Bot user not found when calling Export CVE #21476
Description
If you are reporting a problem, please make sure the following information are provided:
Expected behavior and actual behavior:
I expected that call to /api/v2.0/export/cve would work with a bot-account similarly as with a non-bot account given that the permissions are correct. Instead I get the response 404 Not Found with the error message: "message": "user <robot_account_name> not found"
Steps to reproduce the problem:
- Create bot-account to Harbor project with
Export CVECreateandReadpermissions. - Call endpoint with
https://<harbor_url>/api/v2.0/export/cvewith payload like this:
curl -X 'POST' \
'https://<harbor_url>/api/v2.0/export/cve' \
-H 'accept: application/json' \
-H 'X-Scan-Data-Type: application/vnd.security.vulnerability.report; version=1.1' \
-H 'Authorization: Basic <base64 robot_account_name:token> ' \
-H 'Content-Type: application/json' \
-H 'X-Harbor-Csrf-Token: <valid token>' \
-d '{
"job_name": "<job_name>",
"projects": [
<project_id_for_bot_account>
]
}'
- Get response:
{
"errors": [
{
"code": "NOT_FOUND",
"message": "user <robot_account_name> not found"
}
]
}
Versions:
Please specify the versions of following systems.
- harbor version: v2.12.2-73072d0d
- kubernetes version: v1.31.3
Additional context:
- Harbor config files:
- Log files:
2025-01-16T14:00:46Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/export/cve
2025-01-16T14:00:46Z [INFO] [/server/middleware/security/robot.go:71][requestID="9613be4b8fd6eaec6bc332c57ed6831b"]: a robot security context generated for request POST /api/v2.0/export/cve
2025/01/16 14:00:46 Model:
2025/01/16 14:00:46 r.r: sub, obj, act
2025/01/16 14:00:46 p.p: sub, obj, act, eft
2025/01/16 14:00:46 e.e: some(where (p_eft == allow)) && !some(where (p_eft == deny))
2025/01/16 14:00:46 m.m: g(r_sub, p_sub) && keyMatch2(r_obj, p_obj) && (r_act == p_act || p_act == '*')
2025/01/16 14:00:46 g.g: _, _
2025/01/16 14:00:46 Policy:
2025/01/16 14:00:46 p: sub, obj, act, eft: [[<robot_account_name> /project/3/export-cve create allow] [<robot_account_name> /project/3/artifact-label create allow] [<robot_account_name> /project/3/artifact create allow] [<robot_account_name> /project/3/artifact-label delete allow] [<robot_account_name> /project/3/artifact delete allow] [<robot_account_name> /project/3/export-cve read allow] [<robot_account_name> /project/3/artifact-addition read allow] [<robot_account_name> /project/3/artifact read allow] [<robot_account_name> /project/3/artifact list allow] [<robot_account_name> /project/3 read allow] [<robot_account_name> /project/3/label read allow] [<robot_account_name> /project/3/label list allow] [<robot_account_name> /project/3/repository list allow] [<robot_account_name> /project/3/repository pull allow] [<robot_account_name> /project/3/scan read allow] [<robot_account_name> /project/3/scanner read allow] [<robot_account_name> /project/3/tag list allow] [<robot_account_name> /project/3/artifact read allow] [<robot_account_name> /project/3/artifact list allow] [<robot_account_name> /project/3/artifact-addition read allow] [<robot_account_name> /project/3/accessory list allow]]
2025/01/16 14:00:46 g: _, _: []
2025/01/16 14:00:46 Role links for: g
2025/01/16 14:00:46
2025/01/16 14:00:46 Request: <robot_account_name>, /project/3/export-cve, create ---> true
2025-01-16T14:00:46Z [DEBUG] [/lib/http/error.go:62]: {"errors":[{"code":"NOT_FOUND","message":"user <robot_account_name> not found"}]}