From 1fbb28ad8c37c7f945ca7151c57d5d46c643f97f Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Thu, 9 Feb 2017 13:58:48 +0800 Subject: [PATCH] update --- .travis.yml | 1 + docs/swagger.yaml | 40 +++++++++++++++++++ src/common/dao/dao_test.go | 2 +- .../utils/registry/auth/tokenauthorizer.go | 16 ++++---- src/jobservice/config/config.go | 9 +++++ src/jobservice/replication/transfer.go | 10 +++++ src/ui/api/repository.go | 10 +++++ src/ui/api/target.go | 10 +++++ 8 files changed, 88 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8c734d966..05dc4a095 100644 --- a/.travis.yml +++ b/.travis.yml @@ -70,6 +70,7 @@ before_script: # create tables and load data # - mysql < ./make/db/registry.sql -uroot --verbose - sudo sqlite3 /tmp/registry.db < make/common/db/registry_sqlite.sql + - sudo chmod 777 /tmp/registry.db script: - sudo mkdir -p /harbor_storage/ca_download diff --git a/docs/swagger.yaml b/docs/swagger.yaml index 6bbd2ed21..460bd6a85 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -1371,6 +1371,46 @@ paths: description: Inviald ldap configuration parameters. 500: description: Unexpected internal errors. + /configurations: + get: + summary: Get system configurations. + description: | + This endpoint is for retrieving system configurations that only provides for admin user. + tags: + - Products + responses: + 200: + description: Get system configurations successfully. The response body is a map. + schema: + type: object + 401: + description: User need to log in first. + 403: + description: User does not have permission of admin role. + 500: + description: Unexpected internal errors. + put: + summary: Modify system configurations. + description: | + This endpoint is for modifying system configurations that only provides for admin user. + tags: + - Products + parameters: + - name: configurations + in: body + required: true + schema: + type: object + description: The configurations map need to be modified, the following are keys "auth_mode", "email_from", "email_host", "email_identity", "email_password", "email_port", "email_ssl", "email_username", "ldap_base_dn", "ldap_filter", "ldap_scope", "ldap_search_dn", "ldap_search_password", "ldap_timeout", "ldap_uid", "ldap_url", "project_creation_restriction", "self_registration", "verify_remote_cert". + responses: + 200: + description: Modify system configurations successfully. + 401: + description: User need to log in first. + 403: + description: User does not have permission of admin role. + 500: + description: Unexpected internal errors. definitions: Search: type: object diff --git a/src/common/dao/dao_test.go b/src/common/dao/dao_test.go index 2a1144d9b..26056116f 100644 --- a/src/common/dao/dao_test.go +++ b/src/common/dao/dao_test.go @@ -137,7 +137,7 @@ const publicityOn = 1 const publicityOff = 0 func TestMain(m *testing.M) { - databases := []string{"mysql"} + databases := []string{"mysql", "sqlite"} for _, database := range databases { log.Infof("run test cases for database: %s", database) diff --git a/src/common/utils/registry/auth/tokenauthorizer.go b/src/common/utils/registry/auth/tokenauthorizer.go index 917e43f38..0543ef524 100644 --- a/src/common/utils/registry/auth/tokenauthorizer.go +++ b/src/common/utils/registry/auth/tokenauthorizer.go @@ -21,6 +21,7 @@ import ( "io/ioutil" "net/http" "net/url" + "os" "strings" "sync" "time" @@ -234,15 +235,12 @@ func (s *standardTokenAuthorizer) generateToken(realm, service string, scopes [] // 2. the realm field returned by registry is an IP which can not reachable // inside Harbor func tokenURL(realm string) string { - //TODO - /* - extEndpoint := config.ExtEndpoint() - tokenEndpoint := config.TokenEndpoint() - if len(extEndpoint) != 0 && len(tokenEndpoint) != 0 && - strings.Contains(realm, extEndpoint) { - realm = strings.TrimRight(tokenEndpoint, "/") + "/service/token" - } - */ + + domainName := os.Getenv("DOMAIN_NAME") + if len(domainName) != 0 && strings.Contains(realm, domainName) { + realm = "http://ui/service/token" + } + return realm } diff --git a/src/jobservice/config/config.go b/src/jobservice/config/config.go index e4ba0f9b1..d4916dc22 100644 --- a/src/jobservice/config/config.go +++ b/src/jobservice/config/config.go @@ -120,3 +120,12 @@ func SecretKey() (string, error) { func UISecret() string { return os.Getenv("UI_SECRET") } + +// DomainName ... +func DomainName() (string, error) { + cfg, err := mg.Get() + if err != nil { + return "", err + } + return cfg[comcfg.DomainName].(string), nil +} diff --git a/src/jobservice/replication/transfer.go b/src/jobservice/replication/transfer.go index db70003cc..186718ee2 100644 --- a/src/jobservice/replication/transfer.go +++ b/src/jobservice/replication/transfer.go @@ -23,6 +23,7 @@ import ( "fmt" "io/ioutil" "net/http" + "os" "strings" "github.com/docker/distribution" @@ -33,6 +34,7 @@ import ( "github.com/vmware/harbor/src/common/utils/log" "github.com/vmware/harbor/src/common/utils/registry" "github.com/vmware/harbor/src/common/utils/registry/auth" + "github.com/vmware/harbor/src/jobservice/config" ) const ( @@ -460,6 +462,14 @@ func (m *ManifestPusher) enter() (string, error) { func newRepositoryClient(endpoint string, insecure bool, credential auth.Credential, repository, scopeType, scopeName string, scopeActions ...string) (*registry.Repository, error) { + domain, err := config.DomainName() + if err != nil { + return nil, err + } + if err := os.Setenv("DOMAIN_NAME", domain); err != nil { + return nil, err + } + authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, scopeType, scopeName, scopeActions...) store, err := auth.NewAuthorizerStore(endpoint, insecure, authorizer) diff --git a/src/ui/api/repository.go b/src/ui/api/repository.go index b229c0e96..19de01090 100644 --- a/src/ui/api/repository.go +++ b/src/ui/api/repository.go @@ -19,6 +19,7 @@ import ( "fmt" "io/ioutil" "net/http" + "os" "sort" "github.com/docker/distribution/manifest/schema1" @@ -442,6 +443,15 @@ func newRepositoryClient(endpoint string, insecure bool, username, password, rep scopeActions ...string) (*registry.Repository, error) { credential := auth.NewBasicAuthCredential(username, password) + + domain, err := config.DomainName() + if err != nil { + return nil, err + } + if err := os.Setenv("DOMAIN_NAME", domain); err != nil { + return nil, err + } + authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, scopeType, scopeName, scopeActions...) store, err := auth.NewAuthorizerStore(endpoint, insecure, authorizer) diff --git a/src/ui/api/target.go b/src/ui/api/target.go index becda414e..af3888f37 100644 --- a/src/ui/api/target.go +++ b/src/ui/api/target.go @@ -20,6 +20,7 @@ import ( "net" "net/http" "net/url" + "os" "strconv" "github.com/vmware/harbor/src/common/api" @@ -340,6 +341,15 @@ func (t *TargetAPI) Delete() { func newRegistryClient(endpoint string, insecure bool, username, password, scopeType, scopeName string, scopeActions ...string) (*registry.Registry, error) { credential := auth.NewBasicAuthCredential(username, password) + + domain, err := config.DomainName() + if err != nil { + return nil, err + } + if err := os.Setenv("DOMAIN_NAME", domain); err != nil { + return nil, err + } + authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, scopeType, scopeName, scopeActions...) store, err := auth.NewAuthorizerStore(endpoint, insecure, authorizer)