Harbor is an open-source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud-native compute platforms like Kubernetes and Docker. https://goharbor.io/
When it comes to the Security Standards and requirements of compliance Harbor doesn't have a mechanism to perform audit logging functionality. This repo contains code to sovle this problem.
- Clone Harbor repository
- Run the install preparation script
- Clone this repo & add the submodules
git clone https://github.com/rewanthtammana/harbor-logging cd harbor-logging git submodule add https://github.com/openresty/lua-resty-redis make/common/config/nginx-custom/lua-resty-redis - Copy
./make/common/config/nginx-custom/&./make/docker-compose.ymlto Harbor's folder - Start & get Harbor running
log_format timed_combined '$remote_addr - '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe';./make/common/config/nginx-custom/conf/nginx.conf contains the customized logging configuration.
Along with a bunch of other Lua codes, here, a considerable upgrade has been performed in the logging conf, here
...
location / {
...
default_type text/plain;
access_by_lua_block {
local user = require "user"
local redis = require "resty.redis"
local red = redis:new()
ngx.var.email=user.fetch(red, ngx.var.cookie_sid)
}
}
...
log_format timed_combined escape=none '($email) $remote_addr - '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe'
'$request_body';The above changes along with other replacements in architecture flows allow us to solve this problem.