mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-29 22:07:32 +02:00
Merge internal Transport and Secure Transport
Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
parent
02dea3ad2c
commit
115185894f
@ -31,7 +31,7 @@ type ChartClient struct {
|
|||||||
// NewChartClient is constructor of ChartClient
|
// NewChartClient is constructor of ChartClient
|
||||||
// credential can be nil
|
// credential can be nil
|
||||||
func NewChartClient(credential *Credential) *ChartClient { // Create http client with customized timeouts
|
func NewChartClient(credential *Credential) *ChartClient { // Create http client with customized timeouts
|
||||||
tr := commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
|
tr := commonhttp.GetHTTPTransport(commonhttp.SecureTransport)
|
||||||
tr.MaxIdleConns = maxIdleConnections
|
tr.MaxIdleConns = maxIdleConnections
|
||||||
tr.IdleConnTimeout = idleConnectionTimeout
|
tr.IdleConnTimeout = idleConnectionTimeout
|
||||||
client := &http.Client{
|
client := &http.Client{
|
||||||
|
@ -58,7 +58,7 @@ func NewProxyEngine(target *url.URL, cred *Credential, middlewares ...func(http.
|
|||||||
director(target, cred, req)
|
director(target, cred, req)
|
||||||
},
|
},
|
||||||
ModifyResponse: modifyResponse,
|
ModifyResponse: modifyResponse,
|
||||||
Transport: commonhttp.GetHTTPTransport(commonhttp.InternalTransport),
|
Transport: commonhttp.GetHTTPTransport(commonhttp.SecureTransport),
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(middlewares) > 0 {
|
if len(middlewares) > 0 {
|
||||||
|
@ -18,7 +18,7 @@ type RESTDriver struct {
|
|||||||
// NewRESTDriver - Create RESTDriver
|
// NewRESTDriver - Create RESTDriver
|
||||||
func NewRESTDriver(configRESTURL string, modifiers ...modifier.Modifier) *RESTDriver {
|
func NewRESTDriver(configRESTURL string, modifiers ...modifier.Modifier) *RESTDriver {
|
||||||
if commonhttp.InternalTLSEnabled() {
|
if commonhttp.InternalTLSEnabled() {
|
||||||
tr := commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
|
tr := commonhttp.GetHTTPTransport(commonhttp.SecureTransport)
|
||||||
return &RESTDriver{configRESTURL: configRESTURL, client: commonhttp.NewClient(&http.Client{Transport: tr}, modifiers...)}
|
return &RESTDriver{configRESTURL: configRESTURL, client: commonhttp.NewClient(&http.Client{Transport: tr}, modifiers...)}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -16,16 +16,16 @@ package http
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/tls"
|
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"github.com/goharbor/harbor/src/common/http/modifier"
|
|
||||||
"github.com/goharbor/harbor/src/internal"
|
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
|
||||||
|
"github.com/goharbor/harbor/src/common/http/modifier"
|
||||||
|
"github.com/goharbor/harbor/src/internal"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -33,8 +33,7 @@ const (
|
|||||||
DefaultTransport = iota
|
DefaultTransport = iota
|
||||||
// InsecureTransport used to get the insecure http Transport
|
// InsecureTransport used to get the insecure http Transport
|
||||||
InsecureTransport
|
InsecureTransport
|
||||||
// InternalTransport used to get the internal secure http Transport
|
|
||||||
InternalTransport
|
|
||||||
// SecureTransport used to get the external secure http Transport
|
// SecureTransport used to get the external secure http Transport
|
||||||
SecureTransport
|
SecureTransport
|
||||||
)
|
)
|
||||||
@ -42,26 +41,22 @@ const (
|
|||||||
var (
|
var (
|
||||||
secureHTTPTransport *http.Transport
|
secureHTTPTransport *http.Transport
|
||||||
insecureHTTPTransport *http.Transport
|
insecureHTTPTransport *http.Transport
|
||||||
internalTransport *http.Transport
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
||||||
secureHTTPTransport = &http.Transport{
|
secureHTTPTransport = http.DefaultTransport.(*http.Transport).Clone()
|
||||||
Proxy: http.ProxyFromEnvironment,
|
|
||||||
TLSClientConfig: &tls.Config{
|
|
||||||
InsecureSkipVerify: false,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
insecureHTTPTransport = &http.Transport{
|
insecureHTTPTransport = http.DefaultTransport.(*http.Transport).Clone()
|
||||||
Proxy: http.ProxyFromEnvironment,
|
insecureHTTPTransport.TLSClientConfig.InsecureSkipVerify = true
|
||||||
TLSClientConfig: &tls.Config{
|
|
||||||
InsecureSkipVerify: true,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
initInternalTransport()
|
if InternalTLSEnabled() {
|
||||||
|
tlsConfig, err := GetInternalTLSConfig()
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
secureHTTPTransport.TLSClientConfig = tlsConfig
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Client is a util for common HTTP operations, such Get, Head, Post, Put and Delete.
|
// Client is a util for common HTTP operations, such Get, Head, Post, Put and Delete.
|
||||||
@ -71,24 +66,6 @@ type Client struct {
|
|||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
func initInternalTransport() {
|
|
||||||
if InternalTLSEnabled() {
|
|
||||||
tlsConfig, err := GetInternalTLSConfig()
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
internalTransport = &http.Transport{
|
|
||||||
TLSClientConfig: tlsConfig,
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
internalTransport = &http.Transport{
|
|
||||||
TLSClientConfig: &tls.Config{
|
|
||||||
InsecureSkipVerify: true,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetHTTPTransport returns HttpTransport based on insecure configuration
|
// GetHTTPTransport returns HttpTransport based on insecure configuration
|
||||||
func GetHTTPTransport(clientType uint) *http.Transport {
|
func GetHTTPTransport(clientType uint) *http.Transport {
|
||||||
switch clientType {
|
switch clientType {
|
||||||
@ -96,8 +73,6 @@ func GetHTTPTransport(clientType uint) *http.Transport {
|
|||||||
return secureHTTPTransport.Clone()
|
return secureHTTPTransport.Clone()
|
||||||
case InsecureTransport:
|
case InsecureTransport:
|
||||||
return insecureHTTPTransport.Clone()
|
return insecureHTTPTransport.Clone()
|
||||||
case InternalTransport:
|
|
||||||
return internalTransport.Clone()
|
|
||||||
default:
|
default:
|
||||||
// default Transport is secure one
|
// default Transport is secure one
|
||||||
return secureHTTPTransport.Clone()
|
return secureHTTPTransport.Clone()
|
||||||
|
@ -63,7 +63,7 @@ func Init() {
|
|||||||
func NewDefaultClient(endpoint, secret string) *DefaultClient {
|
func NewDefaultClient(endpoint, secret string) *DefaultClient {
|
||||||
var c *commonhttp.Client
|
var c *commonhttp.Client
|
||||||
httpCli := &http.Client{
|
httpCli := &http.Client{
|
||||||
Transport: commonhttp.GetHTTPTransport(commonhttp.InternalTransport),
|
Transport: commonhttp.GetHTTPTransport(commonhttp.SecureTransport),
|
||||||
}
|
}
|
||||||
if len(secret) > 0 {
|
if len(secret) > 0 {
|
||||||
c = commonhttp.NewClient(httpCli, auth.NewSecretAuthorizer(secret))
|
c = commonhttp.NewClient(httpCli, auth.NewSecretAuthorizer(secret))
|
||||||
@ -81,7 +81,7 @@ func NewDefaultClient(endpoint, secret string) *DefaultClient {
|
|||||||
func NewReplicationClient(endpoint, secret string) *DefaultClient {
|
func NewReplicationClient(endpoint, secret string) *DefaultClient {
|
||||||
var tr *http.Transport
|
var tr *http.Transport
|
||||||
if endpoint == config.InternalCoreURL() {
|
if endpoint == config.InternalCoreURL() {
|
||||||
tr = commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
|
tr = commonhttp.GetHTTPTransport(commonhttp.SecureTransport)
|
||||||
} else {
|
} else {
|
||||||
tr = commonhttp.GetHTTPTransport(commonhttp.DefaultTransport)
|
tr = commonhttp.GetHTTPTransport(commonhttp.DefaultTransport)
|
||||||
}
|
}
|
||||||
|
@ -131,7 +131,7 @@ func HTTPStatusCodeHealthChecker(method string, url string, header http.Header,
|
|||||||
}
|
}
|
||||||
|
|
||||||
client := httputil.NewClient(&http.Client{
|
client := httputil.NewClient(&http.Client{
|
||||||
Transport: httputil.GetHTTPTransport(httputil.InternalTransport),
|
Transport: httputil.GetHTTPTransport(httputil.SecureTransport),
|
||||||
Timeout: timeout,
|
Timeout: timeout,
|
||||||
})
|
})
|
||||||
resp, err := client.Do(req)
|
resp, err := client.Do(req)
|
||||||
|
@ -19,7 +19,6 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
"strings"
|
|
||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@ -27,6 +26,7 @@ import (
|
|||||||
_ "github.com/astaxie/beego/session/redis"
|
_ "github.com/astaxie/beego/session/redis"
|
||||||
_ "github.com/goharbor/harbor/src/api/event/handler"
|
_ "github.com/goharbor/harbor/src/api/event/handler"
|
||||||
"github.com/goharbor/harbor/src/common/dao"
|
"github.com/goharbor/harbor/src/common/dao"
|
||||||
|
common_http "github.com/goharbor/harbor/src/common/http"
|
||||||
"github.com/goharbor/harbor/src/common/job"
|
"github.com/goharbor/harbor/src/common/job"
|
||||||
"github.com/goharbor/harbor/src/common/models"
|
"github.com/goharbor/harbor/src/common/models"
|
||||||
"github.com/goharbor/harbor/src/common/utils"
|
"github.com/goharbor/harbor/src/common/utils"
|
||||||
@ -162,15 +162,14 @@ func main() {
|
|||||||
|
|
||||||
server.RegisterRoutes()
|
server.RegisterRoutes()
|
||||||
|
|
||||||
iTLSEnabled := os.Getenv("INTERNAL_TLS_ENABLED")
|
if common_http.InternalTLSEnabled() {
|
||||||
if strings.ToLower(iTLSEnabled) == "true" {
|
|
||||||
log.Info("internal TLS enabled, Init TLS ...")
|
log.Info("internal TLS enabled, Init TLS ...")
|
||||||
iTLSKeyPath := os.Getenv("INTERNAL_TLS_KEY_PATH")
|
iTLSKeyPath := os.Getenv("INTERNAL_TLS_KEY_PATH")
|
||||||
iTLSCertPath := os.Getenv("INTERNAL_TLS_CERT_PATH")
|
iTLSCertPath := os.Getenv("INTERNAL_TLS_CERT_PATH")
|
||||||
iTrustCA := os.Getenv("INTERNAL_TLS_TRUST_CA_PATH")
|
|
||||||
|
|
||||||
log.Infof("load client key: %s client cert: %s client TrustCA %s", iTLSKeyPath, iTLSCertPath, iTrustCA)
|
log.Infof("load client key: %s client cert: %s", iTLSKeyPath, iTLSCertPath)
|
||||||
// uncomment following if harbor2 is ready
|
// uncomment following if harbor2 is ready
|
||||||
|
// iTrustCA := os.Getenv("INTERNAL_TLS_TRUST_CA_PATH")
|
||||||
// beego.BConfig.Listen.EnableMutualHTTPS = true
|
// beego.BConfig.Listen.EnableMutualHTTPS = true
|
||||||
// beego.BConfig.Listen.TrustCaFile = iTrustCA
|
// beego.BConfig.Listen.TrustCaFile = iTrustCA
|
||||||
beego.BConfig.Listen.EnableHTTPS = true
|
beego.BConfig.Listen.EnableHTTPS = true
|
||||||
|
@ -60,7 +60,7 @@ func (s *Scheduler) Run(ctx job.Context, params job.Parameters) error {
|
|||||||
policyID := (int64)(params["policy_id"].(float64))
|
policyID := (int64)(params["policy_id"].(float64))
|
||||||
cred := auth.NewSecretAuthorizer(os.Getenv("JOBSERVICE_SECRET"))
|
cred := auth.NewSecretAuthorizer(os.Getenv("JOBSERVICE_SECRET"))
|
||||||
client := common_http.NewClient(&http.Client{
|
client := common_http.NewClient(&http.Client{
|
||||||
Transport: common_http.GetHTTPTransport(common_http.InternalTransport),
|
Transport: common_http.GetHTTPTransport(common_http.SecureTransport),
|
||||||
}, cred)
|
}, cred)
|
||||||
if err := client.Post(url, struct {
|
if err := client.Post(url, struct {
|
||||||
PolicyID int64 `json:"policy_id"`
|
PolicyID int64 `json:"policy_id"`
|
||||||
|
@ -113,7 +113,7 @@ func NewClient(url, username, password string, insecure bool) Client {
|
|||||||
transportType = commonhttp.SecureTransport
|
transportType = commonhttp.SecureTransport
|
||||||
}
|
}
|
||||||
if _, ok := localRegistryURL[strings.TrimRight(url, "/")]; ok {
|
if _, ok := localRegistryURL[strings.TrimRight(url, "/")]; ok {
|
||||||
transportType = commonhttp.InternalTransport
|
transportType = commonhttp.SecureTransport
|
||||||
}
|
}
|
||||||
|
|
||||||
return &client{
|
return &client{
|
||||||
@ -134,7 +134,7 @@ func NewClientWithAuthorizer(url string, authorizer internal.Authorizer, insecur
|
|||||||
transportType = commonhttp.SecureTransport
|
transportType = commonhttp.SecureTransport
|
||||||
}
|
}
|
||||||
if _, ok := localRegistryURL[strings.TrimRight(url, "/")]; ok {
|
if _, ok := localRegistryURL[strings.TrimRight(url, "/")]; ok {
|
||||||
transportType = commonhttp.InternalTransport
|
transportType = commonhttp.SecureTransport
|
||||||
}
|
}
|
||||||
return &client{
|
return &client{
|
||||||
url: url,
|
url: url,
|
||||||
|
@ -58,7 +58,7 @@ func NewClient(baseURL string, cfg *Config) Client {
|
|||||||
if cfg != nil {
|
if cfg != nil {
|
||||||
authorizer := auth.NewSecretAuthorizer(cfg.Secret)
|
authorizer := auth.NewSecretAuthorizer(cfg.Secret)
|
||||||
client.client = common_http.NewClient(&http.Client{
|
client.client = common_http.NewClient(&http.Client{
|
||||||
Transport: common_http.GetHTTPTransport(common_http.InternalTransport),
|
Transport: common_http.GetHTTPTransport(common_http.SecureTransport),
|
||||||
}, authorizer)
|
}, authorizer)
|
||||||
}
|
}
|
||||||
return client
|
return client
|
||||||
|
@ -72,7 +72,7 @@ type adapter struct {
|
|||||||
func newAdapter(registry *model.Registry) (*adapter, error) {
|
func newAdapter(registry *model.Registry) (*adapter, error) {
|
||||||
var transport *http.Transport
|
var transport *http.Transport
|
||||||
if registry.URL == config.GetCoreURL() {
|
if registry.URL == config.GetCoreURL() {
|
||||||
transport = common_http.GetHTTPTransport(common_http.InternalTransport)
|
transport = common_http.GetHTTPTransport(common_http.SecureTransport)
|
||||||
} else {
|
} else {
|
||||||
transport = util.GetHTTPTransport(registry.Insecure)
|
transport = util.GetHTTPTransport(registry.Insecure)
|
||||||
}
|
}
|
||||||
|
@ -34,7 +34,7 @@ func newProxy() http.Handler {
|
|||||||
}
|
}
|
||||||
proxy := httputil.NewSingleHostReverseProxy(url)
|
proxy := httputil.NewSingleHostReverseProxy(url)
|
||||||
if commonhttp.InternalTLSEnabled() {
|
if commonhttp.InternalTLSEnabled() {
|
||||||
proxy.Transport = commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
|
proxy.Transport = commonhttp.GetHTTPTransport(commonhttp.SecureTransport)
|
||||||
}
|
}
|
||||||
|
|
||||||
proxy.Director = basicAuthDirector(proxy.Director)
|
proxy.Director = basicAuthDirector(proxy.Director)
|
||||||
|
Loading…
Reference in New Issue
Block a user