mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-24 01:27:49 +01:00
Use secure transport to access HTTP endpoint
In various parts of the code, we used insecure transport in http Client when we assume the endpoint is http. This causes complaints form security scanner. We should use secure transport in such cases. Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
7116baabed
commit
1188bd89b9
@ -89,7 +89,7 @@ func GetTargets(notaryEndpoint string, username string, fqRepo string) ([]Target
|
||||
authorizer := ¬aryAuthorizer{
|
||||
token: t.Token,
|
||||
}
|
||||
tr := registry.NewTransport(registry.GetHTTPTransport(true), authorizer)
|
||||
tr := registry.NewTransport(registry.GetHTTPTransport(), authorizer)
|
||||
gun := data.GUN(fqRepo)
|
||||
notaryRepo, err := client.NewFileCachedNotaryRepository(notaryCachePath, gun, notaryEndpoint, tr, mockRetriever, trustPin)
|
||||
if err != nil {
|
||||
|
@ -72,7 +72,7 @@ func BuildBlobURL(endpoint, repository, digest string) string {
|
||||
// GetTokenForRepo is used for job handler to get a token for clair.
|
||||
func GetTokenForRepo(repository, secret, internalTokenServiceURL string) (string, error) {
|
||||
credential := httpauth.NewSecretAuthorizer(secret)
|
||||
t, err := auth.GetToken(internalTokenServiceURL, true, credential,
|
||||
t, err := auth.GetToken(internalTokenServiceURL, false, credential,
|
||||
[]*token.ResourceActions{{
|
||||
Type: "repository",
|
||||
Name: repository,
|
||||
|
@ -98,7 +98,7 @@ func (d *DefaultReplicator) Replicate(replication *Replication) error {
|
||||
"repository": repository,
|
||||
"tags": tags,
|
||||
"src_registry_url": url,
|
||||
"src_registry_insecure": true,
|
||||
"src_registry_insecure": false,
|
||||
// "src_token_service_url":"",
|
||||
"dst_registry_url": target.URL,
|
||||
"dst_registry_insecure": target.Insecure,
|
||||
|
Loading…
Reference in New Issue
Block a user