1
0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-22 00:27:44 +01:00

Merge pull request from heww/ignore-enable-content-trust-for-proxy-cache

feat(project): ignore enable_content_trust for proxy project
This commit is contained in:
stonezdj(Daojun Zhang) 2020-09-07 11:25:53 +08:00 committed by GitHub
commit 4267570e99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 28 additions and 52 deletions
src
common/models
server
middleware/repoproxy
v2.0/handler

View File

@ -80,6 +80,11 @@ func (p *Project) IsPublic() bool {
return isTrue(public) return isTrue(public)
} }
// IsProxy returns true when the project type is proxy cache
func (p *Project) IsProxy() bool {
return p.RegistryID > 0
}
// ContentTrustEnabled ... // ContentTrustEnabled ...
func (p *Project) ContentTrustEnabled() bool { func (p *Project) ContentTrustEnabled() bool {
enabled, exist := p.GetMetadata(ProMetaEnableContentTrust) enabled, exist := p.GetMetadata(ProMetaEnableContentTrust)

View File

@ -17,20 +17,20 @@ package repoproxy
import ( import (
"context" "context"
"fmt" "fmt"
"github.com/goharbor/harbor/src/common/security"
"github.com/goharbor/harbor/src/common/security/proxycachesecret"
"github.com/goharbor/harbor/src/lib/errors"
httpLib "github.com/goharbor/harbor/src/lib/http"
"github.com/goharbor/harbor/src/replication/model"
"github.com/goharbor/harbor/src/replication/registry"
"io" "io"
"net/http" "net/http"
"github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/security"
"github.com/goharbor/harbor/src/common/security/proxycachesecret"
"github.com/goharbor/harbor/src/controller/project" "github.com/goharbor/harbor/src/controller/project"
"github.com/goharbor/harbor/src/controller/proxy" "github.com/goharbor/harbor/src/controller/proxy"
"github.com/goharbor/harbor/src/lib" "github.com/goharbor/harbor/src/lib"
"github.com/goharbor/harbor/src/lib/errors"
httpLib "github.com/goharbor/harbor/src/lib/http"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
"github.com/goharbor/harbor/src/replication/model"
"github.com/goharbor/harbor/src/replication/registry"
"github.com/goharbor/harbor/src/server/middleware" "github.com/goharbor/harbor/src/server/middleware"
) )
@ -163,14 +163,6 @@ func setHeaders(w http.ResponseWriter, size int64, mediaType string, dig string)
h.Set("Etag", dig) h.Set("Etag", dig)
} }
// isProxyProject check the project is a proxy project
func isProxyProject(p *models.Project) bool {
if p == nil {
return false
}
return p.RegistryID > 0
}
// isProxySession check if current security context is proxy session // isProxySession check if current security context is proxy session
func isProxySession(ctx context.Context) bool { func isProxySession(ctx context.Context) bool {
sc, ok := security.FromContext(ctx) sc, ok := security.FromContext(ctx)
@ -194,7 +186,7 @@ func DisableBlobAndManifestUploadMiddleware() func(http.Handler) http.Handler {
httpLib.SendError(w, err) httpLib.SendError(w, err)
return return
} }
if isProxyProject(p) && !isProxySession(ctx) { if p.IsProxy() && !isProxySession(ctx) {
httpLib.SendError(w, httpLib.SendError(w,
errors.DeniedError( errors.DeniedError(
errors.Errorf("can not push artifact to a proxy project: %v", p.Name))) errors.Errorf("can not push artifact to a proxy project: %v", p.Name)))

View File

@ -18,44 +18,12 @@ import (
"context" "context"
"testing" "testing"
"github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/security" "github.com/goharbor/harbor/src/common/security"
"github.com/goharbor/harbor/src/common/security/proxycachesecret" "github.com/goharbor/harbor/src/common/security/proxycachesecret"
securitySecret "github.com/goharbor/harbor/src/common/security/secret" securitySecret "github.com/goharbor/harbor/src/common/security/secret"
"github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/config"
) )
func TestIsProxyProject(t *testing.T) {
cases := []struct {
name string
in *models.Project
want bool
}{
{
name: `no proxy`,
in: &models.Project{RegistryID: 0},
want: false,
},
{
name: `normal proxy`,
in: &models.Project{RegistryID: 1},
want: true,
},
}
for _, tt := range cases {
t.Run(tt.name, func(t *testing.T) {
got := isProxyProject(tt.in)
if got != tt.want {
t.Errorf(`(%v) = %v; want "%v"`, tt.in, got, tt.want)
}
})
}
}
func TestIsProxySession(t *testing.T) { func TestIsProxySession(t *testing.T) {
config.Init() config.Init()
sc1 := securitySecret.NewSecurityContext("123456789", config.SecretStore) sc1 := securitySecret.NewSecurityContext("123456789", config.SecretStore)

View File

@ -17,9 +17,6 @@ package handler
import ( import (
"context" "context"
"fmt" "fmt"
"github.com/goharbor/harbor/src/controller/event/metadata"
"github.com/goharbor/harbor/src/controller/project"
"github.com/goharbor/harbor/src/pkg/notification"
"net/http" "net/http"
"strings" "strings"
"time" "time"
@ -31,10 +28,13 @@ import (
"github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils"
"github.com/goharbor/harbor/src/controller/artifact" "github.com/goharbor/harbor/src/controller/artifact"
"github.com/goharbor/harbor/src/controller/artifact/processor" "github.com/goharbor/harbor/src/controller/artifact/processor"
"github.com/goharbor/harbor/src/controller/event/metadata"
"github.com/goharbor/harbor/src/controller/project"
"github.com/goharbor/harbor/src/controller/repository" "github.com/goharbor/harbor/src/controller/repository"
"github.com/goharbor/harbor/src/controller/scan" "github.com/goharbor/harbor/src/controller/scan"
"github.com/goharbor/harbor/src/controller/tag" "github.com/goharbor/harbor/src/controller/tag"
"github.com/goharbor/harbor/src/lib/errors" "github.com/goharbor/harbor/src/lib/errors"
"github.com/goharbor/harbor/src/pkg/notification"
"github.com/goharbor/harbor/src/server/v2.0/handler/assembler" "github.com/goharbor/harbor/src/server/v2.0/handler/assembler"
"github.com/goharbor/harbor/src/server/v2.0/handler/model" "github.com/goharbor/harbor/src/server/v2.0/handler/model"
"github.com/goharbor/harbor/src/server/v2.0/models" "github.com/goharbor/harbor/src/server/v2.0/models"
@ -244,7 +244,7 @@ func (a *artifactAPI) requireNonProxyCacheProject(ctx context.Context, name stri
if err != nil { if err != nil {
return err return err
} }
if pro.RegistryID > 0 { if pro.IsProxy() {
return errors.New(nil).WithCode(errors.MethodNotAllowedCode). return errors.New(nil).WithCode(errors.MethodNotAllowedCode).
WithMessage("the operation isn't supported for a proxy cache project") WithMessage("the operation isn't supported for a proxy cache project")
} }

View File

@ -119,6 +119,12 @@ func (a *projectAPI) CreateProject(ctx context.Context, params operation.CreateP
req.Metadata.Public = strconv.FormatBool(false) req.Metadata.Public = strconv.FormatBool(false)
} }
// ignore enable_content_trust metadata for proxy cache project
// see https://github.com/goharbor/harbor/issues/12940 to get more info
if req.RegistryID != nil {
req.Metadata.EnableContentTrust = nil
}
// validate the RegistryID and StorageLimit in the body of the request // validate the RegistryID and StorageLimit in the body of the request
if err := a.validateProjectReq(ctx, req); err != nil { if err := a.validateProjectReq(ctx, req); err != nil {
return a.SendError(ctx, err) return a.SendError(ctx, err)
@ -314,7 +320,7 @@ func (a *projectAPI) GetProjectSummary(ctx context.Context, params operation.Get
fetchSummaries = append(fetchSummaries, getProjectMemberSummary) fetchSummaries = append(fetchSummaries, getProjectMemberSummary)
} }
if p.RegistryID > 0 { if p.IsProxy() {
fetchSummaries = append(fetchSummaries, getProjectRegistrySummary) fetchSummaries = append(fetchSummaries, getProjectRegistrySummary)
} }
@ -458,6 +464,11 @@ func (a *projectAPI) UpdateProject(ctx context.Context, params operation.UpdateP
} }
} }
// ignore enable_content_trust metadata for proxy cache project
// see https://github.com/goharbor/harbor/issues/12940 to get more info
if params.Project.Metadata != nil && p.IsProxy() {
params.Project.Metadata.EnableContentTrust = nil
}
lib.JSONCopy(&p.Metadata, params.Project.Metadata) lib.JSONCopy(&p.Metadata, params.Project.Metadata)
if err := a.projectCtl.Update(ctx, p); err != nil { if err := a.projectCtl.Update(ctx, p); err != nil {