Merge branch 'main' into fix-macos-build

api/v2.0/swagger.yaml

@@ -7095,6 +7095,9 @@ definitions:
         type: boolean
         description: Whether the preheat policy enabled
         x-omitempty: false
+      scope:
+        type: string
+        description: The scope of preheat policy
       creation_time:
         type: string
         format: date-time
@@ -7846,9 +7849,12 @@ definitions:
         type: array
         items:
           $ref: '#/definitions/RobotPermission'
-      creator:
+      creator_type:
         type: string
-        description: The creator of the robot
+        description: The type of the robot creator, like local(harbor_user) or robot.
+      creator_ref:
+        type: integer
+        description: The reference of the robot creator, like the id of harbor user.
       creation_time:
         type: string
         format: date-time

make/harbor.yml.tmpl

@@ -48,7 +48,7 @@ harbor_admin_password: Harbor12345
 
 # Harbor DB configuration
 database:
-  # The password for the root user of Harbor DB. Change this before any production use.
+  # The password for the user('postgres' by default) of Harbor DB. Change this before any production use.
   password: root123
   # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
   max_idle_conns: 100

make/migrations/postgresql/0150_2.12.0_schema.up.sql

@@ -1,5 +1,7 @@
 /*
-Add new column creator for robot table to add a new column to record the creator of the robot
+Add new column creator_ref and creator_type for robot table to record the creator information of the robot
 */
-ALTER TABLE robot ADD COLUMN IF NOT EXISTS creator varchar(255);
-UPDATE robot SET creator = 'unknown' WHERE creator IS NULL;
+ALTER TABLE robot ADD COLUMN IF NOT EXISTS creator_ref integer default 0;
+ALTER TABLE robot ADD COLUMN IF NOT EXISTS creator_type varchar(255);
+
+ALTER TABLE p2p_preheat_policy ADD COLUMN IF NOT EXISTS scope varchar(255);

src/common/api/base.go

@@ -116,9 +116,9 @@ func (b *BaseAPI) DecodeJSONReqAndValidate(v interface{}) (bool, error) {
 }
 
 // Redirect does redirection to resource URI with http header status code.
-func (b *BaseAPI) Redirect(statusCode int, resouceID string) {
+func (b *BaseAPI) Redirect(statusCode int, resourceID string) {
 	requestURI := b.Ctx.Request.RequestURI
-	resourceURI := requestURI + "/" + resouceID
+	resourceURI := requestURI + "/" + resourceID
 
 	b.Ctx.Redirect(statusCode, resourceURI)
 }
@@ -138,7 +138,7 @@ func (b *BaseAPI) GetIDFromURL() (int64, error) {
 	return id, nil
 }
 
-// SetPaginationHeader set"Link" and "X-Total-Count" header for pagination request
+// SetPaginationHeader set "Link" and "X-Total-Count" header for pagination request
 func (b *BaseAPI) SetPaginationHeader(total, page, pageSize int64) {
 	b.Ctx.ResponseWriter.Header().Set("X-Total-Count", strconv.FormatInt(total, 10))
 

src/common/const.go

@@ -152,7 +152,7 @@ const (
 	OIDCCallbackPath = "/c/oidc/callback"
 	OIDCLoginPath    = "/c/oidc/login"
 
-	AuthProxyRediretPath = "/c/authproxy/redirect"
+	AuthProxyRedirectPath = "/c/authproxy/redirect"
 
 	// Global notification enable configuration
 	NotificationEnable = "notification_enable"

src/common/http/tls.go

@@ -48,7 +48,7 @@ func GetInternalCertPair() (tls.Certificate, error) {
 
 // GetInternalTLSConfig return a tls.Config for internal https communicate
 func GetInternalTLSConfig() (*tls.Config, error) {
-	// genrate key pair
+	// generate key pair
 	cert, err := GetInternalCertPair()
 	if err != nil {
 		return nil, fmt.Errorf("internal TLS enabled but can't get cert file %w", err)

src/common/job/client.go

@@ -151,7 +151,7 @@ func (d *DefaultClient) SubmitJob(jd *models.JobData) (string, error) {
 	return stats.Stats.JobID, nil
 }
 
-// GetJobLog call jobserivce API to get the log of a job.  It only accepts the UUID of the job
+// GetJobLog call jobservice API to get the log of a job.  It only accepts the UUID of the job
 func (d *DefaultClient) GetJobLog(uuid string) ([]byte, error) {
 	url := d.endpoint + "/api/v1/jobs/" + uuid + "/log"
 	req, err := http.NewRequest(http.MethodGet, url, nil)

src/common/job/models/models.go

@@ -62,15 +62,15 @@ type StatsInfo struct {
 	UpstreamJobID string     `json:"upstream_job_id,omitempty"`   // Ref the upstream job if existing
 	NumericPID    int64      `json:"numeric_policy_id,omitempty"` // The numeric policy ID of the periodic job
 	Parameters    Parameters `json:"parameters,omitempty"`
-	Revision      int64      `json:"revision,omitempty"` // For differentiating the each retry of the same job
+	Revision      int64      `json:"revision,omitempty"` // For differentiating each retry of the same job
 }
 
 // JobPoolStats represents the healthy and status of all the running worker pools.
 type JobPoolStats struct {
 	Pools []*JobPoolStatsData `json:"worker_pools"`
 }
 
-// JobPoolStatsData represent the healthy and status of the worker worker.
+// JobPoolStatsData represent the healthy and status of the worker.
 type JobPoolStatsData struct {
 	WorkerPoolID string   `json:"worker_pool_id"`
 	StartedAt    int64    `json:"started_at"`

src/common/models/job.go

@@ -29,7 +29,7 @@ const (
 	JobCanceled string = "canceled"
 	// JobRetrying indicate the job needs to be retried, it will be scheduled to the end of job queue by statemachine after an interval.
 	JobRetrying string = "retrying"
-	// JobContinue is the status returned by statehandler to tell statemachine to move to next possible state based on trasition table.
+	// JobContinue is the status returned by statehandler to tell statemachine to move to next possible state based on transition table.
 	JobContinue string = "_continue"
 	// JobScheduled ...
 	JobScheduled string = "scheduled"

src/common/models/uaa.go

@@ -14,7 +14,7 @@
 
 package models
 
-// UAASettings wraps the configuraations to access UAA service
+// UAASettings wraps the configurations to access UAA service
 type UAASettings struct {
 	Endpoint     string
 	ClientID     string

src/common/rbac/project/evaluator_test.go

@@ -87,8 +87,8 @@ func TestProjectRoleAccess(t *testing.T) {
 			Username: "username",
 		}
 		evaluator := NewEvaluator(ctl, NewBuilderForUser(user, ctl))
-		resorce := NewNamespace(public.ProjectID).Resource(rbac.ResourceRepository)
-		assert.True(evaluator.HasPermission(context.TODO(), resorce, rbac.ActionPush))
+		resource := NewNamespace(public.ProjectID).Resource(rbac.ResourceRepository)
+		assert.True(evaluator.HasPermission(context.TODO(), resource, rbac.ActionPush))
 	}
 
 	{
@@ -101,8 +101,8 @@ func TestProjectRoleAccess(t *testing.T) {
 			Username: "username",
 		}
 		evaluator := NewEvaluator(ctl, NewBuilderForUser(user, ctl))
-		resorce := NewNamespace(public.ProjectID).Resource(rbac.ResourceRepository)
-		assert.False(evaluator.HasPermission(context.TODO(), resorce, rbac.ActionPush))
+		resource := NewNamespace(public.ProjectID).Resource(rbac.ResourceRepository)
+		assert.False(evaluator.HasPermission(context.TODO(), resource, rbac.ActionPush))
 	}
 }
 

src/common/secret/request.go

@@ -25,7 +25,7 @@ import (
 const HeaderPrefix = "Harbor-Secret "
 
 // FromRequest tries to get Harbor Secret from request header.
-// It will return empty string if the reqeust is nil.
+// It will return empty string if the request is nil.
 func FromRequest(req *http.Request) string {
 	if req == nil {
 		return ""

src/common/utils/email/mail.go

@@ -70,7 +70,7 @@ func Send(addr, identity, username, password string,
 
 // Ping tests the connection and authentication with email server
 // If tls is true, a secure connection is established, or Ping
-// trys to upgrate the insecure connection to a secure one if
+// trys to upgrade the insecure connection to a secure one if
 // email server supports it.
 // Ping doesn't verify the server's certificate and hostname when
 // needed if the parameter insecure is ture
@@ -119,7 +119,7 @@ func newClient(addr, identity, username, password string,
 		return nil, err
 	}
 
-	// try to swith to SSL/TLS
+	// try to switch to SSL/TLS
 	if !tls {
 		if ok, _ := client.Extension("STARTTLS"); ok {
 			log.Debugf("switching the connection with %s to SSL/TLS ...", addr)

src/common/utils/email/mail_test.go

@@ -38,7 +38,7 @@ func TestSend(t *testing.T) {
 	err := Send(addr, identity, username, password,
 		timeout, tls, insecure, from, to,
 		subject, message)
-	// bypass the check due to securty policy change on gmail
+	// bypass the check due to security policy change on gmail
 	// TODO
 	// assert.Nil(t, err)
 
@@ -78,7 +78,7 @@ func TestPing(t *testing.T) {
 	// tls connection
 	err := Ping(addr, identity, username, password,
 		timeout, tls, insecure)
-	// bypass the check due to securty policy change on gmail
+	// bypass the check due to security policy change on gmail
 	// TODO
 	// assert.Nil(t, err)
 

src/common/utils/encrypt.go

@@ -46,8 +46,8 @@ var HashAlg = map[string]func() hash.Hash{
 }
 
 // Encrypt encrypts the content with salt
-func Encrypt(content string, salt string, encrptAlg string) string {
-	return fmt.Sprintf("%x", pbkdf2.Key([]byte(content), []byte(salt), 4096, 16, HashAlg[encrptAlg]))
+func Encrypt(content string, salt string, encryptAlg string) string {
+	return fmt.Sprintf("%x", pbkdf2.Key([]byte(content), []byte(salt), 4096, 16, HashAlg[encryptAlg]))
 }
 
 // ReversibleEncrypt encrypts the str with aes/base64

src/common/utils/passports.go

@@ -72,7 +72,7 @@ func (p *passportsPool) Revoke() bool {
 type LimitedConcurrentRunner interface {
 	// AddTask adds a task to run
 	AddTask(task func() error)
-	// Wait waits all the tasks to be finished, returns error if the any of the tasks gets error
+	// Wait waits all the tasks to be finished, returns error if any of the tasks gets error
 	Wait() (err error)
 	// Cancel cancels all tasks, tasks that already started will continue to run
 	Cancel(err error)
@@ -106,7 +106,7 @@ func (r *limitedConcurrentRunner) AddTask(task func() error) {
 			r.wg.Done()
 		}()
 
-		// Return false means no passport acquired, and no valid passport will be dispatched any more.
+		// Return false means no passport acquired, and no valid passport will be dispatched anymore.
 		// For example, some crucial errors happened and all tasks should be cancelled.
 		if ok := r.passportsPool.Apply(); !ok {
 			return

src/common/utils/test/config.go

@@ -65,7 +65,7 @@ var defaultConfig = map[string]interface{}{
 	common.RobotNamePrefix:            "robot$",
 }
 
-// GetDefaultConfigMap returns the defailt config map for easier modification.
+// GetDefaultConfigMap returns the default config map for easier modification.
 func GetDefaultConfigMap() map[string]interface{} {
 	return defaultConfig
 }

src/common/utils/test/test.go

@@ -55,11 +55,11 @@ type Response struct {
 	StatusCode int
 	// Headers are the headers of the response
 	Headers map[string]string
-	// Boby is the body of the response
+	// Body is the body of the response
 	Body []byte
 }
 
-// Handler returns a handler function which handle requst according to
+// Handler returns a handler function which handle request according to
 // the response provided
 func Handler(resp *Response) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
@@ -82,7 +82,7 @@ func Handler(resp *Response) func(http.ResponseWriter, *http.Request) {
 	}
 }
 
-// NewServer creates a HTTP server for unit test
+// NewServer creates an HTTP server for unit test
 func NewServer(mappings ...*RequestHandlerMapping) *httptest.Server {
 	r := mux.NewRouter()
 

src/common/utils/utils.go

@@ -89,7 +89,7 @@ func GenerateRandomString() string {
 // TestTCPConn tests TCP connection
 // timeout: the total time before returning if something is wrong
 // with the connection, in second
-// interval: the interval time for retring after failure, in second
+// interval: the interval time for retrying after failure, in second
 func TestTCPConn(addr string, timeout, interval int) error {
 	success := make(chan int, 1)
 	cancel := make(chan int, 1)
@@ -176,7 +176,7 @@ func ParseProjectIDOrName(value interface{}) (int64, string, error) {
 	return id, name, nil
 }
 
-// SafeCastString -- cast a object to string saftely
+// SafeCastString -- cast an object to string safely
 func SafeCastString(value interface{}) string {
 	if result, ok := value.(string); ok {
 		return result

src/controller/p2p/preheat/enforcer.go

@@ -402,7 +402,7 @@ func (de *defaultEnforcer) launchExecutions(ctx context.Context, candidates []*s
 	// Start tasks
 	count := 0
 	for _, c := range candidates {
-		if _, err = de.startTask(ctx, eid, c, insData); err != nil {
+		if _, err = de.startTask(ctx, eid, c, insData, pl.Scope); err != nil {
 			// Just log the error and skip
 			log.Errorf("start task error for preheating image: %s/%s:%s@%s", c.Namespace, c.Repository, c.Tags[0], c.Digest)
 			continue
@@ -421,7 +421,7 @@ func (de *defaultEnforcer) launchExecutions(ctx context.Context, candidates []*s
 }
 
 // startTask starts the preheat task(job) for the given candidate
-func (de *defaultEnforcer) startTask(ctx context.Context, executionID int64, candidate *selector.Candidate, instance string) (int64, error) {
+func (de *defaultEnforcer) startTask(ctx context.Context, executionID int64, candidate *selector.Candidate, instance, scope string) (int64, error) {
 	u, err := de.fullURLGetter(candidate)
 	if err != nil {
 		return -1, err
@@ -441,6 +441,7 @@ func (de *defaultEnforcer) startTask(ctx context.Context, executionID int64, can
 		ImageName: fmt.Sprintf("%s/%s", candidate.Namespace, candidate.Repository),
 		Tag:       candidate.Tags[0],
 		Digest:    candidate.Digest,
+		Scope:     scope,
 	}
 
 	piData, err := pi.ToJSON()

src/controller/p2p/preheat/enforcer_test.go

@@ -210,6 +210,7 @@ func mockPolicies() []*po.Schema {
 				Type: po.TriggerTypeManual,
 			},
 			Enabled:     true,
+			Scope:       "single_peer",
 			CreatedAt:   time.Now().UTC(),
 			UpdatedTime: time.Now().UTC(),
 		}, {
@@ -235,6 +236,7 @@ func mockPolicies() []*po.Schema {
 			Trigger: &po.Trigger{
 				Type: po.TriggerTypeEventBased,
 			},
+			Scope:       "all_peers",
 			Enabled:     true,
 			CreatedAt:   time.Now().UTC(),
 			UpdatedTime: time.Now().UTC(),

src/controller/robot/controller.go

@@ -133,7 +133,8 @@ func (d *controller) Create(ctx context.Context, r *Robot) (int64, string, error
 		Duration:    r.Duration,
 		Salt:        salt,
 		Visible:     r.Visible,
-		Creator:     r.Creator,
+		CreatorRef:  r.CreatorRef,
+		CreatorType: r.CreatorType,
 	}
 	robotID, err := d.robotMgr.Create(ctx, rCreate)
 	if err != nil {

src/controller/scan/base_controller.go

@@ -864,7 +864,8 @@ func (bc *basicController) makeRobotAccount(ctx context.Context, projectID int64
 			Description: "for scan",
 			ProjectID:   projectID,
 			Duration:    -1,
-			Creator:     "harbor-core-for-scan-all",
+			CreatorType: "local",
+			CreatorRef:  int64(0),
 		},
 		Level: robot.LEVELPROJECT,
 		Permissions: []*robot.Permission{

src/controller/scan/base_controller_test.go

@@ -235,7 +235,8 @@ func (suite *ControllerTestSuite) SetupSuite() {
 			Description: "for scan",
 			ProjectID:   suite.artifact.ProjectID,
 			Duration:    -1,
-			Creator:     "harbor-core-for-scan-all",
+			CreatorType: "local",
+			CreatorRef:  int64(0),
 		},
 		Level: robot.LEVELPROJECT,
 		Permissions: []*robot.Permission{
@@ -267,7 +268,8 @@ func (suite *ControllerTestSuite) SetupSuite() {
 			Description: "for scan",
 			ProjectID:   suite.artifact.ProjectID,
 			Duration:    -1,
-			Creator:     "harbor-core-for-scan-all",
+			CreatorType: "local",
+			CreatorRef:  int64(0),
 		},
 		Level: "project",
 	}, nil)