Immutability rules issue with character "/" #20102
Assignees
Labels
Comments
|
Hi @gaglimax , |
|
Hi, |
|
Emmm.. it should work as expected.
And the result of api call |
|
Did you create the rule via API? Could you try to create one through UI? |
|
Here it is : breghr1=> \d tag
Table "public.tag"
Column | Type | Collation | Nullable | Default
---------------+-----------------------------+-----------+----------+---------------------------------
id | integer | | not null | nextval('tag_id_seq'::regclass)
repository_id | integer | | not null |
artifact_id | integer | | not null |
name | character varying(255) | | not null |
push_time | timestamp without time zone | | | now()
pull_time | timestamp without time zone | | |
Indexes:
"tag_pkey" PRIMARY KEY, btree (id)
"idx_tag_artifact_id" btree (artifact_id)
"idx_tag_push_time" btree (push_time)
"unique_tag" UNIQUE CONSTRAINT, btree (repository_id, name)
Foreign-key constraints:
"tag_artifact_id_fkey" FOREIGN KEY (artifact_id) REFERENCES artifact(id)breghr1=> select * from tag where artifact_id=(select id from artifact where repository_name='repo/redis');
id | repository_id | artifact_id | name | push_time | pull_time
--------+---------------+-------------+--------------+----------------------------+-----------
257881 | 13330 | 650845 | 7.2.4-alpine | 2024-03-06 10:53:54.485468 |
(1 row)$ curl -k -u 'admin' https://<hostname>/api/v2.0/projects/repo/repositories/redis/artifacts/7.2.4-alpine?with_tag=true&with_immutable_status=true
{
"accessories": null,
"addition_links": {
"build_history": {
"absolute": false,
"href": "/api/v2.0/projects/repo/repositories/redis/artifacts/sha256:edbb71d676ba3572ce1258255a8ad2971dff7a400fadf0c635cb8d2ebfaa643a/additions/build_history"
},
"vulnerabilities": {
"absolute": false,
"href": "/api/v2.0/projects/repo/repositories/redis/artifacts/sha256:edbb71d676ba3572ce1258255a8ad2971dff7a400fadf0c635cb8d2ebfaa643a/additions/vulnerabilities"
}
},
"annotations": {
"org.opencontainers.image.created": "2024-01-09T16:09:57Z",
"org.opencontainers.image.revision": "b77450d34ae54354f41970fc44bf840353f59ef4",
"org.opencontainers.image.source": "https://github.com/docker-library/redis.git#b77450d34ae54354f41970fc44bf840353f59ef4:7.2/alpine",
"org.opencontainers.image.url": "https://hub.docker.com/_/redis",
"org.opencontainers.image.version": "7.2.4-alpine"
},
"digest": "sha256:edbb71d676ba3572ce1258255a8ad2971dff7a400fadf0c635cb8d2ebfaa643a",
"extra_attrs": {
"architecture": "amd64",
"author": "",
"config": {
"ArgsEscaped": true,
"Cmd": [
"redis-server"
],
"Entrypoint": [
"docker-entrypoint.sh"
],
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"GOSU_VERSION=1.17",
"REDIS_VERSION=7.2.4",
"REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-7.2.4.tar.gz",
"REDIS_DOWNLOAD_SHA=8d104c26a154b29fd67d6568b4f375212212ad41e0c2caa3d66480e78dbd3b59"
],
"ExposedPorts": {
"6379/tcp": {}
},
"Volumes": {
"/data": {}
},
"WorkingDir": "/data"
},
"created": "2024-01-09T16:09:57Z",
"os": "linux"
},
"icon": "sha256:0048162a053eef4d4ce3fe7518615bef084403614f8bca43b40ae2e762e11e06",
"id": 650845,
"labels": null,
"manifest_media_type": "application/vnd.oci.image.manifest.v1+json",
"media_type": "application/vnd.oci.image.config.v1+json",
"project_id": 3196,
"pull_time": "0001-01-01T00:00:00.000Z",
"push_time": "2024-03-06T10:53:54.308Z",
"references": null,
"repository_id": 13330,
"size": 17272379,
"tags": [
{
"artifact_id": 650845,
"id": 257881,
"immutable": false,
"name": "7.2.4-alpine",
"pull_time": "0001-01-01T00:00:00.000Z",
"push_time": "2024-03-06T10:53:54.485Z",
"repository_id": 13330
}
],
"type": "IMAGE"
}The rule was indeed created by an API call. I just tried to delete it and recreate it though UI, and the result is the same : |
|
Hi @MinerYang, Any news about this issue ? |
|
Hi @gaglimax , I can not reproduce the issue accordingly. We may need more contexts to triage.
|
|
Hi, I tried to reproduce the issue on a staging Harbor instance and I have the same behaviour.
I tried to tailing logs of all pods while creating/activating the rule, but nothing is logged. |
|
Any errors message in the harbor-core while you apply this rule? like |
|
No nothing regarding this issue in harbor-core... |
|
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days. |
|
We do have the same issue, following the error in the core logs: I tried by escaping the "/" using "\" w/o success (no error reported but the corresponding repository is not excluded as expected) |
|
looks similar issue like mentioned in #14259 but we are on 2.8.1 and the ticket stipulates fix is on 2.2 |
|
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days. |
|
This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected behavior and actual behavior:
When I define an immutability rule excluding several repos containing the charactere "/", the rule should work (this is the only rule enabled) :
However, the rule is not working, no tag is immutable.
Steps to reproduce the problem:
In a project, push next images (just the name is important) :
Then, create the rule above and see that you can remove all artifacts whereas redis:latest should be immutable.
Versions:
The text was updated successfully, but these errors were encountered: