Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating a robot account through api generates a ne secret even though 'secret' field is populated #16884

Closed
sfenzke opened this issue May 19, 2022 · 4 comments
Closed

Creating a robot account through api generates a ne secret even though 'secret' field is populated #16884

sfenzke opened this issue May 19, 2022 · 4 comments

Comments

@sfenzke
Copy link

sfenzke commented May 19, 2022

Expected behavior and actual behavior:

expected behavior

Creating a robot account through the API should use the provided secret if the 'secret' field is populated in the requests JSON body.

actual behavior

Creating a robot account through the API generates a new secret even though the 'secret' field is populated in the requests JSON body.

Steps to reproduce the problem:
Creating a robot through the API with a populated 'secret' field in JSON body.

Versions:
Please specify the versions of following systems.

  • harbor version: 2.4.2
  • docker engine version: 20.10.16
  • docker-compose version: 1.25.0

Example JSON

{
  "name": "replication2",
  "secret": "mysecret",
  "disable": false,
  "level": "system",
  "duration": -1,
  "description": "Robot Account für Replikation",
  "permissions": [
    {
      "access": [
        {
          "action": "push",
          "resource": "repository"
        },
        {
          "action": "pull",
          "resource": "repository"
        },
        {
          "action": "delete",
          "resource": "artifact"
        },
        {
          "action": "read",
          "resource": "helm-chart"
        },
        {
          "action": "create",
          "resource": "helm-chart-version"
        },
        {
          "action": "delete",
          "resource": "helm-chart-version"
        },
        {
          "action": "create",
          "resource": "tag"
        },
        {
          "action": "delete",
          "resource": "tag"
        },
        {
          "action": "create",
          "resource": "artifact-label"
        },
        {
          "action": "create",
          "resource": "scan"
        },
        {
          "action": "stop",
          "resource": "scan"
        },
        {
          "action": "list",
          "resource": "artifact"
        },
        {
          "action": "list",
          "resource": "repository"
        }
      ],
      "kind": "project",
      "namespace": "*"
    }
  ]
}
@AllForNothing
Copy link
Contributor

@sfenzke This is by design. You can not specify the secret when creating a robot account.
If you want to do so, you need to:

  1. Create a robot first (post api/v2.0/robots)
  2. Specify the secret to the robot created in step1 (patch api/v2.0/robots/${robot_id} with request body {secret: "your_secret"})

@sfenzke
Copy link
Author

sfenzke commented May 20, 2022

Thanks for clarification. Is this documented somewhere and Ii missed it? If not I think this should be added to the documentation because it is kind off surprising behavior.

@AllForNothing
Copy link
Contributor

AllForNothing commented May 20, 2022
edited

I think the Refresh System Robot Account Secret section of the doc contains the related info

@wy65701436
Copy link
Contributor

as @AllForNothing mentioned, it's by designed, close it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sfenzke @wy65701436 @AllForNothing