From 246d863c599384424c4174d8fa10099731b82452 Mon Sep 17 00:00:00 2001 From: yunkunrao Date: Thu, 19 Aug 2021 21:42:50 +0800 Subject: [PATCH] Refactor ping method into util pkg Signed-off-by: yunkunrao --- src/lib/errors/const.go | 6 +++++ src/pkg/reg/adapter/aliacr/adapter.go | 27 +--------------------- src/pkg/reg/adapter/gitlab/client.go | 29 +++--------------------- src/pkg/reg/adapter/tencentcr/adapter.go | 23 +------------------ src/pkg/reg/util/util.go | 22 ++++++++++++++++++ 5 files changed, 33 insertions(+), 74 deletions(-) diff --git a/src/lib/errors/const.go b/src/lib/errors/const.go index e8a980c4f..d8cb28df1 100644 --- a/src/lib/errors/const.go +++ b/src/lib/errors/const.go @@ -17,6 +17,8 @@ const ( PreconditionCode = "PRECONDITION" // GeneralCode ... GeneralCode = "UNKNOWN" + // ChallengesUnsupportedCode ... + ChallengesUnsupportedCode = "ChallengesUnsupportedCode" // DENIED it's used by middleware(readonly, vul and content trust) and returned to docker client to index the request is denied. DENIED = "DENIED" // PROJECTPOLICYVIOLATION ... @@ -85,3 +87,7 @@ func IsNotFoundErr(err error) bool { func IsConflictErr(err error) bool { return IsErr(err, ConflictCode) } + +func IsChallengesUnsupportedErr(err error) bool { + return IsErr(err, ChallengesUnsupportedCode) +} diff --git a/src/pkg/reg/adapter/aliacr/adapter.go b/src/pkg/reg/adapter/aliacr/adapter.go index 0babad361..55699365c 100644 --- a/src/pkg/reg/adapter/aliacr/adapter.go +++ b/src/pkg/reg/adapter/aliacr/adapter.go @@ -5,15 +5,12 @@ import ( "errors" "fmt" - "net/http" "path/filepath" "regexp" "strings" "github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests" "github.com/aliyun/alibaba-cloud-sdk-go/services/cr" - "github.com/docker/distribution/registry/client/auth/challenge" - commonhttp "github.com/goharbor/harbor/src/common/http" "github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/lib/log" adp "github.com/goharbor/harbor/src/pkg/reg/adapter" @@ -56,7 +53,7 @@ func newAdapter(registry *model.Registry) (*adapter, error) { } // fix url (allow user input cr service url) registry.URL = fmt.Sprintf(registryEndpointTpl, region) - realm, service, err := ping(registry) + realm, service, err := util.Ping(registry) if err != nil { return nil, err } @@ -70,28 +67,6 @@ func newAdapter(registry *model.Registry) (*adapter, error) { }, nil } -func ping(registry *model.Registry) (string, string, error) { - client := &http.Client{} - if registry.Insecure { - client.Transport = commonhttp.GetHTTPTransport(commonhttp.InsecureTransport) - } else { - client.Transport = commonhttp.GetHTTPTransport(commonhttp.SecureTransport) - } - - resp, err := client.Get(registry.URL + "/v2/") - if err != nil { - return "", "", err - } - defer resp.Body.Close() - challenges := challenge.ResponseChallenges(resp) - for _, challenge := range challenges { - if challenge.Scheme == "bearer" { - return challenge.Parameters["realm"], challenge.Parameters["service"], nil - } - } - return "", "", fmt.Errorf("bearer auth scheme isn't supported: %v", challenges) -} - type factory struct { } diff --git a/src/pkg/reg/adapter/gitlab/client.go b/src/pkg/reg/adapter/gitlab/client.go index d9ed53db9..c94e0bcdc 100644 --- a/src/pkg/reg/adapter/gitlab/client.go +++ b/src/pkg/reg/adapter/gitlab/client.go @@ -4,8 +4,7 @@ import ( "encoding/json" "errors" "fmt" - "github.com/docker/distribution/registry/client/auth/challenge" - "github.com/goharbor/harbor/src/lib/log" + liberrors "github.com/goharbor/harbor/src/lib/errors" "github.com/goharbor/harbor/src/pkg/reg/model" "github.com/goharbor/harbor/src/pkg/reg/util" "io" @@ -32,10 +31,8 @@ type Client struct { // NewClient creates a new GitLab client. func NewClient(registry *model.Registry) (*Client, error) { - realm, _, err := ping(&http.Client{ - Transport: util.GetHTTPTransport(registry.Insecure), - }, registry.URL) - if err != nil { + realm, _, err := util.Ping(registry) + if err != nil && !liberrors.IsChallengesUnsupportedErr(err) { return nil, err } if realm == "" { @@ -57,26 +54,6 @@ func NewClient(registry *model.Registry) (*Client, error) { return client, nil } -// ping returns the realm, service and error -func ping(client *http.Client, endpoint string) (string, string, error) { - resp, err := client.Get(buildPingURL(endpoint)) - if err != nil { - return "", "", err - } - defer resp.Body.Close() - - challenges := challenge.ResponseChallenges(resp) - for _, challenge := range challenges { - if scheme == challenge.Scheme { - realm := challenge.Parameters["realm"] - service := challenge.Parameters["service"] - return realm, service, nil - } - } - - log.Warningf("Schemas %v are unsupported", challenges) - return "", "", nil -} func buildPingURL(endpoint string) string { return fmt.Sprintf("%s/v2/", endpoint) } diff --git a/src/pkg/reg/adapter/tencentcr/adapter.go b/src/pkg/reg/adapter/tencentcr/adapter.go index 32e4c83f3..6e6117367 100644 --- a/src/pkg/reg/adapter/tencentcr/adapter.go +++ b/src/pkg/reg/adapter/tencentcr/adapter.go @@ -10,7 +10,6 @@ import ( "strconv" "strings" - "github.com/docker/distribution/registry/client/auth/challenge" commonhttp "github.com/goharbor/harbor/src/common/http" "github.com/goharbor/harbor/src/lib/log" adp "github.com/goharbor/harbor/src/pkg/reg/adapter" @@ -97,7 +96,7 @@ func newAdapter(registry *model.Registry) (a *adapter, err error) { } } - realm, service, err := ping(registry) + realm, service, err := util.Ping(registry) log.Debugf("[tencent-tcr.newAdapter] realm=%s, service=%s error=%v", realm, service, err) if err != nil { log.Errorf("[tencent-tcr.newAdapter] ping failed. error=%v", err) @@ -166,26 +165,6 @@ func newAdapter(registry *model.Registry) (a *adapter, err error) { }, nil } -func ping(registry *model.Registry) (string, string, error) { - client := &http.Client{ - Transport: util.GetHTTPTransport(registry.Insecure), - } - - resp, err := client.Get(registry.URL + "/v2/") - log.Debugf("[tencent-tcr.ping] error=%v", err) - if err != nil { - return "", "", err - } - defer resp.Body.Close() - challenges := challenge.ResponseChallenges(resp) - for _, challenge := range challenges { - if challenge.Scheme == "bearer" { - return challenge.Parameters["realm"], challenge.Parameters["service"], nil - } - } - return "", "", fmt.Errorf("[tencent-tcr.ping] bearer auth scheme isn't supported: %v", challenges) -} - func (a *adapter) Info() (info *model.RegistryInfo, err error) { info = &model.RegistryInfo{ Type: model.RegistryTypeTencentTcr, diff --git a/src/pkg/reg/util/util.go b/src/pkg/reg/util/util.go index acf97ca7f..ccd89697a 100644 --- a/src/pkg/reg/util/util.go +++ b/src/pkg/reg/util/util.go @@ -15,6 +15,9 @@ package util import ( + "github.com/docker/distribution/registry/client/auth/challenge" + "github.com/goharbor/harbor/src/lib/errors" + "github.com/goharbor/harbor/src/pkg/reg/model" "net/http" "strings" @@ -29,6 +32,25 @@ func GetHTTPTransport(insecure bool) *http.Transport { return commonhttp.GetHTTPTransport(commonhttp.SecureTransport) } +func Ping(registry *model.Registry) (string, string, error) { + client := &http.Client{ + Transport: GetHTTPTransport(registry.Insecure), + } + + resp, err := client.Get(registry.URL + "/v2/") + if err != nil { + return "", "", err + } + defer resp.Body.Close() + challenges := challenge.ResponseChallenges(resp) + for _, challenge := range challenges { + if challenge.Scheme == "bearer" { + return challenge.Parameters["realm"], challenge.Parameters["service"], nil + } + } + return "", "", errors.New(nil).WithCode(errors.ChallengesUnsupportedCode).WithMessage("bearer auth scheme isn't supported: %v", challenges) +} + // ParseRepository parses the "repository" provided into two parts: namespace and the rest // the string before the last "/" is the namespace part // c -> [,c]