harbor_legacy_openapi3.yaml

openapi: 3.0.0
info:
  title: Harbor API
  description: These APIs provide services for manipulating Harbor project.
  version: 2.0
security:
  - basicAuth: []
paths:
  '/health':
    get:
      summary: Health check API
      description: |
        The endpoint returns the health stauts of the system.
      tags:
        - Products
      responses:
        '200':
          description: The system health status.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OverallHealthStatus'
            text/plain:
              schema:
                $ref: '#/components/schemas/OverallHealthStatus'
  '/projects/{project_id}/metadatas':
    get:
      summary: Get project metadata.
      description: |
        This endpoint returns metadata of the project specified by project ID.
      parameters:
        - name: project_id
          in: path
          description: The ID of project.
          required: true
          schema:
            type: integer
            format: int64
      tags:
        - Products
      responses:
        '200':
          description: Get metadata successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProjectMetadata'
            text/plain:
              schema:
                $ref: '#/components/schemas/ProjectMetadata'
        '401':
          description: User need to login first.
        '500':
          description: Internal server errors.
    post:
      summary: Add metadata for the project.
      description: |
        This endpoint is aimed to add metadata of a project.
      parameters:
        - name: project_id
          in: path
          required: true
          description: Selected project ID.
          schema:
            type: integer
            format: int64
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ProjectMetadata'
        description: The metadata of project.
        required: true
      tags:
        - Products
      responses:
        '200':
          description: Add metadata successfully.
        '400':
          description: Invalid request.
        '401':
          description: User need to log in first.
        '403':
          description: User does not have permission to the project.
        '404':
          description: Project ID does not exist.
        '415':
          $ref: '#/components/responses/UnsupportedMediaType'
        '500':
          description: Internal server errors.
  '/projects/{project_id}/metadatas/{meta_name}':
    get:
      summary: Get project metadata
      description: |
        This endpoint returns specified metadata of a project.
      parameters:
        - name: project_id
          in: path
          description: Project ID for filtering results.
          required: true
          schema:
            type: integer
            format: int64
        - name: meta_name
          in: path
          description: The name of metadat.
          required: true
          schema:
            type: string
      tags:
        - Products
      responses:
        '200':
          description: Get metadata successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProjectMetadata'
            text/plain:
              schema:
                $ref: '#/components/schemas/ProjectMetadata'
        '401':
          description: User need to log in first.
        '500':
          description: Internal server errors.
    put:
      summary: Update metadata of a project.
      description: |
        This endpoint is aimed to update the metadata of a project.
      parameters:
        - name: project_id
          in: path
          required: true
          description: The ID of project.
          schema:
            type: integer
            format: int64
        - name: meta_name
          in: path
          description: The name of metadat.
          required: true
          schema:
            type: string
      tags:
        - Products
      responses:
        '200':
          description: Updated metadata successfully.
        '400':
          description: Invalid request.
        '401':
          description: User need to log in first.
        '403':
          description: User does not have permission to the project.
        '404':
          description: Project or metadata does not exist.
        '500':
          description: Internal server errors.
    delete:
      summary: Delete metadata of a project
      description: |
        This endpoint is aimed to delete metadata of a project.
      parameters:
        - name: project_id
          in: path
          description: The ID of project.
          required: true
          schema:
            type: integer
            format: int64
        - name: meta_name
          in: path
          description: The name of metadat.
          required: true
          schema:
            type: string
      tags:
        - Products
      responses:
        '200':
          description: Metadata is deleted successfully.
        '400':
          description: Invalid requst.
        '403':
          description: User need to log in first.
        '404':
          description: Project or metadata does not exist.
        '500':
          description: Internal server errors.
  '/projects/{project_id}/members':
    get:
      summary: Get all project member information
      description: Get all project member information
      parameters:
        - name: project_id
          in: path
          required: true
          description: Relevant project ID.
          schema:
            type: integer
            format: int64
        - name: entityname
          in: query
          description: The entity name to search.
          schema:
            type: string
      tags:
        - Products
      responses:
        '200':
          description: Get project members successfully.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/ProjectMemberEntity'
            text/plain:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/ProjectMemberEntity'
        '400':
          description: The project id is invalid.
        '401':
          description: User need to log in first.
        '403':
          description: User in session does not have permission to the project.
        '404':
          description: Project ID does not exist.
        '500':
          description: Unexpected internal errors.
    post:
      summary: Create project member
      description: >-
        Create project member relationship, the member can be one of the
        user_member and group_member,  The user_member need to specify user_id
        or username. If the user already exist in harbor DB, specify the
        user_id,  If does not exist in harbor DB, it will SearchAndOnBoard the
        user. The group_member need to specify id or ldap_group_dn. If the group
        already exist in harbor DB. specify the user group's id,  If does not
        exist, it will SearchAndOnBoard the group.
      tags:
        - Products
      parameters:
        - name: project_id
          in: path
          required: true
          description: Relevant project ID.
          schema:
            type: integer
            format: int64
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ProjectMember'
      responses:
        '201':
          description: Project member created successfully.
          headers:
            Location:
              description: The URL of the created resource
              schema:
                type: string
        '400':
          description: >-
            Illegal format of project member or project id is invalid, or LDAP
            DN is invalid.
        '401':
          description: User need to log in first.
        '403':
          description: User in session does not have permission to the project.
        '409':
          description: >-
            A user group with same group name already exist or an LDAP user
            group with same DN already exist.
        '500':
          description: Unexpected internal errors.
  '/projects/{project_id}/members/{mid}':
    get:
      summary: Get the project member information
      description: Get the project member information
      tags:
        - Products
      parameters:
        - name: project_id
          in: path
          required: true
          description: Relevant project ID.
          schema:
            type: integer
            format: int64
        - name: mid
          in: path
          required: true
          description: The member ID
          schema:
            type: integer
            format: int64
      responses:
        '200':
          description: Project member retrieved successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProjectMemberEntity'
            text/plain:
              schema:
                $ref: '#/components/schemas/ProjectMemberEntity'
        '400':
          description: 'Illegal format of project member or invalid project id, member id.'
        '401':
          description: User need to log in first.
        '403':
          description: User in session does not have permission to the project.
        '404':
          description: Project or projet member does not exist.
        '500':
          description: Unexpected internal errors.
    put:
      summary: Update project member
      description: Update project member relationship
      tags:
        - Products
      parameters:
        - name: project_id
          in: path
          required: true
          description: Relevant project ID.
          schema:
            type: integer
            format: int64
        - name: mid
          in: path
          required: true
          description: Member ID.
          schema:
            type: integer
            format: int64
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RoleRequest'
      responses:
        '200':
          description: Project member updated successfully.
        '400':
          description: >-
            Invalid role id, it should be 1,2 or 3, or invalid project id, or
            invalid member id.
        '401':
          description: User need to log in first.
        '403':
          description: User in session does not have permission to the project.
        '404':
          description: project or project member does not exist.
        '500':
          description: Unexpected internal errors.
    delete:
      summary: Delete project member
      tags:
        - Products
      parameters:
        - name: project_id
          in: path
          required: true
          description: Relevant project ID.
          schema:
            type: integer
            format: int64
        - name: mid
          in: path
          required: true
          description: Member ID.
          schema:
            type: integer
            format: int64
      responses:
        '200':
          description: Project member deleted successfully.
        '400':
          description: The project id or project member id is invalid.
        '401':
          description: User need to log in first.
        '403':
          description: User in session does not have permission to the project.
        '500':
          description: Unexpected internal errors.
  '/statistics':
    get:
      summary: Get projects number and repositories number relevant to the user
      description: >
        This endpoint is aimed to statistic all of the projects number and
        repositories number relevant to the logined user, also the public
        projects number and repositories number. If the user is admin, he can
        also get total projects number and total repositories number.
      tags:
        - Products
      responses:
        '200':
          description: >-
            Get the projects number and repositories number relevant to the user
            successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StatisticMap'
            text/plain:
              schema:
                $ref: '#/components/schemas/StatisticMap'
        '401':
          description: User need to log in first.
        '500':
          description: Unexpected internal errors.
  '/users':
    get:
      summary: Get registered users of Harbor.
      description: >
        This endpoint is for user to search registered users, support for
        filtering results with username.Notice, by now this operation is only
        for administrator.
      parameters:
        - name: username
          in: query
          required: false
          description: Username for filtering results.
          schema:
            type: string
        - name: email
          in: query
          required: false
          description: Email for filtering results.
          schema:
            type: string
        - name: page
          in: query
          required: false
          description: 'The page number, default is 1.'
          schema:
            type: integer
            format: int32
        - name: page_size
          in: query
          required: false
          description: The size of per page.
          schema:
            type: integer
            format: int32
      tags:
        - Products
      responses:
        '200':
          description: Searched for users of Harbor successfully.
          headers:
            X-Total-Count:
              description: The total count of available items
              schema:
                type: integer
            Link:
              description: Link to previous page and next page
              schema:
                type: string
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/User'
            text/plain:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/User'
        '400':
          description: Invalid user ID.
        '401':
          description: User need to log in first.
        '403':
          description: User does not have permission of admin role.
        '500':
          description: Unexpected internal errors.
    post:
      summary: Creates a new user account.
      description: |
        This endpoint is to create a user if the user does not already exist.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/User'
        description: New created user.
        required: true
      tags:
        - Products
      responses:
        '201':
          description: User created successfully.
          headers:
            Location:
              description: The URL of the created resource
              schema:
                type: string
        '400':
          description: Unsatisfied with constraints of the user creation.
        '403':
          description: >-
            User registration can only be used by admin role user when
            self-registration is off.
        '415':
          $ref: '#/components/responses/UnsupportedMediaType'
        '500':
          description: Unexpected internal errors.
  '/users/current':
    get:
      summary: Get current user info.
      description: |
        This endpoint is to get the current user information.
      tags:
        - Products
      responses:
        '200':
          description: Get current user information successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
            text/plain:
              schema:
                $ref: '#/components/schemas/User'
        '401':
          description: User need to log in first.
  '/users/current/permissions':
    get:
      summary: Get current user permissions.
      description: |
        This endpoint is to get the current user permissions.
      parameters:
        - name: scope
          in: query
          required: false
          description: Get permissions of the scope
          schema:
            type: string
        - name: relative
          in: query
          required: false
          description: >
            If true, the resources in the response are relative to the scope,

            eg for resource '/project/1/repository' if relative is 'true' then
            the resource in response will be 'repository'.
          schema:
            type: boolean
      tags:
        - Products
      responses:
        '200':
          description: Get current user permission successfully.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Permission'
            text/plain:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Permission'
        '401':
          description: User need to log in first.
        '500':
          description: Internal errors.
  '/users/search':
    get:
      summary: Search users by username
      description: |
        This endpoint is to search the users by username.
      parameters:
        - name: username
          in: query
          required: true
          description: Username for filtering results.
          schema:
            type: string
        - name: page
          in: query
          required: false
          description: 'The page number, default is 1.'
          schema:
            type: integer
            format: int32
        - name: page_size
          in: query
          required: false
          description: The size of per page.
          schema:
            type: integer
            format: int32
      tags:
        - Products
      responses:
        '200':
          description: 'Search users by username, email successfully.'
          headers:
            X-Total-Count:
              description: The total count of available items
              schema:
                type: integer
            Link:
              description: Link to previous page and next page
              schema:
                type: string
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/UserSearch'
            text/plain:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/UserSearch'
        '500':
          description: Unexpected internal errors.
  '/users/{user_id}':
    get:
      summary: Get a user's profile.
      description: |
        Get user's profile with user id.
      parameters:
        - name: user_id
          in: path
          required: true
          description: Registered user ID
          schema:
            type: integer
            format: int
      tags:
        - Products
      responses:
        '200':
          description: Get user's profile successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
            text/plain:
              schema:
                $ref: '#/components/schemas/User'
        '400':
          description: Invalid user ID.
        '401':
          description: User need to log in first.
        '403':
          description: User does not have permission of admin role.
        '404':
          description: User ID does not exist.
        '500':
          description: Unexpected internal errors.
    put:
      summary: Update a registered user to change his profile.
      description: |
        This endpoint let a registered user change his profile.
      parameters:
        - name: user_id
          in: path
          required: true
          description: Registered user ID
          schema:
            type: integer
            format: int
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserProfile'
        description: 'Only email, realname and comment can be modified.'
        required: true
      tags:
        - Products
      responses:
        '200':
          description: Updated user's profile successfully.
        '400':
          description: Invalid user ID.
        '401':
          description: User need to log in first.
        '403':
          description: User does not have permission of admin role.
        '404':
          description: User ID does not exist.
        '500':
          description: Unexpected internal errors.
    delete:
      summary: Mark a registered user as be removed.
      description: |
        This endpoint let administrator of Harbor mark a registered user as
        be removed.It actually won't be deleted from DB.
      parameters:
        - name: user_id
          in: path
          required: true
          description: User ID for marking as to be removed.
          schema:
            type: integer
            format: int
      tags:
        - Products
      responses:
        '200':
          description: Marked user as be removed successfully.
        '400':
          description: Invalid user ID.
        '401':
          description: User need to log in first.
        '403':
          description: User does not have permission of admin role.
        '404':
          description: User ID does not exist.
        '500':
          description: Unexpected internal errors.
  '/users/{user_id}/password':
    put:
      summary: Change the password on a user that already exists.
      description: >
        This endpoint is for user to update password. Users with the admin role
        can change any user's password. Guest users can change only their own
        password.
      parameters:
        - name: user_id
          in: path
          required: true
          description: Registered user ID.
          schema:
            type: integer
            format: int
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Password'
        description: >-
          Password to be updated, the attribute 'old_password' is optional when
          the API is called by the system administrator.
        required: true
      tags:
        - Products
      responses:
        '200':
          description: Updated password successfully.
        '400':
          description: Invalid user ID; Old password is blank; New password is blank.
        '401':
          description: Don't have authority to change password. Please check login status.
        '403':
          description: >-
            The caller does not have permission to update the password of the
            user with given ID, or the old password in request body is not
            correct.
        '500':
          description: Unexpected internal errors.
  '/users/{user_id}/sysadmin':
    put:
      summary: Update a registered user to change to be an administrator of Harbor.
      description: |
        This endpoint let a registered user change to be an administrator
        of Harbor.
      parameters:
        - name: user_id
          in: path
          required: true
          description: Registered user ID
          schema:
            type: integer
            format: int
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SysAdminFlag'
        description: Toggle a user to admin or not.
        required: true
      tags:
        - Products
      responses:
        '200':
          description: Updated user's admin role successfully.
        '400':
          description: Invalid user ID.
        '401':
          description: User need to log in first.
        '403':
          description: User does not have permission of admin role.
        '404':
          description: User ID does not exist.
        '500':
          description: Unexpected internal errors.
  '/users/{user_id}/cli_secret':
    put:
      summary: Set CLI secret for a user.
      description: >
        This endpoint let user generate a new CLI secret for himself.  This API
        only works when auth mode is set to 'OIDC'.

        Once this API returns with successful status, the old secret will be
        invalid, as there will be only one CLI secret

        for a user.
      parameters:
        - name: user_id
          in: path
          required: true
          description: User ID
          schema:
            type: integer
            format: int
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                secret:
                  type: string
                  description: The new secret
        description: JSON object that includes the new secret
        required: true
      tags:
        - Products
      responses:
        '200':
          description: The secret is successfully updated
        '400':
          description: >-
            Invalid user ID.  Or user is not onboarded via OIDC authentication.
            Or the secret does not meet the standard.
        '401':
          description: User need to log in first.
        '403':
          description: Non-admin user can only generate the cli secret of himself.
        '404':
          description: User ID does not exist.
        '412':
          description: >-
            The auth mode of the system is not "oidc_auth", or the user is not
            onboarded via OIDC AuthN.
        '500':
          description: Unexpected internal errors.
  '/labels':
    get:
      summary: List labels according to the query strings.
      description: |
        This endpoint let user list labels by name, scope and project_id
      parameters:
        - name: name
          in: query
          required: false
          description: The label name.
          schema:
            type: string
        - name: scope
          in: query
          required: true
          description: >-
            The label scope. Valid values are g and p. g for global labels and p
            for project labels.
          schema:
            type: string
        - name: project_id
          in: query
          required: false
          description: 'Relevant project ID, required when scope is p.'
          schema:
            type: integer
            format: int64
        - name: page
          in: query
          required: false
          description: The page number.
          schema:
            type: integer
            format: int32
        - name: page_size
          in: query
          required: false
          description: The size of per page.
          schema:
            type: integer
            format: int32
      tags:
        - Products
      responses:
        '200':
          description: Get successfully.
          headers:
            X-Total-Count:
              description: The total count of available items
              schema:
                type: integer
            Link:
              description: Link to previous page and next page
              schema:
                type: string
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Label'
            text/plain:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Label'
        '400':
          description: Invalid parameters.
        '401':
          description: User need to log in first.
        '500':
          description: Unexpected internal errors.
    post:
      summary: Post creates a label
      description: |
        This endpoint let user creates a label.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Label'
        description: The json object of label.
        required: true
      tags:
        - Products
      responses:
        '201':
          description: Create successfully.
          headers:
            Location:
              description: The URL of the created resource
              schema:
                type: string
        '400':
          description: Invalid parameters.
        '401':
          description: User need to log in first.
        '409':
          description: Label with the same name and same scope already exists.
        '415':
          $ref: '#/components/responses/UnsupportedMediaType'
        '500':
          description: Unexpected internal errors.
  '/labels/{id}':
    get:
      summary: Get the label specified by ID.
      description: |
        This endpoint let user get the label by specific ID.
      parameters:
        - name: id
          in: path
          required: true
          description: Label ID
          schema:
            type: integer
            format: int64
      tags:
        - Products
      responses:
        '200':
          description: Get successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Label'
            text/plain:
              schema:
                $ref: '#/components/schemas/Label'
        '401':
          description: User need to log in first.
        '404':
          description: The resource does not exist.
        '500':
          description: Unexpected internal errors.
    put:
      summary: Update the label properties.
      description: |
        This endpoint let user update label properties.
      parameters:
        - name: id
          in: path
          required: true
          description: Label ID
          schema:
            type: integer
            format: int64
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Label'
        description: The updated label json object.
        required: true
      tags:
        - Products
      responses:
        '200':
          description: Update successfully.
        '400':
          description: Invalid parameters.
        '401':
          description: User need to log in first.
        '404':
          description: The resource does not exist.
        '409':
          description: The label with the same name already exists.
        '500':
          description: Unexpected internal errors.
    delete:
      summary: Delete the label specified by ID.
      description: |
        Delete the label specified by ID.
      parameters:
        - name: id
          in: path
          required: true
          description: Label ID
          schema:
            type: integer
            format: int64
      tags:
        - Products
      responses:
        '200':
          description: Delete successfully.
        '400':
          description: Invalid parameters.
        '401':
          description: User need to log in first.
        '404':
          description: The resource does not exist.
        '500':
          description: Unexpected internal errors.
  '/usergroups':
    get:
      summary: Get all user groups information
      description: Get all user groups information
      tags:
        - Products
      responses:
        '200':
          description: Get user group successfully.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/UserGroup'
            text/plain:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/UserGroup'
        '401':
          description: User need to log in first.
        '403':
          description: User in session does not have permission to the user group.
        '500':
          description: Unexpected internal errors.
    post:
      summary: Create user group
      description: Create user group information
      tags:
        - Products
      requestBody:
        $ref: '#/components/requestBodies/UserGroup'
      responses:
        '201':
          description: User group created successfully.
          headers:
            Location:
              description: The URL of the created resource
              schema:
                type: string
        '400':
          description: Invalid LDAP group DN.
        '401':
          description: User need to log in first.
        '403':
          description: User in session does not have permission to the user group.
        '409':
          description: >-
            A user group with same group name already exist, or an LDAP user
            group with same DN already exist.
        '500':
          description: Unexpected internal errors.
  '/usergroups/{group_id}':
    get:
      summary: Get user group information
      description: Get user group information
      tags:
        - Products
      parameters:
        - name: group_id
          in: path
          required: true
          description: Group ID
          schema:
            type: integer
            format: int64
      responses:
        '200':
          description: User group get successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserGroup'
            text/plain:
              schema:
                $ref: '#/components/schemas/UserGroup'
        '400':
          description: The user group id is invalid.
        '401':
          description: User need to log in first.
        '403':
          description: User in session does not have permission to the user group.
        '404':
          description: User group does not exist.
        '500':
          description: Unexpected internal errors.
    put:
      summary: Update group information
      description: Update user group information
      tags:
        - Products
      parameters:
        - name: group_id
          in: path
          required: true
          description: Group ID
          schema:
            type: integer
            format: int64
      requestBody:
        $ref: '#/components/requestBodies/UserGroup'
      responses:
        '200':
          description: User group updated successfully.
        '400':
          description: The user group id is invalid.
        '401':
          description: User need to log in first.
        '403':
          description: Only admin has this authority.
        '404':
          description: User group does not exist.
        '500':
          description: Unexpected internal errors.
    delete:
      summary: Delete user group
      description: Delete user group
      tags:
        - Products
      parameters:
        - name: group_id
          in: path
          required: true
          schema:
            type: integer
      responses:
        '200':
          description: User group deleted successfully.
        '400':
          description: The user group id is invalid.
        '401':
          description: User need to log in first.
        '403':
          description: Only admin has this authority.
        '500':
          description: Unexpected internal errors.
  '/configurations':
    get:
      summary: Get system configurations.
      description: >
        This endpoint is for retrieving system configurations that only provides
        for admin user.
      tags:
        - Products
      responses:
        '200':
          description: Get system configurations successfully. The response body is a map.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConfigurationsResponse'
            text/plain:
              schema:
                $ref: '#/components/schemas/ConfigurationsResponse'
        '401':
          description: User need to log in first.ß
        '403':
          description: User does not have permission of admin role.
        '500':
          description: Unexpected internal errors.
    put:
      summary: Modify system configurations.
      description: >
        This endpoint is for modifying system configurations that only provides
        for admin user.
      tags:
        - Products
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Configurations'
        description: >-
          The configuration map can contain a subset of the attributes of the
          schema, which are to be updated.
        required: true
      responses:
        '200':
          description: Modify system configurations successfully.
        '401':
          description: User need to log in first.
        '403':
          description: User does not have permission of admin role.
        '500':
          description: Unexpected internal errors.
  '/email/ping':
    post:
      summary: Test connection and authentication with email server.
      description: |
        Test connection and authentication with email server.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailServerSetting'
        description: >-
          Email server settings, if some of the settings are not assigned, they
          will be read from system configuration.
      tags:
        - Products
      responses:
        '200':
          description: Ping email server successfully.
        '400':
          description: Inviald email server settings.
        '401':
          description: User need to login first.
        '403':
          description: Only admin has this authority.
        '415':
          $ref: '#/components/responses/UnsupportedMediaType'
        '500':
          description: Unexpected internal errors.
  '/chartrepo/{repo}/charts/{name}/{version}/labels':
    get:
      summary: Return the attahced labels of chart.
      description: Return the attahced labels of the specified chart version.
      tags:
        - Products
        - Chart Repository
        - Label
      parameters:
        - name: repo
          in: path
          required: true
          description: The project name
          schema:
            type: string
        - name: name
          in: path
          required: true
          description: The chart name
          schema:
            type: string
        - name: version
          in: path
          required: true
          description: The chart version
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/schemas/Labels'
        '401':
          $ref: '#/components/schemas/UnauthorizedChartAPIError'
        '403':
          $ref: '#/components/schemas/ForbiddenChartAPIError'
        '404':
          $ref: '#/components/schemas/NotFoundChartAPIError'
        '500':
          $ref: '#/components/schemas/InternalChartAPIError'
    post:
      summary: Mark label to chart.
      description: Mark label to the specified chart version.
      tags:
        - Products
        - Chart Repository
        - Label
      parameters:
        - name: repo
          in: path
          required: true
          description: The project name
          schema:
            type: string
        - name: name
          in: path
          required: true
          description: The chart name
          schema:
            type: string
        - name: version
          in: path
          required: true
          description: The chart version
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Label'
        description: The label being marked to the chart version
        required: true
      responses:
        '200':
          description: The label is successfully marked to the chart version.
        '400':
          $ref: '#/components/schemas/BadRequestFormatedError'
        '401':
          $ref: '#/components/schemas/UnauthorizedChartAPIError'
        '403':
          $ref: '#/components/schemas/ForbiddenChartAPIError'
        '404':
          $ref: '#/components/schemas/NotFoundChartAPIError'
        '409':
          $ref: '#/components/schemas/ConflictFormatedError'
        '500':
          $ref: '#/components/schemas/InternalChartAPIError'
  '/chartrepo/{repo}/charts/{name}/{version}/labels/{id}':
    delete:
      summary: Remove label from chart.
      description: Remove label from the specified chart version.
      tags:
        - Products
        - Chart Repository
        - Label
      parameters:
        - name: repo
          in: path
          required: true
          description: The project name
          schema:
            type: string
        - name: name
          in: path
          required: true
          description: The chart name
          schema:
            type: string
        - name: version
          in: path
          required: true
          description: The chart version
          schema:
            type: string
        - name: id
          in: path
          required: true
          description: The label ID
          schema:
            type: integer
      responses:
        '200':
          description: The label is successfully unmarked from the chart version.
        '400':
          $ref: '#/components/schemas/BadRequestFormatedError'
        '401':
          $ref: '#/components/schemas/UnauthorizedChartAPIError'
        '403':
          $ref: '#/components/schemas/ForbiddenChartAPIError'
        '404':
          $ref: '#/components/schemas/NotFoundChartAPIError'
        '500':
          $ref: '#/components/schemas/InternalChartAPIError'
  '/system/CVEAllowlist':
    get:
      summary: Get the system level allowlist of CVE.
      description: >-
        Get the system level allowlist of CVE.  This API can be called by all
        authenticated users.
      tags:
        - Products
        - System
      responses:
        '200':
          description: Successfully retrieved the CVE allowlist.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CVEAllowlist'
            text/plain:
              schema:
                $ref: '#/components/schemas/CVEAllowlist'
        '401':
          description: User is not authenticated.
        '500':
          description: Unexpected internal errors.
    put:
      summary: Update the system level allowlist of CVE.
      description: >-
        This API overwrites the system level allowlist of CVE with the list in
        request body.  Only system Admin has permission to call this API.
      tags:
        - Products
        - System
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CVEAllowlist'
        description: The allowlist with new content
      responses:
        '200':
          description: Successfully updated the CVE allowlist.
        '401':
          description: User is not authenticated.
        '403':
          description: User does not have permission to call this API.
        '500':
          description: Unexpected internal errors.
servers:
  - url: 'http://localhost/api/v2.0'
  - url: 'https://localhost/api/v2.0'
components:
  parameters:
    query:
      name: q
      description: >-
        Query string to query resources. Supported query patterns are "exact
        match(k=v)", "fuzzy match(k=~v)", "range(k=[min~max])", "list with union
        releationship(k={v1 v2 v3})" and "list with intersetion
        relationship(k=(v1 v2 v3))". The value of range and list can be
        string(enclosed by " or '), integer or time(in format "2020-04-09
        02:36:00"). All of these query patterns should be put in the query
        string "q=xxx" and splitted by ",". e.g. q=k1=v1,k2=~v2,k3=[min~max]
      in: query
      required: false
      schema:
        type: string
  responses:
    OK:
      description: Success
    Created:
      description: Created
      headers:
        Location:
          description: The URL of the created resource
          schema:
            type: string
    BadRequest:
      description: Bad Request
    Unauthorized:
      description: Unauthorized
    Forbidden:
      description: Forbidden
    NotFound:
      description: Not Found
    Conflict:
      description: Conflict
    PreconditionFailed:
      description: Precondition Failed
    UnsupportedMediaType:
      description: >-
        The Media Type of the request is not supported, it has to be
        "application/json"
    InternalServerError:
      description: Internal Server Error
  requestBodies:
    UserGroup:
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/UserGroup'
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
  schemas:
    ProjectMetadata:
      type: object
      properties:
        public:
          type: string
          description: >-
            The public status of the project. The valid values are "true",
            "false".
        enable_content_trust:
          type: string
          description: >-
            Whether content trust is enabled or not. If it is enabled, user
            can't pull unsigned images from this project. The valid values are
            "true", "false".
        prevent_vul:
          type: string
          description: >-
            Whether prevent the vulnerable images from running. The valid values
            are "true", "false".
        severity:
          type: string
          description: >-
            If the vulnerability is high than severity defined here, the images
            can't be pulled. The valid values are "none", "low", "medium",
            "high", "critical".
        auto_scan:
          type: string
          description: >-
            Whether scan images automatically when pushing. The valid values are
            "true", "false".
        reuse_sys_cve_allowlist:
          type: string
          description: >-
            Whether this project reuse the system level CVE allowlist as the
            allowlist of its own.  The valid values are "true", "false". If it
            is set to "true" the actual allowlist associate with this project,
            if any, will be ignored.
    User:
      type: object
      properties:
        user_id:
          type: integer
          format: int
          description: The ID of the user.
        username:
          type: string
        email:
          type: string
        password:
          type: string
        realname:
          type: string
        comment:
          type: string
        deleted:
          type: boolean
        role_name:
          type: string
        role_id:
          type: integer
          format: int
        sysadmin_flag:
          type: boolean
        admin_role_in_auth:
          type: boolean
          description: >-
            indicate the admin privilege is grant by authenticator (LDAP), is
            always false unless it is the current login user
        reset_uuid:
          type: string
        Salt:
          type: string
        creation_time:
          type: string
        update_time:
          type: string
    UserSearch:
      type: object
      properties:
        user_id:
          type: integer
          format: int
          description: The ID of the user.
        username:
          type: string
    Password:
      type: object
      properties:
        old_password:
          type: string
          description: The user's existing password.
        new_password:
          type: string
          description: New password for marking as to be updated.
    Role:
      type: object
      properties:
        role_id:
          type: integer
          format: int32
          description: ID in table.
        role_code:
          type: string
          description: Description of permissions for the role.
        role_name:
          type: string
          description: Name the the role.
        role_mask:
          type: string
    RoleParam:
      type: object
      properties:
        roles:
          type: array
          items:
            type: integer
            format: int32
          description: Role ID for updating project role member.
        username:
          type: string
          description: Username relevant to a project role member.
    StatisticMap:
      type: object
      properties:
        private_project_count:
          type: integer
          format: int32
          description: The count of the private projects which the user is a member of.
        private_repo_count:
          type: integer
          format: int32
          description: >-
            The count of the private repositories belonging to the projects
            which the user is a member of.
        public_project_count:
          type: integer
          format: int32
          description: The count of the public projects.
        public_repo_count:
          type: integer
          format: int32
          description: >-
            The count of the public repositories belonging to the public
            projects which the user is a member of.
        total_project_count:
          type: integer
          format: int32
          description: 'The count of the total projects, only be seen when the is admin.'
        total_repo_count:
          type: integer
          format: int32
          description: >-
            The count of the total repositories, only be seen when the user is
            admin.
    SysAdminFlag:
      type: object
      properties:
        sysadmin_flag:
          type: boolean
          description: 'true-admin, false-not admin.'
    UserProfile:
      type: object
      properties:
        email:
          type: string
          description: The new email.
        realname:
          type: string
          description: The new realname.
        comment:
          type: string
          description: The new comment.
    LdapConf:
      type: object
      properties:
        ldap_url:
          type: string
          description: The url of ldap service.
        ldap_search_dn:
          type: string
          description: The search dn of ldap service.
        ldap_search_password:
          type: string
          description: The search password of ldap service.
        ldap_base_dn:
          type: string
          description: The base dn of ldap service.
        ldap_filter:
          type: string
          description: The serach filter of ldap service.
        ldap_uid:
          type: string
          description: The serach uid from ldap service attributes.
        ldap_scope:
          type: integer
          format: int64
          description: The serach scope of ldap service.
        ldap_connection_timeout:
          type: integer
          format: int64
          description: The connect timeout of ldap service(second).
    LdapUsers:
      type: object
      properties:
        ldap_username:
          type: string
          description: search ldap user name based on ldapconf.
        ldap_realname:
          type: string
          description: >-
            system will try to guess the user realname form "uid" or "cn"
            attribute.
        ldap_email:
          type: string
          description: >-
            system will try to guess the user email address form "mail" or
            "email" attribute.
    LdapImportUsers:
      type: object
      properties:
        ldap_uid_list:
          type: array
          description: selected uid list
          items:
            type: string
    LdapFailedImportUsers:
      type: object
      properties:
        ldap_uid:
          type: string
          description: the uid can't add to system.
        error:
          type: string
          description: fail reason.
    EmailServerSetting:
      type: object
      properties:
        email_host:
          type: string
          description: The host of email server.
        email_port:
          type: integer
          description: The port of email server.
        email_username:
          type: string
          description: The username of email server.
        email_password:
          type: string
          description: The password of email server.
        email_ssl:
          type: boolean
          description: Use ssl/tls or not.
        email_identity:
          type: string
          description: The dentity of email server.
    ComponentOverviewEntry:
      type: object
      properties:
        severity:
          type: integer
          description: '1-None/Negligible, 2-Unknown, 3-Low, 4-Medium, 5-High'
        count:
          type: integer
          description: number of the components with certain severity.
    Configurations:
      type: object
      properties:
        auth_mode:
          type: string
          description: 'The auth mode of current system, such as "db_auth", "ldap_auth"'
        count_per_project:
          type: string
          description: The default count quota for the new created projects.
        email_from:
          type: string
          description: The sender name for Email notification.
        email_host:
          type: string
          description: The hostname of SMTP server that sends Email notification.
        email_port:
          type: integer
          description: The port of SMTP server.
        email_identity:
          type: string
          description: By default it's empty so the email_username is picked.
        email_username:
          type: string
          description: The username for authenticate against SMTP server.
        email_ssl:
          type: boolean
          description: >-
            When it's set to true the system will access Email server via TLS by
            default.  If it's set to false, it still will handle "STARTTLS" from
            server side.
        email_insecure:
          type: boolean
          description: >-
            Whether or not the certificate will be verified when Harbor tries to
            access the email server.
        ldap_url:
          type: string
          description: The URL of LDAP server.
        ldap_base_dn:
          type: string
          description: The Base DN for LDAP binding.
        ldap_filter:
          type: string
          description: The filter for LDAP binding.
        ldap_scope:
          type: integer
          description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'
        ldap_uid:
          type: string
          description: >-
            The attribute which is used as identity for the LDAP binding, such
            as "CN" or "SAMAccountname"
        ldap_search_dn:
          type: string
          description: The DN of the user to do the search.
        ldap_timeout:
          type: integer
          description: timeout in seconds for connection to LDAP server.
        ldap_group_attribute_name:
          type: string
          description: >-
            The attribute which is used as identity of the LDAP group, default
            is cn.
        ldap_group_base_dn:
          type: string
          description: The base DN to search LDAP group.
        ldap_group_search_filter:
          type: string
          description: The filter to search the ldap group.
        ldap_group_search_scope:
          type: integer
          description: >-
            The scope to search ldap. '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL,
            2-LDAP_SCOPE_SUBTREE'
        ldap_group_admin_dn:
          type: string
          description: >-
            Specify the ldap group which have the same privilege with Harbor
            admin.
        oidc_client_id:
          type: string
          description: The client id of the OIDC.
        oidc_client_secret:
          type: string
          description: The client secret of the OIDC.
        oidc_endpoint:
          type: string
          description: 'The URL of an OIDC-complaint server, must start with ''https://''.'
        oidc_name:
          type: string
          description: The name of the OIDC provider.
        oidc_scope:
          type: string
          description: >-
            The scope sent to OIDC server during authentication, should be
            separated by comma. It has to contain “openid”, and
            “offline_access”. If you are using google, please remove
            “offline_access” from this field.
        oidc_verify_cert:
          type: boolean
          description: >-
            Whether verify your OIDC server certificate, disable it if your OIDC
            server is hosted via self-hosted certificate.
        project_creation_restriction:
          type: string
          description: >-
            This attribute restricts what users have the permission to create
            project.  It can be "everyone" or "adminonly".
        quota_per_project_enable:
          type: boolean
          description: This attribute indicates whether quota per project enabled in harbor
        read_only:
          type: boolean
          description: '''docker push'' is prohibited by Harbor if you set it to true.   '
        self_registration:
          type: boolean
          description: >-
            Whether the Harbor instance supports self-registration.  If it's set
            to false, admin need to add user to the instance.
        storage_per_project:
          type: string
          description: The default storage quota for the new created projects.
        token_expiration:
          type: integer
          description: 'The expiration time of the token for internal Registry, in minutes.'
        verify_remote_cert:
          type: boolean
          description: >-
            Whether or not the certificate will be verified when Harbor tries to
            access a remote Harbor instance for replication.
        scan_all_policy:
          type: object
          properties:
            type:
              type: string
              description: >-
                The type of scan all policy, currently the valid values are
                "none" and "daily"
            parameter:
              type: object
              properties:
                daily_time:
                  type: integer
                  description: >-
                    The offset in seconds of UTC 0 o'clock, only valid when the
                    policy type is "daily"
              description: >-
                The parameters of the policy, the values are dependant on the
                type of the policy.
    ConfigurationsResponse:
      type: object
      properties:
        auth_mode:
          $ref: '#/components/schemas/StringConfigItem'
        count_per_project:
          $ref: '#/components/schemas/IntegerConfigItem'
        email_from:
          $ref: '#/components/schemas/StringConfigItem'
        email_host:
          $ref: '#/components/schemas/StringConfigItem'
        email_port:
          $ref: '#/components/schemas/IntegerConfigItem'
        email_identity:
          $ref: '#/components/schemas/StringConfigItem'
        email_username:
          $ref: '#/components/schemas/StringConfigItem'
        email_ssl:
          $ref: '#/components/schemas/BoolConfigItem'
        email_insecure:
          $ref: '#/components/schemas/BoolConfigItem'
        ldap_url:
          $ref: '#/components/schemas/StringConfigItem'
        ldap_base_dn:
          $ref: '#/components/schemas/StringConfigItem'
        ldap_filter:
          $ref: '#/components/schemas/StringConfigItem'
        ldap_scope:
          type: integer
          description: '0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE'
        ldap_uid:
          $ref: '#/components/schemas/StringConfigItem'
        ldap_search_dn:
          type: string
          description: The DN of the user to do the search.
        ldap_timeout:
          $ref: '#/components/schemas/IntegerConfigItem'
        ldap_group_attribute_name:
          $ref: '#/components/schemas/StringConfigItem'
        ldap_group_base_dn:
          $ref: '#/components/schemas/StringConfigItem'
        ldap_group_search_filter:
          $ref: '#/components/schemas/StringConfigItem'
        ldap_group_search_scope:
          $ref: '#/components/schemas/IntegerConfigItem'
        ldap_group_admin_dn:
          $ref: '#/components/schemas/StringConfigItem'
        oidc_client_id:
          $ref: '#/components/schemas/StringConfigItem'
        oidc_endpoint:
          $ref: '#/components/schemas/StringConfigItem'
        oidc_name:
          $ref: '#/components/schemas/StringConfigItem'
        oidc_scope:
          $ref: '#/components/schemas/StringConfigItem'
        oidc_verify_cert:
          $ref: '#/components/schemas/BoolConfigItem'
        project_creation_restriction:
          $ref: '#/components/schemas/StringConfigItem'
        quota_per_project_enable:
          $ref: '#/components/schemas/BoolConfigItem'
        read_only:
          $ref: '#/components/schemas/BoolConfigItem'
        self_registration:
          $ref: '#/components/schemas/BoolConfigItem'
        storage_per_project:
          $ref: '#/components/schemas/IntegerConfigItem'
        token_expiration:
          $ref: '#/components/schemas/IntegerConfigItem'
        verify_remote_cert:
          $ref: '#/components/schemas/BoolConfigItem'
        scan_all_policy:
          type: object
          properties:
            type:
              type: string
              description: >-
                The type of scan all policy, currently the valid values are
                "none" and "daily"
            parameter:
              type: object
              properties:
                daily_time:
                  type: integer
                  description: >-
                    The offset in seconds of UTC 0 o'clock, only valid when the
                    policy type is "daily"
              description: >-
                The parameters of the policy, the values are dependant on the
                type of the policy.
    Label:
      type: object
      properties:
        id:
          type: integer
          description: The ID of label.
        name:
          type: string
          description: The name of label.
        description:
          type: string
          description: The description of label.
        color:
          type: string
          description: The color of label.
        scope:
          type: string
          description: 'The scope of label, g for global labels and p for project labels.'
        project_id:
          type: integer
          description: The project ID if the label is a project label.
        creation_time:
          type: string
          description: The creation time of label.
        update_time:
          type: string
          description: The update time of label.
        deleted:
          type: boolean
          description: The label is deleted or not.
    ProjectMemberEntity:
      type: object
      properties:
        id:
          type: integer
          description: the project member id
        project_id:
          type: integer
          description: the project id
        entity_name:
          type: string
          description: the name of the group member.
        role_name:
          type: string
          description: the name of the role
        role_id:
          type: integer
          description: the role id
        entity_id:
          type: integer
          description: >-
            the id of entity, if the member is a user, it is user_id in user
            table. if the member is a user group, it is the user group's ID in
            user_group table.
        entity_type:
          type: string
          description: 'the entity''s type, u for user entity, g for group entity.'
    ProjectMember:
      type: object
      properties:
        role_id:
          type: integer
          description: >-
            The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for
            maintainer
        member_user:
          $ref: '#/components/schemas/UserEntity'
        member_group:
          $ref: '#/components/schemas/UserGroup'
    RoleRequest:
      type: object
      properties:
        role_id:
          type: integer
          description: >-
            The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for
            maintainer
    UserEntity:
      type: object
      properties:
        user_id:
          type: integer
          description: The ID of the user.
        username:
          type: string
          description: The name of the user.
    UserGroup:
      type: object
      properties:
        id:
          type: integer
          description: The ID of the user group
        group_name:
          type: string
          description: The name of the user group
        group_type:
          type: integer
          description: 'The group type, 1 for LDAP group, 2 for HTTP group.'
        ldap_group_dn:
          type: string
          description: The DN of the LDAP group if group type is 1 (LDAP group).
    StringConfigItem:
      type: object
      properties:
        value:
          type: string
          description: The string value of current config item
        editable:
          type: boolean
          description: The configure item can be updated or not
    BoolConfigItem:
      type: object
      properties:
        value:
          type: boolean
          description: The boolean value of current config item
        editable:
          type: boolean
          description: The configure item can be updated or not
    IntegerConfigItem:
      type: object
      properties:
        value:
          type: integer
          description: The integer value of current config item
        editable:
          type: boolean
          description: The configure item can be updated or not
    ChartAPIError:
      description: The error object returned by chart repository API
      type: object
      required:
        - error
      properties:
        error:
          type: string
          description: The error message returned by the chart API
    UnauthorizedChartAPIError:
      description: Unauthorized
      type: object
      allOf:
        - $ref: '#/components/schemas/ChartAPIError'
    ForbiddenChartAPIError:
      description: Operation is forbidden or quota exceeded
      type: object
      allOf:
        - $ref: '#/components/schemas/ChartAPIError'
    InternalChartAPIError:
      description: Internal server error occurred
      type: object
      allOf:
        - $ref: '#/components/schemas/ChartAPIError'
    NotFoundChartAPIError:
      description: Not found
      type: object
      allOf:
        - $ref: '#/components/schemas/ChartAPIError'
    InsufficientStorageChartAPIError:
      description: Insufficient storage
      type: object
      allOf:
        - $ref: '#/components/schemas/ChartAPIError'
    BadRequestFormatedError:
      description: Bad request
      type: object
      allOf:
        - $ref: '#/components/schemas/ChartAPIError'
    ConflictFormatedError:
      description: Conflicts
      type: object
      allOf:
        - $ref: '#/components/schemas/ChartAPIError'
    ChartMetadata:
      type: object
      description: The metadata of chart version
      required:
        - name
        - version
        - engine
        - icon
        - apiVersion
        - appVersion
      properties:
        name:
          type: string
          description: The name of the chart
        home:
          type: string
          description: The URL to the relevant project page
        sources:
          type: array
          description: The URL to the source code of chart
          items:
            type: string
        version:
          type: string
          description: A SemVer 2 version of chart
        description:
          type: string
          description: A one-sentence description of chart
        keywords:
          type: array
          description: A list of string keywords
          items:
            type: string
        engine:
          type: string
          description: The name of template engine
        icon:
          type: string
          description: The URL to an icon file
        apiVersion:
          type: string
          description: The API version of this chart
        appVersion:
          type: string
          description: The version of the application enclosed in the chart
        deprecated:
          type: boolean
          description: Whether or not this chart is deprecated
    ChartVersion:
      type: object
      description: A specified chart entry
      allOf:
        - $ref: '#/components/schemas/ChartMetadata'
        - type: object
          properties:
            created:
              type: string
              description: The created time of the chart entry
            removed:
              type: boolean
              description: A flag to indicate if the chart entry is removed
            digest:
              type: string
              description: The digest value of the chart entry
            urls:
              type: array
              description: The urls of the chart entry
              items:
                type: string
      properties:
        labels:
          $ref: '#/components/schemas/Labels'
    Labels:
      type: array
      description: A list of label
      items:
        $ref: '#/components/schemas/Label'
    OverallHealthStatus:
      type: object
      description: The system health status
      properties:
        status:
          type: string
          description: >-
            The overall health status. It is "healthy" only when all the
            components' status are "healthy"
        components:
          type: array
          items:
            $ref: '#/components/schemas/ComponentHealthStatus'
    ComponentHealthStatus:
      type: object
      description: The health status of component
      properties:
        name:
          type: string
          description: The component name
        status:
          type: string
          description: The health status of component
        error:
          type: string
          description: (optional) The error message when the status is "unhealthy"
    Permission:
      type: object
      description: The permission
      properties:
        resource:
          type: string
          description: The permission resoruce
        action:
          type: string
          description: The permission action
    Namespace:
      type: object
      description: The namespace of registry
      properties:
        name:
          type: string
          description: The name of namespace
        metadata:
          type: object
          description: The metadata of namespace
    CVEAllowlist:
      type: object
      description: The CVE Allowlist for system or project
      properties:
        id:
          type: integer
          description: ID of the allowlist
        project_id:
          type: integer
          description: >-
            ID of the project which the allowlist belongs to.  For system level
            allowlist this attribute is zero.
        expires_at:
          type: integer
          description: >-
            the time for expiration of the allowlist, in the form of seconds
            since epoch.  This is an optional attribute, if it's not set the CVE
            allowlist does not expire.
        items:
          type: array
          items:
            $ref: '#/components/schemas/CVEAllowlistItem'
    CVEAllowlistItem:
      type: object
      description: The item in CVE allowlist
      properties:
        cve_id:
          type: string
          description: 'The ID of the CVE, such as "CVE-2019-10164"'
    QuotaSwitcher:
      type: object
      properties:
        enabled:
          type: boolean
          description: The quota is enable or disable