goharbor / harbor-cli Goto Github PK

Create project is a common flow, the current cli doesn't make it easy.

In my opinion, this should work.

harbor project create my_project

This should create a new private project my_project with unlimited quota.

harbor-cli on  fork/bupd/batch-process:batch-process via 🐹 v1.21.6 
❯ ./harbor project create --help
create project

Usage:
  harbor project create [flags]

Flags:
  -h, --help                   help for create
      --name string            Name of the project
      --proxy-cache            Whether the project is a proxy cache project
      --public                 Project is public or private (default true)
      --registry-id string     ID of referenced registry when creating the proxy cache project
      --storage-limit string   Storage quota of the project (default "-1")

Global Flags:
      --config string          config file (default is $HOME/.harbor/config.yaml) (default "/Users/vadim/.harbor/config.yaml")
  -o, --output-format string   Output format. One of: json|yaml
  -v, --verbose                verbose output

harbor-cli on  fork/bupd/batch-process:batch-process via 🐹 v1.21.6 
❯ ./harbor project create my_project

Why is Name of Credential mandatory?

What are the use cases where a user needs to set Name of Credential
Also, why can the name of credential not be generated as eg. [email protected]

./harbor login 8gears.container-registry.com
  Server                                                                                                                                                                                                                                                                                                      
  > 8gears.container-registry.com                                                                                                                                                                                                                                                                             
                                                                                                                                                                                                                                                                                                              
  User Name                                                                                                                                                                                                                                                                                                   
  > vadim                                                                                                                                                                                                                                                                                                     
                                                                                                                                                                                                                                                                                                              
  Password                                                                                                                                                                                                                                                                                                    
  > *********                                                                                                                                                                                                                                                                                                 
                                                                                                                                                                                                                                                                                                              
┃ Name of Credential                                                                                                                                                                                                                                                                                          
┃ >           

Overview:

To add the multiple TUI selection as a base component in separate PR.
which can be used by multiple commands that support multiple selection and their associated action.
with that we can mimic the behavior of multiple select and action in TUI.

Originally posted by @bupd in #80 (comment)

like the --password-stdin flag in Docker login is beneficial for security as it allows the password to be provided via standard input, preventing it from being exposed in command-line history or logs, enhancing overall password protection practices.

It would make sense if the harbor-cli followed the same pattern.

• Accept the password from stdin

Ctrl+C keyboard interrupt crashes the code on login.
Trying to log in.

./harbor login 8gears.container-registry.com

now I hit aboard (CTRL+C)

panic: user aborted

goroutine 1 [running]:
github.com/goharbor/harbor-cli/pkg/views/login.CreateView(0x14000408240)
        /Users/vadim/Development/container-registry/harbor-cli/pkg/views/login/create.go:61 +0x3e8
github.com/goharbor/harbor-cli/cmd/harbor/root.createLoginView(0x0?)
        /Users/vadim/Development/container-registry/harbor-cli/cmd/harbor/root/login.go:77 +0x44
github.com/goharbor/harbor-cli/cmd/harbor/root.LoginCommand.func1(0x1400022eb00?, {0x140004064a0?, 0x4?, 0x1008fa4db?})
        /Users/vadim/Development/container-registry/harbor-cli/cmd/harbor/root/login.go:48 +0x174
github.com/spf13/cobra.(*Command).execute(0x140001a0c00, {0x14000406470, 0x1, 0x1})
        /Users/vadim/go/pkg/mod/github.com/spf13/[email protected]/command.go:987 +0x828
github.com/spf13/cobra.(*Command).ExecuteC(0x140001a0600)
        /Users/vadim/go/pkg/mod/github.com/spf13/[email protected]/command.go:1115 +0x344
github.com/spf13/cobra.(*Command).Execute(0x100e522b8?)
        /Users/vadim/go/pkg/mod/github.com/spf13/[email protected]/command.go:1039 +0x1c
main.main()
        /Users/vadim/Development/container-registry/harbor-cli/cmd/harbor/main.go:10 +0x20

👉 Follow along [dagger flow]

• Build the Go binary using a builder container
• Create a minimal runtime container
• Publish the container image
• Also needs to sign the published image for good supply chain security
• Needs to run this docker publish flow on every pull request merge to the upstream

Description

The Harbor CLI tool's login command does not correctly handle the specified server URL, resulting in various errors and failed login attempts.

I attached video for the clear Explanation.

it should follow the schema as discussed here: #38

Objective:

Track the missing commands in the CLI and ensure their implementation.

🚧 Missing Commands

🛠️ Commands to Handle After Initial Implementation

📝 Implementation Steps

• Implement Member command.
• Implement Quota command.
• Implement Robot command.
• Implement Audit command.
• Implement Retention command.
• Implement Replication command.
• LDAP
• Implement Usergroup command.
• Add Unit, End to end tests for the commands.

🔄 Post-Implementation

• Handle additional commands related to:
  • Webhook
  • Preheat
  • Ping
  • Security
  • Configuration
  • System Config
  • Permissions

📌 Issue Tracking and Progress

• Create individual GitHub issues for each command implementation.
• Reference this master issue in each individual issue to maintain a coherent structure and clear dependencies.

👤 Personal Note

I would like to tackle these issues to ensure proper implementation and integration of each command.

Your feedback and suggestions are welcome as I work through this.

Edit:

This issue is meant for collaboration and streamlining the process for everyone. Everyone is welcome to contribute and work on this. This issue serves as a tracker and reference point for all the missing commands in the CLI.

The metadata command might be inside the project command (such as project metadata rather than metadata [project], as metadata is only for projects and it is more intuitive to access.

Description:

The Harbor web UI supports deleting multiple projects simultaneously, but this functionality is currently missing in the CLI. We need to add this feature to the CLI to improve the overall user experience and ensure that the CLI can perform similar actions available in the web UI.

Enhancement:

• Add functionality to delete multiple projects at once in the CLI.
• Ensure the CLI interface is intuitive and matches the existing patterns in the web UI.

Benefits:

• Enhances user experience by providing feature parity between the web UI and CLI.
• Streamlines the process for users who prefer using the CLI for batch operations.

Steps to Implement:

• Implement the logic to handle batch deletion of projects.
• Add error handling to ensure that failures in deleting one project do not stop the process for others.
• Update the documentation to reflect the new CLI functionality.
• Write tests to cover the new feature and ensure robustness.

Additional Information:

This enhancement is crucial for users managing multiple projects who prefer or require CLI operations over the web UI.
It aligns the CLI capabilities with the web UI, ensuring a consistent experience across different interfaces.

Example:

The updated CLI command should allow users to delete multiple projects with a single command, similar to how it is done in the web UI.

As a user, I would rather not download the source code, compile to have binary.
A common practice for downloading and installing CLI tools is the use of popular Package Manager like Chocolatey on Win or Homebrew on Mac and so on.

One way to accomplish is to create a pipeline for each package manager.

Another alternative to have an all-in-one solution is to use https://jreleaser.org/ that provides many option to release and publish the binary to many package management systems. see full list https://jreleaser.org/guide/latest/integrations.html#_package_publish

At least we should support the following option

• Homebrew
• Docker
• Chocolatey
• AppImage

this is a nice software, but not notable enough for us to package in Homebrew for now. This is not a decision on the merits of the software, but we cannot distribute every single piece of software and have to draw a line on “notability” somewhere. Of course, we would be happy to reconsider in the future.

In Homebrew/homebrew-core#165860 the PR to add harbor CLI to Homebrew was rejected, we should try this again, once we reach a certain maturity and recognition in the community.

Fixes part of #94

Add Replication Command to Manage replication policies and execution

New Commands:

harbor replication list -- to list replication policies.
harbor replication create -- to create a replication policy.
harbor replication delete -- to delete a replication policy.
harbor replication start -- to start a replication policy execution.
harbor replication stop -- to stop a replication policy execution.

I don't think the schema should be mandatory.

 ./harbor login demo.goharbor.io -u admin -p Harbor12345
Error: login failed, please check your credentials: Get "https://localhost/demo.goharbor.io/users/current": dial tcp 127.0.0.1:443: connect: connection refused
Usage:

• Use HTTPS by default. (secure by design)
• Use only HTTP if explicitly specified.
• Add option to ignore errors in self signed certs. eg. (--inecure) like in curl

Enhance the current CLI code by implementing the following measures for a smoother development experience, easier CLI installations, a structured release cycle, and more:

• Structure the project directory.
• Creating a Release
• Improve the release channel for the harbor cli, Integrated GitHub release workflows for streamlined version management.
• Automate the harbor upgrade in package manager
• Improve the error message
• Support for e2e tests & docs
• Automation of docs generation
• Implemented support for codecov to ensure comprehensive code coverage
• Discover more available subcommands for harbor-cli

// @Vad1mo @OrlinVasilev

./harbor project create --help
create project

Usage:
  harbor project create [flags]

Flags:
  -h, --help                   help for create
      --name string            Name of the project
      --proxy-cache            Whether the project is a proxy cache project
      --public                 Project is public or private (default true)
      --registry-id string     ID of referenced registry when creating the proxy cache project
      --storage-limit string   Storage quota of the project (default "-1")

Global Flags:
      --config string          config file (default is $HOME/.harbor/config.yaml) (default "/Users/vadim/.harbor/config.yaml")
  -o, --output-format string   Output format. One of: json|yaml
  -v, --verbose                verbose output

Here I cannot figure out what default true means, in --public

By default, projects are private unless they are specified explicitly as public.

Issue -> We need to enhance the readability and descriptive nature of the Harbor-CLI project's readme file.

Note -> take a look at how other projects organize their readme.

Problem

When updating the registry, all the input field are empty.
If the user gets the value in the input field like in web UI, It is more easier to make changes to them.

Solution

Values need to shown while using update registry command

Timeline: https://github.com/cncf/mentoring/tree/main/programs/lfx-mentorship/2024/02-Jun-Aug

Mentee applications due Tues May 28, 5:00 PM PDT

• Harbor-CLI, adding new capabilities and workflows.
• Fixing issue
• Releasing next usable version

For more details, see the proposal for the summer term --> https://github.com/cncf/mentoring/blob/main/programs/lfx-mentorship/2024/02-Jun-Aug/project_ideas.md

Description:

To enable the usergroup functionality within our CLI, it's imperative to set up LDAP/OIDC authentication. This configuration is crucial as it allows us to access usergroups and facilitates the integration of LDAP and OIDC for user authentication.

Details:

• Authentication Setup: The first step involves integrating LDAP/OIDC authentication, which requires system-level configuration. This setup enables us to switch from database authentication to LDAP, granting users the ability to log in using their LDAP credentials.
• LDAP Connection: Initial work has been done to establish LDAP connectivity. However, further implementation is required to import LDAP users via cli.
• Complexity: Implementing LDAP/OIDC authentication is a challenging task that demands expertise in system configuration and LDAP functionality. This is a critical aspect of our project and should be approached with caution.
• Prerequisites: Prior experience and knowledge in both system configuration and LDAP are preferred.

Expected Outcome:

• Successfully configuring LDAP/OIDC authentication will unlock the usergroup functionality, allowing us to manage users more efficiently.
• Users will be able to log in using their LDAP credentials, enhancing security and usability within the CLI.

Similar to kubectl we want users of the harbor-cli users to provide the same representations and output options.

YAML, JSON, Table.

Currently, only JSON output is supported:

 ./harbor get project testproject-832165132
{
  "Payload": {
    "chart_count": 0,
    "creation_time": "2024-02-05T14:58:53.974Z",
    "current_user_role_ids": null,
    "cve_allowlist": {
      "creation_time": "0001-01-01T00:00:00.000Z",
      "id": 21,
      "items": [],
      "project_id": 20,
      "update_time": "0001-01-01T00:00:00.000Z"
    },
    "metadata": {
      "public": "true"
    },
    "name": "testproject-832165132",
    "owner_id": 20,
    "owner_name": "koenc",
    "project_id": 20,
    "repo_count": 2,
    "update_time": "2024-02-05T14:58:53.974Z"
  }
}

• Support YAML, JSON and Table output
• Make Table output default
• -o wide: This parameter allows us to display extra information (if needed, otherwise -o wide should have no effect)
• In doubt, follow kubectl approach

Bonus points

• --sort-by: This parameter allows us to sort the output based on the resource attribute we specify.

Out of Scope

• Support of JSONPath, or GO template.
• -f, --field-selector==: This parameter allows us to filter the output using some resource attributes.

Description:

Many of the current list commands in the CLI are not streamlined, and some are missing the ID function. This inconsistency makes it difficult for users to utilize these commands effectively, especially in scripts where resource IDs are required for further modifications.

Reason:

• Improvement in Consistency among the list commands.
• Including IDs in the output will make it easier for users to interact with the CLI, especially when parsing output in scripts.

Tasks:

• Ensure that all list commands include the resource ID in their output.
• Review and update the CLI commands to make sure they follow a consistent format.
• Update documentation to reflect these changes.

This aligns the CLI with best practices for command-line tools, ensuring all necessary information is readily available in command outputs.

After implementing this enhancement, commands such as project list, user list, repo list, etc., will include their resource ID by default, making it easier for users to identify and interact with resources.

hi! I was trying to set this up and seems like credential resolution panics the binary instead of outputting something like "Empty ~/,harbor/config, please " - the patch for this is rather easy, should I start a PR or is this a candidate for the mentorship program?

Cheers and thanks!
Abhinav.

End-to-end tests are essential for ensuring the quality of Harbor CLI features

Implementation

1. We can use ginkgo + gomega

• adopting a Behavior-Driven Development (BDD) approach.
• proven effective in various CLI projects, such as kubectl.

2. Standard Go testing framework to test the functionality of a CLI tool.

Using Ginkgo and BDD for Harbor CLI tests can add complexity. Sticking with standard Go testing if the project is simple. But for complex projects, Ginkgo offers clearer tests, better collaboration.

Note: If you have alternative suggestions for constructing end-to-end tests for Harbor, please feel free to share your thoughts below.

// @OrlinVasilev @Vad1mo

Implemented support for codecov to ensure comprehensive code coverage

https://about.codecov.io/

We need to create and build some sort of documentation regarding the CLI and its basic and advances usage.
Ideally something that can used on the CLI but also in the online form in Markdown.

Goal would be to generate a markdown in e.g docs dir, this dir would then imported by https://github.com/goharbor/website and rendered on as a page on goharbor.io/

We could use commands like 'start' to open the harbor dashboard in the browser, and also to run the harbor.

Checkout the diagram.

Note :
I am proposing these commands; however, they have not been accepted yet

Harbor can be used through docker extension itself.
https://www.docker.com/products/extensions/

Would be good if Login had the ability to prompt for a hidden password for security.

example ideas:
harbor login demo.goharbor.io -u admin
Password Prompt: **********

harbor login demo.goharbor.io -u admin --passwordprompt
Password Prompt: **********

This is not one of the top priorities, but in my opinion it would make sense to replace the Makefile and large part of the workflows with https://dagger.io/

Some benefits I see

• Easy way to spin up a local env from scratch,
• better end-to-end testing

Some commands do not provide all the parameters of the go client function. For example the user list and user repo command. Also, some commands need refactoring such as getting the credentialName using viper.

Current Behaviour

The current structure, with all features under one command ("harbor"), may be confusing for users, especially as more functionalities are added.

Proposed Behaviour

The proposed behavior, aligning with the approach used in popular tools like doctl, simplifies user experience by introducing separate "project" and "registry" commands for efficient management.

Command 1: harbor project

Command 2: harbor user

Command 3: harbor robot

Command 4: harbor replication

Command 5: harbor repository

// @OrlinVasilev @Vad1mo

Objective:

• Implement robot account management in CLI which helps to run automated operations.
• Add commands to manage both system and project robot accounts.
• Manage permissions for the robot account as detailed here.
• Implement legacy robot accounts, which are labeled as Legacy in Harbor v2.2 and later, with plans for future removal.

Robot accounts created before Harbor v2.2 are considered legacy robot accounts and will appear with a Legacy label in the Harbor v2.2 and later interface. It will be removed in a future version of Harbor. (link)

Tasks

Add CLI Commands for Robot Account Management:

• Create: Add a new robot account.
• Update: Modify an existing robot account.
• Delete: Remove a robot account.
• View: Display details of robot accounts.
• Refresh: Refresh the robot secret.

Ensure no sensitive information is leaked during managing robot secrets.

Rationale

Implementing secure and efficient robot account management in the CLI is crucial for enabling automated operations and replication, enhancing overall project security and functionality.

#94

When we create a new user, there is some guidelines for accepting the password like

• password should be 8 character long
• need atleast one uppercase
• need atleast one lowercase
• need atleast one number

If the user violate one of the guideline, we cannot create a new user.

Expected Result:
Required proper error message when user violate these guidelines at the time we enter the password.

We require a GitHub workflow to perform linting checks on Go code pushed by contributors.

When executing the ./harbor registry list command, an error is encountered:

./harbor registry list
Error: flag accessed but not defined: credential-name

This error occurs because the list command attempts to access a flag named credential-name, which is neither registered within the command nor within any parent commands.

To resolve this issue, the credential-name flag should be registered within the list command.

When using bash in Windows, a new line is added with the input when enter is pressed for the next input. As a result, an extra space character is added to the server URL. It happens for all the inputs probably. For example, the password is changed due to carriage return so the user is unable to log in. Without pressing enter, the user cannot move to the next input. So it would be better to trim the spaces of the inputs.

System: Windows 10
Terminal: Bash

When creating a project as a user, I would expect that there is no need to explicitly provide the --name parameter.

So something like this ./harbor create project vadim-test should work.
--public should be by default `false``
The description and logic behind --registry-id int is not obvious/clear. When id !=1 does it mean that than a proxy project is created?
./harbor create project vadim-test
Error: [POST /projects][500] createProjectInternalServerError &{Errors:[0x14000130020]}
Usage:
harbor create project [flags]

Flags:
-h, --help help for project
--name string Name of the project
--public Project is public or private (default true)
--registry-id int ID of referenced registry when creating the proxy cache project (default 1)
--storage-limit int Storage quota of the project (default -1)

Add Quota Command to Manage quotas of the projects.

New Commands:

• harbor quota list -- to list quotas
• harbor quota get -- to get quota of a project
• harbor quota update -- to update a quota of project.

Fix a part of #94

Log in into harbor should work without specifying a schema.

./harbor login 8gears.container-registry.com
login failed, please check your credentials: Get "https://localhost/8gears.container-registry.com/users/current": dial tcp [::1]:443: connect: connection refused

The following combinations of commands should all work with schema, without schema, port number.

• ./harbor login http://8gears.container-registry.com -> http port 80
• ./harbor login http://8gears.container-registry.com:5000 -> http port 5000
• ./harbor login https://8gears.container-registry.com -> https port 443
• ./harbor login 8gears.container-registry.com -> assume it is https port 443
• ./harbor login 8gears.container-registry.com:8443 -> assume it is https port 8443