nil(err, fmt.Sprintf("Failed to get resource %s usage of project %d, error: %v", resource, projectID, err)) + + used, err := types.NewResourceList(usage.Used) + suite.Nil(err, "Bad resource usage of project %d", projectID) + suite.Equal(expected, used[resource]) +} diff --git a/tests/apitests/python/library/project.py b/tests/apitests/python/library/project.py index c563103c7..975457ab8 100644 --- a/tests/apitests/python/library/project.py +++ b/tests/apitests/python/library/project.py @@ -77,30 +77,21 @@ class Project(base.Base): base._assert_status_code(200, status_code) return data - def update_project(self, project_id, metadata, **kwargs): + def update_project(self, project_id, expect_status_code=200, metadata=None, cve_whitelist=None, **kwargs): client = self._get_client(**kwargs) - project = swagger_client.Project(project_id, None, None, None, None, None, None, None, None, None, None, metadata) - _, status_code, _ = client.projects_project_id_put_with_http_info(project_id, project) - base._assert_status_code(200, status_code) + project = swagger_client.ProjectReq(metadata=metadata, cve_whitelist=cve_whitelist) + try: + _, sc, _ = client.projects_project_id_put_with_http_info(project_id, project) + except ApiException as e: + base._assert_status_code(expect_status_code, e.status) + else: + base._assert_status_code(expect_status_code, sc) def delete_project(self, project_id, expect_status_code = 200, **kwargs): client = self._get_client(**kwargs) _, status_code, _ = client.projects_project_id_delete_with_http_info(project_id) base._assert_status_code(expect_status_code, status_code) - def get_project_metadata_by_name(self, project_id, meta_name, expect_status_code = 200, **kwargs): - client = self._get_client(**kwargs) - ProjectMetadata = swagger_client.ProjectMetadata() - ProjectMetadata, status_code, _ = client.projects_project_id_metadatas_meta_name_get_with_http_info(project_id, meta_name) - base._assert_status_code(expect_status_code, status_code) - return { - 'public': ProjectMetadata.public, - 'enable_content_trust': ProjectMetadata.enable_content_trust, - 'prevent_vul': ProjectMetadata.prevent_vul, - 'auto_scan': ProjectMetadata.auto_scan, - 'severity': ProjectMetadata.severity, - }.get(meta_name,'error') - def get_project_log(self, project_id, expect_status_code = 200, **kwargs): client = self._get_client(**kwargs) body, status_code, _ = client.projects_project_id_logs_get_with_http_info(project_id) @@ -160,7 +151,6 @@ class Project(base.Base): def update_project_member_role(self, project_id, member_id, member_role_id, expect_status_code = 200, **kwargs): client = self._get_client(**kwargs) role = swagger_client.Role(role_id = member_role_id) - data = [] data, status_code, _ = client.projects_project_id_members_mid_put_with_http_info(project_id, member_id, role = role) base._assert_status_code(expect_status_code, status_code) base._assert_status_code(200, status_code) diff --git a/tests/apitests/python/library/sign.py b/tests/apitests/python/library/sign.py new file mode 100644 index 000000000..cc449c537 --- /dev/null +++ b/tests/apitests/python/library/sign.py @@ -0,0 +1,10 @@ +# -*- coding: utf-8 -*- +import subprocess + +def sign_image(registry_ip, project_name, image, tag): + try: + ret = subprocess.check_output(["./tests/apitests/python/sign_image.sh", registry_ip, project_name, image, tag], shell=False) + print "sign_image return: ", ret + except subprocess.CalledProcessError, exc: + raise Exception("Failed to sign image error is {} {}.".format(exc.returncode, exc.output)) + diff --git a/tests/apitests/python/library/system.py b/tests/apitests/python/library/system.py index 5a9553e18..570d277e3 100644 --- a/tests/apitests/python/library/system.py +++ b/tests/apitests/python/library/system.py @@ -168,3 +168,17 @@ class System(base.Base): if deleted_files_count == 0: raise Exception(r"Get blobs eligible for deletion count is {}, while we expect more than 1.".format(deleted_files_count)) + def set_cve_whitelist(self, expires_at=None, expected_status_code=200, *cve_ids, **kwargs): + client = self._get_client(**kwargs) + cve_list = [swagger_client.CVEWhitelistItem(cve_id=c) for c in cve_ids] + whitelist = swagger_client.CVEWhitelist(expires_at=expires_at, items=cve_list) + try: + r = client.system_cve_whitelist_put_with_http_info(whitelist=whitelist, _preload_content=False) + except Exception as e: + base._assert_status_code(expected_status_code, e.status) + else: + base._assert_status_code(expected_status_code, r[1]) + + def get_cve_whitelist(self, **kwargs): + client = self._get_client(**kwargs) + return client.system_cve_whitelist_get() diff --git a/tests/apitests/python/library/user.py b/tests/apitests/python/library/user.py index 988eadff5..7b7a9181b 100644 --- a/tests/apitests/python/library/user.py +++ b/tests/apitests/python/library/user.py @@ -70,14 +70,14 @@ class User(base.Base): base._assert_status_code(200, status_code) return user_id - def update_uesr_profile(self, user_id, email=None, realname=None, comment=None, **kwargs): + def update_user_profile(self, user_id, email=None, realname=None, comment=None, **kwargs): client = self._get_client(**kwargs) user_rofile = swagger_client.UserProfile(email, realname, comment) _, status_code, _ = client.users_user_id_put_with_http_info(user_id, user_rofile) base._assert_status_code(200, status_code) return user_id - def update_uesr_role_as_sysadmin(self, user_id, IsAdmin, **kwargs): + def update_user_role_as_sysadmin(self, user_id, IsAdmin, **kwargs): client = self._get_client(**kwargs) has_admin_role = swagger_client.HasAdminRole(IsAdmin) print "has_admin_role:", has_admin_role diff --git a/tests/apitests/python/sign_image.sh b/tests/apitests/python/sign_image.sh new file mode 100755 index 000000000..00635cdab --- /dev/null +++ b/tests/apitests/python/sign_image.sh @@ -0,0 +1,20 @@ +#!/bin/sh +IP=$1 +PASSHRASE='Harbor12345' + +echo $IP + +export DOCKER_CONTENT_TRUST=1 +export DOCKER_CONTENT_TRUST_SERVER=https://$IP:4443 + +export NOTARY_ROOT_PASSPHRASE=$PASSHRASE +export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE +export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE +export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE +export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE +export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE +export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE + +docker login -u admin -p Harbor12345 $IP +docker push $IP/$2/$3:$4 + diff --git a/tests/apitests/python/test_assign_sys_admin.py b/tests/apitests/python/test_assign_sys_admin.py index d098d1495..db158a2c1 100644 --- a/tests/apitests/python/test_assign_sys_admin.py +++ b/tests/apitests/python/test_assign_sys_admin.py @@ -45,15 +45,15 @@ class TestProjects(unittest.TestCase): USER_ASSIGN_SYS_ADMIN_CLIENT=dict(endpoint = url, username = user_assign_sys_admin_name, password = user_assign_sys_admin_password) #2. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration; - self.user.update_uesr_role_as_sysadmin(TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT) + self.user.update_user_role_as_sysadmin(TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT) self.conf.set_configurations_of_token_expiration(60, **USER_ASSIGN_SYS_ADMIN_CLIENT) #3. Set user(UA) has no sysadmin role by admin, check user(UA) can not modify system configuration; - self.user.update_uesr_role_as_sysadmin(TestProjects.user_assign_sys_admin_id, False, **ADMIN_CLIENT) + self.user.update_user_role_as_sysadmin(TestProjects.user_assign_sys_admin_id, False, **ADMIN_CLIENT) self.conf.set_configurations_of_token_expiration(70, expect_status_code = 403, **USER_ASSIGN_SYS_ADMIN_CLIENT) #4. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration. - self.user.update_uesr_role_as_sysadmin(TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT) + self.user.update_user_role_as_sysadmin(TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT) self.conf.set_configurations_of_token_expiration(80, **USER_ASSIGN_SYS_ADMIN_CLIENT) if __name__ == '__main__': diff --git a/tests/apitests/python/test_project_level_cve_whitelist.py b/tests/apitests/python/test_project_level_cve_whitelist.py new file mode 100644 index 000000000..64cdba696 --- /dev/null +++ b/tests/apitests/python/test_project_level_cve_whitelist.py @@ -0,0 +1,95 @@ +from __future__ import absolute_import + +import unittest +import swagger_client +import time + +from testutils import ADMIN_CLIENT +from library.project import Project +from library.user import User + + +class TestProjectCVEWhitelist(unittest.TestCase): + """ + Test case: + Project Level CVE Whitelist + Setup: + 1.Admin creates project(PA) + 2.Create user(RA) + 3.Add user(RA) as a guest of project(PA) + Test Steps: + 1. User(RA) reads the project(PA), verify the "reuse_sys_cve_whitelist" is empty in the metadata, and the CVE whitelist is empty + 2. User(RA) updates the project CVE whitelist, verify it fails with Forbidden error. + 3. Admin user updates User(RA) as project admin. + 4. User(RA) updates the project CVE whitelist with expiration date and one item in the items list. + 5. User(RA) reads the project(PA), verify the CVE whitelist is updated as step 4 + 6. User(RA) updates the project CVE whitelist removes expiration date and clean the items. + 7. User(RA) reads the project(PA), verify the CVE whitelist is updated as step 6 + 8. User(RA) updates the project metadata to set "reuse_sys_cve_whitelist" to true. + 9. User(RA) reads the project(PA) verify the project metadata is updated. + Tear Down: + 1. Remove User(RA) from project(PA) as member + 2. Delete project(PA) + 3. Delete User(RA) + """ + + def setUp(self): + self.user = User() + self.project = Project() + user_ra_password = "Aa123456" + print("Setup: Creating user for test") + user_ra_id, user_ra_name = self.user.create_user(user_password=user_ra_password, **ADMIN_CLIENT) + print("Created user: %s, id: %s" % (user_ra_name, user_ra_id)) + self.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"], + username=user_ra_name, + password=user_ra_password) + self.user_ra_id = int(user_ra_id) + p_id, _ = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT) + self.project_pa_id = int(p_id) + m_id = self.project.add_project_members(self.project_pa_id, self.user_ra_id, member_role_id=3, **ADMIN_CLIENT) + self.member_id = int(m_id) + + def tearDown(self): + print("Tearing down...") + self.project.delete_project_member(self.project_pa_id, self.member_id, **ADMIN_CLIENT) + self.project.delete_project(self.project_pa_id,**ADMIN_CLIENT) + self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT) + + def testProjectLevelCVEWhitelist(self): + # User(RA) reads the project(PA), verify the "reuse_sys_cve_whitelist" is empty in the metadata, + # and the CVE whitelist is empty + p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT) + self.assertIsNone(p.metadata.reuse_sys_cve_whitelist) + self.assertEqual(0, len(p.cve_whitelist.items)) + + # User(RA) updates the project CVE whitelist, verify it fails with Forbidden error. + item_list = [swagger_client.CVEWhitelistItem(cve_id="CVE-2019-12310")] + exp = int(time.time()) + 1000 + wl = swagger_client.CVEWhitelist(expires_at=exp, items=item_list) + self.project.update_project(self.project_pa_id, cve_whitelist=wl, expect_status_code=403, **self.USER_RA_CLIENT) + + # Admin user updates User(RA) as project admin. + self.project.update_project_member_role(self.project_pa_id,self.member_id, 1, **ADMIN_CLIENT) + + # User(RA) updates the project CVE whitelist with expiration date and one item in the items list. + self.project.update_project(self.project_pa_id, cve_whitelist=wl, **self.USER_RA_CLIENT) + p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT) + self.assertEqual("CVE-2019-12310", p.cve_whitelist.items[0].cve_id) + self.assertEqual(exp, p.cve_whitelist.expires_at) + + # User(RA) updates the project CVE whitelist with empty items list + wl2 = swagger_client.CVEWhitelist(items=[]) + self.project.update_project(self.project_pa_id, cve_whitelist=wl2, **self.USER_RA_CLIENT) + p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT) + self.assertEqual(0, len(p.cve_whitelist.items)) + self.assertIsNone(p.cve_whitelist.expires_at) + + # User(RA) updates the project metadata to set "reuse_sys_cve_whitelist" to true. + meta = swagger_client.ProjectMetadata(reuse_sys_cve_whitelist="true") + self.project.update_project(self.project_pa_id, metadata=meta, **self.USER_RA_CLIENT) + p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT) + self.assertEqual("true", p.metadata.reuse_sys_cve_whitelist) + + +if __name__ == '__main__': + unittest.main() diff --git a/tests/apitests/python/test_sign_image.py b/tests/apitests/python/test_sign_image.py new file mode 100644 index 000000000..6329f8404 --- /dev/null +++ b/tests/apitests/python/test_sign_image.py @@ -0,0 +1,85 @@ +from __future__ import absolute_import +import unittest + +from library.sign import sign_image +from testutils import ADMIN_CLIENT +from testutils import harbor_server +from testutils import TEARDOWN +from library.project import Project +from library.user import User +from library.repository import Repository +from library.repository import push_image_to_project + +class TestProjects(unittest.TestCase): + @classmethod + def setUp(self): + project = Project() + self.project= project + + user = User() + self.user= user + + repo = Repository() + self.repo= repo + + @classmethod + def tearDown(self): + print "Case completed" + + @unittest.skipIf(TEARDOWN == True, "Test data won't be erased.") + def test_ClearData(self): + #1. Delete repository(RA) by user(UA); + self.repo.delete_repoitory(TestProjects.repo_name, **TestProjects.USER_sign_image_CLIENT) + + #2. Delete project(PA); + self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT) + + #3. Delete user(UA); + self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT) + + def testSignImage(self): + """ + Test case: + Sign A Image + Test step and expected result: + 1. Create a new user(UA); + 2. Create a new private project(PA) by user(UA); + 3. Add user(UA) as a member of project(PA) with project-admin role; + 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); + 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); + 6. Sign image with tag(TA) which was tagged by step #5; + 7. Get signature of image with tag(TA), it should be exist. + Tear down: + NA + """ + url = ADMIN_CLIENT["endpoint"] + user_001_password = "Aa123456" + + #1. Create user-001 + TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT) + + TestProjects.USER_sign_image_CLIENT=dict(endpoint = url, username = user_sign_image_name, password = user_001_password) + + #2. Create a new private project(PA) by user(UA); + TestProjects.project_sign_image_id, project_sign_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT) + + #3. Add user(UA) as a member of project(PA) with project-admin role; + self.project.add_project_members(TestProjects.project_sign_image_id, TestProjects.user_sign_image_id, **ADMIN_CLIENT) + + #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); + self.project.projects_should_exist(dict(public=False), expected_count = 1, + expected_project_id = TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT) + + image = "hello-world" + src_tag = "latest" + #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); + TestProjects.repo_name, tag = push_image_to_project(project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag) + + #6. Sign image with tag(TA) which was tagged by step #5; + sign_image(harbor_server, project_sign_image_name, image, tag) + + #7. Get signature of image with tag(TA), it should be exist. + self.repo.signature_should_exist(TestProjects.repo_name, tag, **TestProjects.USER_sign_image_CLIENT) + +if __name__ == '__main__': + unittest.main() diff --git a/tests/apitests/python/test_sys_cve_whitelists.py b/tests/apitests/python/test_sys_cve_whitelists.py new file mode 100644 index 000000000..9f67440e2 --- /dev/null +++ b/tests/apitests/python/test_sys_cve_whitelists.py @@ -0,0 +1,73 @@ +from __future__ import absolute_import + +import unittest +import swagger_client +import time + +from testutils import ADMIN_CLIENT +from library.user import User +from library.system import System + + +class TestSysCVEWhitelist(unittest.TestCase): + """ + Test case: + System Level CVE Whitelist + Setup: + Create user(RA) + Test Steps: + 1. User(RA) reads the system level CVE whitelist and it's empty. + 2. User(RA) updates the system level CVE whitelist, verify it's failed. + 3. Update user(RA) to system admin + 4. User(RA) updates the system level CVE whitelist, verify it's successful. + 5. User(RA) reads the system level CVE whitelist, verify the CVE list is updated. + 6. User(RA) updates the expiration date of system level CVE whitelist. + 7. User(RA) reads the system level CVE whitelist, verify the expiration date is updated. + Tear Down: + 1. Clear the system level CVE whitelist. + 2. Delete User(RA) + """ + def setUp(self): + self.user = User() + self.system = System() + user_ra_password = "Aa123456" + print("Setup: Creating user for test") + user_ra_id, user_ra_name = self.user.create_user(user_password=user_ra_password, **ADMIN_CLIENT) + print("Created user: %s, id: %s" % (user_ra_name, user_ra_id)) + self.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"], + username=user_ra_name, + password=user_ra_password) + self.user_ra_id = int(user_ra_id) + + def testSysCVEWhitelist(self): + # 1. User(RA) reads the system level CVE whitelist and it's empty. + wl = self.system.get_cve_whitelist(**self.USER_RA_CLIENT) + self.assertEqual(0, len(wl.items), "The initial system level CVE whitelist is not empty: %s" % wl.items) + # 2. User(RA) updates the system level CVE whitelist, verify it's failed. + cves = ['CVE-2019-12310'] + self.system.set_cve_whitelist(None, 403, *cves, **self.USER_RA_CLIENT) + # 3. Update user(RA) to system admin + self.user.update_user_role_as_sysadmin(self.user_ra_id, True, **ADMIN_CLIENT) + # 4. User(RA) updates the system level CVE whitelist, verify it's successful. + self.system.set_cve_whitelist(None, 200, *cves, **self.USER_RA_CLIENT) + # 5. User(RA) reads the system level CVE whitelist, verify the CVE list is updated. + expect_wl = [swagger_client.CVEWhitelistItem(cve_id='CVE-2019-12310')] + wl = self.system.get_cve_whitelist(**self.USER_RA_CLIENT) + self.assertIsNone(wl.expires_at) + self.assertEqual(expect_wl, wl.items) + # 6. User(RA) updates the expiration date of system level CVE whitelist. + exp = int(time.time()) + 3600 + self.system.set_cve_whitelist(exp, 200, *cves, **self.USER_RA_CLIENT) + # 7. User(RA) reads the system level CVE whitelist, verify the expiration date is updated. + wl = self.system.get_cve_whitelist(**self.USER_RA_CLIENT) + self.assertEqual(exp, wl.expires_at) + + def tearDown(self): + print("TearDown: Clearing the Whitelist") + self.system.set_cve_whitelist(**ADMIN_CLIENT) + print("TearDown: Deleting user: %d" % self.user_ra_id) + self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT) + + +if __name__ == '__main__': + unittest.main() \ No newline at end of file diff --git a/tests/generateCerts.sh b/tests/generateCerts.sh index 7cc2b1570..2f95789ed 100755 --- a/tests/generateCerts.sh +++ b/tests/generateCerts.sh @@ -2,8 +2,10 @@ # These certs file is only for Harbor testing. IP='127.0.0.1' +if [ ! -z "$1" ]; then IP=$1; fi OPENSSLCNF= DATA_VOL='/data' +CUR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" for path in /etc/openssl/openssl.cnf /etc/ssl/openssl.cnf /usr/local/etc/openssl/openssl.cnf; do if [[ -e ${path} ]]; then @@ -16,21 +18,28 @@ if [[ -z ${OPENSSLCNF} ]]; then fi # Create CA certificate -openssl req \ - -newkey rsa:4096 -nodes -sha256 -keyout harbor_ca.key \ - -x509 -days 365 -out harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA' +#openssl req \ +# -newkey rsa:4096 -nodes -sha256 -keyout $CUR_DIR/harbor_ca.key \ +# -x509 -days 365 -out $CUR_DIR/harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA' # Generate a Certificate Signing Request +if echo $IP|grep -E '^([0-9]+\.){3}[0-9]+$' ; then openssl req \ -newkey rsa:4096 -nodes -sha256 -keyout $IP.key \ - -out $IP.csr -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager' + -out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager" +echo subjectAltName = IP:$IP > extfile.cnf +else +openssl req \ + -newkey rsa:4096 -nodes -sha256 -keyout $IP.key \ + -out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=$IP" +echo subjectAltName = DNS.1:$IP > extfile.cnf +fi # Generate the certificate of local registry host -echo subjectAltName = IP:$IP > extfile.cnf -openssl x509 -req -days 365 -in $IP.csr -CA harbor_ca.crt \ - -CAkey harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $IP.crt +openssl x509 -req -days 365 -sha256 -in $IP.csr -CA $CUR_DIR/harbor_ca.crt \ + -CAkey $CUR_DIR/harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $IP.crt # Copy to harbor default location mkdir -p $DATA_VOL/cert cp $IP.crt $DATA_VOL/cert/server.crt -cp $IP.key $DATA_VOL/cert/server.key \ No newline at end of file +cp $IP.key $DATA_VOL/cert/server.key diff --git a/tests/harbor_ca.crt b/tests/harbor_ca.crt new file mode 100644 index 000000000..b94a325c2 --- /dev/null +++ b/tests/harbor_ca.crt @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFhTCCA22gAwIBAgIUBWPUOcl5wyYV18FraR9cayN1F1UwDQYJKoZIhvcNAQEL +BQAwUjELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1BFSzERMA8GA1UEBwwIQmVpIEpp +bmcxDzANBgNVBAoMBlZNd2FyZTERMA8GA1UEAwwISGFyYm9yQ0EwHhcNMTkwODEz +MDMyMjUwWhcNMjAwODEyMDMyMjUwWjBSMQswCQYDVQQGEwJDTjEMMAoGA1UECAwD +UEVLMREwDwYDVQQHDAhCZWkgSmluZzEPMA0GA1UECgwGVk13YXJlMREwDwYDVQQD +DAhIYXJib3JDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALjlYE0c +16ZsTVBpr2s48QXxuc0IcddfyWqpBGwiWTGG3/LS/ebkiFfKVViBicK2A5IofI4X +6UBuu+hb3FZjJtpqNPFMrOK0K0eiheBQVxeCQavtoTpF7dtuWyv2bAgmvVagBxtU +sWWWzSO1vanO4Acs/ijfZjUdxN9JQk6xDj5Q+CLo0ikjFPTTD5DT40Z89qf440VU +019b70ZYUd61ZAGflfJNDQZ14GqGuG7pUTXMS76cuCbpGldhgILkBmKS/B3gm1ex +YzB6omKDbgGTOK4HiJpKsC0xWfYjY9LaTTmaJ+q8XVzv6oJu5u5RWSx2TEXy72Hv +E8rYLo1zKXQ+O03/XbPiK/bgsYEsPIxumMPKEOZJ3vdUxWOnYIssVqQgqpAByo4k ++ErBuQUwZz22NraV2nDqyiP+feuzD2nCKLAslEx2QWOvqfhvGgeyv0ViOdtyVFbf +XvOAq9FbY5w+i0MLBb0tcU+f8xzKbecsTbJDTLd0Fy7Sx2sT5ywfG1SDeNwRr8ar +QCBWUgim8Lc7U3OgrrjzMJGfKD/RgMWSjOxV1LXbjgOFhnh7/wvRxf87fURHigt0 +26ZLCKm2i2YStL4S2yNSm206SXMkHUMZV/mFMHc/JK/EuDU9xXsK2P1d1H3SNrgK +axU7fcXnwIM9gcDrIlm+8MblrJWvGTe6GDn1AgMBAAGjUzBRMB0GA1UdDgQWBBSd +0G4mm1Ui8glxkvq5fcJflnlxCDAfBgNVHSMEGDAWgBSd0G4mm1Ui8glxkvq5fcJf +lnlxCDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBDYYDcmjwy +5fmCzBcMYEh7XMiFhS3UkojgB7LB6R41o6GmXvJOgaDobQC78We3I3Y8r8vVbAY+ +Jh42tRRwKMIRUywkDLr5tfyiDUcGvSxpfysTYSNNknsctsowI6yCcRIsY0XqZEE9 +Y3GMSaljAcxG++gR2XSxSPwYQ/TKDiM1Fyv3YNhnmoycBQItcIz29hYVXRgBkNkx +Cap8MDERJKlHiAgopoXtxnSbgZn4pZa6bVRF/UUYRmRLKO8tyKd8ZXHfQvvso1HU +e+Wcy3EoADr3aYCytPppo33zDHBX4+lcL2rKAH2+K5JOhnxZuRR4dWoczkI5mYRi +qZ809uHnXoV4yJ14NWnoil6kUF3YxU9hWzjEaVcZfp7WUw0BeTZ9M0VqkjxSiSuz +QvSzoPqZ2ajfxawf1fdttU6YUewBkjMOTC2C8qoA8m7HNRTznoZbfFITG1gJlnFT +y8oWY+ZrEsG7lID2zMaZopSAwDzuBoqLGE66LK+RtFSrAcGHSr3Xlp0R6hX4FeyN +flTTBxE6eNoEiV56x9RuSDvWnw/l38B/y9q9wMNkI+kb2d8QNkWFz9q1W01Vdceo +ZzTA/fNcErZ0YiE/wY9VEW+DRoO3ntMN8lEsNLr04kUG7RJ6EOu6kQPHQuJ3Bujy +rnAVXLxzOqGPfKD6gBQS2pTikQCYpqtaFg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/harbor_ca.key b/tests/harbor_ca.key new file mode 100644 index 000000000..3f544037b --- /dev/null +++ b/tests/harbor_ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC45WBNHNembE1Q +aa9rOPEF8bnNCHHXX8lqqQRsIlkxht/y0v3m5IhXylVYgYnCtgOSKHyOF+lAbrvo +W9xWYybaajTxTKzitCtHooXgUFcXgkGr7aE6Re3bblsr9mwIJr1WoAcbVLFlls0j +tb2pzuAHLP4o32Y1HcTfSUJOsQ4+UPgi6NIpIxT00w+Q0+NGfPan+ONFVNNfW+9G +WFHetWQBn5XyTQ0GdeBqhrhu6VE1zEu+nLgm6RpXYYCC5AZikvwd4JtXsWMweqJi +g24BkziuB4iaSrAtMVn2I2PS2k05mifqvF1c7+qCbubuUVksdkxF8u9h7xPK2C6N +cyl0PjtN/12z4iv24LGBLDyMbpjDyhDmSd73VMVjp2CLLFakIKqQAcqOJPhKwbkF +MGc9tja2ldpw6soj/n3rsw9pwiiwLJRMdkFjr6n4bxoHsr9FYjnbclRW317zgKvR +W2OcPotDCwW9LXFPn/Mcym3nLE2yQ0y3dBcu0sdrE+csHxtUg3jcEa/Gq0AgVlII +pvC3O1NzoK648zCRnyg/0YDFkozsVdS1244DhYZ4e/8L0cX/O31ER4oLdNumSwip +totmErS+EtsjUpttOklzJB1DGVf5hTB3PySvxLg1PcV7Ctj9XdR90ja4CmsVO33F +58CDPYHA6yJZvvDG5ayVrxk3uhg59QIDAQABAoICAAIsH7+IMThxWU8yjq8R0jMh +re8sxDmllHY+WiDzHl0omoT92aHW2Ys+g1Yw3298N/qFo0EAIutw4aBPQ/132MME +MG8NWZKoT0HeNPh3uS47h43/kr9ehvbnCwcvNAG8gsj7xFmb2yG4bdyXjAzss1Ei +RDIyvb6uBNwivjayedpdlSzD04RMNzjRKgOnmaoAWd2LXRA5eOpL6DnJW9zkALLM +LzTTlu2WgPZ/crdK4nthVRp+OOOsJXUVXi8rgq+xzmiDdQ/Is8OkDThfFvHJywaw +a/h0HDHLvKTZsZiOnA2rNADcCbTH1NeHegsexY9yLF8+BXX/GxptA88BpWEKQiQZ +WMKfwR2EhUA/4SJmIGORZOA6LZxOVCnuAxLn7SoUNXO9x2Ci0X3XblfKJJVCXjbi +pT1OvGISzsm7ZlPB8+jV/4BbeDZnssnKLYnP43/4BomlRW8ZyxAeT9XdlWJvs7Bu +mnEaUOUWGOicYqPvbOHj1M+PAxPdmCW2vCT0TigXpN5v/isBwSCu5i2pl29u8lrX +wSE+wdS4NGyFAFlpiJafdOgrKtCOmzA2snEMzGu9PkCS6HeppIymii6kSqfRuG2O +ZWWeVLOY2jpdJPh/jszXzfq88pkoYkMIjbiu38uT7AB1NG4HKUCV3lhmaw6bS76w +hi1sMUzHEUn8Q4tpHPzZAoIBAQDfaOyGZn9P/wYF5JSKuVlCSPG8I3Brtkwtz987 +SiiQVFWsG2b2e2U+ZCsoHMFTmFrFo27zwaRPWvlBR0YA1cnqLIWwq5k/aID859o2 +sTcncDs2Dthq+R0Vh0q+n5Cx2if0heR8ilmOmLtkeRhaNOhpTAPBi5rokIsAAYTa +uCffHzp7Bosv97p9fd1+21ZnQCldJZOOzRA/e+UfMu/El1lhUElVWPTwsxgrE/jI +7uggzFGab3VlUkovS3x+iAiv6eWxJSurH89euyvYxl+EG5uFT8+invWuLKrZDEtj +iEBUoc/h/iVYGJyZ7TQXaVOoJD06T45NcI30mstotSfPqFufAoIBAQDT3i5AmH5V +7Wd9p6sA3jAWmDSzsA/oPOLi9MWKoBiyZ4hjRp7OB6YJlkZBWfpoHPHNg32mrcxr +sRBN2wm6yP7kiZHrTAZP8S37ZWGKP07i2QddKMcwhR5wej5T300EVqFOunVdHwOz +mVBYPdgbof4k6E1bOin3gj40hqvFri4Jw/5klvJdUOWBb5OgvJnixjpE3+uUkjmM +gjj51AO5WJjsscObKIPNbgiVME/L15OPDsO+tf3BAPNZ90xQLzax1mO+fBz7KIYR +eULZMRtDBGEfhWDR8BTbjw8b/pfZsQD0D0/IB593YdlWyFW3QOb8+nGl5W46vGix +4OZZ1Itf/4HrAoIBAQDBrIYPZV/NC7o+9Y/ISzIUAoR9owNcfSbBOEm/bmSH6nRy +xTaXSxXT5qZ7GaKHQ7a9SxdufVph6O3YJ1+KbcujFIG5TKmHjKL1nFFRxIOZzvOl +w2zeH6OU/DpR0qZvaD3m/wO6630D32fkjA4OdXtdfSZsbQgXwOafVLHFoov+I2Zh +LKURKmMjUy/nP2JCFB9HvsGStDb3sgJI77Fn7gTwFdfdA0ckOz4iaifsmR/m/vln +NmTBN3tUUM5WKrvNNKmIzj5zFRqCdyRlwmMfdYd3JF9ODRvSqKpbiwr3+DA8riI3 +OklJe9yWnEniWc7KHtBtcnZcr8yAVokr9o/St5LlAoIBAQDQ7eVGphrPudG4xEOK +E5HwdiBioljNeF112lODpOU16YtB+z5XhotiIOMfRw/8465AME8Us4dHG9EsNbie +jd9ul4tiMhJ3eysRIqTRpCSy57qvT6s+Wcfuu14Db82PXa6s6IscTZ1k2ue0XShj +95eb5cmDERSZk8KsIbH6uw2Da9fOclyHUWNCBTnb5KEMVNbZXMgAN0KxISn2k/Eo +Mgp8P8DZnVZ8mumz1XSbW/eTt8eopeebEMjqC0kiOa0CKp0qF1KtCwVK7f3SGO79 +Y7AzWWBlJxAqhCUuQh6U+kwqYX8XjwzeuYuOXPjKQiKHjqHMKzhMi8fiwhnmtAbN +oDYJAoIBAAYnTbQcHv5KExeolWropSnY4xfWfzC/nmfFTao1iPfbDiFMkO8uRku4 +eOgvlPbiS/cT1MEKSfQqTyMkWxlgghTiDMOTkm6iFQ1q4UQN7ua4eNVNeItTdpZb +c3UER6XNgI0CpdOb6Jq1529+g9/dly39qqQM4n82nFuizknMWlW5BlxsbwTy2xhi +JAA3JgLgB38UdL1sBDscX2vCl5pZhXXxWmVDud67exbMUnR4ib1bzG4nsXTHe72P +Jq2W5mySj9uDfcNHyBmfl95mP+VWOjQlxMg/cmS/CU3q04cMzUKX4froNRUi3eYQ +CFZg63hc+GA5YEhJM3n6ZkTZnTJH3Lc= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/tests/harbor_ca.srl b/tests/harbor_ca.srl new file mode 100644 index 000000000..34de77b2e --- /dev/null +++ b/tests/harbor_ca.srl @@ -0,0 +1 @@ +63B7F610244848F31E6F589536F579890B0812B3 \ No newline at end of file diff --git a/tests/robot-cases/Group0-BAT/API_DB.robot b/tests/robot-cases/Group0-BAT/API_DB.robot index 3fa18eef1..da35f2222 100644 --- a/tests/robot-cases/Group0-BAT/API_DB.robot +++ b/tests/robot-cases/Group0-BAT/API_DB.robot @@ -25,8 +25,8 @@ Test Case - Delete a Repository of a Certain Project Created by Normal User Harbor API Test ./tests/apitests/python/test_del_repo.py Test Case - Add a System Global Label to a Certain Tag Harbor API Test ./tests/apitests/python/test_add_sys_label_to_tag.py -# Test Case - Add Replication Rule -# Harbor API Test ./tests/apitests/python/test_add_replication_rule.py +Test Case - Add Replication Rule + Harbor API Test ./tests/apitests/python/test_add_replication_rule.py Test Case - Edit Project Creation Harbor API Test ./tests/apitests/python/test_edit_project_creation.py Test Case - Scan Image @@ -46,4 +46,6 @@ Test Case - Assign Sys Admin Test Case - Retag Image Harbor API Test ./tests/apitests/python/test_retag.py Test Case - Robot Account - Harbor API Test ./tests/apitests/python/test_robot_account.py \ No newline at end of file + Harbor API Test ./tests/apitests/python/test_robot_account.py +Test Case - Sign A Image + Harbor API Test ./tests/apitests/python/test_sign_image.py diff --git a/tests/travis/api_common_install.sh b/tests/travis/api_common_install.sh index a700da360..f698bd534 100644 --- a/tests/travis/api_common_install.sh +++ b/tests/travis/api_common_install.sh @@ -8,7 +8,7 @@ set -e # prepare cert ... sudo sed "s/127.0.0.1/$1/" -i tests/generateCerts.sh sudo ./tests/generateCerts.sh -sudo mkdir -p /etc/docker/certs.d/$1 && sudo cp ./harbor_ca.crt /etc/docker/certs.d/$1/ +sudo mkdir -p /etc/docker/certs.d/$1 && sudo cp ./tests/harbor_ca.crt /etc/docker/certs.d/$1/ && rm -rf ~/.docker/ && mkdir -p ~/.docker/tls/$1:4443/ && sudo cp ./tests/harbor_ca.crt ~/.docker/tls/$1:4443/ sudo ./tests/hostcfg.sh diff --git a/tests/travis/ut_run.sh b/tests/travis/ut_run.sh index 3f21ad2a6..c1086f330 100755 --- a/tests/travis/ut_run.sh +++ b/tests/travis/ut_run.sh @@ -16,4 +16,4 @@ docker ps go test -race -i ./src/core ./src/jobservice sudo -E env "PATH=$PATH" "POSTGRES_MIGRATION_SCRIPTS_PATH=/home/travis/gopath/src/github.com/goharbor/harbor/make/migrations/postgresql/" ./tests/coverage4gotest.sh -goveralls -coverprofile=profile.cov -service=travis-ci \ No newline at end of file +goveralls -coverprofile=profile.cov -service=travis-ci || true \ No newline at end of file diff --git a/tools/migration/cfg/migrator_1_9_0/__init__.py b/tools/migration/cfg/migrator_1_9_0/__init__.py new file mode 100644 index 000000000..e224b9165 --- /dev/null +++ b/tools/migration/cfg/migrator_1_9_0/__init__.py @@ -0,0 +1,21 @@ +from __future__ import print_function +import utils +import os +import yaml +from jinja2 import Environment, FileSystemLoader, StrictUndefined + +acceptable_versions = ['1.8.0'] + +def migrate(input_cfg, output_cfg): + config_dict = utils.read_conf(input_cfg) + + this_dir = os.path.dirname(__file__) + tpl = Environment( + loader=FileSystemLoader(this_dir), + undefined=StrictUndefined, + trim_blocks=True, + lstrip_blocks=True + ).get_template('harbor.yml.jinja') + + with open(output_cfg, 'w') as f: + f.write(tpl.render(**config_dict)) \ No newline at end of file diff --git a/tools/migration/cfg/migrator_1_9_0/harbor.yml.jinja b/tools/migration/cfg/migrator_1_9_0/harbor.yml.jinja new file mode 100644 index 000000000..bfd59799d --- /dev/null +++ b/tools/migration/cfg/migrator_1_9_0/harbor.yml.jinja @@ -0,0 +1,266 @@ +# Configuration file of Harbor + +# The IP address or hostname to access admin UI and registry service. +# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname: {{ hostname }} + +# http related config +{% if http %} +http: + # port for http, default is 80. If https enabled, this port will redirect to https port + port: {{ http.port }} +{% endif %} + +{% if https is defined %} +# https related config +https: + # https port for harbor, default is 443 + port: {{ https.port }} + # The path of cert and key files for nginx + certificate: {{ https.certificate }} + private_key: {{ https.private_key }} +{% else %} +# https related config +# https: +# # https port for harbor, default is 443 +# port: 443 +# # The path of cert and key files for nginx +# certificate: /your/certificate/path +# private_key: /your/private/key/path +{% endif %} + +# Uncomment external_url if you want to enable external proxy +# And when it enabled the hostname will no longer used +{% if external_url is defined %} +external_url: {{ external_url }} +{% else %} +# external_url: https://reg.mydomain.com:8433 +{% endif %} + +{% if harbor_admin_password is defined %} +# The initial password of Harbor admin +# It only works in first time to install harbor +# Remember Change the admin password from UI after launching Harbor. +harbor_admin_password: {{ harbor_admin_password }} +{% endif %} + +{% if database is defined %} +# Harbor DB configuration +database: + # The password for the root user of Harbor DB. Change this before any production use. + password: {{ database.password}} + # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. + max_idle_conns: 50 + # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. + # Note: the default number of connections is 100 for postgres. + max_open_conns: 100 +{% endif %} + +{% if data_volume is defined %} +# The default data volume +data_volume: {{ data_volume }} +{% endif %} + +{% if storage_service is defined %} +# Harbor Storage settings by default is using /data dir on local filesystem +# Uncomment storage_service setting If you want to using external storage +storage_service: + {% for key, value in storage_service.items() %} + {% if key == 'ca_bundle' %} +# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore +# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. + ca_bundle: {{ value if value is not none else '' }} + {% elif key == 'redirect' %} +# # set disable to true when you want to disable registry redirect + redirect: + disabled: {{ value.disabled }} + {% else %} +# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss +# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ + {{ key }}: + {% for k, v in value.items() %} + {{ k }}: {{ v if v is not none else '' }} + {% endfor %} + {% endif %} + {% endfor %} +{% else %} +# Harbor Storage settings by default is using /data dir on local filesystem +# Uncomment storage_service setting If you want to using external storage +# storage_service: +# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore +# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. +# ca_bundle: + +# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss +# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ +# filesystem: +# maxthreads: 100 +# # set disable to true when you want to disable registry redirect +# redirect: +# disabled: false +{% endif %} + +{% if clair is defined %} +# Clair configuration +clair: + # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. + updaters_interval: {{ clair.updaters_interval }} +{% endif %} + +{% if jobservice is defined %} +jobservice: + # Maximum number of job workers in job service + max_job_workers: {{ jobservice.max_job_workers }} +{% endif %} + +notification: + # Maximum retry count for webhook job + webhook_job_max_retry: 10 + +chart: + # Change the value of absolute_url to enabled can enable absolute url in chart + absolute_url: {{ chart.absolute_url if chart.absolute_url == 'enabled' else 'disabled' }} + +# Log configurations +log: + # options are debug, info, warning, error, fatal + level: {{ log.level }} + # configs for logs in local storage + local: + # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. + rotate_count: {{ log.rotate_count }} + # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. + # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G + # are all valid. + rotate_size: {{ log.rotate_size }} + # The directory on your host that store log + location: {{ log.location }} + + # Uncomment following lines to enable external syslog endpoint. + # external_endpoint: + # # protocol used to transmit log to external endpoint, options is tcp or udp + # protocol: tcp + # # The host of external endpoint + # host: localhost + # # Port of external endpoint + # port: 5140 + +#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! +_version: 1.9.0 + +{% if external_database is defined %} +# Uncomment external_database if using external database. +external_database: + harbor: + host: {{ external_database.harbor.host }} + port: {{ external_database.harbor.port }} + db_name: {{ external_database.harbor.db_name }} + username: {{ external_database.harbor.username }} + password: {{ external_database.harbor.password }} + ssl_mode: {{ external_database.harbor.ssl_mode }} + clair: + host: {{ external_database.clair.host }} + port: {{ external_database.clair.port }} + db_name: {{ external_database.clair.db_name }} + username: {{ external_database.clair.username }} + password: {{ external_database.clair.password }} + ssl_mode: {{ external_database.clair.ssl_mode }} + notary_signer: + host: {{ external_database.notary_signer.host }} + port: {{ external_database.notary_signer.port }} + db_name: {{external_database.notary_signer.db_name }} + username: {{ external_database.notary_signer.username }} + password: {{ external_database.notary_signer.password }} + ssl_mode: {{ external_database.notary_signer.ssl_mode }} + notary_server: + host: {{ external_database.notary_server.host }} + port: {{ external_database.notary_server.port }} + db_name: {{ external_database.notary_server.db_name }} + username: {{ external_database.notary_server.username }} + password: {{ external_database.notary_server.password }} + ssl_mode: {{ external_database.notary_server.ssl_mode }} +{% else %} +# Uncomment external_database if using external database. +# external_database: +# harbor: +# host: harbor_db_host +# port: harbor_db_port +# db_name: harbor_db_name +# username: harbor_db_username +# password: harbor_db_password +# ssl_mode: disable +# clair: +# host: clair_db_host +# port: clair_db_port +# db_name: clair_db_name +# username: clair_db_username +# password: clair_db_password +# ssl_mode: disable +# notary_signer: +# host: notary_signer_db_host +# port: notary_signer_db_port +# db_name: notary_signer_db_name +# username: notary_signer_db_username +# password: notary_signer_db_password +# ssl_mode: disable +# notary_server: +# host: notary_server_db_host +# port: notary_server_db_port +# db_name: notary_server_db_name +# username: notary_server_db_username +# password: notary_server_db_password +# ssl_mode: disable +{% endif %} + +{% if external_redis is defined %} +external_redis: + host: {{ external_redis.host }} + port: {{ external_redis.port }} + password: {{ external_redis.password }} + # db_index 0 is for core, it's unchangeable + registry_db_index: {{ external_redis.registry_db_index }} + jobservice_db_index: {{ external_redis.jobservice_db_index }} + chartmuseum_db_index: {{ external_redis.chartmuseum_db_index }} +{% else %} +# Umcomments external_redis if using external Redis server +# external_redis: +# host: redis +# port: 6379 +# password: +# # db_index 0 is for core, it's unchangeable +# registry_db_index: 1 +# jobservice_db_index: 2 +# chartmuseum_db_index: 3 +{% endif %} + +{% if uaa is defined %} +# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. +uaa: + ca_file: {{ uaa.ca_file }} +{% endif %} + +# Global proxy +# Config http proxy for components, e.g. http://my.proxy.com:3128 +# Components doesn't need to connect to each others via http proxy. +# Remove component from `components` array if want disable proxy +# for it. If you want use proxy for replication, MUST enable proxy +# for core and jobservice, and set `http_proxy` and `https_proxy`. +# Add domain to the `no_proxy` field, when you want disable proxy +# for some special registry. +{% if clair is defined and (clair.http_proxy or clair.https_proxy) %} +proxy: + http_proxy: {{ clair.http_proxy or ''}} + https_proxy: {{ clair.https_proxy or ''}} + no_proxy: {{ clair.no_proxy or ''}} + components: + - clair +{% else %} +proxy: + http_proxy: + https_proxy: + no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair + components: + - core + - jobservice + - clair +{% endif %} \ No newline at end of file diff --git a/tools/migration/cfg/run.py b/tools/migration/cfg/run.py index b31770f92..48e0d6ba7 100644 --- a/tools/migration/cfg/run.py +++ b/tools/migration/cfg/run.py @@ -13,7 +13,7 @@ import shutil import sys def main(): - target_version = '1.8.0' + target_version = '1.9.0' parser = argparse.ArgumentParser(description='migrator of harbor.cfg') parser.add_argument('--input', '-i', action="store", dest='input_path', required=True, help='The path to the old harbor.cfg that provides input value, this required value') parser.add_argument('--output','-o', action="store", dest='output_path', required=False, help='The path of the migrated harbor.cfg, if not set the input file will be overwritten')