feat: Implement CRUD API for managing Harbor per-project Quota #3090
+542
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
area:docs
This was referenced Nov 13, 2024
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
This was referenced Nov 13, 2024
jopemachine
force-pushed
the
topic/11-06-feat_implement_per-project_images_api_based_on_rbac
branch
from
7b81657
to
f0cc98f
Compare
jopemachine
force-pushed
the
topic/11-13-feat_implement_management_api_for_controlling_harbor_per-project_quota
branch
from
47cacdd
to
a6068e1
Compare
jopemachine
force-pushed
the
topic/11-06-feat_implement_per-project_images_api_based_on_rbac
branch
from
f0cc98f
to
f01260a
Compare
jopemachine
force-pushed
the
topic/11-13-feat_implement_management_api_for_controlling_harbor_per-project_quota
branch
from
f5a8af1
to
917dffd
Compare
|
Remaining tasks: Adding REST API and SDK. |
jopemachine
force-pushed
the
topic/11-06-feat_implement_per-project_images_api_based_on_rbac
branch
from
f01260a
to
6fcfeae
Compare
jopemachine
force-pushed
the
topic/11-13-feat_implement_management_api_for_controlling_harbor_per-project_quota
branch
from
1be79c6
to
6b91f24
Compare
jopemachine
force-pushed
the
topic/11-06-feat_implement_per-project_images_api_based_on_rbac
branch
from
6fcfeae
to
548f6f8
Compare
jopemachine
force-pushed
the
topic/11-13-feat_implement_management_api_for_controlling_harbor_per-project_quota
branch
from
6b91f24
to
81dbd9e
Compare
jopemachine
force-pushed
the
topic/11-06-feat_implement_per-project_images_api_based_on_rbac
branch
from
548f6f8
to
bda8f44
Compare
jopemachine
force-pushed
the
topic/11-13-feat_implement_management_api_for_controlling_harbor_per-project_quota
branch
from
81dbd9e
to
33c1b79
Compare
jopemachine
force-pushed
the
topic/11-06-feat_implement_per-project_images_api_based_on_rbac
branch
from
bda8f44
to
30b5684
Compare
jopemachine
force-pushed
the
topic/11-13-feat_implement_management_api_for_controlling_harbor_per-project_quota
branch
from
33c1b79
to
f036297
Compare
jopemachine
force-pushed
the
topic/11-06-feat_implement_per-project_images_api_based_on_rbac
branch
from
30b5684
to
56003a4
Compare
jopemachine
force-pushed
the
topic/11-13-feat_implement_management_api_for_controlling_harbor_per-project_quota
branch
from
f036297
to
0d5ccf2
Compare
jopemachine
force-pushed
the
topic/11-06-feat_implement_per-project_images_api_based_on_rbac
branch
from
56003a4
to
643e723
Compare
jopemachine
force-pushed
the
topic/11-13-feat_implement_management_api_for_controlling_harbor_per-project_quota
branch
from
0d5ccf2
to
408bf1f
Compare
jopemachine
commented
Nov 18, 2024
| """ | ||
| ) | ||
|
|
||
| scope_id = f"project:{group_id}" |
There was a problem hiding this comment.
@fregataa If possible, instead of hardcoding the scope_id like this, I’d prefer to create a ProjectScope object and serialize it. However, since the ProjectScope type is currently located under the models directory, this violates the pants visibility rule.
What do you think about moving the types related to ScopeField under the common directory?
jopemachine
commented
Nov 18, 2024
| ) | ||
|
|
||
| variables = {"id": base64(f"group_node:{group_id}")} | ||
| data = await api_session.get().Admin._query(query, variables) |
There was a problem hiding this comment.
@fregataa Registry quota READ operation can be executed even if the user is not an admin.
However, it seems that GQL queries in the current SDK can only be executed through Admin.
What do you think about adding this query, _query functions to User as well?
Co-authored-by: octodog <[email protected]>
Co-authored-by: octodog <[email protected]>
jopemachine
force-pushed
the
topic/11-13-feat_implement_management_api_for_controlling_harbor_per-project_quota
branch
from
6b415d5
to
cae3fee
Compare
| @classmethod | ||
| async def get_container_registry_quota(cls, group_id: str) -> int: | ||
| """ | ||
| Delete Quota Limit for the group's container registry. |
Comment on lines
+115
to
+118
| cors.add(app.router.add_route("POST", "/registry-quota", create_registry_quota)) | ||
| cors.add(app.router.add_route("GET", "/registry-quota", read_registry_quota)) | ||
| cors.add(app.router.add_route("PATCH", "/registry-quota", update_registry_quota)) | ||
| cors.add(app.router.add_route("DELETE", "/registry-quota", delete_registry_quota)) |
There was a problem hiding this comment.
can we use PATCH, DELETE method? @fregataa
Comment on lines
+61
to
+66
| if ( | ||
| not group_row | ||
| or not group_row.container_registry | ||
| or "registry" not in group_row.container_registry | ||
| or "project" not in group_row.container_registry | ||
| ): |
There was a problem hiding this comment.
make function for this condition to improve readability.
Comment on lines
+32
to
+37
| async def handle_harbor_project_quota_operation( | ||
| operation_type: Literal["create", "read", "update", "delete"], | ||
| db_sess: SASession, | ||
| scope_id: ScopeType, | ||
| quota: Optional[int], | ||
| ) -> Optional[int]: |
There was a problem hiding this comment.
Don't combine handler functions into one function that accept multiple operation_types.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #1911.
Implement CRUD for controlling Harbor per-project Quota.
Important
Currently, the Project Quota API implemented in this PR is only available for the HarborV2 registry.
Details
In practice, the HarborV2 Quota API has no delete or create methods. But if you query a quota that does not exist, it returns -1. Using the update API at this point creates the quota. Updating it back to -1 resets it to an unlimited quota. Using this approach, I implemented all CRUD operations.
Quota mutations can only be executed by
admin,superadmin, while quota queries are accessible to regular users if they have READ permissions.Implementation Check list
Client code example
GQL example
Reference
Checklist: (if applicable)
📚 Documentation preview 📚: https://sorna--3090.org.readthedocs.build/en/3090/
📚 Documentation preview 📚: https://sorna-ko--3090.org.readthedocs.build/ko/3090/