diff --git a/make/dev/docker-compose.yml b/make/dev/docker-compose.yml index c94a2d875..716f642ba 100644 --- a/make/dev/docker-compose.yml +++ b/make/dev/docker-compose.yml @@ -3,7 +3,7 @@ services: log: build: context: ../../ - dockerfile: make/ubuntu/log/Dockerfile + dockerfile: make/photon/log/Dockerfile restart: always volumes: - /var/log/harbor/:/var/log/docker/ diff --git a/src/adminserver/systemcfg/systemcfg.go b/src/adminserver/systemcfg/systemcfg.go index d1d45c203..4d22adc22 100644 --- a/src/adminserver/systemcfg/systemcfg.go +++ b/src/adminserver/systemcfg/systemcfg.go @@ -78,7 +78,7 @@ func getCfgStore() string { //read the following attrs from env every time boots up func readFromEnv(cfg map[string]interface{}) error { - cfg[comcfg.DomainName] = os.Getenv("EXT_ENDPOINT") + cfg[comcfg.ExtEndpoint] = os.Getenv("EXT_ENDPOINT") cfg[comcfg.DatabaseType] = os.Getenv("DATABASE_TYPE") cfg[comcfg.MySQLHost] = os.Getenv("MYSQL_HOST") diff --git a/src/common/config/config.go b/src/common/config/config.go index 295564d66..29c59f948 100644 --- a/src/common/config/config.go +++ b/src/common/config/config.go @@ -40,7 +40,7 @@ const ( LDAPScopeOnelevel = "2" LDAPScopeSubtree = "3" - DomainName = "domain_name" + ExtEndpoint = "ext_endpoint" AUTHMode = "auth_mode" DatabaseType = "database_type" MySQLHost = "mysql_host" diff --git a/src/common/utils/registry/auth/tokenauthorizer.go b/src/common/utils/registry/auth/tokenauthorizer.go index 0543ef524..b309689c3 100644 --- a/src/common/utils/registry/auth/tokenauthorizer.go +++ b/src/common/utils/registry/auth/tokenauthorizer.go @@ -21,7 +21,6 @@ import ( "io/ioutil" "net/http" "net/url" - "os" "strings" "sync" "time" @@ -134,19 +133,24 @@ func (t *tokenAuthorizer) updateCachedToken(token string, expiresIn int) { // Implements interface Authorizer type standardTokenAuthorizer struct { tokenAuthorizer - client *http.Client - credential Credential + client *http.Client + credential Credential + tokenServiceEndpoint string } // NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token // from token server and add it to the origin request -func NewStandardTokenAuthorizer(credential Credential, insecure bool, scopeType, scopeName string, scopeActions ...string) Authorizer { +// If tokenServiceURL is set, the token request will be sent to it instead of the server get from authorizer +// The usage please refer to the function tokenURL +func NewStandardTokenAuthorizer(credential Credential, insecure bool, + tokenServiceEndpoint string, scopeType, scopeName string, scopeActions ...string) Authorizer { authorizer := &standardTokenAuthorizer{ client: &http.Client{ Transport: registry.GetHTTPTransport(insecure), Timeout: 30 * time.Second, }, - credential: credential, + credential: credential, + tokenServiceEndpoint: tokenServiceEndpoint, } if len(scopeType) != 0 || len(scopeName) != 0 { @@ -163,7 +167,7 @@ func NewStandardTokenAuthorizer(credential Credential, insecure bool, scopeType, } func (s *standardTokenAuthorizer) generateToken(realm, service string, scopes []string) (token string, expiresIn int, issuedAt *time.Time, err error) { - realm = tokenURL(realm) + realm = s.tokenURL(realm) u, err := url.Parse(realm) if err != nil { @@ -230,17 +234,15 @@ func (s *standardTokenAuthorizer) generateToken(realm, service string, scopes [] // when the registry client is used inside Harbor, the token request // can be posted to token service directly rather than going through nginx. -// this solution can resolve two problems: +// If realm is set as the internal url of token service, this can resolve +// two problems: // 1. performance issue // 2. the realm field returned by registry is an IP which can not reachable // inside Harbor -func tokenURL(realm string) string { - - domainName := os.Getenv("DOMAIN_NAME") - if len(domainName) != 0 && strings.Contains(realm, domainName) { - realm = "http://ui/service/token" +func (s *standardTokenAuthorizer) tokenURL(realm string) string { + if len(s.tokenServiceEndpoint) != 0 { + return s.tokenServiceEndpoint } - return realm } diff --git a/src/common/utils/registry/auth/tokenauthorizer_test.go b/src/common/utils/registry/auth/tokenauthorizer_test.go index 2d843d887..3a582bb64 100644 --- a/src/common/utils/registry/auth/tokenauthorizer_test.go +++ b/src/common/utils/registry/auth/tokenauthorizer_test.go @@ -40,7 +40,7 @@ func TestAuthorizeOfStandardTokenAuthorizer(t *testing.T) { }) defer server.Close() - authorizer := NewStandardTokenAuthorizer(nil, false, "repository", "library/ubuntu", "pull") + authorizer := NewStandardTokenAuthorizer(nil, false, "", "repository", "library/ubuntu", "pull") req, err := http.NewRequest("GET", "http://registry", nil) if err != nil { t.Fatalf("failed to create request: %v", err) diff --git a/src/common/utils/test/adminserver.go b/src/common/utils/test/adminserver.go index 18e1b91fd..93621d0fc 100644 --- a/src/common/utils/test/adminserver.go +++ b/src/common/utils/test/adminserver.go @@ -23,47 +23,53 @@ import ( "github.com/vmware/harbor/src/common/config" ) +var adminServerDefaultConfig = map[string]interface{}{ + config.ExtEndpoint: "host01.com", + config.AUTHMode: config.DBAuth, + config.DatabaseType: "mysql", + config.MySQLHost: "127.0.0.1", + config.MySQLPort: 3306, + config.MySQLUsername: "user01", + config.MySQLPassword: "password", + config.MySQLDatabase: "registry", + config.SQLiteFile: "/tmp/registry.db", + config.SelfRegistration: true, + config.LDAPURL: "ldap://127.0.0.1", + config.LDAPSearchDN: "uid=searchuser,ou=people,dc=mydomain,dc=com", + config.LDAPSearchPwd: "password", + config.LDAPBaseDN: "ou=people,dc=mydomain,dc=com", + config.LDAPUID: "uid", + config.LDAPFilter: "", + config.LDAPScope: 3, + config.LDAPTimeout: 30, + config.TokenServiceURL: "http://token_service", + config.RegistryURL: "http://registry", + config.EmailHost: "127.0.0.1", + config.EmailPort: 25, + config.EmailUsername: "user01", + config.EmailPassword: "password", + config.EmailFrom: "from", + config.EmailSSL: true, + config.EmailIdentity: "", + config.ProjectCreationRestriction: config.ProCrtRestrAdmOnly, + config.VerifyRemoteCert: false, + config.MaxJobWorkers: 3, + config.TokenExpiration: 30, + config.CfgExpiration: 5, + config.JobLogDir: "/var/log/jobs", + config.UseCompressedJS: true, + config.SecretKey: "secret", + config.AdminInitialPassword: "password", +} + // NewAdminserver returns a mock admin server -func NewAdminserver() (*httptest.Server, error) { +func NewAdminserver(config map[string]interface{}) (*httptest.Server, error) { m := []*RequestHandlerMapping{} - b, err := json.Marshal(map[string]interface{}{ - config.DomainName: "host01.com", - config.AUTHMode: config.DBAuth, - config.DatabaseType: "mysql", - config.MySQLHost: "127.0.0.1", - config.MySQLPort: 3306, - config.MySQLUsername: "user01", - config.MySQLPassword: "password", - config.MySQLDatabase: "registry", - config.SQLiteFile: "/tmp/registry.db", - config.SelfRegistration: true, - config.LDAPURL: "ldap://127.0.0.1", - config.LDAPSearchDN: "uid=searchuser,ou=people,dc=mydomain,dc=com", - config.LDAPSearchPwd: "password", - config.LDAPBaseDN: "ou=people,dc=mydomain,dc=com", - config.LDAPUID: "uid", - config.LDAPFilter: "", - config.LDAPScope: 3, - config.LDAPTimeout: 30, - config.TokenServiceURL: "http://token_service", - config.RegistryURL: "http://registry", - config.EmailHost: "127.0.0.1", - config.EmailPort: 25, - config.EmailUsername: "user01", - config.EmailPassword: "password", - config.EmailFrom: "from", - config.EmailSSL: true, - config.EmailIdentity: "", - config.ProjectCreationRestriction: config.ProCrtRestrAdmOnly, - config.VerifyRemoteCert: false, - config.MaxJobWorkers: 3, - config.TokenExpiration: 30, - config.CfgExpiration: 5, - config.JobLogDir: "/var/log/jobs", - config.UseCompressedJS: true, - config.SecretKey: "secret", - config.AdminInitialPassword: "password", - }) + if config == nil { + config = adminServerDefaultConfig + } + + b, err := json.Marshal(config) if err != nil { return nil, err } diff --git a/src/jobservice/config/config.go b/src/jobservice/config/config.go index d4916dc22..164f07f91 100644 --- a/src/jobservice/config/config.go +++ b/src/jobservice/config/config.go @@ -121,11 +121,16 @@ func UISecret() string { return os.Getenv("UI_SECRET") } -// DomainName ... -func DomainName() (string, error) { +// ExtEndpoint ... +func ExtEndpoint() (string, error) { cfg, err := mg.Get() if err != nil { return "", err } - return cfg[comcfg.DomainName].(string), nil + return cfg[comcfg.ExtEndpoint].(string), nil +} + +// InternalTokenServiceEndpoint ... +func InternalTokenServiceEndpoint() string { + return "http://ui/service/token" } diff --git a/src/jobservice/config/config_test.go b/src/jobservice/config/config_test.go index 0abcb1655..c70af060c 100644 --- a/src/jobservice/config/config_test.go +++ b/src/jobservice/config/config_test.go @@ -24,7 +24,7 @@ import ( // test functions under package jobservice/config func TestConfig(t *testing.T) { - server, err := test.NewAdminserver() + server, err := test.NewAdminserver(nil) if err != nil { t.Fatalf("failed to create a mock admin server: %v", err) } @@ -53,8 +53,6 @@ func TestConfig(t *testing.T) { t.Fatalf("failed to get max job workers: %v", err) } - LocalUIURL() - if _, err := LocalRegURL(); err != nil { t.Fatalf("failed to get registry URL: %v", err) } @@ -67,5 +65,11 @@ func TestConfig(t *testing.T) { t.Fatalf("failed to get secret key: %v", err) } - UISecret() + if len(InternalTokenServiceEndpoint()) == 0 { + t.Error("the internal token service endpoint is null") + } + + if _, err := ExtEndpoint(); err != nil { + t.Fatalf("failed to get ext endpoint: %v", err) + } } diff --git a/src/jobservice/replication/transfer.go b/src/jobservice/replication/transfer.go index 186718ee2..20f2751a1 100644 --- a/src/jobservice/replication/transfer.go +++ b/src/jobservice/replication/transfer.go @@ -139,7 +139,7 @@ func (i *Initializer) enter() (string, error) { c := &http.Cookie{Name: models.UISecretCookie, Value: i.srcSecret} srcCred := auth.NewCookieCredential(c) srcClient, err := newRepositoryClient(i.srcURL, i.insecure, srcCred, - i.repository, "repository", i.repository, "pull", "push", "*") + config.InternalTokenServiceEndpoint(), i.repository, "repository", i.repository, "pull", "push", "*") if err != nil { i.logger.Errorf("an error occurred while creating source repository client: %v", err) return "", err @@ -148,7 +148,7 @@ func (i *Initializer) enter() (string, error) { dstCred := auth.NewBasicAuthCredential(i.dstUsr, i.dstPwd) dstClient, err := newRepositoryClient(i.dstURL, i.insecure, dstCred, - i.repository, "repository", i.repository, "pull", "push", "*") + "", i.repository, "repository", i.repository, "pull", "push", "*") if err != nil { i.logger.Errorf("an error occurred while creating destination repository client: %v", err) return "", err @@ -459,10 +459,11 @@ func (m *ManifestPusher) enter() (string, error) { return StatePullManifest, nil } -func newRepositoryClient(endpoint string, insecure bool, credential auth.Credential, repository, scopeType, scopeName string, +func newRepositoryClient(endpoint string, insecure bool, credential auth.Credential, + tokenServiceEndpoint, repository, scopeType, scopeName string, scopeActions ...string) (*registry.Repository, error) { - domain, err := config.DomainName() + domain, err := config.ExtEndpoint() if err != nil { return nil, err } @@ -470,7 +471,8 @@ func newRepositoryClient(endpoint string, insecure bool, credential auth.Credent return nil, err } - authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, scopeType, scopeName, scopeActions...) + authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, + tokenServiceEndpoint, scopeType, scopeName, scopeActions...) store, err := auth.NewAuthorizerStore(endpoint, insecure, authorizer) if err != nil { diff --git a/src/ui/api/config.go b/src/ui/api/config.go index 89f5371a0..98657f18a 100644 --- a/src/ui/api/config.go +++ b/src/ui/api/config.go @@ -119,7 +119,14 @@ func (c *ConfigAPI) Put() { } } - if err := validateCfg(cfg); err != nil { + isSysErr, err := validateCfg(cfg) + + if err != nil { + if isSysErr { + log.Errorf("failed to validate configurations: %v", err) + c.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) + } + c.CustomAbort(http.StatusBadRequest, err.Error()) } @@ -162,42 +169,68 @@ func (c *ConfigAPI) Put() { } } -func validateCfg(c map[string]string) error { +func validateCfg(c map[string]string) (bool, error) { + isSysErr := false + + mode, err := config.AuthMode() + if err != nil { + isSysErr = true + return isSysErr, err + } + if value, ok := c[comcfg.AUTHMode]; ok { if value != comcfg.DBAuth && value != comcfg.LDAPAuth { - return fmt.Errorf("invalid %s, shoud be %s or %s", comcfg.AUTHMode, comcfg.DBAuth, comcfg.LDAPAuth) + return isSysErr, fmt.Errorf("invalid %s, shoud be %s or %s", comcfg.AUTHMode, comcfg.DBAuth, comcfg.LDAPAuth) + } + mode = value + } + + if mode == comcfg.LDAPAuth { + ldap, err := config.LDAP() + if err != nil { + isSysErr = true + return isSysErr, err } - if value == comcfg.LDAPAuth { + if len(ldap.URL) == 0 { if _, ok := c[comcfg.LDAPURL]; !ok { - return fmt.Errorf("%s is missing", comcfg.LDAPURL) + return isSysErr, fmt.Errorf("%s is missing", comcfg.LDAPURL) } + } + + if len(ldap.BaseDN) == 0 { if _, ok := c[comcfg.LDAPBaseDN]; !ok { - return fmt.Errorf("%s is missing", comcfg.LDAPBaseDN) + return isSysErr, fmt.Errorf("%s is missing", comcfg.LDAPBaseDN) } + } + if len(ldap.UID) == 0 { if _, ok := c[comcfg.LDAPUID]; !ok { - return fmt.Errorf("%s is missing", comcfg.LDAPUID) + return isSysErr, fmt.Errorf("%s is missing", comcfg.LDAPUID) } + } + if ldap.Scope == 0 { if _, ok := c[comcfg.LDAPScope]; !ok { - return fmt.Errorf("%s is missing", comcfg.LDAPScope) + return isSysErr, fmt.Errorf("%s is missing", comcfg.LDAPScope) } } } + log.Infof("===========%v", c) + if ldapURL, ok := c[comcfg.LDAPURL]; ok && len(ldapURL) == 0 { - return fmt.Errorf("%s is empty", comcfg.LDAPURL) + return isSysErr, fmt.Errorf("%s is empty", comcfg.LDAPURL) } if baseDN, ok := c[comcfg.LDAPBaseDN]; ok && len(baseDN) == 0 { - return fmt.Errorf("%s is empty", comcfg.LDAPBaseDN) + return isSysErr, fmt.Errorf("%s is empty", comcfg.LDAPBaseDN) } if uID, ok := c[comcfg.LDAPUID]; ok && len(uID) == 0 { - return fmt.Errorf("%s is empty", comcfg.LDAPUID) + return isSysErr, fmt.Errorf("%s is empty", comcfg.LDAPUID) } if scope, ok := c[comcfg.LDAPScope]; ok && scope != comcfg.LDAPScopeBase && scope != comcfg.LDAPScopeOnelevel && scope != comcfg.LDAPScopeSubtree { - return fmt.Errorf("invalid %s, should be %s, %s or %s", + return isSysErr, fmt.Errorf("invalid %s, should be %s, %s or %s", comcfg.LDAPScope, comcfg.LDAPScopeBase, comcfg.LDAPScopeOnelevel, @@ -205,41 +238,41 @@ func validateCfg(c map[string]string) error { } if timeout, ok := c[comcfg.LDAPTimeout]; ok { if t, err := strconv.Atoi(timeout); err != nil || t < 0 { - return fmt.Errorf("invalid %s", comcfg.LDAPTimeout) + return isSysErr, fmt.Errorf("invalid %s", comcfg.LDAPTimeout) } } if self, ok := c[comcfg.SelfRegistration]; ok && self != "0" && self != "1" { - return fmt.Errorf("%s should be %s or %s", + return isSysErr, fmt.Errorf("%s should be %s or %s", comcfg.SelfRegistration, "0", "1") } if port, ok := c[comcfg.EmailPort]; ok { if p, err := strconv.Atoi(port); err != nil || p < 0 || p > 65535 { - return fmt.Errorf("invalid %s", comcfg.EmailPort) + return isSysErr, fmt.Errorf("invalid %s", comcfg.EmailPort) } } if ssl, ok := c[comcfg.EmailSSL]; ok && ssl != "0" && ssl != "1" { - return fmt.Errorf("%s should be %s or %s", comcfg.EmailSSL, "0", "1") + return isSysErr, fmt.Errorf("%s should be %s or %s", comcfg.EmailSSL, "0", "1") } if crt, ok := c[comcfg.ProjectCreationRestriction]; ok && crt != comcfg.ProCrtRestrEveryone && crt != comcfg.ProCrtRestrAdmOnly { - return fmt.Errorf("invalid %s, should be %s or %s", + return isSysErr, fmt.Errorf("invalid %s, should be %s or %s", comcfg.ProjectCreationRestriction, comcfg.ProCrtRestrAdmOnly, comcfg.ProCrtRestrEveryone) } if verify, ok := c[comcfg.VerifyRemoteCert]; ok && verify != "0" && verify != "1" { - return fmt.Errorf("invalid %s, should be %s or %s", + return isSysErr, fmt.Errorf("invalid %s, should be %s or %s", comcfg.VerifyRemoteCert, "0", "1") } - return nil + return isSysErr, nil } //encode passwords and convert map[string]string to map[string]interface{} diff --git a/src/ui/api/repository.go b/src/ui/api/repository.go index 19de01090..012ced2d3 100644 --- a/src/ui/api/repository.go +++ b/src/ui/api/repository.go @@ -19,7 +19,6 @@ import ( "fmt" "io/ioutil" "net/http" - "os" "sort" "github.com/docker/distribution/manifest/schema1" @@ -444,15 +443,8 @@ func newRepositoryClient(endpoint string, insecure bool, username, password, rep credential := auth.NewBasicAuthCredential(username, password) - domain, err := config.DomainName() - if err != nil { - return nil, err - } - if err := os.Setenv("DOMAIN_NAME", domain); err != nil { - return nil, err - } - - authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, scopeType, scopeName, scopeActions...) + authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, + config.InternalTokenServiceEndpoint(), scopeType, scopeName, scopeActions...) store, err := auth.NewAuthorizerStore(endpoint, insecure, authorizer) if err != nil { diff --git a/src/ui/api/target.go b/src/ui/api/target.go index af3888f37..0fc039f57 100644 --- a/src/ui/api/target.go +++ b/src/ui/api/target.go @@ -20,7 +20,6 @@ import ( "net" "net/http" "net/url" - "os" "strconv" "github.com/vmware/harbor/src/common/api" @@ -342,15 +341,8 @@ func newRegistryClient(endpoint string, insecure bool, username, password, scope scopeActions ...string) (*registry.Registry, error) { credential := auth.NewBasicAuthCredential(username, password) - domain, err := config.DomainName() - if err != nil { - return nil, err - } - if err := os.Setenv("DOMAIN_NAME", domain); err != nil { - return nil, err - } - - authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, scopeType, scopeName, scopeActions...) + authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, + "", scopeType, scopeName, scopeActions...) store, err := auth.NewAuthorizerStore(endpoint, insecure, authorizer) if err != nil { diff --git a/src/ui/config/config.go b/src/ui/config/config.go index 5833b16e7..21bbe288b 100644 --- a/src/ui/config/config.go +++ b/src/ui/config/config.go @@ -114,13 +114,13 @@ func TokenExpiration() (int, error) { return int(cfg[comcfg.TokenExpiration].(float64)), nil } -// DomainName returns the external URL of Harbor: protocal://host:port -func DomainName() (string, error) { +// ExtEndpoint returns the external URL of Harbor: protocal://host:port +func ExtEndpoint() (string, error) { cfg, err := mg.Get() if err != nil { return "", err } - return cfg[comcfg.DomainName].(string), nil + return cfg[comcfg.ExtEndpoint].(string), nil } // SecretKey returns the secret key to encrypt the password of target @@ -155,6 +155,11 @@ func InternalJobServiceURL() string { return "http://jobservice" } +// InternalTokenServiceEndpoint returns token service endpoint for internal communication between Harbor containers +func InternalTokenServiceEndpoint() string { + return "http://ui/service/token" +} + // InitialAdminPassword returns the initial password for administrator func InitialAdminPassword() (string, error) { cfg, err := mg.Get() diff --git a/src/ui/config/config_test.go b/src/ui/config/config_test.go index 4846dd952..e06798c52 100644 --- a/src/ui/config/config_test.go +++ b/src/ui/config/config_test.go @@ -23,7 +23,7 @@ import ( // test functions under package ui/config func TestConfig(t *testing.T) { - server, err := test.NewAdminserver() + server, err := test.NewAdminserver(nil) if err != nil { t.Fatalf("failed to create a mock admin server: %v", err) } @@ -68,7 +68,7 @@ func TestConfig(t *testing.T) { t.Fatalf("failed to get token expiration: %v", err) } - if _, err := DomainName(); err != nil { + if _, err := ExtEndpoint(); err != nil { t.Fatalf("failed to get domain name: %v", err) } @@ -84,9 +84,17 @@ func TestConfig(t *testing.T) { t.Fatalf("failed to get registry URL: %v", err) } - InternalJobServiceURL() + if len(InternalJobServiceURL()) == 0 { + t.Error("the internal job service url is null") + } - InitialAdminPassword() + if len(InternalTokenServiceEndpoint()) == 0 { + t.Error("the internal token service endpoint is null") + } + + if _, err := InitialAdminPassword(); err != nil { + t.Fatalf("failed to get initial admin password: %v", err) + } if _, err := OnlyAdminCreateProject(); err != nil { t.Fatalf("failed to get onldy admin create project: %v", err) @@ -103,6 +111,4 @@ func TestConfig(t *testing.T) { if _, err := Database(); err != nil { t.Fatalf("failed to get database: %v", err) } - - UISecret() } diff --git a/src/ui/controllers/password.go b/src/ui/controllers/password.go index 786b010a2..60a3140ee 100644 --- a/src/ui/controllers/password.go +++ b/src/ui/controllers/password.go @@ -49,7 +49,7 @@ func (cc *CommonController) SendEmail() { message := new(bytes.Buffer) - harborURL, err := config.DomainName() + harborURL, err := config.ExtEndpoint() if err != nil { log.Errorf("failed to get domain name: %v", err) cc.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) diff --git a/src/ui/controllers/repository.go b/src/ui/controllers/repository.go index 0fddff097..a3ada104d 100644 --- a/src/ui/controllers/repository.go +++ b/src/ui/controllers/repository.go @@ -15,7 +15,7 @@ type RepositoryController struct { // Get renders repository page func (rc *RepositoryController) Get() { - url, err := config.DomainName() + url, err := config.ExtEndpoint() if err != nil { log.Errorf("failed to get domain name: %v", err) rc.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) diff --git a/src/ui/service/token/authutils.go b/src/ui/service/token/authutils.go index 3bda33ca4..8c14df5d6 100644 --- a/src/ui/service/token/authutils.go +++ b/src/ui/service/token/authutils.go @@ -84,7 +84,7 @@ func FilterAccess(username string, a *token.ResourceActions) { repoLength := len(repoSplit) if repoLength > 1 { //Only check the permission when the requested image has a namespace, i.e. project var projectName string - registryURL, err := config.DomainName() + registryURL, err := config.ExtEndpoint() if err != nil { log.Errorf("failed to get domain name: %v", err) return