Applying config with empty fields throws error

[rndmh3ro]

I am on a freshly installed harbor-instance and export the configuration:

> harbor-cli config view -o json > harbor-config/config.json
> cat harbor-config/config.json
{
  "audit_log_forward_endpoint": "",
  "auth_mode": "db_auth",
  "banner_message": "",
  "disabled_audit_log_event_types": "",
  "http_authproxy_admin_groups": "",
  "http_authproxy_admin_usernames": "",
  "http_authproxy_endpoint": "",
  "http_authproxy_server_certificate": "",
  "http_authproxy_skip_search": false,
  "http_authproxy_tokenreview_endpoint": "",
  "http_authproxy_verify_cert": true,
  "ldap_base_dn": "",
  "ldap_filter": "",
  "ldap_group_admin_dn": "",
  "ldap_group_attach_parallel": false,
  "ldap_group_attribute_name": "",
  "ldap_group_base_dn": "",
  "ldap_group_membership_attribute": "memberof",
  "ldap_group_search_filter": "",
  "ldap_group_search_scope": 2,
  "ldap_scope": 2,
  "ldap_search_dn": "",
  "ldap_timeout": 5,
  "ldap_uid": "cn",
  "ldap_url": "",
  "ldap_verify_cert": true,
  "notification_enable": true,
  "oidc_admin_group": "",
  "oidc_auto_onboard": false,
  "oidc_client_id": "",
  "oidc_endpoint": "",
  "oidc_extra_redirect_parms": "{}",
  "oidc_group_filter": "",
  "oidc_groups_claim": "",
  "oidc_logout": false,
  "oidc_name": "",
  "oidc_scope": "",
  "oidc_user_claim": "",
  "oidc_verify_cert": true,
  "primary_auth_mode": false,
  "project_creation_restriction": "everyone",
  "quota_per_project_enable": true,
  "read_only": false,
  "robot_name_prefix": "robot$",
  "robot_token_duration": 30,
  "scanner_skip_update_pulltime": false,
  "self_registration": false,
  "session_timeout": 60,
  "skip_audit_log_database": false,
  "storage_per_project": -1,
  "token_expiration": 30,
  "uaa_client_id": "",
  "uaa_client_secret": "",
  "uaa_endpoint": "",
  "uaa_verify_cert": false
}

Then I try to apply the configuration, but it fails:

> harbor-cli config apply -f harbor-config/config.json -v
Error: failed to update Harbor configurations: response status code does not match any response statuses defined for this endpoint in the swagger spec (status 400): {}

Deleting some empty fields regarding ldap, the import then works:

{
  "audit_log_forward_endpoint": "",
  "auth_mode": "db_auth",
  "banner_message": "",
  "disabled_audit_log_event_types": "",
  "http_authproxy_admin_groups": "",
  "http_authproxy_admin_usernames": "",
  "http_authproxy_endpoint": "",
  "http_authproxy_server_certificate": "",
  "http_authproxy_skip_search": false,
  "http_authproxy_tokenreview_endpoint": "",
  "http_authproxy_verify_cert": true,
  "ldap_group_attach_parallel": false,
  "ldap_group_membership_attribute": "memberof",
  "ldap_group_search_scope": 2,
  "ldap_scope": 2,
  "ldap_timeout": 5,
  "ldap_uid": "cn",
  "ldap_verify_cert": true,
  "notification_enable": true,
  "oidc_admin_group": "",
  "oidc_auto_onboard": false,
  "oidc_client_id": "",
  "oidc_endpoint": "",
  "oidc_extra_redirect_parms": "{}",
  "oidc_group_filter": "",
  "oidc_groups_claim": "",
  "oidc_logout": false,
  "oidc_name": "",
  "oidc_scope": "",
  "oidc_user_claim": "",
  "oidc_verify_cert": true,
  "primary_auth_mode": false,
  "project_creation_restriction": "everyone",
  "quota_per_project_enable": true,
  "read_only": false,
  "robot_name_prefix": "robot$",
  "robot_token_duration": 30,
  "scanner_skip_update_pulltime": false,
  "self_registration": false,
  "session_timeout": 60,
  "skip_audit_log_database": false,
  "storage_per_project": -1,
  "token_expiration": 30,
  "uaa_client_id": "",
  "uaa_client_secret": "",
  "uaa_endpoint": "",
  "uaa_verify_cert": false
}

> harbor-cli config apply -f harbor-config/config.json
harbor configurations updated successfully from harbor-config/config.json

When I do the same via curl directly against the harbor-API, I get the following errors:

{
  "errors": [
    {
      "code": "BAD_REQUEST",
      "message": "bad request: item name ldap_base_dn: the configure value can not be empty"
    }
  ]
}

{
  "errors": [
    {
      "code": "BAD_REQUEST",
      "message": "bad request: item name ldap_url: the configure value can not be empty"
    }
  ]
}

So i see some issues here:

• The error gets not propagated to the user
• The config view command should probably not output empty values?

[Vad1mo]

By default when config view -o json is called, we should not export null values.

However, it is sometimes desirable to export null values, so we should have an flag --incude-null to force the export of null values.

harbor-cli config view -o json --incude-null > harbor-config/config.json

[qcserestipy]

@Vad1mo I opened a pull request that includes changes to print a diff summary between upstream and local before applying changes. I thought it could be good to include also a link to the configuration api docs in the diff view to make the user aware what they can configure and what not. What do you think?

Even though it makes the changes more visible to the user it does not yet prevent them from configuring "nonsense" and then trying to apply it. But, I think this is something we cannot cover entirely. Do you agree on that?

[Vad1mo]

This is already an improvement, I am not sure if we can solve it without a lot of compromises

Let's go with that and see if that is good enough