harbor-users@lists.cncf.io

Re: harbor api for accessing "info" field in repo

Steven Zou

Could you try `GET http(s)://<harbor-hostname>/api/repositories/{repo_name}`? The `description` field of the returned repository model is the `info` data you’re looking for.

thanks&regards

--

Steven Zou(邹佳）

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

From: <harbor-users@...> on behalf of "vlakshmi70 via lists.cncf.io" <vlakshmi70=yahoo.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, May 26, 2020 at 22:24
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] harbor api for accessing "info" field in repo

Steven,
Yes I couldn't find one for GETTer API for "info" field in the repo APIs.
I am using v1.8 of harbor.
Not sure if this API for getting the "info" field has been added in a later revision??

Thanks

Re: harbor api for accessing "info" field in repo

vlakshmi70@...

#167

Steven,
Yes I couldn't find one for GETTer API for "info" field in the repo APIs.
I am using v1.8 of harbor.
Not sure if this API for getting the "info" field has been added in a later revision??

Thanks

Re: harbor api for accessing "info" field in repo

Steven Ren

#166

Hi Vlakshmi,

If you installed Harbor, in Harbor UI, there is an API explorer page at the left bottom of the page,

You can see all the APIs at there. Hope this helps.

Best regards,

Steven

From: <harbor-users@...> on behalf of "vlakshmi70 via lists.cncf.io" <vlakshmi70=yahoo.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, May 26, 2020 at 6:43 PM
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] harbor api for accessing "info" field in repo

Hi,
Is there an API to get the "info" field in repo similar to say getting the label or tag for a repo-name.
curl -X GET "https://harbor.com/api/ repositories/{repo_name}/info" -H "accept: application/json"

thanks.

harbor api for accessing "info" field in repo

vlakshmi70@...

#165

Hi,
Is there an API to get the "info" field in repo similar to say getting the label or tag for a repo-name.
curl -X GET "https://harbor.com/api/ repositories/{repo_name}/info" -H "accept: application/json"

thanks.

Harbor 2.0 is released!

Jonas Rosland

#164

Harbor 2.0 is released! This release makes Harbor the first OCI-compliant open source registry capable of storing cloud-native artifacts like container images, @HelmPack charts, CNABs, @OpenPolicyAgent, @SingularityApp, and much more.
With Harbor 2.0, we have made Trivy from @AquaSecTeam the default image scanner, and with that taking container image scanning to higher levels of usability and performance than ever before.

Other notable features in Harbor 2.0 include: - The ability to set expiration dates on robot accounts - You can now configure SSL for core Harbor services - Webhooks can be individually triggered, and come with Slack integration - A new snazzy dark mode, try it out!

A huge thank you goes out to the entire Harbor community for bringing all these new features into this major release.
Read all about Harbor 2.0 in the announcement blog: goharbor.io/blog/harbor-2.0

Re: API Call for Vulnerability Report

Steven Ren

#163

Hi Brian,

if you have an installed Harbor, in the left bottom of the UI, there is “API Explorer” feature, we can view all the APIs harbor exposed. Thanks

-steven

From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Wednesday, May 13, 2020 at 8:55 PM
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] API Call for Vulnerability Report

I'm looking forward to checking that out. Most of my harbor deployments are running in Pivotal Cloud Foundry (or tanzu or whatever its called now) and I'm reliant on the version in pivnet (or Tanzunet?). I do have a separate "home-brew" bosh deployment I'll load 2.0 to play with.

Re: API Call for Vulnerability Report

brianwadesmith@...

#162

I'm looking forward to checking that out. Most of my harbor deployments are running in Pivotal Cloud Foundry (or tanzu or whatever its called now) and I'm reliant on the version in pivnet (or Tanzunet?). I do have a separate "home-brew" bosh deployment I'll load 2.0 to play with.

Clair - images with Unknown vulnerabilities

brianwadesmith@...

#161

I have enabled the blocking of pulling vulnerable images labeled as high or greater. This setting is preventing images scanned and labeled as "Unknown" from being pulled. Can anyone tell me if this is by design? I'm running v1.10.2

Thanks!!!

Harbor Graduation

Michael Michael <michmike@...>

#160

Hello everyone, if you were not already aware, Harbor (goharbor.io) is in the final stage of becoming a Graduated project in CNCF. This is a tremendous achievement for the project and we would not have been here without our contributors, our users, and the support of the CNCF community. Please provide your public vote of support for Harbor in this thread

https://lists.cncf.io/g/cncf-toc/topic/harbor_in_public_comment/74163632

Import OIDC groups into harbor

tiagomendes93@...

#159

How can I import groups from OIDC into harbor?
Do I have to create a Mapper and then use that mapper on group claim Id?
There is no documentation on this..
Thank you

Re: API Call for Vulnerability Report

Steven Ren

#158

Hi Brian,

In 2.0 UI, we have some stats shown in the UI, could you please take a look whether that matches your query? You are welcome to make your changes in the code to improve Harbor ☺

Best regards,

Steven

From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, May 1, 2020 at 11:53 PM
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] API Call for Vulnerability Report

If anyone is interested, here is the quick script I put together to get these details

Show quoted text

total=0
critical=()
high=()
medium=()
high+=("High risk images\n")
critical+=("Critical risk images\n")
medium+=("Medium risk images\n")
none+=("Images with no risk\n")
unknown+=("UNKNOWN\n")

for x in $(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/top?count=99999" -H "accept: application/json" -H "authorization: Basic <REPLACE>" | jq .[].name);
do
    ((total=$total+1))
    echo "TOTAL::" $total
    x=$(echo $x | cut -d '"' -f 2)
    echo "IMAGE::" $x
    result=$(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/${x}/tags" -H "authorization: Basic <REPLACE>" -H "accept: application/json" | jq '.[] | .scan_overview[]? | .severity')
    echo $result

    if [[ $result == *"Critical"* ]]; then
        critical+="$x\n"
    elif [[ $result == *"High"* ]]; then
        high+="$x\n"
    elif [[ $result == *"Medium"* ]]; then
        medium+="$x\n"
    elif [[ $result == *"None"* ]]; then
        none+="$x\n"
    elif [[ $result == *"Unknown"* ]]; then
        unknown+="$x\n"
    fi
done
echo "TOTAL IMAGES::" $total
printf "$critical"
printf "$high"
printf "$medium"
printf "$none"
printf "$unknown"

Installing Harbor in a docker environment behind LB

tiagomendes93@...

#157

Hello community We are trying to use Harbor in a docker environment behind a LB (HA-PROXY) and integrate it with Keycloack.
It happens that we can't redirrect the call on the harbor instance to the dns defined in the keycloack giving us the error 400 mismatch.
When can we change the callback uri to match the dns created ? Because on the OIDC configuration it has defined the uri to point to the hostname.

We changed the external_url on the harbor.yaml and got no effect..
Has anyone been through this?
Best, Regards

Tiago

Cancelled Event: Harbor Community Meeting - Americas Time zone #cal-cancelled

harbor-users@lists.cncf.io Calendar <harbor-users@...>

#156

Cancelled: Harbor Community Meeting - Americas Time zone

This event has been cancelled.

When:
Wednesday, 31 July 2019
4:00pm to 5:00pm
(UTC-04:00) America/New York
Repeats: Every 2 weeks on Wednesday

Where:
https://zoom.us/j/734959521

Organizer: Harbor

Description:

Hello everyone,

This is a recurring calendar invite for the bi-weekly Harbor community meetings.

There will be two meetings, one for China/Europe time zone, and one for Americas time zone

Please pick the one that fits your schedule best.

To attend, use the following Zoom link: https://zoom.us/j/734959521

Meeting notes, agenda, and recordings of past meetings and other details are located at https://github.com/goharbor/community/blob/master/MEETING_SCHEDULE.md
and

https://github.com/goharbor/community/tree/master/conf-calls

Calendar

Cancelled Event: Harbor Community Meeting - China/Europe Time zone #cal-cancelled

harbor-users@lists.cncf.io Calendar <harbor-users@...>

#155

Cancelled: Harbor Community Meeting - China/Europe Time zone

This event has been cancelled.

When:
Wednesday, 31 July 2019
9:00pm to 10:00pm
(UTC+08:00) Asia/Chongqing
Repeats: Every 2 weeks on Wednesday

Where:
https://zoom.us/j/734959521

Organizer: Harbor

Description:

Hello everyone,

This is a recurring calendar invite for the bi-weekly Harbor community meetings.
There will be two meetings, one for China/Europe time zone, and one for Americas time zone
Please pick the one that fits your schedule best.

To attend, use the following Zoom link: https://zoom.us/j/734959521

Meeting notes, agenda, and recordings of past meetings and other details are located at https://github.com/goharbor/community/blob/master/MEETING_SCHEDULE.md
and
https://github.com/goharbor/community/tree/master/conf-calls

Calendar

Re: API Call for Vulnerability Report

brianwadesmith@...

#154

If anyone is interested, here is the quick script I put together to get these details

Show quoted text

total=0
critical=()
high=()
medium=()
high+=("High risk images\n")
critical+=("Critical risk images\n")
medium+=("Medium risk images\n")
none+=("Images with no risk\n")
unknown+=("UNKNOWN\n")

for x in $(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/top?count=99999" -H "accept: application/json" -H "authorization: Basic <REPLACE>" | jq .[].name);
do
    ((total=$total+1))
    echo "TOTAL::" $total
    x=$(echo $x | cut -d '"' -f 2)
    echo "IMAGE::" $x
    result=$(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/${x}/tags" -H "authorization: Basic <REPLACE>" -H "accept: application/json" | jq '.[] | .scan_overview[]? | .severity')
    echo $result

    if [[ $result == *"Critical"* ]]; then
        critical+="$x\n"
    elif [[ $result == *"High"* ]]; then
        high+="$x\n"
    elif [[ $result == *"Medium"* ]]; then
        medium+="$x\n"
    elif [[ $result == *"None"* ]]; then
        none+="$x\n"
    elif [[ $result == *"Unknown"* ]]; then
        unknown+="$x\n"
    fi
done
echo "TOTAL IMAGES::" $total
printf "$critical"
printf "$high"
printf "$medium"
printf "$none"
printf "$unknown"

Re: Replication Failed

Steven Zou

#153

Hi,

Officially doing replication among different versions of Harbor is not supported.

thanks&regards

--

Steven Zou(邹佳）

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

From: <harbor-users@...> on behalf of "aprado1976 via lists.cncf.io" <aprado1976=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Tuesday, April 21, 2020 at 01:45
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] Replication Failed

Hello,

Is it possible to replicate a 1.7 registry to a 1.10 registry?
The two servers ping in both directions but the sync is not done

Thank you for your help

Replication Failed

aprado1976@...

#152

Hello,

Is it possible to replicate a 1.7 registry to a 1.10 registry?
The two servers ping in both directions but the sync is not done

Thank you for your help

Harbor LDAP User Base DN

brianwadesmith@...

#151

Does anyone know if there is a way to configure LDAP Auth to search under 2 Base DNs? My directory is absolutely MASSIVE. I have users in an "Associates" OU and service accounts in a "Service accounts" OU. Both are at the root of the directory. If I set the search base tot he root, login times are greatly impacted.

Does anyone know if there a way to provide an LDAP search filter to be able to target both OUs without searching the entire directory?

Question on Harbor's pull-based replication

Bipin Jethwani

#150

How does Harbor's pull-based replication work under the hood? WebSocket/watch or HTTP based polling?

Re: API Call for Vulnerability Report

Steven Zou

#149

For vulnerability summary, you can try the API shown below:

'/repositories/{repo_name}/tags/{tag}':
	get:
	summary: Get the tag of the repository.
	description: \|
	This endpoint aims to retrieve the tag of the repository. If deployed with Notary, the signature property of response represents whether the image is singed or not. If the property is null, the image is unsigned.
	parameters:
	- name: repo_name
	in: path
	type: string
	required: true
	description: Relevant repository name.
	- name: tag
	in: path
	type: string
	required: true
	description: Tag of the repository.
	tags:
	- Products
	responses:
	'200':
	description: Get tag successfully.
	schema:
	$ref: '#/definitions/DetailedTag'
	'500':
	description: Unexpected internal errors.

The tag model will include a `scan_overview` if the image has been scanned and it has the vul report (otherwise that field will be empty).

For detailed report including the vulnerability item list, you can use the following API:

'/repositories/{repo_name}/tags/{tag}/scan':

get:
	summary: Get the scan report
	description: \|
	Retrieve the scan report for the artifact identified by the repo_name and tag.
	tags:
	- Scan
	parameters:
	- name: repo_name
	in: path
	type: string
	required: true
	description: Repository name
	- name: tag
	in: path
	type: string
	required: true
	description: Tag name
	- name: Accept
	in: header
	type: string
	description: \|
	Mimetype in header. e.g: "application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"
	responses:
	200:
	description: The report details of the specified artifact identified by the repo_name and tag.
	schema:
	$ref: '#/definitions/Report'
	'401':
	description: Unauthorized request
	'403':
	description: Request is not allowed
	'404':
	description: The target artifact is not found
	'500':
	description: Internal server error happened

thanks&regards

--

Steven Zou(邹佳）

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Thursday, April 9, 2020 at 23:28
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] API Call for Vulnerability Report

I'm just starting to use the Harbor API and finding it to be very useful. I would like to create an automated report to detail Vulnerabilities discovered through scanning. I see Model references to NativeReportSummary, VulnerabilitySummary, VulnerabilityItem, etc. I cannot figure out how to call this data via the API. I'm sure I'm missing something simple. Could anyone help me out?