mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-28 05:05:19 +01:00
Not checking for registry credentials in v2auth
That was added to support core process sending request to `/v2/xxx`. It's no longer needed after reworking the flow. This commit removes this. Fixes #10602, as it's not a case we need to support for now. Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
98759642b7
commit
37f9d650bd
@ -36,10 +36,6 @@ type reqChecker struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (rc *reqChecker) check(req *http.Request) error {
|
func (rc *reqChecker) check(req *http.Request) error {
|
||||||
if rc.hasRegistryCred(req) {
|
|
||||||
// TODO: May consider implement a local authorizer for registry, more details see #10602
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
securityCtx, ok := security.FromContext(req.Context())
|
securityCtx, ok := security.FromContext(req.Context())
|
||||||
if !ok {
|
if !ok {
|
||||||
return fmt.Errorf("the security context got from request is nil")
|
return fmt.Errorf("the security context got from request is nil")
|
||||||
@ -88,12 +84,6 @@ func (rc *reqChecker) projectID(name string) (int64, error) {
|
|||||||
return p.ProjectID, nil
|
return p.ProjectID, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (rc *reqChecker) hasRegistryCred(req *http.Request) bool {
|
|
||||||
u, p, ok := req.BasicAuth()
|
|
||||||
regUser, regPass := config.RegistryCredential()
|
|
||||||
return ok && u == regUser && p == regPass
|
|
||||||
}
|
|
||||||
|
|
||||||
func getAction(req *http.Request) rbac.Action {
|
func getAction(req *http.Request) rbac.Action {
|
||||||
pushActions := map[string]struct{}{
|
pushActions := map[string]struct{}{
|
||||||
http.MethodPost: {},
|
http.MethodPost: {},
|
||||||
|
@ -153,28 +153,17 @@ func TestMiddleware(t *testing.T) {
|
|||||||
|
|
||||||
ctx1 := lib.WithArtifactInfo(baseCtx, ar1)
|
ctx1 := lib.WithArtifactInfo(baseCtx, ar1)
|
||||||
ctx2 := lib.WithArtifactInfo(baseCtx, ar2)
|
ctx2 := lib.WithArtifactInfo(baseCtx, ar2)
|
||||||
ctx2x := lib.WithArtifactInfo(context.Background(), ar2) // no securityCtx
|
|
||||||
ctx3 := lib.WithArtifactInfo(baseCtx, ar3)
|
ctx3 := lib.WithArtifactInfo(baseCtx, ar3)
|
||||||
ctx4 := lib.WithArtifactInfo(baseCtx, ar4)
|
ctx4 := lib.WithArtifactInfo(baseCtx, ar4)
|
||||||
ctx5 := lib.WithArtifactInfo(baseCtx, ar5)
|
ctx5 := lib.WithArtifactInfo(baseCtx, ar5)
|
||||||
req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
|
req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||||
req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil)
|
req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||||
req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
|
req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
|
||||||
req2x, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
|
|
||||||
req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil)
|
req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil)
|
||||||
req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil)
|
req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil)
|
||||||
req5, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_3/ubuntu", nil)
|
req5, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_3/ubuntu", nil)
|
||||||
req6, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_0/ubuntu", nil)
|
req6, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_0/ubuntu", nil)
|
||||||
|
|
||||||
os.Setenv("REGISTRY_CREDENTIAL_USERNAME", "testuser")
|
|
||||||
os.Setenv("REGISTRY_CREDENTIAL_PASSWORD", "testpassword")
|
|
||||||
defer func() {
|
|
||||||
os.Unsetenv("REGISTRY_CREDENTIAL_USERNAME")
|
|
||||||
os.Unsetenv("REGISTRY_CREDENTIAL_PASSWORD")
|
|
||||||
}()
|
|
||||||
|
|
||||||
req2x.SetBasicAuth("testuser", "testpassword")
|
|
||||||
|
|
||||||
cases := []struct {
|
cases := []struct {
|
||||||
input *http.Request
|
input *http.Request
|
||||||
status int
|
status int
|
||||||
@ -191,10 +180,6 @@ func TestMiddleware(t *testing.T) {
|
|||||||
input: req2.WithContext(ctx2),
|
input: req2.WithContext(ctx2),
|
||||||
status: http.StatusUnauthorized,
|
status: http.StatusUnauthorized,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
input: req2x.WithContext(ctx2x),
|
|
||||||
status: http.StatusOK,
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
input: req3.WithContext(baseCtx),
|
input: req3.WithContext(baseCtx),
|
||||||
status: http.StatusUnauthorized,
|
status: http.StatusUnauthorized,
|
||||||
|
Loading…
Reference in New Issue
Block a user