Commit Graph

10426 Commits

Author SHA1 Message Date
Dirk Mueller
3ddc44e28b Update oras to 0.9.0 to fix "zip slip" vulnerability
See https://github.com/deislabs/oras/security/advisories/GHSA-g5v4-5x39-vwhx
for details

Signed-off-by: Dirk Mueller <dirk@dmllr.de>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
2021-01-26 20:36:52 +01:00
danfengliu
54b6884853 Upgrade python to v3 in git action CI host
The original python packaged: in git action host is V2, it should be upgraded to
V3.

Signed-off-by: danfengliu <danfengl@vmware.com>
2021-01-26 21:30:03 +08:00
DQ
a7241c1eb6 Fix: Support multiple type for artifact metrics
artiact became a dict

Signed-off-by: DQ <dengq@vmware.com>
2021-01-26 09:05:57 +00:00
DQ
66fd4a9728 change label project id to project name
project_name is more accurate

Signed-off-by: DQ <dengq@vmware.com>
2021-01-26 16:15:04 +08:00
Qian Deng
9574f8c3c6
Merge pull request #14056 from ninjadq/reduce_the_number_of_metrics_in_core
Aggregate  metrics
2021-01-26 10:42:53 +08:00
DQ
23a02bd5a7 Fix sel registration in metric label
Original type is bool, should convert it to string

Signed-off-by: DQ <dengq@vmware.com>
2021-01-25 18:53:10 +08:00
DQ
25ea2b1c82 Use apt to install python in ci
To avoid upstream get_pip.py changes

Signed-off-by: DQ <dengq@vmware.com>
2021-01-25 16:54:09 +08:00
DQ
28ae77e5c6 Aggregate metrics
1. Add operation id in ctx in baseapi before prepare
2. add operation id for registry proxy request
3. use url for other request

Signed-off-by: DQ <dengq@vmware.com>
2021-01-25 09:59:10 +08:00
Daniel Jiang
7039e0d2fe
Merge pull request #14059 from heww/trivy-health-checker
feat: add health checker for trivy when it's enabled
2021-01-24 11:44:10 +08:00
He Weiwei
ff9b515630 feat: add health checker for trivy when it's enabled
Closes #14055

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-01-23 05:45:03 +00:00
Daniel Jiang
d3601e5a92
Merge pull request #14058 from reasonerjt/fix-oidc-helper-npe
Fix a potential nil pointer issue
2021-01-22 20:57:09 +08:00
He Weiwei
e0f7778027
fix: ignore tag in the scan webhook when it's empty (#14057)
Closes #13464

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-01-22 20:08:36 +08:00
Daniel Jiang
5ea43abc67 Fix a potential nil pointer issue
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-01-22 19:02:45 +08:00
Wang Yan
8e7a18dc80
fix robot v1 api update issue (#14050)
For the v1 api, it will not update the description of a robot account.

Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-01-22 18:50:16 +08:00
Sven Haardiek
b2fe254974
Username from /userinfo (#14038)
This patch enabled Harbor to receive the username from the /userinfo endpoint
instead of only from the ID Token.

Closes #14037

Signed-off-by: Sven Haardiek <sven@haardiek.de>
2021-01-22 18:48:53 +08:00
Qian Deng
f013d88efc
Merge pull request #14013 from ninjadq/upgrade_script_for_2_2_0
Harbor upgrading for 2.2
2021-01-22 18:10:24 +08:00
Qian Deng
045e1d9abe
Merge pull request #14040 from ninjadq/metric_improvement
Metric improvement
2021-01-22 17:13:57 +08:00
Will Sun
51a541f1e2
Fix UI issue for success rate calculation (#14052)
Signed-off-by: AllForNothing <sshijun@vmware.com>
2021-01-22 16:44:21 +08:00
DQ
489f31d8fe Add upgrade scirpt for 2.2
1. add metrics config item in config
2. upgrade version in template

Signed-off-by: DQ <dengq@vmware.com>
2021-01-22 16:15:06 +08:00
Wang Yan
dba229d0df
build third party binaries in CI (#14019)
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-01-22 11:33:42 +08:00
He Weiwei
50b40445f4
feat: add BeforePrepare for operation of swagger API (#14048)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-01-22 10:44:25 +08:00
Will Sun
19a72cf350
Improve add scanner and add robot page (#14042)
Signed-off-by: AllForNothing <sshijun@vmware.com>
2021-01-21 10:41:57 +08:00
Will Sun
9a897af67e
Improve vulnerability list page (#14031)
Signed-off-by: AllForNothing <sshijun@vmware.com>
2021-01-21 10:41:09 +08:00
Wenkai Yin(尹文开)
63831dfd08
Merge pull request #14027 from ywk253100/210116_status
Don't ignore the NotFoundErr when handling the status hook of tasks to avoid the status out of sync
2021-01-20 17:07:18 +08:00
Wenkai Yin
e55c7d05ff Don't ignore the NotFoundErr when handling the status hook of tasks to avoid the status out of sync
Don't ignore the NotFoundErr when handling the status hook of tasks to avoid the status out of sync
Fixes #14016

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2021-01-20 14:53:50 +08:00
Qian Deng
a8e4b09b39
Add exporter to offline and online (#14022)
Signed-off-by: DQ <dengq@vmware.com>
2021-01-20 14:49:06 +08:00
He Weiwei
6a16d9a914
fix: correct Authorize of basic and berer authorizer (#14036)
Closes #13734

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-01-20 14:33:28 +08:00
DQ
c59b437970 Remove empty label in harbor info
some infomation can not get with guest user. So remove them

Signed-off-by: DQ <dengq@vmware.com>
2021-01-20 10:53:55 +08:00
DQ
92cf728371 Add custom cert for exporter
* injecting custom certs related config to exporter

Signed-off-by: DQ <dengq@vmware.com>
2021-01-20 10:52:34 +08:00
danfengliu
d4b7888098
Merge pull request #13882 from danfengliu/fix-nightly-keyword-issues
Add tests and fix nightly issues
2021-01-19 17:28:52 +08:00
sluetze
cc0e2bdd73
updated german translation for 2.2. (#13801)
Signed-off-by: sluetze <13255307+sluetze@users.noreply.github.com>
2021-01-19 17:12:36 +08:00
Danfeng Liu (c)
ddf9d74135 Fix nightly keyword issues
1. Add retry for Get Statics Text keywords make this operation robust;
2. Replace image to one with slash in name for CNAB test, to cover more
condition;
3. Add replication rule deletion verfication in upgrade test;
4. Add non-admin user in pull operation for proxy cache test;
5. Add verification for quota display for upgrade test;
6. Add test for large size of image replication;
7. Add test checkpoint for system robot account py-test script;

Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2021-01-19 15:12:15 +08:00
Daniel Jiang
cccfa40526
Merge pull request #14028 from heww/fix-issue-14000
fix: always remove the robot after scan job finished
2021-01-19 14:33:21 +08:00
DQ
a61e9b0e2e Add san for notary upgrading
if san not exists then remove that cert, prepare will regenerate one

Signed-off-by: DQ <dengq@vmware.com>
2021-01-18 21:00:35 +08:00
He Weiwei
59a0e321ed fix: always remove the robot after scan job finished
1. Register task status change function for the scan job triggered by
scan all.
2. Always to delete the robot account for the scan job after the job is
finished because the job does not retry again when it's failed.

Closes #14000

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-01-18 07:37:09 +00:00
Steven Zou
42559479e6
Merge pull request #14023 from ywk253100/210115_scheduled
Fix the legacy scheduled job issue for GC/scan all
2021-01-18 14:01:01 +08:00
Wenkai Yin(尹文开)
c3b986cbcd
Merge pull request #14012 from ywk253100/210113_replication
Query executions with both vendor type and ID when sweep the execution records
2021-01-18 11:15:31 +08:00
Qian Deng
d06ce6efd5
Merge pull request #13922 from ninjadq/add_e2e_test_for_metrics
Add e2e test for harbor metrics
2021-01-18 11:04:11 +08:00
Dirk Mueller
903707d6c2
Fix repoitory -> repository typo (#13794)
Signed-off-by: Dirk Mueller <dirk@dmllr.de>
2021-01-16 19:34:43 +08:00
Wenkai Yin
7c072e17a6 Fix the legacy scheduled job issue for GC/scan all
Fix the legacy scheduled job issue for GC/scan all

Fixes #13968

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2021-01-15 22:02:36 +08:00
Wenkai Yin
38e0f102bf Query executions with both vendor type and ID when sweep the execution records
Query executions with both vendor type and ID when sweep the execution records

Fixes #13996

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2021-01-15 20:23:55 +08:00
Will Sun
b7c5fc0562
Modify i18n text for push permission (#14015)
Signed-off-by: AllForNothing <sshijun@vmware.com>
2021-01-15 15:26:48 +08:00
stonezdj(Daojun Zhang)
f31f861e90
Merge pull request #14014 from wy65701436/fixes-13985
fix robot list issue
2021-01-15 14:44:35 +08:00
Will Sun
cb040d23d1
Fix developer permission issue for robot account (#14005)
Signed-off-by: AllForNothing <sshijun@vmware.com>
2021-01-15 12:39:40 +08:00
Will Sun
ff3abf047a
Fix UI issues found in testing round 1 (#14002)
Signed-off-by: AllForNothing <sshijun@vmware.com>
2021-01-15 12:37:40 +08:00
Wang Yan
df8e7c45e3 fix robot list issue
fixes #13985
Add sorting for listing the robot account

Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-01-15 11:56:53 +08:00
He Weiwei
74d055b26b
fix: correct completed in the metrics of the scan all (#14003)
Correct the completed count in the metrics of the scan all to be the sum
of success, error and stopped count.

Closes #14001

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-01-15 10:26:34 +08:00
Wenkai Yin(尹文开)
17652c06a2
Merge pull request #14011 from reasonerjt/tokenreview-rm-header
Remove raw token from header in token review reuqest
2021-01-14 18:30:13 +08:00
Daniel Jiang
6ae94d3790 Remove raw token from header in token review reuqest
The server to handle token-review may have a limitation for the size of
the header.  When the token is huge the token review may fail.
This commit remove the necessary header to harden the flow.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-01-14 17:36:55 +08:00
stonezdj(Daojun Zhang)
2b068c3f86
Merge pull request #13989 from wy65701436/fixes-robot-issues
fix robot issues
2021-01-14 15:54:46 +08:00