Open adamwolfe-tc opened 7 months ago
stonezdj
commented
7 months ago When the auth mode is OIDC auth, you can't create local user in Harbor, the only local user is admin. What is the local user used for? log in through UI or call REST API? The metrics data maybe used to retrieve the data: https://goharbor.io/docs/main/administration/metrics/ It seems to be a requirement for out-of-box monitoring.
Vad1mo
commented
6 months ago you can use robot accounts for e2e tests. pull/push and health endpoint. No need for UI user.
adamwolfe-tc
commented
6 months ago ok. thanks for that. I am/was following the datadog integration instructions, which suggest needing to provide admin permissions to said account for monitoring and admin is not an option when creating robot accounts.
looking over the docs under the view or add system service account sections it appears the permissions i need to provide are for v2.10.x only? is that right?
we are currently on v2.9.3 and my options from the UI are currently:
list repository
pull repository
push repository
delete repository
read artifact
list artifact
delete artifact
create artifact label
delete artifact label
create tag
delete tag
list tag
create scan
stop scan
We are unable to create local users once OIDC auth is enabled. We are in need of such users to enable synthetic monitoring of the UI and its availability without having to hand over admin credentials to our monitoring application (datadog). Is it possible to create limited users in some other way to allow such monitoring? Is there a preferred way that replaces the need for local users? what are the general guidelines for monitoring harbor? the datadog integration is fairly vacant.