harbor to harbor replication does not work with robot accounts #14982
Assignees
Comments
|
we patched out the for loop mentioned above and the replication succeeded. |
|
Hello, we encounter the exact same problem, looks like it will be fixed in 2.4 ? |
|
yes, it will be in v2.4, and already in the main branch now. Close it as fixed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you are reporting a problem, please make sure the following information are provided:
Expected behavior and actual behavior:
We have four harbor instances and replicate images between them. bevor version 2.2, we used the docker provider which works fine for push only scenarios but we also want to use the "delete on remote" feature from the event based trigger.
after we migrated all of our harbor instances to v2.2 we switched to harbor provider. the test in the ui passed and we startet one of the replication jobs but it failed with the message:
When we allowed that everyone can create projects, the replication succeeded without any errors.
We found that the harbor provider always want to create the project it should replicate to:
v2.2.2:
https://github.com/goharbor/harbor/blob/v2.2.2/src/replication/adapter/harbor/base/adapter.go#L171
master:
https://github.com/goharbor/harbor/blob/master/src/pkg/reg/adapter/harbor/base/adapter.go#L171
This is a bad behavior. In our case only sysadmins can create projects and since you cannot combine system and project level permissions in a robot account, we cannot use robot accounts for replication and using the admin account is not an option.
By default harbor should not try to create projects on the remote side or should check first, if the user is allowed to.
Steps to reproduce the problem:
the replication should fail.
Versions:
Please specify the versions of following systems.
Additional context:
harbor.ymland files in the same directory, including subdirectory./var/log/harbor/.The text was updated successfully, but these errors were encountered: