feat: Add log filters, event handling, and time validation

[NishchayRajput]

Description

This PR improves Harbor CLI audit-log usability by adding:

1. Audit event-types command

   • New command: harbor logs events

2. Convenience filters for harbor logs

   • Added flags:
     • --operation
     • --resource-type
     • --resource
     • --username
     • --from-time
     • --to-time
   • These are combined into Harbor q query syntax internally.

3. Query/time validation helpers

   • Added internal query builder to merge existing --query/-q with convenience flags.
   • Added time normalization support for:
     • RFC3339 (2025-01-01T01:02:03Z)
     • YYYY-MM-DD HH:MM:SS
   • Validation:
     • --from-time and --to-time must be provided together.

4. Unit tests for new behavior

   • Added tests for query building and time normalization/validation paths.

Parent Issue: #737

Type of Change

Please select the relevant type.

• Bug fix
• New feature
• Refactor
• Documentation update
• Chore / maintenance

Changes

• cmd/harbor/root/logs.go
  • Added logs events command
  • Added convenience filter flags and query composition logic
• cmd/harbor/root/logs_test.go
  • Added tests for buildAuditLogQuery and normalizeAuditTime

[NishchayRajput]

Please drop me suggestions and something I missed.

[Copilot]

Pull request overview

This PR enhances the Harbor CLI audit-log experience by adding a logs events subcommand, introducing convenience filter flags for harbor logs, and implementing helper logic for query building plus time normalization/validation.

Changes:

• Added harbor logs events to list supported Harbor audit log event types (with optional client-side pagination and JSON output support).
• Added convenience filter flags to harbor logs and composed them into Harbor q query syntax.
• Added helper functions for audit-log query building, time normalization, and pagination summary output, plus unit tests for these helpers.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
cmd/harbor/root/logs.go	Adds logs events, convenience filter flags, query/time helpers, and pagination summary printing.
cmd/harbor/root/logs_test.go	Adds unit tests for query building, time normalization, and event-type pagination/name helpers.

Comments suppressed due to low confidence (1)

cmd/harbor/root/logs.go:103

• In --follow mode, buildAuditLogQuery is executed once before entering the polling loop. When --from-time is provided without --to-time, the code bakes in an op_time upper bound of “now” at startup, which prevents any newer audit logs from ever matching in subsequent polls. Consider requiring both times, or rebuilding the query (updating the to bound) on each refresh when following.

			query, err := buildAuditLogQuery(
				opts.Q,
				operationFilter,
				resourceTypeFilter,
				resourceFilter,
				usernameFilter,
				fromTimeFilter,
				toTimeFilter,
			)
			if err != nil {
				return err
			}
			opts.Q = query

			if follow {
				var interval time.Duration = 5 * time.Second
				if refreshInterval != "" {
					interval, err = time.ParseDuration(refreshInterval)
					if err != nil {
						return fmt.Errorf("invalid refresh interval: %w", err)
					}
					if interval < 500*time.Millisecond {
						return fmt.Errorf("refresh-interval must be at least 500ms (got: %v)", interval)
					}
				}
				followLogs(opts, interval)
				return nil
			}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This command prints a custom table via fmt.Printf directly from the root command. In this repo, list-style outputs are typically implemented as views under pkg/views/* using tablelist.NewModel (e.g. pkg/views/logs/view.go) for consistent formatting and behavior. Consider moving the event-types table rendering into a view (and using the shared table component) to keep output consistent and reduce hand-formatted column maintenance.

[Copilot]

PR description says --from-time and --to-time must be provided together, but the implementation allows --from-time without --to-time and defaults the end of the range to time.Now(). Please either enforce the “both together” validation here, or update the PR description/help text/tests to match the intended behavior.

[Copilot]

normalizeAuditTime claims to accept RFC3339, but using only time.RFC3339 rejects valid RFC3339 timestamps that include fractional seconds (e.g. 2025-01-01T01:02:03.123Z). Consider adding time.RFC3339Nano (and a unit test) so valid RFC3339 inputs don’t fail unexpectedly.