mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-23 02:35:17 +01:00
Merge internal Transport and Secure Transport
Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
parent
02dea3ad2c
commit
115185894f
@ -31,7 +31,7 @@ type ChartClient struct {
|
||||
// NewChartClient is constructor of ChartClient
|
||||
// credential can be nil
|
||||
func NewChartClient(credential *Credential) *ChartClient { // Create http client with customized timeouts
|
||||
tr := commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
|
||||
tr := commonhttp.GetHTTPTransport(commonhttp.SecureTransport)
|
||||
tr.MaxIdleConns = maxIdleConnections
|
||||
tr.IdleConnTimeout = idleConnectionTimeout
|
||||
client := &http.Client{
|
||||
|
@ -58,7 +58,7 @@ func NewProxyEngine(target *url.URL, cred *Credential, middlewares ...func(http.
|
||||
director(target, cred, req)
|
||||
},
|
||||
ModifyResponse: modifyResponse,
|
||||
Transport: commonhttp.GetHTTPTransport(commonhttp.InternalTransport),
|
||||
Transport: commonhttp.GetHTTPTransport(commonhttp.SecureTransport),
|
||||
}
|
||||
|
||||
if len(middlewares) > 0 {
|
||||
|
@ -18,7 +18,7 @@ type RESTDriver struct {
|
||||
// NewRESTDriver - Create RESTDriver
|
||||
func NewRESTDriver(configRESTURL string, modifiers ...modifier.Modifier) *RESTDriver {
|
||||
if commonhttp.InternalTLSEnabled() {
|
||||
tr := commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
|
||||
tr := commonhttp.GetHTTPTransport(commonhttp.SecureTransport)
|
||||
return &RESTDriver{configRESTURL: configRESTURL, client: commonhttp.NewClient(&http.Client{Transport: tr}, modifiers...)}
|
||||
|
||||
}
|
||||
|
@ -16,16 +16,16 @@ package http
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"github.com/goharbor/harbor/src/common/http/modifier"
|
||||
"github.com/goharbor/harbor/src/internal"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"reflect"
|
||||
|
||||
"github.com/goharbor/harbor/src/common/http/modifier"
|
||||
"github.com/goharbor/harbor/src/internal"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -33,8 +33,7 @@ const (
|
||||
DefaultTransport = iota
|
||||
// InsecureTransport used to get the insecure http Transport
|
||||
InsecureTransport
|
||||
// InternalTransport used to get the internal secure http Transport
|
||||
InternalTransport
|
||||
|
||||
// SecureTransport used to get the external secure http Transport
|
||||
SecureTransport
|
||||
)
|
||||
@ -42,26 +41,22 @@ const (
|
||||
var (
|
||||
secureHTTPTransport *http.Transport
|
||||
insecureHTTPTransport *http.Transport
|
||||
internalTransport *http.Transport
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
||||
secureHTTPTransport = &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: false,
|
||||
},
|
||||
}
|
||||
secureHTTPTransport = http.DefaultTransport.(*http.Transport).Clone()
|
||||
|
||||
insecureHTTPTransport = &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
}
|
||||
insecureHTTPTransport = http.DefaultTransport.(*http.Transport).Clone()
|
||||
insecureHTTPTransport.TLSClientConfig.InsecureSkipVerify = true
|
||||
|
||||
initInternalTransport()
|
||||
if InternalTLSEnabled() {
|
||||
tlsConfig, err := GetInternalTLSConfig()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
secureHTTPTransport.TLSClientConfig = tlsConfig
|
||||
}
|
||||
}
|
||||
|
||||
// Client is a util for common HTTP operations, such Get, Head, Post, Put and Delete.
|
||||
@ -71,24 +66,6 @@ type Client struct {
|
||||
client *http.Client
|
||||
}
|
||||
|
||||
func initInternalTransport() {
|
||||
if InternalTLSEnabled() {
|
||||
tlsConfig, err := GetInternalTLSConfig()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
internalTransport = &http.Transport{
|
||||
TLSClientConfig: tlsConfig,
|
||||
}
|
||||
} else {
|
||||
internalTransport = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// GetHTTPTransport returns HttpTransport based on insecure configuration
|
||||
func GetHTTPTransport(clientType uint) *http.Transport {
|
||||
switch clientType {
|
||||
@ -96,8 +73,6 @@ func GetHTTPTransport(clientType uint) *http.Transport {
|
||||
return secureHTTPTransport.Clone()
|
||||
case InsecureTransport:
|
||||
return insecureHTTPTransport.Clone()
|
||||
case InternalTransport:
|
||||
return internalTransport.Clone()
|
||||
default:
|
||||
// default Transport is secure one
|
||||
return secureHTTPTransport.Clone()
|
||||
|
@ -63,7 +63,7 @@ func Init() {
|
||||
func NewDefaultClient(endpoint, secret string) *DefaultClient {
|
||||
var c *commonhttp.Client
|
||||
httpCli := &http.Client{
|
||||
Transport: commonhttp.GetHTTPTransport(commonhttp.InternalTransport),
|
||||
Transport: commonhttp.GetHTTPTransport(commonhttp.SecureTransport),
|
||||
}
|
||||
if len(secret) > 0 {
|
||||
c = commonhttp.NewClient(httpCli, auth.NewSecretAuthorizer(secret))
|
||||
@ -81,7 +81,7 @@ func NewDefaultClient(endpoint, secret string) *DefaultClient {
|
||||
func NewReplicationClient(endpoint, secret string) *DefaultClient {
|
||||
var tr *http.Transport
|
||||
if endpoint == config.InternalCoreURL() {
|
||||
tr = commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
|
||||
tr = commonhttp.GetHTTPTransport(commonhttp.SecureTransport)
|
||||
} else {
|
||||
tr = commonhttp.GetHTTPTransport(commonhttp.DefaultTransport)
|
||||
}
|
||||
|
@ -131,7 +131,7 @@ func HTTPStatusCodeHealthChecker(method string, url string, header http.Header,
|
||||
}
|
||||
|
||||
client := httputil.NewClient(&http.Client{
|
||||
Transport: httputil.GetHTTPTransport(httputil.InternalTransport),
|
||||
Transport: httputil.GetHTTPTransport(httputil.SecureTransport),
|
||||
Timeout: timeout,
|
||||
})
|
||||
resp, err := client.Do(req)
|
||||
|
@ -19,7 +19,6 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
"os/signal"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
@ -27,6 +26,7 @@ import (
|
||||
_ "github.com/astaxie/beego/session/redis"
|
||||
_ "github.com/goharbor/harbor/src/api/event/handler"
|
||||
"github.com/goharbor/harbor/src/common/dao"
|
||||
common_http "github.com/goharbor/harbor/src/common/http"
|
||||
"github.com/goharbor/harbor/src/common/job"
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
"github.com/goharbor/harbor/src/common/utils"
|
||||
@ -162,15 +162,14 @@ func main() {
|
||||
|
||||
server.RegisterRoutes()
|
||||
|
||||
iTLSEnabled := os.Getenv("INTERNAL_TLS_ENABLED")
|
||||
if strings.ToLower(iTLSEnabled) == "true" {
|
||||
if common_http.InternalTLSEnabled() {
|
||||
log.Info("internal TLS enabled, Init TLS ...")
|
||||
iTLSKeyPath := os.Getenv("INTERNAL_TLS_KEY_PATH")
|
||||
iTLSCertPath := os.Getenv("INTERNAL_TLS_CERT_PATH")
|
||||
iTrustCA := os.Getenv("INTERNAL_TLS_TRUST_CA_PATH")
|
||||
|
||||
log.Infof("load client key: %s client cert: %s client TrustCA %s", iTLSKeyPath, iTLSCertPath, iTrustCA)
|
||||
log.Infof("load client key: %s client cert: %s", iTLSKeyPath, iTLSCertPath)
|
||||
// uncomment following if harbor2 is ready
|
||||
// iTrustCA := os.Getenv("INTERNAL_TLS_TRUST_CA_PATH")
|
||||
// beego.BConfig.Listen.EnableMutualHTTPS = true
|
||||
// beego.BConfig.Listen.TrustCaFile = iTrustCA
|
||||
beego.BConfig.Listen.EnableHTTPS = true
|
||||
|
@ -60,7 +60,7 @@ func (s *Scheduler) Run(ctx job.Context, params job.Parameters) error {
|
||||
policyID := (int64)(params["policy_id"].(float64))
|
||||
cred := auth.NewSecretAuthorizer(os.Getenv("JOBSERVICE_SECRET"))
|
||||
client := common_http.NewClient(&http.Client{
|
||||
Transport: common_http.GetHTTPTransport(common_http.InternalTransport),
|
||||
Transport: common_http.GetHTTPTransport(common_http.SecureTransport),
|
||||
}, cred)
|
||||
if err := client.Post(url, struct {
|
||||
PolicyID int64 `json:"policy_id"`
|
||||
|
@ -113,7 +113,7 @@ func NewClient(url, username, password string, insecure bool) Client {
|
||||
transportType = commonhttp.SecureTransport
|
||||
}
|
||||
if _, ok := localRegistryURL[strings.TrimRight(url, "/")]; ok {
|
||||
transportType = commonhttp.InternalTransport
|
||||
transportType = commonhttp.SecureTransport
|
||||
}
|
||||
|
||||
return &client{
|
||||
@ -134,7 +134,7 @@ func NewClientWithAuthorizer(url string, authorizer internal.Authorizer, insecur
|
||||
transportType = commonhttp.SecureTransport
|
||||
}
|
||||
if _, ok := localRegistryURL[strings.TrimRight(url, "/")]; ok {
|
||||
transportType = commonhttp.InternalTransport
|
||||
transportType = commonhttp.SecureTransport
|
||||
}
|
||||
return &client{
|
||||
url: url,
|
||||
|
@ -58,7 +58,7 @@ func NewClient(baseURL string, cfg *Config) Client {
|
||||
if cfg != nil {
|
||||
authorizer := auth.NewSecretAuthorizer(cfg.Secret)
|
||||
client.client = common_http.NewClient(&http.Client{
|
||||
Transport: common_http.GetHTTPTransport(common_http.InternalTransport),
|
||||
Transport: common_http.GetHTTPTransport(common_http.SecureTransport),
|
||||
}, authorizer)
|
||||
}
|
||||
return client
|
||||
|
@ -72,7 +72,7 @@ type adapter struct {
|
||||
func newAdapter(registry *model.Registry) (*adapter, error) {
|
||||
var transport *http.Transport
|
||||
if registry.URL == config.GetCoreURL() {
|
||||
transport = common_http.GetHTTPTransport(common_http.InternalTransport)
|
||||
transport = common_http.GetHTTPTransport(common_http.SecureTransport)
|
||||
} else {
|
||||
transport = util.GetHTTPTransport(registry.Insecure)
|
||||
}
|
||||
|
@ -34,7 +34,7 @@ func newProxy() http.Handler {
|
||||
}
|
||||
proxy := httputil.NewSingleHostReverseProxy(url)
|
||||
if commonhttp.InternalTLSEnabled() {
|
||||
proxy.Transport = commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
|
||||
proxy.Transport = commonhttp.GetHTTPTransport(commonhttp.SecureTransport)
|
||||
}
|
||||
|
||||
proxy.Director = basicAuthDirector(proxy.Director)
|
||||
|
Loading…
Reference in New Issue
Block a user