Update Transport of HTTP cient in auth proxy client

This commit ensures that the TLS config of the HTTP client for auth proxy is updated when the configuration is changed. Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2025-02-20 14:01:40 +01:00 · 2019-04-24 15:02:52 +08:00 · 2019-04-24 15:02:52 +08:00 · 07d15a8553
commit 07d15a8553
parent 66087aac82
2 changed files with 25 additions and 10 deletions
--- a/src/core/auth/authproxy/auth.go
+++ b/src/core/auth/authproxy/auth.go
@ -30,9 +30,16 @@ import (
 	"time"
 )

-const refreshDuration = 5 * time.Second
+const refreshDuration = 2 * time.Second
 const userEntryComment = "By Authproxy"

+var secureTransport = &http.Transport{}
+var insecureTransport = &http.Transport{
+	TLSClientConfig: &tls.Config{
+		InsecureSkipVerify: true,
+	},
+}
+
 // Auth implements HTTP authenticator the required attributes.
 // The attribute Endpoint is the HTTP endpoint to which the POST request should be issued for authentication
 type Auth struct {
@ -125,6 +132,9 @@ func (a *Auth) fillInModel(u *models.User) error {
 func (a *Auth) ensure() error {
 	a.Lock()
 	defer a.Unlock()
+	if a.client == nil {
+		a.client = &http.Client{}
+	}
 	if time.Now().Sub(a.settingTimeStamp) >= refreshDuration {
 		setting, err := config.HTTPAuthProxySetting()
 		if err != nil {
@ -134,16 +144,12 @@ func (a *Auth) ensure() error {
 		a.SkipCertVerify = !setting.VerifyCert
 		a.AlwaysOnboard = setting.AlwaysOnBoard
 	}
-	if a.client == nil {
-		tr := &http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: a.SkipCertVerify,
-			},
-		}
-		a.client = &http.Client{
-			Transport: tr,
-		}
+	if a.SkipCertVerify {
+		a.client.Transport = insecureTransport
+	} else {
+		a.client.Transport = secureTransport
 	}
+
 	return nil
 }

--- a/src/core/auth/authproxy/auth_test.go
+++ b/src/core/auth/authproxy/auth_test.go
@ -15,11 +15,13 @@
 package authproxy

 import (
+	"github.com/goharbor/harbor/src/common"
 	"github.com/goharbor/harbor/src/common/dao"
 	"github.com/goharbor/harbor/src/common/models"
 	cut "github.com/goharbor/harbor/src/common/utils/test"
 	"github.com/goharbor/harbor/src/core/auth"
 	"github.com/goharbor/harbor/src/core/auth/authproxy/test"
+	"github.com/goharbor/harbor/src/core/config"
 	"github.com/stretchr/testify/assert"
 	"net/http/httptest"
 	"os"
@ -45,6 +47,13 @@ func TestMain(m *testing.M) {
 		// So it won't require mocking the cfgManager
 		settingTimeStamp: time.Now(),
 	}
+	conf := map[string]interface{}{
+		common.HTTPAuthProxyEndpoint:            "dummy",
+		common.HTTPAuthProxyTokenReviewEndpoint: "dummy",
+		common.HTTPAuthProxyVerifyCert:          "false",
+	}
+
+	config.InitWithSettings(conf)
 	rc := m.Run()
 	if err := dao.ClearHTTPAuthProxyUsers(); err != nil {
 		panic(err)