diff --git a/api/v2.0/swagger.yaml b/api/v2.0/swagger.yaml index 523aaad623c..09407692585 100644 --- a/api/v2.0/swagger.yaml +++ b/api/v2.0/swagger.yaml @@ -7164,6 +7164,10 @@ definitions: type: string description: 'Whether scan images automatically when pushing. The valid values are "true", "false".' x-nullable: true + auto_sbom_generation: + type: string + description: 'Whether generating SBOM automatically when pushing a subject artifact. The valid values are "true", "false".' + x-nullable: true reuse_sys_cve_allowlist: type: string description: 'Whether this project reuse the system level CVE allowlist as the allowlist of its own. The valid values are "true", "false". diff --git a/make/harbor.yml.tmpl b/make/harbor.yml.tmpl index 19f1c17ec3d..763855fd2d8 100644 --- a/make/harbor.yml.tmpl +++ b/make/harbor.yml.tmpl @@ -17,6 +17,16 @@ https: certificate: /your/certificate/path private_key: /your/private/key/path +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +# ip_family: +# # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component +# ipv6: +# enabled: false +# # ipv4Enabled set to true by default, currently it affected the nginx related component +# ipv4: +# enabled: true + # # Uncomment following will enable tls communication between all harbor components # internal_tls: # # set enabled to true means internal tls is enabled diff --git a/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja b/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja index 44a46968ff9..23e25dcb341 100644 --- a/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja +++ b/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja @@ -33,6 +33,28 @@ https: # private_key: /your/private/key/path {% endif %} +{% if ip_family is defined %} +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +ip_family: + # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component + ipv6: + enabled: {{ ip_family.ipv6.enabled | lower }} + # ipv4Enabled set to true by default, currently it affected the nginx related component + ipv4: + enabled: {{ ip_family.ipv4.enabled | lower }} +{% else %} +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +ip_family: + # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component + ipv6: + enabled: false + # ipv4Enabled set to true by default, currently it affected the nginx related component + ipv4: + enabled: true +{% endif %} + {% if internal_tls is defined %} # Uncomment following will enable tls communication between all harbor components internal_tls: diff --git a/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja b/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja index 1ab5ee9067a..2c429365add 100644 --- a/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja +++ b/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja @@ -33,6 +33,28 @@ https: # private_key: /your/private/key/path {% endif %} +{% if ip_family is defined %} +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +ip_family: + # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component + ipv6: + enabled: {{ ip_family.ipv6.enabled | lower }} + # ipv4Enabled set to true by default, currently it affected the nginx related component + ipv4: + enabled: {{ ip_family.ipv4.enabled | lower }} +{% else %} +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +ip_family: + # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component + ipv6: + enabled: false + # ipv4Enabled set to true by default, currently it affected the nginx related component + ipv4: + enabled: true +{% endif %} + {% if internal_tls is defined %} # Uncomment following will enable tls communication between all harbor components internal_tls: diff --git a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja index 29a57b44c3f..a5d0d803737 100644 --- a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja +++ b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja @@ -50,7 +50,12 @@ http { include /etc/nginx/conf.d/*.server.conf; server { + {% if ip_family.ipv4.enabled %} listen 8443 ssl; + {% endif %} + {% if ip_family.ipv6.enabled %} + listen [::]:8443 ssl; + {% endif %} # server_name harbordomain.com; server_tokens off; # SSL diff --git a/make/photon/prepare/templates/portal/nginx.conf.jinja b/make/photon/prepare/templates/portal/nginx.conf.jinja index 89dc14bc8b7..3f17e71763c 100644 --- a/make/photon/prepare/templates/portal/nginx.conf.jinja +++ b/make/photon/prepare/templates/portal/nginx.conf.jinja @@ -16,7 +16,13 @@ http { server { {% if internal_tls.enabled %} + #ip_family + {% if ip_family.ipv4.enabled %} listen 8443 ssl; + {% endif %} + {% if ip_family.ipv6.enabled %} + listen [::]:8443 ssl; + {% endif %} # SSL ssl_certificate /etc/harbor/tls/portal.crt; ssl_certificate_key /etc/harbor/tls/portal.key; diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py index bb302493532..f47ff4c4054 100644 --- a/make/photon/prepare/utils/configs.py +++ b/make/photon/prepare/utils/configs.py @@ -298,6 +298,9 @@ def parse_yaml_config(config_file_path, with_trivy): external_database=config_dict['external_database']) else: config_dict['internal_tls'] = InternalTLS() + + # ip_family config + config_dict['ip_family'] = configs.get('ip_family') or {'ipv4': {'enabled': True}, 'ipv6': {'enabled': False}} # metric configs metric_config = configs.get('metric') diff --git a/make/photon/prepare/utils/nginx.py b/make/photon/prepare/utils/nginx.py index 54d4305d41b..0b1ffb8a456 100644 --- a/make/photon/prepare/utils/nginx.py +++ b/make/photon/prepare/utils/nginx.py @@ -63,7 +63,8 @@ def render_nginx_template(config_dict): ssl_cert=SSL_CERT_PATH, ssl_cert_key=SSL_CERT_KEY_PATH, internal_tls=config_dict['internal_tls'], - metric=config_dict['metric']) + metric=config_dict['metric'], + ip_family=config_dict['ip_family']) location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS else: diff --git a/make/photon/prepare/utils/portal.py b/make/photon/prepare/utils/portal.py index a2524827b08..d41de1264f8 100644 --- a/make/photon/prepare/utils/portal.py +++ b/make/photon/prepare/utils/portal.py @@ -14,5 +14,6 @@ def prepare_portal(config_dict): str(portal_conf_template_path), portal_conf, internal_tls=config_dict['internal_tls'], + ip_family=config_dict['ip_family'], uid=DEFAULT_UID, gid=DEFAULT_GID) diff --git a/tests/resources/Harbor-Pages/Administration-Project-Quotas.robot b/tests/resources/Harbor-Pages/Administration-Project-Quotas.robot new file mode 100644 index 00000000000..a7a515c8be3 --- /dev/null +++ b/tests/resources/Harbor-Pages/Administration-Project-Quotas.robot @@ -0,0 +1,35 @@ +# Copyright Project Harbor Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + +*** Settings *** +Documentation This resource provides any keywords related to the Harbor private registry appliance +Resource ../../resources/Util.robot + +*** Variables *** + +*** Keywords *** +Switch to Project Quotas Tag + Retry Element Click xpath=${administration_project_quotas_tag_xpath} + Sleep 1 + +Check Project Quota Sorting + [Arguments] ${proj1} ${proj2} + # check project quota sorting in ascending order + Retry Element Click xpath=${sort_used_storage_button} + Retry Wait Element Visible //div[@class='datagrid-table']//clr-dg-row[2]//clr-dg-cell[1]//a[contains(text(), '${proj1}')] + Retry Wait Element Visible //div[@class='datagrid-table']//clr-dg-row[3]//clr-dg-cell[1]//a[contains(text(), '${proj2}')] + # check project quota sorting in descending order + Retry Element Click xpath=${sort_used_storage_button} + Retry Wait Element Visible //div[@class='datagrid-table']//clr-dg-row[1]//clr-dg-cell[1]//a[contains(text(), '${proj2}')] + Retry Wait Element Visible //div[@class='datagrid-table']//clr-dg-row[2]//clr-dg-cell[1]//a[contains(text(), '${proj1}')] diff --git a/tests/resources/Harbor-Pages/Administration-Project-Quotas_Elements.robot b/tests/resources/Harbor-Pages/Administration-Project-Quotas_Elements.robot new file mode 100644 index 00000000000..b73926f78c8 --- /dev/null +++ b/tests/resources/Harbor-Pages/Administration-Project-Quotas_Elements.robot @@ -0,0 +1,20 @@ +# Copyright Project Harbor Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + +*** Settings *** +Documentation This resource provides any keywords related to the Harbor private registry appliance + +*** Variables *** +${administration_project_quotas_tag_xpath} //clr-vertical-nav-group-children/a[contains(.,'Project Quotas')] +${sort_used_storage_button} //div[@class='datagrid-table']//div[@class='datagrid-header']//button[normalize-space()='Storage'] \ No newline at end of file diff --git a/tests/resources/Harbor-Pages/Project.robot b/tests/resources/Harbor-Pages/Project.robot index adedc655b91..4d469f25801 100644 --- a/tests/resources/Harbor-Pages/Project.robot +++ b/tests/resources/Harbor-Pages/Project.robot @@ -421,7 +421,7 @@ Export CVEs Retry Button Click ${export_cve_btn} Retry Text Input ${export_cve_filter_repo_input} ${repositories} Retry Text Input ${export_cve_filter_tag_input} ${tags} - Select Filter Label @{labels} + Select Filter Label For CVE Export @{labels} Retry Text Input ${export_cve_filter_cveid_input} ${cve_ids} Retry Double Keywords When Error Retry Button Click ${export_btn} Retry Wait Until Page Contains Trigger exporting CVEs successfully! diff --git a/tests/resources/Harbor-Pages/Replication_Elements.robot b/tests/resources/Harbor-Pages/Replication_Elements.robot index 88013c42491..fa61c82f358 100644 --- a/tests/resources/Harbor-Pages/Replication_Elements.robot +++ b/tests/resources/Harbor-Pages/Replication_Elements.robot @@ -64,7 +64,7 @@ ${replication_mode_radio_pull} //clr-main-container//hbr-create-edit-rule//labe ${filter_name_id} //input[@id='filter_name'] ${filter_tag_model_select} //div[@class='filterSelect ng-star-inserted'][2]//select ${filter_tag_id} //input[@id='filter_tag'] -${filter_label_xpath} //form//clr-dropdown[contains(@class,'dropdown')] +${filter_label_xpath} //form//clr-dropdown[contains(@class,'dropdown')]//clr-icon ${filter_label_model_select} //div[@class='filterSelect ng-star-inserted'][3]//select ${rule_resource_selector} //*[@id='select_resource'] ${trigger_mode_selector} //*[@id='ruleTrigger'] diff --git a/tests/resources/Harbor-Pages/SecurityHub.robot b/tests/resources/Harbor-Pages/SecurityHub.robot index a0b2932840f..16366fc2a07 100644 --- a/tests/resources/Harbor-Pages/SecurityHub.robot +++ b/tests/resources/Harbor-Pages/SecurityHub.robot @@ -273,3 +273,12 @@ Check The Quick Search Should Be Equal As Strings ${cve_input_value} ${cve} ${row_count}= Get Element Count ${vulnerabilities_datagrid_row} Retry Wait Element Count //div[@class='datagrid']//clr-dg-cell[1]//a[text()='${cve}'] ${row_count} + +Select Filter Label For CVE Export + [Arguments] @{labels} + Retry Element Click ${vulnerabilities_filter_label_xpath} + FOR ${label} IN @{labels} + Log ${label} + Retry Element Click //hbr-label-piece//span[contains(text(), '${label}')] + END + Retry Element Click ${vulnerabilities_filter_label_xpath} diff --git a/tests/resources/Harbor-Pages/SecurityHub_Elements.robot b/tests/resources/Harbor-Pages/SecurityHub_Elements.robot index 1056784221b..ade73bc6f8e 100644 --- a/tests/resources/Harbor-Pages/SecurityHub_Elements.robot +++ b/tests/resources/Harbor-Pages/SecurityHub_Elements.robot @@ -28,3 +28,4 @@ ${vulnerabilities_count_xpath} //clr-dg-footer//div[contains(@class,'datagrid-f ${vulnerabilities_filter_select} (//form//div[@class='clr-select-wrapper']//select) ${vulnerabilities_filter_input} (//form[contains(@class,'clr-form')]//input) ${vulnerabilities_datagrid_row} //clr-datagrid//clr-dg-row +${vulnerabilities_filter_label_xpath} //form//clr-dropdown[contains(@class,'dropdown')] diff --git a/tests/resources/Util.robot b/tests/resources/Util.robot index b368e9dbbe0..54972975c4c 100644 --- a/tests/resources/Util.robot +++ b/tests/resources/Util.robot @@ -50,6 +50,8 @@ Resource Harbor-Pages/Replication.robot Resource Harbor-Pages/Replication_Elements.robot Resource Harbor-Pages/UserProfile.robot Resource Harbor-Pages/UserProfile_Elements.robot +Resource Harbor-Pages/Administration-Project-Quotas.robot +Resource Harbor-Pages/Administration-Project-Quotas_Elements.robot Resource Harbor-Pages/Administration-Users.robot Resource Harbor-Pages/Administration-Users_Elements.robot Resource Harbor-Pages/GC.robot diff --git a/tests/robot-cases/Group1-Nightly/Common_GC.robot b/tests/robot-cases/Group1-Nightly/Common_GC.robot index 53befb63f61..f1fae64422b 100644 --- a/tests/robot-cases/Group1-Nightly/Common_GC.robot +++ b/tests/robot-cases/Group1-Nightly/Common_GC.robot @@ -23,6 +23,25 @@ ${SSH_USER} root ${HARBOR_ADMIN} admin *** Test Cases *** +Test Case - Project Quota Sorting + [Tags] project_quota_sorting + Init Chrome Driver + Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} + ${d1}= Get Current Date result_format=%m%s + Create An New Project And Go Into Project project${d1} + Push Image With Tag ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d1} alpine 2.6 2.6 + ${d2}= Get Current Date result_format=%m%s + Create An New Project And Go Into Project project${d2} + Push Image With Tag ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d2} photon 2.0 2.0 + Switch to Project Quotas Tag + Check Project Quota Sorting project${d1} project${d2} + Go Into Project project${d1} + Delete Repo project${d1} alpine + Go Into Project project${d2} + Delete Repo project${d2} photon + GC Now + Close Browser + Test Case - Garbage Collection Init Chrome Driver ${d}= Get Current Date result_format=%m%s