Harbor: Allow robot accounts to be shared accoss multiple projects
Is your feature request related to a problem? Please describe.
Motivation is that when building images sometimes mutiple projects are used. Since a robot account cannot be shared accross projects it is not possible to build an image from images in multiple projects using a robot account. Multiple projects are desired in order to have granular permissions.
Describe the solution you'd like
I would like a given robot account to be able to pull from and push to multiple projects.
Describe the main design/architecture of your solution
Either allow the token for a robot account to be specified on creation or else some mechanism in the project to add a robot account from another project.
Describe the development plan you've considered
Additional context
finbourne-bot-public
All 11 comments
assign to alex to prioritize the requirement. thanks.
renmaosheng
on 24 Feb 2020
@finbourne-bot-public This is well understood and definitely in our backlog. Docker builds are a multi stage process that often reach across several different projects so scoping robots out of projects is the best approach. We will allow tying robot account to different projects and configure different levels of access to the projects. This will most likely happen after our 2.0 release scheduled for mid April because it relies on the set of new APIs being worked on.
xaleeks
on 1 Mar 2020
@xaleeks I am really looking forward this feature. But I can't find this on the backlog, which one is that?
Hokwang
on 17 Mar 2020
@Hokwang I thought there was another one https://github.com/goharbor/harbor/issues/7867 , we can use this issue to track the requirement.
xaleeks
on 19 Mar 2020
@xaleeks also eager for this feature.
sunlianqiang
on 3 Apr 2020
This is impacted by design of https://github.com/goharbor/harbor/issues/10159, tackling in the 2.1 or 2.2 release
xaleeks
on 8 Apr 2020
@xaleeks any idea on when this will be released!? eagerly waiting for this update!
Sharath52
on 5 May 2020
This is a critical feature for our workflow. Would greatly appreciate any expedition here. Thanks!
kamal94
on 4 Aug 2020
👍 To this.
To give some context as to why this is critical for us:
We're using a gitlab runner to build images for several different projects. Access control is granted on a per-project basis, so I've separated my company's teams into different Harbor projects.
This is an issue when it comes to gitlab runner, as the teams share gitlab runners. For this reason, I am in need of a robot account capable of uploading to all projects.
rarick
on 10 Aug 2020
system robot accounts coming in 2.2, proposal here https://github.com/goharbor/community/pull/148
project robots are still available to project admins
xaleeks
on 25 Oct 2020
I'm still waiting this feature
bienkma
on 13 Dec 2020
Related issues
a-kinder
·
3Comments
moooofly
·
3Comments
izhichao
·
3Comments
andrewtchin
·
3Comments
cten
·
3Comments
Most helpful comment
👍 To this.
To give some context as to why this is critical for us:
We're using a gitlab runner to build images for several different projects. Access control is granted on a per-project basis, so I've separated my company's teams into different Harbor projects.
This is an issue when it comes to gitlab runner, as the teams share gitlab runners. For this reason, I am in need of a robot account capable of uploading to all projects.