Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bot user not found when calling Export CVE #21476

Open
buumi opened this issue Feb 3, 2025 · 4 comments
Open

Bot user not found when calling Export CVE #21476

buumi opened this issue Feb 3, 2025 · 4 comments
Assignees
@wy65701436
Labels
area/robot-account kind/question

Comments

@buumi
Copy link

buumi commented Feb 3, 2025

If you are reporting a problem, please make sure the following information are provided:

Expected behavior and actual behavior:
I expected that call to /api/v2.0/export/cve would work with a bot-account similarly as with a non-bot account given that the permissions are correct. Instead I get the response 404 Not Found with the error message: "message": "user <robot_account_name> not found"

Steps to reproduce the problem:

  1. Create bot-account to Harbor project with Export CVE Create and Read permissions.
  2. Call endpoint with https://<harbor_url>/api/v2.0/export/cve with payload like this:
curl -X 'POST' \
  'https://<harbor_url>/api/v2.0/export/cve' \
  -H 'accept: application/json' \
  -H 'X-Scan-Data-Type: application/vnd.security.vulnerability.report; version=1.1' \
  -H 'Authorization: Basic <base64 robot_account_name:token> ' \
  -H 'Content-Type: application/json' \
  -H 'X-Harbor-Csrf-Token: <valid token>' \
  -d '{
  "job_name": "<job_name>",
  "projects": [
    <project_id_for_bot_account>
  ]
}'
  1. Get response:
{
  "errors": [
    {
      "code": "NOT_FOUND",
      "message": "user <robot_account_name> not found"
    }
  ]
}

Versions:
Please specify the versions of following systems.

  • harbor version: v2.12.2-73072d0d
  • kubernetes version: v1.31.3

Additional context:

  • Harbor config files:

Image

Image

Image

  • Log files:
2025-01-16T14:00:46Z [DEBUG] [/server/middleware/artifactinfo/artifact_info.go:55]: In artifact info middleware, url: /api/v2.0/export/cve
2025-01-16T14:00:46Z [INFO] [/server/middleware/security/robot.go:71][requestID="9613be4b8fd6eaec6bc332c57ed6831b"]: a robot security context generated for request POST /api/v2.0/export/cve
2025/01/16 14:00:46 Model:
2025/01/16 14:00:46 r.r: sub, obj, act
2025/01/16 14:00:46 p.p: sub, obj, act, eft
2025/01/16 14:00:46 e.e: some(where (p_eft == allow)) && !some(where (p_eft == deny))
2025/01/16 14:00:46 m.m: g(r_sub, p_sub) && keyMatch2(r_obj, p_obj) && (r_act == p_act || p_act == '*')
2025/01/16 14:00:46 g.g: _, _
2025/01/16 14:00:46 Policy:
2025/01/16 14:00:46 p: sub, obj, act, eft: [[<robot_account_name> /project/3/export-cve create allow] [<robot_account_name> /project/3/artifact-label create allow] [<robot_account_name> /project/3/artifact create allow] [<robot_account_name> /project/3/artifact-label delete allow] [<robot_account_name> /project/3/artifact delete allow] [<robot_account_name> /project/3/export-cve read allow] [<robot_account_name> /project/3/artifact-addition read allow] [<robot_account_name> /project/3/artifact read allow] [<robot_account_name> /project/3/artifact list allow] [<robot_account_name> /project/3 read allow] [<robot_account_name> /project/3/label read allow] [<robot_account_name> /project/3/label list allow] [<robot_account_name> /project/3/repository list allow] [<robot_account_name> /project/3/repository pull allow] [<robot_account_name> /project/3/scan read allow] [<robot_account_name> /project/3/scanner read allow] [<robot_account_name> /project/3/tag list allow] [<robot_account_name> /project/3/artifact read allow] [<robot_account_name> /project/3/artifact list allow] [<robot_account_name> /project/3/artifact-addition read allow] [<robot_account_name> /project/3/accessory list allow]]
2025/01/16 14:00:46 g: _, _: []
2025/01/16 14:00:46 Role links for: g
2025/01/16 14:00:46 
2025/01/16 14:00:46 Request: <robot_account_name>, /project/3/export-cve, create ---> true
2025-01-16T14:00:46Z [DEBUG] [/lib/http/error.go:62]: {"errors":[{"code":"NOT_FOUND","message":"user <robot_account_name> not found"}]}
@Vad1mo
Copy link
Member

Vad1mo commented Feb 3, 2025

whast is the robot_account_name? make sure that you quote correctly the '$' sign.

@buumi
Copy link
Author

buumi commented Feb 3, 2025

bot-myorg-dev+bot-test-cve so do I need to escape either - or + sign within the name?

@wy65701436
Copy link
Contributor

it seems that you didn't use the robot prefix(robot-{robot_name}) when to issue the curl command.

@buumi
Copy link
Author

buumi commented Feb 10, 2025
edited
Loading

Damn, it seems that it's missing in the previous message but it was there on my saved HTTP request and the error reported in the original message also had it correctly set, so the error message there is correct. So what I had as username was robot-<myorg_here_containing_only_[a-z-]>+bot-test-export-cve. Our Robot Name Prefix is robot-.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wy65701436 wy65701436

Labels
area/robot-account kind/question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Vad1mo @reasonerjt @wy65701436 @buumi