diff --git a/src/core/api/base.go b/src/core/api/base.go index 8cec5bf9c..0066ef30a 100644 --- a/src/core/api/base.go +++ b/src/core/api/base.go @@ -28,7 +28,6 @@ import ( "github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/core/config" - "github.com/goharbor/harbor/src/core/filter" "github.com/goharbor/harbor/src/core/promgr" internal_errors "github.com/goharbor/harbor/src/internal/error" "github.com/goharbor/harbor/src/pkg/project" @@ -75,14 +74,7 @@ func (b *BaseController) Prepare() { return } b.SecurityCtx = ctx - - pm, err := filter.GetProjectManager(b.Ctx.Request) - if err != nil { - log.Errorf("failed to get project manager: %v", err) - b.SendInternalServerError(errors.New("")) - return - } - b.ProjectMgr = pm + b.ProjectMgr = config.GlobalProjectMgr } // RequireAuthenticated returns true when the request is authenticated diff --git a/src/core/api/retention.go b/src/core/api/retention.go index 5fa8a6700..72c3c11b8 100644 --- a/src/core/api/retention.go +++ b/src/core/api/retention.go @@ -4,11 +4,11 @@ import ( "encoding/json" "errors" "fmt" + "github.com/goharbor/harbor/src/core/config" "net/http" "strconv" "github.com/goharbor/harbor/src/common/rbac" - "github.com/goharbor/harbor/src/core/filter" "github.com/goharbor/harbor/src/core/promgr" "github.com/goharbor/harbor/src/pkg/retention" "github.com/goharbor/harbor/src/pkg/retention/policy" @@ -28,13 +28,7 @@ func (r *RetentionAPI) Prepare() { r.SendUnAuthorizedError(errors.New("UnAuthorized")) return } - pm, e := filter.GetProjectManager(r.Ctx.Request) - if e != nil { - r.SendInternalServerError(e) - return - } - r.pm = pm - + r.pm = config.GlobalProjectMgr } // GetMetadatas Get Metadatas diff --git a/src/core/filter/security.go b/src/core/filter/security.go index d1bf7b5b1..a122134a8 100644 --- a/src/core/filter/security.go +++ b/src/core/filter/security.go @@ -35,7 +35,6 @@ import ( "github.com/goharbor/harbor/src/common/utils/oidc" "github.com/goharbor/harbor/src/core/auth" "github.com/goharbor/harbor/src/core/config" - "github.com/goharbor/harbor/src/core/promgr" "github.com/goharbor/harbor/src/pkg/authproxy" "github.com/goharbor/harbor/src/pkg/robot" pkg_token "github.com/goharbor/harbor/src/pkg/token" @@ -51,8 +50,6 @@ type pathMethod struct { } const ( - // PmKey is context value key for the project manager - PmKey ContextValueKey = "harbor_project_manager" // AuthModeKey is context key for auth mode AuthModeKey ContextValueKey = "harbor_auth_mode" ) @@ -125,13 +122,10 @@ func (s *secretReqCtxModifier) Modify(ctx *beegoctx.Context) bool { } log.Debug("got secret from request") - log.Debug("using global project manager") - pm := config.GlobalProjectMgr - log.Debug("creating a secret security context...") securCtx := secret.NewSecurityContext(scrt, s.store) - setSecurCtxAndPM(ctx.Request, securCtx, pm) + setSecurCtx(ctx.Request, securCtx) return true } @@ -175,7 +169,7 @@ func (r *robotAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool { log.Debug("creating robot account security context...") pm := config.GlobalProjectMgr securCtx := robotCtx.NewSecurityContext(robot, pm, rtk.Claims.(*robot_claim.Claim).Access) - setSecurCtxAndPM(ctx.Request, securCtx, pm) + setSecurCtx(ctx.Request, securCtx) return true } @@ -204,7 +198,7 @@ func (oc *oidcCliReqCtxModifier) Modify(ctx *beegoctx.Context) bool { } pm := config.GlobalProjectMgr sc := local.NewSecurityContext(user, pm) - setSecurCtxAndPM(ctx.Request, sc, pm) + setSecurCtx(ctx.Request, sc) return true } @@ -251,7 +245,7 @@ func (it *idTokenReqCtxModifier) Modify(ctx *beegoctx.Context) bool { } pm := config.GlobalProjectMgr sc := local.NewSecurityContext(u, pm) - setSecurCtxAndPM(ctx.Request, sc, pm) + setSecurCtx(ctx.Request, sc) return true } @@ -322,7 +316,7 @@ func (ap *authProxyReqCtxModifier) Modify(ctx *beegoctx.Context) bool { pm := config.GlobalProjectMgr log.Debug("creating local database security context for auth proxy...") securCtx := local.NewSecurityContext(user, pm) - setSecurCtxAndPM(ctx.Request, securCtx, pm) + setSecurCtx(ctx.Request, securCtx) return true } @@ -354,11 +348,10 @@ func (b *basicAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool { log.Debug("basic auth user is nil") return false } - log.Debug("using local database project manager") pm := config.GlobalProjectMgr log.Debug("creating local database security context...") securCtx := local.NewSecurityContext(user, pm) - setSecurCtxAndPM(ctx.Request, securCtx, pm) + setSecurCtx(ctx.Request, securCtx) return true } @@ -376,12 +369,11 @@ func (s *sessionReqCtxModifier) Modify(ctx *beegoctx.Context) bool { log.Info("can not get user information from session") return false } - log.Debug("using local database project manager") pm := config.GlobalProjectMgr log.Debug("creating local database security context...") securityCtx := local.NewSecurityContext(&user, pm) - setSecurCtxAndPM(ctx.Request, securityCtx, pm) + setSecurCtx(ctx.Request, securityCtx) return true } @@ -391,38 +383,17 @@ type unauthorizedReqCtxModifier struct{} func (u *unauthorizedReqCtxModifier) Modify(ctx *beegoctx.Context) bool { log.Debug("user information is nil") - log.Debug("using local database project manager") pm := config.GlobalProjectMgr log.Debug("creating local database security context...") securCtx := local.NewSecurityContext(nil, pm) - setSecurCtxAndPM(ctx.Request, securCtx, pm) + setSecurCtx(ctx.Request, securCtx) return true } -func setSecurCtxAndPM(req *http.Request, ctx security.Context, pm promgr.ProjectManager) { +func setSecurCtx(req *http.Request, ctx security.Context) { *req = *(req.WithContext(security.NewContext(req.Context(), ctx))) - addToReqContext(req, PmKey, pm) } func addToReqContext(req *http.Request, key, value interface{}) { *req = *(req.WithContext(context.WithValue(req.Context(), key, value))) } - -// GetProjectManager tries to get project manager from request and returns it -func GetProjectManager(req *http.Request) (promgr.ProjectManager, error) { - if req == nil { - return nil, fmt.Errorf("request is nil") - } - - pm := req.Context().Value(PmKey) - if pm == nil { - return nil, fmt.Errorf("the project manager got from request is nil") - } - - p, ok := pm.(promgr.ProjectManager) - if !ok { - return nil, fmt.Errorf("the variable got from request is not project manager type") - } - - return p, nil -} diff --git a/src/core/filter/security_test.go b/src/core/filter/security_test.go index 91723cdc7..d9095228a 100644 --- a/src/core/filter/security_test.go +++ b/src/core/filter/security_test.go @@ -43,8 +43,6 @@ import ( _ "github.com/goharbor/harbor/src/core/auth/db" _ "github.com/goharbor/harbor/src/core/auth/ldap" "github.com/goharbor/harbor/src/core/config" - "github.com/goharbor/harbor/src/core/promgr" - driver_local "github.com/goharbor/harbor/src/core/promgr/pmsdriver/local" "github.com/stretchr/testify/assert" "github.com/goharbor/harbor/src/common" @@ -85,7 +83,6 @@ func TestSecurityFilter(t *testing.T) { } SecurityFilter(ctx) assert.Nil(t, securityContext(ctx)) - assert.Nil(t, projectManager(ctx)) // the pattern of request needs security check req, err := http.NewRequest(http.MethodGet, @@ -100,7 +97,6 @@ func TestSecurityFilter(t *testing.T) { } SecurityFilter(ctx) assert.NotNil(t, securityContext(ctx)) - assert.NotNil(t, projectManager(ctx)) } func TestConfigCtxModifier(t *testing.T) { @@ -143,7 +139,6 @@ func TestSecretReqCtxModifier(t *testing.T) { assert.True(t, modified) assert.IsType(t, &secret.SecurityContext{}, securityContext(ctx)) - assert.NotNil(t, projectManager(ctx)) } func TestOIDCCliReqCtxModifier(t *testing.T) { @@ -301,7 +296,6 @@ func TestBasicAuthReqCtxModifier(t *testing.T) { assert.IsType(t, &local.SecurityContext{}, sc) s := sc.(security.Context) assert.Equal(t, "admin", s.GetUsername()) - assert.NotNil(t, projectManager(ctx)) } func TestSessionReqCtxModifier(t *testing.T) { @@ -340,8 +334,6 @@ func TestSessionReqCtxModifier(t *testing.T) { s := sc.(security.Context) assert.Equal(t, "admin", s.GetUsername()) assert.True(t, s.IsSysAdmin()) - assert.NotNil(t, projectManager(ctx)) - } func TestSessionReqCtxModifierFailed(t *testing.T) { @@ -402,7 +394,6 @@ func TestUnauthorizedReqCtxModifier(t *testing.T) { assert.NotNil(t, sc) s := sc.(security.Context) assert.False(t, s.IsAuthenticated()) - assert.NotNil(t, projectManager(ctx)) } func newContext(req *http.Request) (*beegoctx.Context, error) { @@ -443,40 +434,3 @@ func securityContext(ctx *beegoctx.Context) interface{} { } return c } - -func projectManager(ctx *beegoctx.Context) interface{} { - if ctx.Request == nil { - return nil - } - return ctx.Request.Context().Value(PmKey) -} - -func TestGetProjectManager(t *testing.T) { - // nil request - pm, err := GetProjectManager(nil) - assert.NotNil(t, err) - - // the request contains no project manager - req, err := http.NewRequest("", "", nil) - assert.Nil(t, err) - pm, err = GetProjectManager(req) - assert.NotNil(t, err) - - // the request contains a variable which is not the correct type - req, err = http.NewRequest("", "", nil) - assert.Nil(t, err) - req = req.WithContext(context.WithValue(req.Context(), - PmKey, "test")) - pm, err = GetProjectManager(req) - assert.NotNil(t, err) - - // the request contains a correct variable - req, err = http.NewRequest("", "", nil) - assert.Nil(t, err) - req = req.WithContext(context.WithValue(req.Context(), - PmKey, promgr.NewDefaultProjectManager(driver_local.NewDriver(), true))) - pm, err = GetProjectManager(req) - assert.Nil(t, err) - _, ok := pm.(promgr.ProjectManager) - assert.True(t, ok) -} diff --git a/src/core/service/token/creator.go b/src/core/service/token/creator.go index 7d521f5c5..9897e68d2 100644 --- a/src/core/service/token/creator.go +++ b/src/core/service/token/creator.go @@ -26,7 +26,6 @@ import ( "github.com/goharbor/harbor/src/common/security" "github.com/goharbor/harbor/src/common/utils/log" "github.com/goharbor/harbor/src/core/config" - "github.com/goharbor/harbor/src/core/filter" "github.com/goharbor/harbor/src/core/promgr" ) @@ -208,10 +207,7 @@ func (g generalCreator) Create(r *http.Request) (*models.Token, error) { return nil, fmt.Errorf("failed to get security context from request") } - pm, err := filter.GetProjectManager(r) - if err != nil { - return nil, fmt.Errorf("failed to get project manager from request") - } + pm := config.GlobalProjectMgr // for docker login if !ctx.IsAuthenticated() {