Merge branch 'main' into dependabot/go_modules/src/go.opentelemetry.i…

…o/otel/exporters/otlp/otlptrace/otlptracehttp-1.22.0
goharbor · Feb 4, 2024 · d0beee1 · d0beee1
2 parents c9c0ec8 + a3e1b1e
commit d0beee1
Show file tree

Hide file tree

Showing 17 changed files with 163 additions and 3 deletions.
diff --git a/api/v2.0/swagger.yaml b/api/v2.0/swagger.yaml
@@ -7164,6 +7164,10 @@ definitions:
         type: string
         description: 'Whether scan images automatically when pushing. The valid values are "true", "false".'
         x-nullable: true
+      auto_sbom_generation:
+        type: string
+        description: 'Whether generating SBOM automatically when pushing a subject artifact. The valid values are "true", "false".'
+        x-nullable: true
       reuse_sys_cve_allowlist:
         type: string
         description: 'Whether this project reuse the system level CVE allowlist as the allowlist of its own.  The valid values are "true", "false".

diff --git a/make/harbor.yml.tmpl b/make/harbor.yml.tmpl
@@ -17,6 +17,16 @@ https:
   certificate: /your/certificate/path
   private_key: /your/private/key/path
 
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+# ip_family:
+#   # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+#   ipv6:
+#     enabled: false
+#   # ipv4Enabled set to true by default, currently it affected the nginx related component
+#   ipv4:
+#     enabled: true
+
 # # Uncomment following will enable tls communication between all harbor components
 # internal_tls:
 #   # set enabled to true means internal tls is enabled

diff --git a/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja b/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja
@@ -33,6 +33,28 @@ https:
 #   private_key: /your/private/key/path
 {% endif %}
 
+{% if ip_family is defined %}
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+ip_family:
+  # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+  ipv6:
+    enabled: {{ ip_family.ipv6.enabled | lower }}
+  # ipv4Enabled set to true by default, currently it affected the nginx related component
+  ipv4:
+    enabled: {{ ip_family.ipv4.enabled | lower }}
+{% else %}
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+ip_family:
+  # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+  ipv6:
+    enabled: false
+  # ipv4Enabled set to true by default, currently it affected the nginx related component
+  ipv4:
+    enabled: true
+{% endif %}
+
 {% if internal_tls is defined %}
 # Uncomment following will enable tls communication between all harbor components
 internal_tls:

diff --git a/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja b/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja
@@ -33,6 +33,28 @@ https:
 #   private_key: /your/private/key/path
 {% endif %}
 
+{% if ip_family is defined %}
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+ip_family:
+  # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+  ipv6:
+    enabled: {{ ip_family.ipv6.enabled | lower }}
+  # ipv4Enabled set to true by default, currently it affected the nginx related component
+  ipv4:
+    enabled: {{ ip_family.ipv4.enabled | lower }}
+{% else %}
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+ip_family:
+  # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+  ipv6:
+    enabled: false
+  # ipv4Enabled set to true by default, currently it affected the nginx related component
+  ipv4:
+    enabled: true
+{% endif %}
+
 {% if internal_tls is defined %}
 # Uncomment following will enable tls communication between all harbor components
 internal_tls:

diff --git a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
@@ -50,7 +50,12 @@ http {
   include /etc/nginx/conf.d/*.server.conf;
 
   server {
+    {% if ip_family.ipv4.enabled %}
     listen 8443 ssl;
+    {% endif %}
+    {% if ip_family.ipv6.enabled %}
+    listen [::]:8443 ssl;
+    {% endif %}
 #    server_name harbordomain.com;
     server_tokens off;
     # SSL

diff --git a/make/photon/prepare/templates/portal/nginx.conf.jinja b/make/photon/prepare/templates/portal/nginx.conf.jinja
@@ -16,7 +16,13 @@ http {
 
     server {
 {% if internal_tls.enabled %}
+        #ip_family
+    {% if ip_family.ipv4.enabled %}
         listen 8443 ssl;
+    {% endif %}
+    {% if ip_family.ipv6.enabled %}
+        listen [::]:8443 ssl;
+    {% endif %}
         # SSL
         ssl_certificate /etc/harbor/tls/portal.crt;
         ssl_certificate_key /etc/harbor/tls/portal.key;

diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py
@@ -298,6 +298,9 @@ def parse_yaml_config(config_file_path, with_trivy):
             external_database=config_dict['external_database'])
     else:
         config_dict['internal_tls'] = InternalTLS()
+
+    # ip_family config
+    config_dict['ip_family'] = configs.get('ip_family') or {'ipv4': {'enabled': True}, 'ipv6': {'enabled': False}}
 
     # metric configs
     metric_config = configs.get('metric')

diff --git a/make/photon/prepare/utils/nginx.py b/make/photon/prepare/utils/nginx.py
@@ -63,7 +63,8 @@ def render_nginx_template(config_dict):
             ssl_cert=SSL_CERT_PATH,
             ssl_cert_key=SSL_CERT_KEY_PATH,
             internal_tls=config_dict['internal_tls'],
-            metric=config_dict['metric'])
+            metric=config_dict['metric'],
+            ip_family=config_dict['ip_family'])
         location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS
 
     else:

diff --git a/make/photon/prepare/utils/portal.py b/make/photon/prepare/utils/portal.py
@@ -14,5 +14,6 @@ def prepare_portal(config_dict):
         str(portal_conf_template_path),
         portal_conf,
         internal_tls=config_dict['internal_tls'],
+        ip_family=config_dict['ip_family'],
         uid=DEFAULT_UID,
         gid=DEFAULT_GID)
diff --git a/tests/resources/Harbor-Pages/Administration-Project-Quotas.robot b/tests/resources/Harbor-Pages/Administration-Project-Quotas.robot
@@ -0,0 +1,35 @@
+# Copyright Project Harbor Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#	http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+
+*** Settings ***
+Documentation  This resource provides any keywords related to the Harbor private registry appliance
+Resource  ../../resources/Util.robot
+
+*** Variables ***
+
+*** Keywords ***
+Switch to Project Quotas Tag
+    Retry Element Click  xpath=${administration_project_quotas_tag_xpath}
+    Sleep  1
+
+Check Project Quota Sorting
+    [Arguments]   ${proj1}  ${proj2}
+    # check project quota sorting in ascending order
+    Retry Element Click  xpath=${sort_used_storage_button}
+    Retry Wait Element Visible  //div[@class='datagrid-table']//clr-dg-row[2]//clr-dg-cell[1]//a[contains(text(), '${proj1}')]
+    Retry Wait Element Visible  //div[@class='datagrid-table']//clr-dg-row[3]//clr-dg-cell[1]//a[contains(text(), '${proj2}')]
+    # check project quota sorting in descending order
+    Retry Element Click  xpath=${sort_used_storage_button}
+    Retry Wait Element Visible  //div[@class='datagrid-table']//clr-dg-row[1]//clr-dg-cell[1]//a[contains(text(), '${proj2}')]
+    Retry Wait Element Visible  //div[@class='datagrid-table']//clr-dg-row[2]//clr-dg-cell[1]//a[contains(text(), '${proj1}')]
diff --git a/tests/resources/Harbor-Pages/Administration-Project-Quotas_Elements.robot b/tests/resources/Harbor-Pages/Administration-Project-Quotas_Elements.robot
@@ -0,0 +1,20 @@
+# Copyright Project Harbor Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#	http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+
+*** Settings ***
+Documentation  This resource provides any keywords related to the Harbor private registry appliance
+
+*** Variables ***
+${administration_project_quotas_tag_xpath}  //clr-vertical-nav-group-children/a[contains(.,'Project Quotas')]
+${sort_used_storage_button}  //div[@class='datagrid-table']//div[@class='datagrid-header']//button[normalize-space()='Storage']
diff --git a/tests/resources/Harbor-Pages/Project.robot b/tests/resources/Harbor-Pages/Project.robot
@@ -421,7 +421,7 @@ Export CVEs
     Retry Button Click  ${export_cve_btn}
     Retry Text Input  ${export_cve_filter_repo_input}  ${repositories}
     Retry Text Input  ${export_cve_filter_tag_input}  ${tags}
-    Select Filter Label  @{labels}
+    Select Filter Label For CVE Export  @{labels}
     Retry Text Input  ${export_cve_filter_cveid_input}  ${cve_ids}
     Retry Double Keywords When Error  Retry Button Click  ${export_btn}  Retry Wait Until Page Contains  Trigger exporting CVEs successfully!
 

diff --git a/tests/resources/Harbor-Pages/Replication_Elements.robot b/tests/resources/Harbor-Pages/Replication_Elements.robot
@@ -64,7 +64,7 @@ ${replication_mode_radio_pull}  //clr-main-container//hbr-create-edit-rule//labe
 ${filter_name_id}  //input[@id='filter_name']
 ${filter_tag_model_select}  //div[@class='filterSelect ng-star-inserted'][2]//select
 ${filter_tag_id}  //input[@id='filter_tag']
-${filter_label_xpath}  //form//clr-dropdown[contains(@class,'dropdown')]
+${filter_label_xpath}  //form//clr-dropdown[contains(@class,'dropdown')]//clr-icon
 ${filter_label_model_select}  //div[@class='filterSelect ng-star-inserted'][3]//select
 ${rule_resource_selector}  //*[@id='select_resource']
 ${trigger_mode_selector}  //*[@id='ruleTrigger']

diff --git a/tests/resources/Harbor-Pages/SecurityHub.robot b/tests/resources/Harbor-Pages/SecurityHub.robot
@@ -273,3 +273,12 @@ Check The Quick Search
     Should Be Equal As Strings  ${cve_input_value}  ${cve}
     ${row_count}=  Get Element Count  ${vulnerabilities_datagrid_row}
     Retry Wait Element Count  //div[@class='datagrid']//clr-dg-cell[1]//a[text()='${cve}']  ${row_count}
+
+Select Filter Label For CVE Export
+    [Arguments]    @{labels}
+    Retry Element Click  ${vulnerabilities_filter_label_xpath}
+    FOR  ${label}  IN  @{labels}
+        Log  ${label}
+        Retry Element Click  //hbr-label-piece//span[contains(text(), '${label}')]
+    END
+    Retry Element Click  ${vulnerabilities_filter_label_xpath}
diff --git a/tests/resources/Harbor-Pages/SecurityHub_Elements.robot b/tests/resources/Harbor-Pages/SecurityHub_Elements.robot
@@ -28,3 +28,4 @@ ${vulnerabilities_count_xpath}  //clr-dg-footer//div[contains(@class,'datagrid-f
 ${vulnerabilities_filter_select}  (//form//div[@class='clr-select-wrapper']//select)
 ${vulnerabilities_filter_input}  (//form[contains(@class,'clr-form')]//input)
 ${vulnerabilities_datagrid_row}  //clr-datagrid//clr-dg-row
+${vulnerabilities_filter_label_xpath}  //form//clr-dropdown[contains(@class,'dropdown')]
diff --git a/tests/resources/Util.robot b/tests/resources/Util.robot
@@ -50,6 +50,8 @@ Resource  Harbor-Pages/Replication.robot
 Resource  Harbor-Pages/Replication_Elements.robot
 Resource  Harbor-Pages/UserProfile.robot
 Resource  Harbor-Pages/UserProfile_Elements.robot
+Resource  Harbor-Pages/Administration-Project-Quotas.robot
+Resource  Harbor-Pages/Administration-Project-Quotas_Elements.robot
 Resource  Harbor-Pages/Administration-Users.robot
 Resource  Harbor-Pages/Administration-Users_Elements.robot
 Resource  Harbor-Pages/GC.robot

diff --git a/tests/robot-cases/Group1-Nightly/Common_GC.robot b/tests/robot-cases/Group1-Nightly/Common_GC.robot
@@ -23,6 +23,25 @@ ${SSH_USER}  root
 ${HARBOR_ADMIN}  admin
 
 *** Test Cases ***
+Test Case - Project Quota Sorting
+    [Tags]  project_quota_sorting
+    Init Chrome Driver
+    Sign In Harbor  ${HARBOR_URL}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}
+    ${d1}=    Get Current Date    result_format=%m%s
+    Create An New Project And Go Into Project  project${d1}
+    Push Image With Tag  ${ip}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  project${d1}  alpine  2.6  2.6
+    ${d2}=    Get Current Date    result_format=%m%s
+    Create An New Project And Go Into Project  project${d2}
+    Push Image With Tag  ${ip}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  project${d2}  photon  2.0  2.0
+    Switch to Project Quotas Tag
+    Check Project Quota Sorting  project${d1}  project${d2}
+    Go Into Project  project${d1}
+    Delete Repo  project${d1}  alpine
+    Go Into Project  project${d2}
+    Delete Repo  project${d2}  photon
+    GC Now
+    Close Browser
+
 Test Case - Garbage Collection
     Init Chrome Driver
     ${d}=  Get Current Date  result_format=%m%s