Merge pull request #443 from ywk253100/dev

add access logs when deleting repositories
This commit is contained in:
Daniel Jiang 2016-06-29 18:46:42 +08:00 committed by GitHub
commit 3f1fc90b39
2 changed files with 82 additions and 36 deletions

View File

@ -144,6 +144,18 @@ func (ra *RepositoryAPI) Delete() {
tags = append(tags, tag)
}
project := ""
if strings.Contains(repoName, "/") {
project = repoName[0:strings.LastIndex(repoName, "/")]
}
user, _, ok := ra.Ctx.Request.BasicAuth()
if !ok {
user, err = ra.getUsername()
if err != nil {
log.Errorf("failed to get user: %v", err)
}
}
for _, t := range tags {
if err := rc.DeleteTag(t); err != nil {
if regErr, ok := err.(*registry_error.Error); ok {
@ -156,6 +168,11 @@ func (ra *RepositoryAPI) Delete() {
log.Infof("delete tag: %s %s", repoName, t)
go TriggerReplicationByRepository(repoName, []string{t}, models.RepOpDelete)
go func(tag string) {
if err := dao.AccessLog(user, project, repoName, tag, "delete"); err != nil {
log.Errorf("failed to add access log: %v", err)
}
}(t)
}
go func() {
@ -164,7 +181,6 @@ func (ra *RepositoryAPI) Delete() {
log.Errorf("error occurred while refresh catalog cache: %v", err)
}
}()
}
type tag struct {

View File

@ -39,55 +39,85 @@ const manifestPattern = `^application/vnd.docker.distribution.manifest.v\d\+json
// Post handles POST request, and records audit log or refreshes cache based on event.
func (n *NotificationHandler) Post() {
var notification models.Notification
//log.Info("Notification Handler triggered!\n")
// log.Infof("request body in string: %s", string(n.Ctx.Input.CopyBody()))
err := json.Unmarshal(n.Ctx.Input.CopyBody(1<<32), &notification)
if err != nil {
log.Errorf("error while decoding json: %v", err)
log.Errorf("failed to decode notification: %v", err)
return
}
var username, action, repo, project, repoTag string
var matched bool
for _, e := range notification.Events {
matched, err = regexp.MatchString(manifestPattern, e.Target.MediaType)
events, err := filterEvents(&notification)
if err != nil {
log.Errorf("Failed to match the media type against pattern, error: %v", err)
matched = false
}
if matched && (strings.HasPrefix(e.Request.UserAgent, "docker") ||
strings.ToLower(strings.TrimSpace(e.Request.UserAgent)) == "harbor-registry-client") {
username = e.Actor.Name
action = e.Action
repo = e.Target.Repository
repoTag = e.Target.Tag
log.Debugf("repo tag is : %v ", repoTag)
if strings.Contains(repo, "/") {
project = repo[0:strings.LastIndex(repo, "/")]
}
if username == "" {
username = "anonymous"
}
if action == "pull" && username == "job-service-user" {
log.Errorf("failed to filter events: %v", err)
return
}
go dao.AccessLog(username, project, repo, repoTag, action)
for _, event := range events {
repository := event.Target.Repository
project := ""
if strings.Contains(repository, "/") {
project = repository[0:strings.LastIndex(repository, "/")]
}
tag := event.Target.Tag
action := event.Action
user := event.Actor.Name
if len(user) == 0 {
user = "anonymous"
}
go func() {
if err := dao.AccessLog(user, project, repository, tag, action); err != nil {
log.Errorf("failed to add access log: %v", err)
}
}()
if action == "push" {
go func() {
err2 := cache.RefreshCatalogCache()
if err2 != nil {
log.Errorf("Error happens when refreshing cache: %v", err2)
if err := cache.RefreshCatalogCache(); err != nil {
log.Errorf("failed to refresh cache: %v", err)
}
}()
go api.TriggerReplicationByRepository(repo, []string{repoTag}, models.RepOpTransfer)
operation := ""
if action == "push" {
operation = models.RepOpTransfer
}
go api.TriggerReplicationByRepository(repository, []string{tag}, operation)
}
}
}
func filterEvents(notification *models.Notification) ([]*models.Event, error) {
events := []*models.Event{}
for _, event := range notification.Events {
isManifest, err := regexp.MatchString(manifestPattern, event.Target.MediaType)
if err != nil {
log.Errorf("failed to match the media type against pattern: %v", err)
continue
}
if !isManifest {
continue
}
//pull and push manifest by docker-client
if strings.HasPrefix(event.Request.UserAgent, "docker") && (event.Action == "pull" || event.Action == "push") {
events = append(events, &event)
continue
}
//push manifest by docker-client or job-service
if strings.ToLower(strings.TrimSpace(event.Request.UserAgent)) == "harbor-registry-client" && event.Action == "push" {
events = append(events, &event)
continue
}
}
return events, nil
}
// Render returns nil as it won't render any template.