harbor
harbor copied to clipboard
goharbor
cannot create local users when OIDC auth is enabled
We are unable to create local users once OIDC auth is enabled. We are in need of such users to enable synthetic monitoring of the UI and its availability without having to hand over admin credentials to our monitoring application (datadog). Is it possible to create limited users in some other way to allow such monitoring? Is there a preferred way that replaces the need for local users? what are the general guidelines for monitoring harbor? the datadog integration is fairly vacant.
When the auth mode is OIDC auth, you can't create local user in Harbor, the only local user is admin. What is the local user used for? log in through UI or call REST API? The metrics data maybe used to retrieve the data: https://goharbor.io/docs/main/administration/metrics/ It seems to be a requirement for out-of-box monitoring.
you can use robot accounts for e2e tests. pull/push and health endpoint. No need for UI user.
ok. thanks for that. I am/was following the datadog integration instructions, which suggest needing to provide admin permissions to said account for monitoring and admin is not an option when creating robot accounts.
looking over the docs under the view or add system service account sections it appears the permissions i need to provide are for v2.10.x only? is that right?
we are currently on v2.9.3 and my options from the UI are currently:
list repository
pull repository
push repository
delete repository
read artifact
list artifact
delete artifact
create artifact label
delete artifact label
create tag
delete tag
list tag
create scan
stop scan