Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-02-21 14:21:36 +01:00
Code Issues Projects Releases Wiki Activity

Update Transport of HTTP cient in auth proxy client

Browse Source 
This commit ensures that the TLS config of the HTTP client for auth
proxy is updated when the configuration is changed.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
Daniel Jiang 2019-04-24 15:02:52 +08:00
parent 66087aac82
commit 07d15a8553
2 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/core/auth/authproxy/auth.go
View File

@ -30,9 +30,16 @@ import (
"time" "time"
) )
const refreshDuration = 5 * time.Second const refreshDuration = 2 * time.Second
const userEntryComment = "By Authproxy" const userEntryComment = "By Authproxy"
var secureTransport = &http.Transport{}
var insecureTransport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
// Auth implements HTTP authenticator the required attributes. // Auth implements HTTP authenticator the required attributes.
// The attribute Endpoint is the HTTP endpoint to which the POST request should be issued for authentication // The attribute Endpoint is the HTTP endpoint to which the POST request should be issued for authentication
type Auth struct { type Auth struct {
@ -125,6 +132,9 @@ func (a *Auth) fillInModel(u *models.User) error {
func (a *Auth) ensure() error { func (a *Auth) ensure() error {
a.Lock() a.Lock()
defer a.Unlock() defer a.Unlock()
if a.client == nil {
a.client = &http.Client{}
}
if time.Now().Sub(a.settingTimeStamp) >= refreshDuration { if time.Now().Sub(a.settingTimeStamp) >= refreshDuration {
setting, err := config.HTTPAuthProxySetting() setting, err := config.HTTPAuthProxySetting()
if err != nil { if err != nil {
@ -134,16 +144,12 @@ func (a *Auth) ensure() error {
a.SkipCertVerify = !setting.VerifyCert a.SkipCertVerify = !setting.VerifyCert
a.AlwaysOnboard = setting.AlwaysOnBoard a.AlwaysOnboard = setting.AlwaysOnBoard
} }
if a.client == nil { if a.SkipCertVerify {
tr := &http.Transport{ a.client.Transport = insecureTransport
TLSClientConfig: &tls.Config{ } else {
InsecureSkipVerify: a.SkipCertVerify, a.client.Transport = secureTransport
},
}
a.client = &http.Client{
Transport: tr,
}
} }
return nil return nil
} }

9
src/core/auth/authproxy/auth_test.go
View File

@ -15,11 +15,13 @@
package authproxy package authproxy
import ( import (
"github.com/goharbor/harbor/src/common"
"github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/dao"
"github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/models"
cut "github.com/goharbor/harbor/src/common/utils/test" cut "github.com/goharbor/harbor/src/common/utils/test"
"github.com/goharbor/harbor/src/core/auth" "github.com/goharbor/harbor/src/core/auth"
"github.com/goharbor/harbor/src/core/auth/authproxy/test" "github.com/goharbor/harbor/src/core/auth/authproxy/test"
"github.com/goharbor/harbor/src/core/config"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"net/http/httptest" "net/http/httptest"
"os" "os"
@ -45,6 +47,13 @@ func TestMain(m *testing.M) {
// So it won't require mocking the cfgManager // So it won't require mocking the cfgManager
settingTimeStamp: time.Now(), settingTimeStamp: time.Now(),
} }
conf := map[string]interface{}{
common.HTTPAuthProxyEndpoint: "dummy",
common.HTTPAuthProxyTokenReviewEndpoint: "dummy",
common.HTTPAuthProxyVerifyCert: "false",
}
config.InitWithSettings(conf)
rc := m.Run() rc := m.Run()
if err := dao.ClearHTTPAuthProxyUsers(); err != nil { if err := dao.ClearHTTPAuthProxyUsers(); err != nil {
panic(err) panic(err)