Копилка IT-рецептов

"Всё, что нажито…"

vRO: integration with Harbor

Posted on by Posted in Aria (vRealize)
VMware Harbor

I recently wrote a review on working with Harbor via the REST API. Based on this material, the Harbor and vRealize Orchestrator integration package has been developed . Only a few basic operations are used in day-to-day administration tasks. This minimum set is implemented as a process package for the orchestrator.

Preparing REST operations

A common practice for preparing REST operations in vRO is to sequentially register all the operations used (or register a complete set of operations by loading a swagger file) and create processes that call them. I suggest a different approach. In order not to create each operation manually, a process has been developed to automate this. At the input, the process receives an array of parameters for REST operations, according to which they are created on the REST host or updated when the parameters in the array are changed. An example of an array of parameters at the input of a process:

restOpsTemplates = 
 [{name:"getProjectList", urlTemplate:"/projects", method:"GET"},
  {name:"getProjectById", urlTemplate:"/projects/{project_id}", method:"GET"},
  {name:"newProject", urlTemplate:"/projects", method:"POST"},
  ...
  {name:"getCert", urlTemplate:"/systeminfo/getcert", method:"GET"},
  {name:"getGroupByDn", urlTemplate:"/usergroups", method:"GET"}];
countOps = restOpsTemplates.length;

And second, in order not to manually specify references to REST operations in each process, the name of the operation is set in the restOperationName attribute, and the operation itself is searched for on the REST host via the action getRestOperationByName:

if (restHost) {
     var restHostOpsIds = restHost.getOperations();
     for each (opsId in restHostOpsIds) {
         var ops = restHost.getOperation(opsId);
         if (ops.name == restOperationName) {
             return ops;
         }   
     }   
 }
 return null;

As a result, to prepare for using this package, you need:

  1. Download and install the package in vRO;
  2. Add Harbor to the orchestrator as a REST host;
  3. Select it in the configuration item PKS / harbor.rest.server;
  4. Start the process of registering operations: “Add or update Harbor operations”;
  5. Configure mail sending parameters (configuration element Library / Mail / send.email) or replace the process of sending letters with your own.

vRO-Harbor package

v1.0.0

Registering REST operations

  • Add or update Harbor operations – adding REST operations for the Harbor host;
  • Add or update REST operations is the main process for managing REST operations (useful not only for Harbor).

Working with projects

  • “Get all projects” – getting a list of all projects;
  • “Get project by ID” – getting information about a project by its ID;
  • “Get project by name” – getting information about a project by its name;
  • “New project” – creating a new project with the specified parameters of availability, security and image scanning.

Repositories and tags

  • “Get repositoies by project ID” – getting a list of repositories by project ID;
  • “Get tags from repository” – getting all tags from the corresponding repository;
  • “Get tag by name” – getting information about a tag by repository name and tag.

Users

  • “Get project members” – getting information about project participants;
  • “Get user by name” – getting information about the registered Harbor user by name;
  • “Get group by DN” – getting information about the Harbor group by its DN;
  • “New project member” – adding a new project participant;
  • “New user” – creation / registration of a new user account on the Harbor server.

Scanning for vulnerabilities

Clair scans docker images for vulnerabilities, and the Harbor interface generates reports for each tag. But it will be very difficult to get a general “picture” of your project or of all projects on the server, there is no required functionality yet. To make life easier for project managers and employees of information security departments, processes have been created that generate the following summary reports:

  • “Get vulnerability details” – getting information about vulnerabilities by a given image name and tag;
  • Get vulnerability report (project) – create a summary report on vulnerabilities in the project;
  • Get vulnerability report (server) – create a summary report on vulnerabilities in all projects on the Harbor server;
  • Send vulnerability report “- creating a report on the project, generating and sending a message by e-mail.

Additional processes

  • “Get root certificate” – getting the Harbor root certificate;
  • Send root certificate – getting a root certificate and sending it to users by mail.

The developed processes are more than sufficient for most of the Harbor registry administration tasks on the PKS. Well, to whom it is not enough – write more and do not forget to share the results.

Files for the article

vRO-Harbor-Integration.zip – integration package;

Harbor.pdf – documentation for package processes.

Translated by Google Translate

Leave a comment

Your email address will not be published. Required fields are marked *

Лимит времени истёк. Пожалуйста, перезагрузите CAPTCHA.