Finalizing Robots Account cli command

[qcserestipy]

Fixes #100

Objective:

• Implement robot account management in CLI which helps to run automated operations.
• Add commands to manage both system and project robot accounts.
• Manage permissions for the robot account
• Continue work of @bupd in PR Add: Project Robot Account Management commands #101

Tasks

Add CLI Commands for Robot Account Management on System Level:

• Create: Add a new robot account.
• Update: Modify an existing robot account.
• Delete: Remove a robot account.
• View: Display details of robot accounts.
• Refresh: Refresh the robot secret.
• Ensure no sensitive information is leaked during managing robot secrets.
• Conceptualize and implement a way for permission selection in the CLI

Finalizing work of @bupd on CLI Commands for Robot Account Management on Project Level.

Rationale

Implementing secure and efficient robot account management in the CLI is crucial for enabling automated operations and replication, enhancing overall project security and functionality.

Changes

I want to suggest a change in the way how permissions can be selected for the robot account creation. I used a huh Form to emulate a grid like experience we also have in the harbor UI. I would like to use it as a discussion basis:

Screen.Recording.2025-06-06.at.20.09.48.mov

Robots can be created from yaml or json file (I added examples in the examples dir):

Screen.Recording.2025-06-08.at.16.20.16.mov

The secret creation screen can be skipped and directly exported to json file like in the UI:

Screen.Recording.2025-06-09.at.12.16.35.mov

The robot view command can also present the permissions in a table like this similar to the UI:

Screen.Recording.2025-06-09.at.11.15.28.mov

Emojis and empty spaces for unavailable permissions is similar to create experience

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 1765 lines in your changes missing coverage. Please review.

Project coverage is 9.17%. Comparing base (60ad0bd) to head (08a60fe).
Report is 7 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/views/base/tablegrid/model.go	0.00%	201 Missing ⚠️
cmd/harbor/root/project/robot/create.go	0.00%	194 Missing ⚠️
pkg/views/robot/select/view.go	0.00%	173 Missing ⚠️
pkg/api/robot_handler.go	0.00%	171 Missing ⚠️
pkg/config/robot.go	0.00%	155 Missing ⚠️
cmd/harbor/root/project/robot/update.go	0.00%	143 Missing ⚠️
pkg/views/base/multiselect/model.go	0.00%	136 Missing ⚠️
cmd/harbor/root/project/robot/refresh.go	0.00%	94 Missing ⚠️
cmd/harbor/root/project/robot/list.go	0.00%	84 Missing ⚠️
pkg/views/robot/view/view.go	0.00%	80 Missing ⚠️
... and 11 more

Additional details and impacted files

@@            Coverage Diff            @@
##             main    #489      +/-   ##
=========================================
- Coverage   10.99%   9.17%   -1.83%     
=========================================
  Files         173     190      +17     
  Lines        8671   10447    +1776     
=========================================
+ Hits          953     958       +5     
- Misses       7612    9383    +1771     
  Partials      106     106              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[qcserestipy]

As discussed with @bupd, it could be also great to have a flag that can read permissions for a robot account from a yaml / json file and then skip the big selection screen.

[Copilot]

Pull Request Overview

This PR finalizes the implementation of robot account management CLI commands, including creation, update, deletion, refresh, view, and listing of robot accounts. Key changes include:

• Addition of man and CLI documentation pages for all robot command sub-commands.
• Implementation of new CLI commands in the codebase under cmd/harbor/root/project/robot.
• Integration of user prompts and API calls for handling robot permissions and secret management.

Reviewed Changes

Copilot reviewed 34 out of 34 changed files in this pull request and generated 2 comments.

File	Description
doc/man-docs/*.1	New man pages for robot commands with minor spelling inconsistencies in header text.
doc/cli-docs/*.md	New CLI documentation for robot commands.
cmd/harbor/root/project/robot/*.go	New and updated CLI command implementations for robot account management.
cmd/harbor/root/project/cmd.go	Updated project command to include the new robot sub-command.

[qcserestipy]

@bupd This branch is ready for review now. Please feel free to try stuff out. I am looking forward to your feedback and thank you for your time to review!

[qcserestipy]

Updated TableGrid Model

I updated the table grid model to also allow for toggling columns. Columns and rows can be toggled in a vim style with ctrl+j/ctrl+k for rows and ctrl+h/ctrl+l for columns.

Screen.Recording.2025-06-12.at.18.14.22.mov

[bupd]

Here is my feedback after testing.

1. Currently I need to press Ctrl + j two times to select a row. and same to unselect a row.
2. Ctrl + j is the only thing that works now.

• ctrl+k and column selection using ctrl+h / l doesn't work

3. Wrong Error Message on trying to create a Robot Account with the same name.

❯ ./bin/harbor-dev project robot create --project demo --name kumaruu --description power --duration -1
Error: failed to create robot: bad request permission: robot-account:create

[qcserestipy]

Hi @bupd,

thank you for your feedback!

I am a little bit surprised by the CLI behavior you describe in 1. and 2. I am wondering right now what might be the reason for this. Did you pull the latest version of this branch? In my environment I am on MacOs and I assume you are on Linux? Maybe that could be a reason? Maybe we can discuss this in a call.

Concerning 3. I will make sure to improve that.

Thanks again for your help—let me know the details above, and I’ll get these fixed ASAP!

[qcserestipy]

@bupd Concerning point 3.: There was actually still a small bug in the permissions grid, because in the Harbor swagger api the Robots resource is called robot and not robot-account. I fixed this now. Still when trying to create a robot that already exits we get the following error:

Error: failed to create robot: response status code does not match any response statuses defined for this endpoint in the swagger spec (status 409)

This is because in v2.10.0 the go-client does not support return code 409 in the swagger definition. Also in v2.13.1 of the go-client it won't be their. Is this a feature request that we have to open in the harbor repository?

[bupd]

This is because in v2.10.0 the go-client does not support return code 409 in the swagger definition. Also in v2.13.1 of the go-client it won't be their. Is this a feature request that we have to open in the harbor repository?

yeah feel free to do so.

To fix this we can add a validation like in the UI to check if the robot account name is already created

❯ curl -u 'admin2:Harbor12345' \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -X GET "https://harbor-oidclab.bupd.xyz/api/v2.0/robots?q=name=zzz"

using the above as a validation before actually do the POST request would solve this issue.

Thanks

[qcserestipy]

@bupd Thank you for your feedback!
I implemented a function that checks for the existence of robots with the same name in the same project.
It does the following:

• Fetches all robots in the target project
• Filters them client-side by exact name match
• Uses project name prefix from instance configuration

This approach is needed since there is an issue whith Harbor API's name query filter
(q=name=) returns unreliable results for robot accounts.

[bupd]

lgtm

changes requested here would be created in next PR

[bupd]

❯ ./bin/harbor-dev project robot list test -o yamlss
~/code/OSS/harbor-cli-pr robots
❯ ./bin/harbor-dev project list -o jslns
Error: unable to output in the specified 'jslns' format

should not allow other formats.

[bupd]

expiration should be a validation field. with default value being -1 and not 0.

[bupd]

toggle j for on and k for off. in the permission selection.