mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-18 14:47:38 +01:00
Merge pull request #12960 from heww/ignore-enable-content-trust-for-proxy-cache
feat(project): ignore enable_content_trust for proxy project
This commit is contained in:
stonezdj(Daojun Zhang)
GitHub
commit
4267570e99
@ -80,6 +80,11 @@ func (p *Project) IsPublic() bool {
|
||||
return isTrue(public)
|
||||
}
|
||||
|
||||
// IsProxy returns true when the project type is proxy cache
|
||||
func (p *Project) IsProxy() bool {
|
||||
return p.RegistryID > 0
|
||||
}
|
||||
|
||||
// ContentTrustEnabled ...
|
||||
func (p *Project) ContentTrustEnabled() bool {
|
||||
enabled, exist := p.GetMetadata(ProMetaEnableContentTrust)
|
||||
|
||||
@ -17,20 +17,20 @@ package repoproxy
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"github.com/goharbor/harbor/src/common/security"
|
||||
"github.com/goharbor/harbor/src/common/security/proxycachesecret"
|
||||
"github.com/goharbor/harbor/src/lib/errors"
|
||||
httpLib "github.com/goharbor/harbor/src/lib/http"
|
||||
"github.com/goharbor/harbor/src/replication/model"
|
||||
"github.com/goharbor/harbor/src/replication/registry"
|
||||
"io"
|
||||
"net/http"
|
||||
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
"github.com/goharbor/harbor/src/common/security"
|
||||
"github.com/goharbor/harbor/src/common/security/proxycachesecret"
|
||||
"github.com/goharbor/harbor/src/controller/project"
|
||||
"github.com/goharbor/harbor/src/controller/proxy"
|
||||
"github.com/goharbor/harbor/src/lib"
|
||||
"github.com/goharbor/harbor/src/lib/errors"
|
||||
httpLib "github.com/goharbor/harbor/src/lib/http"
|
||||
"github.com/goharbor/harbor/src/lib/log"
|
||||
"github.com/goharbor/harbor/src/replication/model"
|
||||
"github.com/goharbor/harbor/src/replication/registry"
|
||||
"github.com/goharbor/harbor/src/server/middleware"
|
||||
)
|
||||
|
||||
@ -163,14 +163,6 @@ func setHeaders(w http.ResponseWriter, size int64, mediaType string, dig string)
|
||||
h.Set("Etag", dig)
|
||||
}
|
||||
|
||||
// isProxyProject check the project is a proxy project
|
||||
func isProxyProject(p *models.Project) bool {
|
||||
if p == nil {
|
||||
return false
|
||||
}
|
||||
return p.RegistryID > 0
|
||||
}
|
||||
|
||||
// isProxySession check if current security context is proxy session
|
||||
func isProxySession(ctx context.Context) bool {
|
||||
sc, ok := security.FromContext(ctx)
|
||||
@ -194,7 +186,7 @@ func DisableBlobAndManifestUploadMiddleware() func(http.Handler) http.Handler {
|
||||
httpLib.SendError(w, err)
|
||||
return
|
||||
}
|
||||
if isProxyProject(p) && !isProxySession(ctx) {
|
||||
if p.IsProxy() && !isProxySession(ctx) {
|
||||
httpLib.SendError(w,
|
||||
errors.DeniedError(
|
||||
errors.Errorf("can not push artifact to a proxy project: %v", p.Name)))
|
||||
|
||||
@ -18,44 +18,12 @@ import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
"github.com/goharbor/harbor/src/common/security"
|
||||
"github.com/goharbor/harbor/src/common/security/proxycachesecret"
|
||||
securitySecret "github.com/goharbor/harbor/src/common/security/secret"
|
||||
"github.com/goharbor/harbor/src/core/config"
|
||||
)
|
||||
|
||||
func TestIsProxyProject(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
in *models.Project
|
||||
want bool
|
||||
}{
|
||||
{
|
||||
name: `no proxy`,
|
||||
in: &models.Project{RegistryID: 0},
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: `normal proxy`,
|
||||
in: &models.Project{RegistryID: 1},
|
||||
want: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range cases {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
|
||||
got := isProxyProject(tt.in)
|
||||
|
||||
if got != tt.want {
|
||||
t.Errorf(`(%v) = %v; want "%v"`, tt.in, got, tt.want)
|
||||
}
|
||||
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsProxySession(t *testing.T) {
|
||||
config.Init()
|
||||
sc1 := securitySecret.NewSecurityContext("123456789", config.SecretStore)
|
||||
|
||||
@ -17,9 +17,6 @@ package handler
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"github.com/goharbor/harbor/src/controller/event/metadata"
|
||||
"github.com/goharbor/harbor/src/controller/project"
|
||||
"github.com/goharbor/harbor/src/pkg/notification"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
@ -31,10 +28,13 @@ import (
|
||||
"github.com/goharbor/harbor/src/common/utils"
|
||||
"github.com/goharbor/harbor/src/controller/artifact"
|
||||
"github.com/goharbor/harbor/src/controller/artifact/processor"
|
||||
"github.com/goharbor/harbor/src/controller/event/metadata"
|
||||
"github.com/goharbor/harbor/src/controller/project"
|
||||
"github.com/goharbor/harbor/src/controller/repository"
|
||||
"github.com/goharbor/harbor/src/controller/scan"
|
||||
"github.com/goharbor/harbor/src/controller/tag"
|
||||
"github.com/goharbor/harbor/src/lib/errors"
|
||||
"github.com/goharbor/harbor/src/pkg/notification"
|
||||
"github.com/goharbor/harbor/src/server/v2.0/handler/assembler"
|
||||
"github.com/goharbor/harbor/src/server/v2.0/handler/model"
|
||||
"github.com/goharbor/harbor/src/server/v2.0/models"
|
||||
@ -244,7 +244,7 @@ func (a *artifactAPI) requireNonProxyCacheProject(ctx context.Context, name stri
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if pro.RegistryID > 0 {
|
||||
if pro.IsProxy() {
|
||||
return errors.New(nil).WithCode(errors.MethodNotAllowedCode).
|
||||
WithMessage("the operation isn't supported for a proxy cache project")
|
||||
}
|
||||
|
||||
@ -119,6 +119,12 @@ func (a *projectAPI) CreateProject(ctx context.Context, params operation.CreateP
|
||||
req.Metadata.Public = strconv.FormatBool(false)
|
||||
}
|
||||
|
||||
// ignore enable_content_trust metadata for proxy cache project
|
||||
// see https://github.com/goharbor/harbor/issues/12940 to get more info
|
||||
if req.RegistryID != nil {
|
||||
req.Metadata.EnableContentTrust = nil
|
||||
}
|
||||
|
||||
// validate the RegistryID and StorageLimit in the body of the request
|
||||
if err := a.validateProjectReq(ctx, req); err != nil {
|
||||
return a.SendError(ctx, err)
|
||||
@ -314,7 +320,7 @@ func (a *projectAPI) GetProjectSummary(ctx context.Context, params operation.Get
|
||||
fetchSummaries = append(fetchSummaries, getProjectMemberSummary)
|
||||
}
|
||||
|
||||
if p.RegistryID > 0 {
|
||||
if p.IsProxy() {
|
||||
fetchSummaries = append(fetchSummaries, getProjectRegistrySummary)
|
||||
}
|
||||
|
||||
@ -458,6 +464,11 @@ func (a *projectAPI) UpdateProject(ctx context.Context, params operation.UpdateP
|
||||
}
|
||||
}
|
||||
|
||||
// ignore enable_content_trust metadata for proxy cache project
|
||||
// see https://github.com/goharbor/harbor/issues/12940 to get more info
|
||||
if params.Project.Metadata != nil && p.IsProxy() {
|
||||
params.Project.Metadata.EnableContentTrust = nil
|
||||
}
|
||||
lib.JSONCopy(&p.Metadata, params.Project.Metadata)
|
||||
|
||||
if err := a.projectCtl.Update(ctx, p); err != nil {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user