-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable configuration on disable anonymous user #10825
Conversation
IMO, it would be a better design if we add more level of control in project's public policy |
@reasonerjt Daniel, thanks for your comments, and can you be more specific? ye |
Add anonymous check in the search API |
@steven-zou how will you merge this PR? I don't want to change every time you make a upgrade. Again, it should be the valid cyber security requirements if running Harbor in enterprise, specially when the enterprise Harbor service is internet facing. |
@steven-zou I updated the codes to work with harbor v2.0.1, could you pls help review it again? Thanks |
@@ -121,6 +121,7 @@ var ( | |||
|
|||
{Name: common.ProjectCreationRestriction, Scope: UserScope, Group: BasicGroup, EnvKey: "PROJECT_CREATION_RESTRICTION", DefaultValue: common.ProCrtRestrEveryone, ItemType: &ProjectCreationRestrictionType{}, Editable: false}, | |||
{Name: common.ReadOnly, Scope: UserScope, Group: BasicGroup, EnvKey: "READ_ONLY", DefaultValue: "false", ItemType: &BoolType{}, Editable: false}, | |||
{Name: common.DisableAnonymous, Scope: UserScope, Group: BasicGroup, EnvKey: "DISABLE_ANONYMOUS", DefaultValue: "false", ItemType: &BoolType{}, Editable: false}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To make it straightforward, can we use AllowAnonymousUser and default value is true?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean allow sounds more positive than disable? ;-) I am ok with the change; and for now, the default value of DisableAnonymous is false.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should keep consistent with the previous experience, allow anonymous. With this feature, the user can disable it via configuration.
I just did the rebase to pass DCO. |
This is the proposed change on the issue #10760
The administrator will be able to configure the Harbor instance to enable/disable the anonymous user with the UI like below:
Welcome for comments and feedback.
Thanks
ye