System level robot is unable to access /statistics API #15624
Comments
|
|
|
confirm with @wy65701436 , robot account doesn't support call |
|
So far, by design, robot account cannot support get statistics as it's not a kind of resource in Harbor. The access mode of robot is resource based. |
|
@bitsf thanks for the hints about unnecessary authentication. I will update the swagger config so others are made aware of it. @wy65701436 I see. My search for resources did not yield anything for statistics so I assumed that having access to all ressources might allow this. It would be great to have the possibility tho. |
|
Yes i have tried the same. I tried to use an robot account (or something like a read-only user) to receive information for monitoring system (and a bit of statistics). With admin credentials everything works fine, but when i use robot account some information are missing. It would be helpful when there is an option to create an read only admin account or set up a system wirde robot account with some read-only monitoring privileges. Here my usage: /api/v2.0/health (ok)
/api/v2.0/systeminfo (ok)
/api/v2.0/systeminfo/volumes (works only with admin credentials)
/api/v2.0/statistics (works also only with admin credentials and partly with robot account)
Statistics told me with Robot Account 3 public projects but 0 total projects. The "all projects setting" allow robot account to see all private projects, but will not be shown in statistics. Harbor Version v.2.4.0 |
|
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days. |
…harbor#18205) * Improve swagger definitions. References goharbor#15624
…harbor#18205) * Improve swagger definitions. References goharbor#15624
Signed-off-by: Kay Yan <kay.yan@daocloud.io> Improve swagger descriptions (without changing security settings) (goharbor#18205) * Improve swagger definitions. References goharbor#15624 Remove chartmuseum test case (goharbor#18267) Harbor deprecates chartmuseum as of v2.8.0 Epic: goharbor#17958 Discussion: goharbor#15057 Signed-off-by: Yang Jiao <jiaoya@vmware.com> Remove chart api (goharbor#18265) * remove chart api from swagger Delete the api path for chart in the swagger Signed-off-by: Wang Yan <wangyan@vmware.com> * Remove chart APIs 1. Remove some chart-related steps for Dockerfile for portal container 2. Remove chart APIs for API center Signed-off-by: AllForNothing <sshijun@vmware.com> --------- Signed-off-by: Wang Yan <wangyan@vmware.com> Signed-off-by: AllForNothing <sshijun@vmware.com> Co-authored-by: Wang Yan <wangyan@vmware.com> Sort user and usergroup by most match order (goharbor#18273) fixes goharbor#17859 Signed-off-by: stonezdj <daojunz@vmware.com> Update the replication rule related to the Chartmuseum (goharbor#18274) Update the registry and replication rule related to the Chartmuseum Update replication_policy and registry as Harbor v2.8.0 deprecates chartmuseum. Harbor deprecates chartmuseum as of v2.8.0 Epic: goharbor#17958 Discussion: goharbor#15057 Signed-off-by: Yang Jiao <jiaoya@vmware.com> refactor: refact the webhook API and life process (goharbor#18255) refactor: refact the notification job API and life process 1. Introduce new APIs for webhook jobs management. 2. Refact legacy APIs for backforward compatible. 3. Migrate the webhook jobs process to unified execution/task framework. Closes: goharbor#18210 Signed-off-by: chlins <chenyuzh@vmware.com> Add retry times for calling CVE data export execution list API (goharbor#18297) 1.Fixes goharbor#17879 2.Add retry times to avoid endless API calls for CVE data export execution list API Signed-off-by: AllForNothing <sshijun@vmware.com> Get job log by job_id in worker (goharbor#18261) Get job by job_id in redis Get the last 10MB of data if it exceeds 10MB Signed-off-by: stonezdj <daojunz@vmware.com> Enhance webhook UI (goharbor#18291) 1. Add execution list for a certain webhook policy 2. Add task list for a certain execution Signed-off-by: AllForNothing <sshijun@vmware.com> Update UI for the deprecation of Artifact Hub (goharbor#18303) 1. Update edit-registry page to enable the edition for Artifact Hub 2. Update edit-replication-rule page to enable the edition for rules contain Artifact Hub Signed-off-by: AllForNothing <sshijun@vmware.com> Add logs column for worker datagrid (goharbor#18307) 1. Related back-end PR goharbor#18261 Signed-off-by: AllForNothing <sshijun@vmware.com>
Signed-off-by: Kay Yan <kay.yan@daocloud.io> Improve swagger descriptions (without changing security settings) (goharbor#18205) * Improve swagger definitions. References goharbor#15624 Remove chartmuseum test case (goharbor#18267) Harbor deprecates chartmuseum as of v2.8.0 Epic: goharbor#17958 Discussion: goharbor#15057 Signed-off-by: Yang Jiao <jiaoya@vmware.com> Remove chart api (goharbor#18265) * remove chart api from swagger Delete the api path for chart in the swagger Signed-off-by: Wang Yan <wangyan@vmware.com> * Remove chart APIs 1. Remove some chart-related steps for Dockerfile for portal container 2. Remove chart APIs for API center Signed-off-by: AllForNothing <sshijun@vmware.com> --------- Signed-off-by: Wang Yan <wangyan@vmware.com> Signed-off-by: AllForNothing <sshijun@vmware.com> Co-authored-by: Wang Yan <wangyan@vmware.com> Sort user and usergroup by most match order (goharbor#18273) fixes goharbor#17859 Signed-off-by: stonezdj <daojunz@vmware.com> Update the replication rule related to the Chartmuseum (goharbor#18274) Update the registry and replication rule related to the Chartmuseum Update replication_policy and registry as Harbor v2.8.0 deprecates chartmuseum. Harbor deprecates chartmuseum as of v2.8.0 Epic: goharbor#17958 Discussion: goharbor#15057 Signed-off-by: Yang Jiao <jiaoya@vmware.com> refactor: refact the webhook API and life process (goharbor#18255) refactor: refact the notification job API and life process 1. Introduce new APIs for webhook jobs management. 2. Refact legacy APIs for backforward compatible. 3. Migrate the webhook jobs process to unified execution/task framework. Closes: goharbor#18210 Signed-off-by: chlins <chenyuzh@vmware.com> Add retry times for calling CVE data export execution list API (goharbor#18297) 1.Fixes goharbor#17879 2.Add retry times to avoid endless API calls for CVE data export execution list API Signed-off-by: AllForNothing <sshijun@vmware.com> Get job log by job_id in worker (goharbor#18261) Get job by job_id in redis Get the last 10MB of data if it exceeds 10MB Signed-off-by: stonezdj <daojunz@vmware.com> Enhance webhook UI (goharbor#18291) 1. Add execution list for a certain webhook policy 2. Add task list for a certain execution Signed-off-by: AllForNothing <sshijun@vmware.com> Update UI for the deprecation of Artifact Hub (goharbor#18303) 1. Update edit-registry page to enable the edition for Artifact Hub 2. Update edit-replication-rule page to enable the edition for rules contain Artifact Hub Signed-off-by: AllForNothing <sshijun@vmware.com> Add logs column for worker datagrid (goharbor#18307) 1. Related back-end PR goharbor#18261 Signed-off-by: AllForNothing <sshijun@vmware.com>
As a system admin I want to use robot accounts to access the harbor API in order to retrieve data for our monitoring systems.
While I am able to create a system level robot account with permissions to all ressources it can not access the
/statisticsAPI endpoint. When I try to access the route I am getting anunauthorizederror.Other endpoints, for example
/health, are working with the same set of credentials.I am able to access the mentioned routes when using my personal account. That account has administrator privileges.
JSON payload for my robot creation looks like this:
{ "secret": "<put your secret here>", "disable": false, "name": "monitoring", "level": "system", "duration": -1, "description": "Robot used for monitoring.", "permissions": [ { "access": [ { "resource": "*", "action": "read" } ], "kind": "system", "namespace": "/" } ] }The harbor version in use is 2.3.0.
The text was updated successfully, but these errors were encountered: