Merge pull request #2717 from ywk253100/170706_integration

Update auth context as Admiral's API changed
This commit is contained in:
Wenkai Yin 2017-07-07 11:03:13 +08:00 committed by GitHub
commit 186538010d
6 changed files with 106 additions and 34 deletions

View File

@ -20,10 +20,12 @@ import (
"fmt"
"io/ioutil"
"net/http"
"strconv"
"strings"
"github.com/vmware/harbor/src/common"
"github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/src/common/utils"
"github.com/vmware/harbor/src/common/utils/log"
)
@ -37,9 +39,10 @@ const (
)
type project struct {
DocumentSelfLink string `json:"documentSelfLink"`
Name string `json:"name"`
Roles []string `json:"roles"`
SelfLink string `json:"documentSelfLink"`
Name string `json:"name"`
Roles []string `json:"roles"`
Properties map[string]string `json:"customProperties"`
}
// AuthContext ...
@ -63,28 +66,18 @@ func (a *AuthContext) IsSysAdmin() bool {
// GetProjectRoles ...
func (a *AuthContext) GetProjectRoles(projectIDOrName interface{}) []int {
var isID bool
var id int64
var name string
id, isID = projectIDOrName.(int64)
if !isID {
name, _ = projectIDOrName.(string)
id, name, err := utils.ParseProjectIDOrName(projectIDOrName)
if err != nil {
log.Errorf("failed to parse project ID or name: %v", err)
return []int{}
}
roles := []string{}
for _, project := range a.Projects {
p := convertProject(project)
if isID {
if p.ProjectID == id {
roles = append(roles, project.Roles...)
break
}
} else {
if p.Name == name {
roles = append(roles, project.Roles...)
break
}
if p.ProjectID == id || p.Name == name {
roles = append(roles, project.Roles...)
break
}
}
@ -100,12 +93,29 @@ func (a *AuthContext) GetMyProjects() []*models.Project {
return projects
}
// TODO populate harbor ID to the project
// convert project returned by Admiral to project used in Harbor
func convertProject(p *project) *models.Project {
project := &models.Project{
Name: p.Name,
}
index := ""
if p.Properties != nil {
index = p.Properties["__projectIndex"]
}
if len(index) == 0 {
log.Errorf("property __projectIndex not found when parsing project")
return project
}
id, err := strconv.ParseInt(index, 10, 64)
if err != nil {
log.Errorf("failed to parse __projectIndex %s: %v", index, err)
return project
}
project.ProjectID = id
return project
}

View File

@ -42,8 +42,9 @@ func TestGetProjectRoles(t *testing.T) {
ctx := &AuthContext{
Projects: []*project{
&project{
Name: "project",
Roles: []string{projectAdminRole, developerRole, guestRole},
Name: "project",
Roles: []string{projectAdminRole, developerRole, guestRole},
Properties: map[string]string{"__projectIndex": "9"},
},
},
}
@ -52,7 +53,9 @@ func TestGetProjectRoles(t *testing.T) {
roles := ctx.GetProjectRoles("project")
assert.Equal(t, 3, len(roles))
// TODO add test case with ID
// test with ID
roles = ctx.GetProjectRoles(9)
assert.Equal(t, 3, len(roles))
}
func TestGetMyProjects(t *testing.T) {

View File

@ -17,7 +17,7 @@ package admiral
import (
"github.com/vmware/harbor/src/common"
"github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/src/common/security/authcontext"
"github.com/vmware/harbor/src/common/security/admiral/authcontext"
"github.com/vmware/harbor/src/common/utils/log"
"github.com/vmware/harbor/src/ui/projectmanager"
)

View File

@ -16,6 +16,7 @@ package utils
import (
"crypto/rand"
"errors"
"fmt"
"net"
"net/url"
@ -125,3 +126,34 @@ func ParseTimeStamp(timestamp string) (*time.Time, error) {
t := time.Unix(i, 0)
return &t, nil
}
// ParseProjectIDOrName parses value to ID(int64) or name(string)
func ParseProjectIDOrName(value interface{}) (int64, string, error) {
if value == nil {
return 0, "", errors.New("harborIDOrName is nil")
}
var id int64
var name string
switch value.(type) {
case int:
i := value.(int)
id = int64(i)
if id == 0 {
return 0, "", fmt.Errorf("invalid ID: 0")
}
case int64:
id = value.(int64)
if id == 0 {
return 0, "", fmt.Errorf("invalid ID: 0")
}
case string:
name = value.(string)
if len(name) == 0 {
return 0, "", fmt.Errorf("empty name")
}
default:
return 0, "", fmt.Errorf("unsupported type")
}
return id, name, nil
}

View File

@ -211,3 +211,35 @@ func TestParseTimeStamp(t *testing.T) {
assert.Nil(t, err)
assert.Equal(t, now, result.Unix())
}
func TestParseHarborIDOrName(t *testing.T) {
// nil input
id, name, err := ParseProjectIDOrName(nil)
assert.NotNil(t, err)
// invalid ID
id, name, err = ParseProjectIDOrName(0)
assert.NotNil(t, err)
// invalid name
id, name, err = ParseProjectIDOrName("")
assert.NotNil(t, err)
// valid int ID
id, name, err = ParseProjectIDOrName(1)
assert.Nil(t, err)
assert.Equal(t, int64(1), id)
assert.Equal(t, "", name)
// valid int64 ID
id, name, err = ParseProjectIDOrName(int64(1))
assert.Nil(t, err)
assert.Equal(t, int64(1), id)
assert.Equal(t, "", name)
// valid name
id, name, err = ParseProjectIDOrName("project")
assert.Nil(t, err)
assert.Equal(t, int64(0), id)
assert.Equal(t, "project", name)
}

View File

@ -24,7 +24,7 @@ import (
secstore "github.com/vmware/harbor/src/common/secret"
"github.com/vmware/harbor/src/common/security"
"github.com/vmware/harbor/src/common/security/admiral"
"github.com/vmware/harbor/src/common/security/authcontext"
"github.com/vmware/harbor/src/common/security/admiral/authcontext"
"github.com/vmware/harbor/src/common/security/local"
"github.com/vmware/harbor/src/common/security/secret"
"github.com/vmware/harbor/src/common/utils/log"
@ -99,19 +99,14 @@ func (s *secretReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
if len(scrt) == 0 {
return false
}
log.Debug("got secret from request")
var pm projectmanager.ProjectManager
if config.WithAdmiral() {
// TODO project manager with harbor service accout
} else {
log.Debug("using local database project manager")
pm = config.GlobalProjectMgr
}
log.Debug("using global project manager")
pm := config.GlobalProjectMgr
log.Debug("creating a secret security context...")
securCtx := secret.NewSecurityContext(scrt, s.store)
setSecurCtxAndPM(ctx.Request, securCtx, pm)
return true