root
/
harbor
mirror of https://github.com/goharbor/harbor.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Merge branch 'goharbor:main' into feature/selective-image-scanning

This commit is contained in:
Soumya Raikwar 2025-09-29 15:08:30 +05:30 committed by GitHub
parent 299b06d317 4da6070872
commit 0134d5d295
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/server/v2.0/handler/robot.go
View File

@ -31,10 +31,8 @@ import (
"github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils"
"github.com/goharbor/harbor/src/controller/robot" "github.com/goharbor/harbor/src/controller/robot"
"github.com/goharbor/harbor/src/lib" "github.com/goharbor/harbor/src/lib"
"github.com/goharbor/harbor/src/lib/config"
"github.com/goharbor/harbor/src/lib/errors" "github.com/goharbor/harbor/src/lib/errors"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
"github.com/goharbor/harbor/src/lib/q"
"github.com/goharbor/harbor/src/pkg/permission/types" "github.com/goharbor/harbor/src/pkg/permission/types"
pkg "github.com/goharbor/harbor/src/pkg/robot/model" pkg "github.com/goharbor/harbor/src/pkg/robot/model"
"github.com/goharbor/harbor/src/server/v2.0/handler/model" "github.com/goharbor/harbor/src/server/v2.0/handler/model"
@ -87,6 +85,12 @@ func (rAPI *robotAPI) CreateRobot(ctx context.Context, params operation.CreateRo
case *local.SecurityContext: case *local.SecurityContext:
creatorRef = int64(s.User().UserID) creatorRef = int64(s.User().UserID)
case *robotSc.SecurityContext: case *robotSc.SecurityContext:
if s.User() == nil {
return rAPI.SendError(ctx, errors.New(nil).WithMessage("invalid security context: empty robot account"))
}
if !isValidPermissionScope(params.Robot.Permissions, s.User().Permissions) {
return rAPI.SendError(ctx, errors.New(nil).WithMessagef("permission scope is invalid. It must be equal to or more restrictive than the creator robot's permissions: %s", s.User().Name).WithCode(errors.DENIED))
}
creatorRef = s.User().ID creatorRef = s.User().ID
default: default:
return rAPI.SendError(ctx, errors.New(nil).WithMessage("invalid security context")) return rAPI.SendError(ctx, errors.New(nil).WithMessage("invalid security context"))
@ -102,25 +106,6 @@ func (rAPI *robotAPI) CreateRobot(ctx context.Context, params operation.CreateRo
return rAPI.SendError(ctx, err) return rAPI.SendError(ctx, err)
} }
if _, ok := sc.(*robotSc.SecurityContext); ok {
creatorRobots, err := rAPI.robotCtl.List(ctx, q.New(q.KeyWords{
"name": strings.TrimPrefix(sc.GetUsername(), config.RobotPrefix(ctx)),
"project_id": r.ProjectID,
}), &robot.Option{
WithPermission: true,
})
if err != nil {
return rAPI.SendError(ctx, err)
}
if len(creatorRobots) == 0 {
return rAPI.SendError(ctx, errors.DeniedError(nil))
}
if !isValidPermissionScope(params.Robot.Permissions, creatorRobots[0].Permissions) {
return rAPI.SendError(ctx, errors.New(nil).WithMessagef("permission scope is invalid. It must be equal to or more restrictive than the creator robot's permissions: %s", creatorRobots[0].Name).WithCode(errors.DENIED))
}
}
rid, pwd, err := rAPI.robotCtl.Create(ctx, r) rid, pwd, err := rAPI.robotCtl.Create(ctx, r)
if err != nil { if err != nil {
return rAPI.SendError(ctx, err) return rAPI.SendError(ctx, err)