Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replication failed with system level robot account #19622

Closed
stonezdj opened this issue Nov 27, 2023 · 1 comment · Fixed by #19627
Closed

Replication failed with system level robot account #19622

stonezdj opened this issue Nov 27, 2023 · 1 comment · Fixed by #19627
Assignees
@wy65701436
Labels
area/robot-account target/2.10.0

Comments

@stonezdj
Copy link
Contributor

stonezdj commented Nov 27, 2023
edited
Loading

  1. Install 2 Harbor instances A and B
  2. Create system level robot account in Harbor A and create a system robot account with all system level permission and all project level permissions.
  3. Create a registry in HarborB, create a replication rule to replicate images from library/** to B's library project.
  4. Run the Replication rule, it failed with 403 error.
Screenshot 2023-11-27 at 15 18 47

It failed to access the API (403)
GET /api/v2.0/projects/library/repositories
The robot account has permission to list repository

Screenshot 2023-11-27 at 15 21 59

If replace the system level robot account with project level robot account, it works
@AllForNothing
Copy link
Contributor

@wy65701436 The root cause is that a system permission will invalidate all the project permissions

wy65701436 added a commit to wy65701436/harbor that referenced this issue Nov 27, 2023
@wy65701436
fix robot account access issue
571b975 
fixes goharbor#19622
Resolve the 403 issue occurring when a robot account, equipped with both system and project scope, attempts to access project resources.

Signed-off-by: wang yan <wangyan@vmware.com>
@wy65701436 wy65701436 mentioned this issue Nov 27, 2023
Merged
5 tasks
wy65701436 added a commit to wy65701436/harbor that referenced this issue Nov 27, 2023
@wy65701436
fix robot account access issue
7a145dd 
fixes goharbor#19622
Resolve the 403 issue occurring when a robot account, equipped with both system and project scope, attempts to access project resources.

Signed-off-by: wang yan <wangyan@vmware.com>
wy65701436 added a commit to wy65701436/harbor that referenced this issue Nov 27, 2023
@wy65701436
fix robot account access issue
65891e3 
fixes goharbor#19622
Resolve the 403 issue occurring when a robot account, equipped with both system and project scope, attempts to access project resources.

Signed-off-by: wang yan <wangyan@vmware.com>
wy65701436 added a commit that referenced this issue Nov 27, 2023
@wy65701436
fix robot account access issue (#19627)
3f72604 
fixes #19622
Resolve the 403 issue occurring when a robot account, equipped with both system and project scope, attempts to access project resources.

Signed-off-by: wang yan <wangyan@vmware.com>
altynbaev pushed a commit to altynbaev/harbor that referenced this issue Jan 29, 2024
@wy65701436
fix robot account access issue (goharbor#19627)
0847e15 
fixes goharbor#19622
Resolve the 403 issue occurring when a robot account, equipped with both system and project scope, attempts to access project resources.

Signed-off-by: wang yan <wangyan@vmware.com>
Signed-off-by: Altynbaev Dinislam <altynbayevdr@sberautotech.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wy65701436 wy65701436

Labels
area/robot-account target/2.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix robot account access issue wy65701436/harbor
3 participants
@stonezdj @wy65701436 @AllForNothing