Upstream
/
harbor
mirror of https://github.com/goharbor/harbor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update

This commit is contained in:
Wenkai Yin 2017-02-09 13:58:48 +08:00
parent 9ec11ac672
commit 1fbb28ad8c
8 changed files with 88 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.travis.yml
View File

@ -70,6 +70,7 @@ before_script:
# create tables and load data
# - mysql < ./make/db/registry.sql -uroot --verbose
- sudo sqlite3 /tmp/registry.db < make/common/db/registry_sqlite.sql
- sudo chmod 777 /tmp/registry.db
script:
- sudo mkdir -p /harbor_storage/ca_download

40
docs/swagger.yaml
View File

@ -1371,6 +1371,46 @@ paths:
description: Inviald ldap configuration parameters.
500:
description: Unexpected internal errors.
/configurations:
get:
summary: Get system configurations.
description: |
This endpoint is for retrieving system configurations that only provides for admin user.
tags:
- Products
responses:
200:
description: Get system configurations successfully. The response body is a map.
schema:
type: object
401:
description: User need to log in first.
403:
description: User does not have permission of admin role.
500:
description: Unexpected internal errors.
put:
summary: Modify system configurations.
description: |
This endpoint is for modifying system configurations that only provides for admin user.
tags:
- Products
parameters:
- name: configurations
in: body
required: true
schema:
type: object
description: The configurations map need to be modified, the following are keys "auth_mode", "email_from", "email_host", "email_identity", "email_password", "email_port", "email_ssl", "email_username", "ldap_base_dn", "ldap_filter", "ldap_scope", "ldap_search_dn", "ldap_search_password", "ldap_timeout", "ldap_uid", "ldap_url", "project_creation_restriction", "self_registration", "verify_remote_cert".
responses:
200:
description: Modify system configurations successfully.
401:
description: User need to log in first.
403:
description: User does not have permission of admin role.
500:
description: Unexpected internal errors.
definitions:
Search:
type: object

2
src/common/dao/dao_test.go
View File

@ -137,7 +137,7 @@ const publicityOn = 1
const publicityOff = 0
func TestMain(m *testing.M) {
databases := []string{"mysql"}
databases := []string{"mysql", "sqlite"}
for _, database := range databases {
log.Infof("run test cases for database: %s", database)

16
src/common/utils/registry/auth/tokenauthorizer.go
View File

@ -21,6 +21,7 @@ import (
"io/ioutil"
"net/http"
"net/url"
"os"
"strings"
"sync"
"time"
@ -234,15 +235,12 @@ func (s *standardTokenAuthorizer) generateToken(realm, service string, scopes []
// 2. the realm field returned by registry is an IP which can not reachable
// inside Harbor
func tokenURL(realm string) string {
//TODO
/*
extEndpoint := config.ExtEndpoint()
tokenEndpoint := config.TokenEndpoint()
if len(extEndpoint) != 0 && len(tokenEndpoint) != 0 &&
strings.Contains(realm, extEndpoint) {
realm = strings.TrimRight(tokenEndpoint, "/") + "/service/token"
}
*/
domainName := os.Getenv("DOMAIN_NAME")
if len(domainName) != 0 && strings.Contains(realm, domainName) {
realm = "http://ui/service/token"
}
return realm
}

9
src/jobservice/config/config.go
View File

@ -120,3 +120,12 @@ func SecretKey() (string, error) {
func UISecret() string {
return os.Getenv("UI_SECRET")
}
// DomainName ...
func DomainName() (string, error) {
cfg, err := mg.Get()
if err != nil {
return "", err
}
return cfg[comcfg.DomainName].(string), nil
}

10
src/jobservice/replication/transfer.go
View File

@ -23,6 +23,7 @@ import (
"fmt"
"io/ioutil"
"net/http"
"os"
"strings"
"github.com/docker/distribution"
@ -33,6 +34,7 @@ import (
"github.com/vmware/harbor/src/common/utils/log"
"github.com/vmware/harbor/src/common/utils/registry"
"github.com/vmware/harbor/src/common/utils/registry/auth"
"github.com/vmware/harbor/src/jobservice/config"
)
const (
@ -460,6 +462,14 @@ func (m *ManifestPusher) enter() (string, error) {
func newRepositoryClient(endpoint string, insecure bool, credential auth.Credential, repository, scopeType, scopeName string,
scopeActions ...string) (*registry.Repository, error) {
domain, err := config.DomainName()
if err != nil {
return nil, err
}
if err := os.Setenv("DOMAIN_NAME", domain); err != nil {
return nil, err
}
authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, scopeType, scopeName, scopeActions...)
store, err := auth.NewAuthorizerStore(endpoint, insecure, authorizer)

10
src/ui/api/repository.go
View File

@ -19,6 +19,7 @@ import (
"fmt"
"io/ioutil"
"net/http"
"os"
"sort"
"github.com/docker/distribution/manifest/schema1"
@ -442,6 +443,15 @@ func newRepositoryClient(endpoint string, insecure bool, username, password, rep
scopeActions ...string) (*registry.Repository, error) {
credential := auth.NewBasicAuthCredential(username, password)
domain, err := config.DomainName()
if err != nil {
return nil, err
}
if err := os.Setenv("DOMAIN_NAME", domain); err != nil {
return nil, err
}
authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, scopeType, scopeName, scopeActions...)
store, err := auth.NewAuthorizerStore(endpoint, insecure, authorizer)

10
src/ui/api/target.go
View File

@ -20,6 +20,7 @@ import (
"net"
"net/http"
"net/url"
"os"
"strconv"
"github.com/vmware/harbor/src/common/api"
@ -340,6 +341,15 @@ func (t *TargetAPI) Delete() {
func newRegistryClient(endpoint string, insecure bool, username, password, scopeType, scopeName string,
scopeActions ...string) (*registry.Registry, error) {
credential := auth.NewBasicAuthCredential(username, password)
domain, err := config.DomainName()
if err != nil {
return nil, err
}
if err := os.Setenv("DOMAIN_NAME", domain); err != nil {
return nil, err
}
authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, scopeType, scopeName, scopeActions...)
store, err := auth.NewAuthorizerStore(endpoint, insecure, authorizer)