Skip to content

Commit

Permalink
Add documentation for the banner message feature (#486)
Browse files Browse the repository at this point in the history 
1. Fixes goharbor/harbor#18828

Signed-off-by: AllForNothing <sshijun@vmware.com>
  • Loading branch information
@AllForNothing
AllForNothing authored Aug 17, 2023
1 parent 284ed9d commit 11f1408
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 41 deletions.
11 changes: 11 additions & 0 deletions docs/administration/general-settings/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,14 @@ Use the **Project Creation** drop-down menu to set which users can create projec
By default, a vulnerability scanner(e.g. Trivy) will update the image's last `pull time` when the image is scanned. This affects the **Tag Retention Rules** based on pull time. If you want to eliminate this effect, you can enable this option to avoid updating the pull time on scanning.

![browse project](../../img/skip-pull-time.png)

## Set a banner message on the Harbor UI

Set a custom banner message that will be displayed on the top of the Harbor UI, then every user including anonymous users can see the banner message.

- **Message Content**: Enter your message content in the text area. This filed is required.
- **Message Type**: Select a message type, each message type has its corresponding style.
- **Closable**: Decide whether the banner message can be closed temporarily.
- **Duration**: Set the display time period of the banner message, which is from 0:00 of the start date to 0:00 of the end date. This filed is required.

![Banner Message](../../img/banner-message.png)
Binary file added docs/img/banner-message.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
81 changes: 41 additions & 40 deletions docs/install-config/configure-system-settings-cli.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,47 +102,48 @@ If there is a legacy user in your instance of Harbor, the authentication mode ca

## Harbor Configuration Items

| Configure item name | Description | Type | Required | Default Value |
| ------------ |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| ----- | ----- |
auth_mode | Authentication mode, it can be db_auth, ldap_auth, uaa_auth or oidc_auth | string
ldap_url | LDAP URL | string | required |
ldap_base_dn | LDAP base DN | string | required(ldap_auth)
ldap_filter | LDAP filter | string | optional
ldap_scope | LDAP search scope, 0-Base Level, 1- One Level, 2-Sub Tree | number | optional | 2-Sub Tree
ldap_search_dn | LDAP DN to search LDAP users | string | required(ldap_auth)
ldap_search_password | LDAP DN's password | string | required(ldap_auth)
ldap_timeout | LDAP connection timeout | number | optional | 5
ldap_uid | LDAP attribute to indicate the username in Harbor | string | optional | cn
ldap_verify_cert | Verify cert when create SSL connection with LDAP server, true or false | boolean | optional | true
ldap_group_admin_dn | LDAP Group Admin DN | string | optional
ldap_group_attribute_name | LDAP Group Attribute, the LDAP attribute indicate the groupname in Harbor, it can be gid or cn | string | optional | cn
ldap_group_base_dn | The Base DN which to search the LDAP groups | string | required(ldap_auth and LDAP group)
ldap_group_search_filter | The filter to search LDAP groups | string | optional
ldap_group_search_scope | LDAP group search scope, 0-Base Level, 1- One Level, 2-Sub Tree | number | optional | 2-Sub Tree|
ldap_group_membership_attribute | LDAP group membership attribute, to indicate the group membership, it can be memberof, or ismemberof | string | optional | memberof
project_creation_restriction | The option to indicate user can be create object, it can be everyone, adminonly | string | optional | everyone
read_only | The option to set repository read only, it can be true or false | boolean | optional | false
self_registration | User can register account in Harbor, it can be true or false | boolean | optional| true
token_expiration | Security token expirtation time in minutes | number |optional| 30
uaa_client_id | UAA client ID | string | required(uaa_auth)
uaa_client_secret | UAA certificate | string | required(uaa_auth)
uaa_endpoint | UAA endpoint | string | required(uaa_auth)
uaa_verify_cert | UAA verify cert, true or false | boolean | optional | true
oidc_name | Name for OIDC authentication | string | required(oidc_auth)
oidc_endpoint | Endpoint for OIDC auth | string | required(oidc_auth)
oidc_extra_redirect_parms | Extra parameters to add when redirect request to OIDC provider | string | optional | {}
oidc_client_id | Client id for OIDC auth | string | required(oidc_auth)
oidc_client_secret | Client secret for OIDC auth | string | required(oidc_auth)
oidc_groups_claim | The name of a custom group claim that you have configured in your OIDC provider, that includes the groups to add to Harbor | string | optional
| Configure item name | Description | Type | Required | Default Value |
| ------------ |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| ----- | ----- |
auth_mode | Authentication mode, it can be db_auth, ldap_auth, uaa_auth or oidc_auth | string
ldap_url | LDAP URL | string | required |
ldap_base_dn | LDAP base DN | string | required(ldap_auth)
ldap_filter | LDAP filter | string | optional
ldap_scope | LDAP search scope, 0-Base Level, 1- One Level, 2-Sub Tree | number | optional | 2-Sub Tree
ldap_search_dn | LDAP DN to search LDAP users | string | required(ldap_auth)
ldap_search_password | LDAP DN's password | string | required(ldap_auth)
ldap_timeout | LDAP connection timeout | number | optional | 5
ldap_uid | LDAP attribute to indicate the username in Harbor | string | optional | cn
ldap_verify_cert | Verify cert when create SSL connection with LDAP server, true or false | boolean | optional | true
ldap_group_admin_dn | LDAP Group Admin DN | string | optional
ldap_group_attribute_name | LDAP Group Attribute, the LDAP attribute indicate the groupname in Harbor, it can be gid or cn | string | optional | cn
ldap_group_base_dn | The Base DN which to search the LDAP groups | string | required(ldap_auth and LDAP group)
ldap_group_search_filter | The filter to search LDAP groups | string | optional
ldap_group_search_scope | LDAP group search scope, 0-Base Level, 1- One Level, 2-Sub Tree | number | optional | 2-Sub Tree|
ldap_group_membership_attribute | LDAP group membership attribute, to indicate the group membership, it can be memberof, or ismemberof | string | optional | memberof
project_creation_restriction | The option to indicate user can be create object, it can be everyone, adminonly | string | optional | everyone
read_only | The option to set repository read only, it can be true or false | boolean | optional | false
self_registration | User can register account in Harbor, it can be true or false | boolean | optional| true
token_expiration | Security token expirtation time in minutes | number |optional| 30
uaa_client_id | UAA client ID | string | required(uaa_auth)
uaa_client_secret | UAA certificate | string | required(uaa_auth)
uaa_endpoint | UAA endpoint | string | required(uaa_auth)
uaa_verify_cert | UAA verify cert, true or false | boolean | optional | true
oidc_name | Name for OIDC authentication | string | required(oidc_auth)
oidc_endpoint | Endpoint for OIDC auth | string | required(oidc_auth)
oidc_extra_redirect_parms | Extra parameters to add when redirect request to OIDC provider | string | optional | {}
oidc_client_id | Client id for OIDC auth | string | required(oidc_auth)
oidc_client_secret | Client secret for OIDC auth | string | required(oidc_auth)
oidc_groups_claim | The name of a custom group claim that you have configured in your OIDC provider, that includes the groups to add to Harbor | string | optional
oidc_admin_group | The name of the admin group, if the ID token of the user shows that he is a member of this group, the user will have admin privilege in Harbor. Note: You can only set one Admin Group. | string | optional
oidc_scope | Scope for OIDC auth | string | required(oidc_auth)
oidc_verify_cert | Verify certificate for OIDC auth, true or false | boolean | optional | true
oidc_auto_onboard | Skip the onboarding screen, so user cannot change its username. Username is provided from ID Token, true or false | boolean | optional | false
oidc_user_claim | The name of the claim in the ID Token where the username is retrieved from | string | optional | name
robot_token_duration | Robot token expiration time in minutes | number | optional | 43200 (30days)
audit_log_forward_endpoint | Forward audit logs to the syslog endpoint, for example: harbor-log:10514 | string | optional |
skip_audit_log_database | Skip to log audit log in the database, only available when audit log forward endpoint is configured | boolean | optional | false
scanner_skip_update_pulltime | Vulnerability scanner(e.g. Trivy) will not update the image "last pull time" when the image is scanned | boolean | optional |
oidc_scope | Scope for OIDC auth | string | required(oidc_auth)
oidc_verify_cert | Verify certificate for OIDC auth, true or false | boolean | optional | true
oidc_auto_onboard | Skip the onboarding screen, so user cannot change its username. Username is provided from ID Token, true or false | boolean | optional | false
oidc_user_claim | The name of the claim in the ID Token where the username is retrieved from | string | optional | name
robot_token_duration | Robot token expiration time in minutes | number | optional | 43200 (30days)
audit_log_forward_endpoint | Forward audit logs to the syslog endpoint, for example: harbor-log:10514 | string | optional |
skip_audit_log_database | Skip to log audit log in the database, only available when audit log forward endpoint is configured | boolean | optional | false
scanner_skip_update_pulltime | Vulnerability scanner(e.g. Trivy) will not update the image "last pull time" when the image is scanned | boolean | optional |
banner_message | The banner message for the UI. It is the stringified result of the banner message object | string | optional |

{{< note >}}
Both booleans and numbers can be enclosed with double quote in the request json, for example: `123`, `"123"`, `"true"` or `true` is OK.
Expand Down
Loading

0 comments on commit 11f1408

Please sign in to comment.