Authentication
The client can be instatiated with either a username and password, a base64-encoded HTTP Basic Access Authentication Token, or a Harbor JSON credentials file.
Username and password
Username and password (titled secret
to conform with Harbor naming schemes) can be used by instantiating the client with the username
and secret
parameters. This is the most straight forward method of authenticating.
from harborapi import HarborAsyncClient
client = HarborAsyncClient(
url="https://your-harbor-instance.com/api/v2.0",
username="username",
secret="secret"
)
In order to avoid hard-coding secrets in your application, you might want to consider using environment variables to store the username and password:
import os
from harborapi import HarborAsyncClient
client = HarborAsyncClient(
url="https://your-harbor-instance.com/api/v2.0",
username=os.environ["HARBOR_USERNAME"],
secret=os.environ["HARBOR_PASSWORD"]
)
Basic access authentication aredentials
In place of username
and secret
, a Base64-encoded HTTP Basic Access Authentication credentials string can be used to authenticate.
This string is simply username:secret
encoded to Base64, and as such is not any more secure than username and password authentication; it only obscures the text.
from harborapi import HarborAsyncClient
client = HarborAsyncClient(
url="https://your-harbor-instance.com/api/v2.0",
basicauth="base64_basicauth_here",
)
Again, it might be pertinent to store this in your environment variables:
import os
from harborapi import HarborAsyncClient
client = HarborAsyncClient(
url="https://your-harbor-instance.com/api/v2.0",
basicauth=os.environ["HARBOR_BASICAUTH"],
)
Credentials file
When creating Robot accounts, the robot account's credentials can be exported as a JSON file. The credentials_file
parameter takes an argument specifying the path to such a file.
from harborapi import HarborAsyncClient
client = HarborAsyncClient(
url="https://your-harbor-instance.com/api/v2.0",
credentials_file="/path/to/file.json", # can also be Path object
)
For simple project-level robot accounts, using the Robot Accounts tab in the web interface for a project should be sufficient. However, if you require a Robot account with privileges that go beyond the ones offered in the Web UI, such as controlling user groups and replication, managing multiple projects, starting scans, or managing the system configuration, you will need to create a system-level Robot account through the API. See Creating Privileged Robot Accounts for information about how to create system-level Robot accounts with such extended privileges using harborapi
.