Merge pull request #3995 from reasonerjt/admin-rename

Provide API to rename admin
This commit is contained in:
Daniel Jiang 2018-01-12 13:59:13 +08:00 committed by GitHub
commit 43afd426bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 59 additions and 5 deletions

View File

@ -82,4 +82,5 @@ const (
DefaultClairEndpoint = "http://clair:6060" DefaultClairEndpoint = "http://clair:6060"
CfgDriverDB = "db" CfgDriverDB = "db"
CfgDriverJSON = "json" CfgDriverJSON = "json"
NewHarborAdminName = "admin@harbor.local"
) )

View File

@ -40,7 +40,7 @@ func execUpdate(o orm.Ormer, sql string, params ...interface{}) error {
return nil return nil
} }
func clearUp(username string) { func cleanByUser(username string) {
var err error var err error
o := GetOrmer() o := GetOrmer()
@ -155,7 +155,7 @@ func TestMain(m *testing.M) {
} }
func testForAll(m *testing.M) int { func testForAll(m *testing.M) int {
clearUp(username) cleanByUser(username)
return m.Run() return m.Run()
} }
@ -1586,6 +1586,12 @@ func TestGetScanJobsByStatus(t *testing.T) {
assert.Equal(sj1.Repository, r2[0].Repository) assert.Equal(sj1.Repository, r2[0].Repository)
} }
func TestIsSuperUser(t *testing.T) {
assert := assert.New(t)
assert.True(IsSuperUser("admin"))
assert.False(IsSuperUser("none"))
}
func TestSaveConfigEntries(t *testing.T) { func TestSaveConfigEntries(t *testing.T) {
configEntries := []models.ConfigEntry{ configEntries := []models.ConfigEntry{
{ {

View File

@ -296,6 +296,19 @@ func OnBoardUser(u *models.User) error {
return nil return nil
} }
//IsSuperUser checks if the user is super user(conventionally id == 1) of Harbor
func IsSuperUser(username string) bool {
u, err := GetUser(models.User{
Username: username,
})
log.Debugf("Check if user %s is super user", username)
if err != nil {
log.Errorf("Failed to get user from DB, username: %s, error: %v", username, err)
return false
}
return u != nil && u.UserID == 1
}
//CleanUser - Clean this user information from DB //CleanUser - Clean this user information from DB
func CleanUser(id int64) error { func CleanUser(id int64) error {
if _, err := GetOrmer().QueryTable(&models.User{}). if _, err := GetOrmer().QueryTable(&models.User{}).

View File

@ -15,6 +15,10 @@
package api package api
import ( import (
"github.com/vmware/harbor/src/common"
"github.com/vmware/harbor/src/common/dao"
"github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/src/common/utils/log"
"net/http" "net/http"
) )
@ -43,3 +47,21 @@ func (ia *InternalAPI) SyncRegistry() {
ia.CustomAbort(http.StatusInternalServerError, "internal error") ia.CustomAbort(http.StatusInternalServerError, "internal error")
} }
} }
// RenameAdmin we don't provide flexibility in this API, as this is a workaround.
func (ia *InternalAPI) RenameAdmin() {
if !dao.IsSuperUser(ia.SecurityCtx.GetUsername()) {
log.Errorf("User %s is not super user, not allow to rename admin.", ia.SecurityCtx.GetUsername())
ia.CustomAbort(http.StatusForbidden, "")
}
newName := common.NewHarborAdminName
if err := dao.ChangeUserProfile(models.User{
UserID: 1,
Username: newName,
}, "username"); err != nil {
log.Errorf("Failed to change admin's username, error: %v", err)
ia.CustomAbort(http.StatusInternalServerError, "Failed to rename admin user.")
}
log.Debugf("The super user has been renamed to: %s", newName)
ia.DestroySession()
}

View File

@ -18,6 +18,8 @@ import (
"fmt" "fmt"
"time" "time"
"github.com/vmware/harbor/src/common"
"github.com/vmware/harbor/src/common/dao"
"github.com/vmware/harbor/src/common/models" "github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/src/common/utils/log" "github.com/vmware/harbor/src/common/utils/log"
"github.com/vmware/harbor/src/ui/config" "github.com/vmware/harbor/src/ui/config"
@ -88,8 +90,8 @@ func Login(m models.AuthModel) (*models.User, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
if authMode == "" || m.Principal == "admin" { if authMode == "" || dao.IsSuperUser(m.Principal) {
authMode = "db_auth" authMode = common.DBAuth
} }
log.Debug("Current AUTH_MODE is ", authMode) log.Debug("Current AUTH_MODE is ", authMode)

View File

@ -28,6 +28,7 @@ import (
"github.com/astaxie/beego" "github.com/astaxie/beego"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/vmware/harbor/src/common" "github.com/vmware/harbor/src/common"
"github.com/vmware/harbor/src/common/dao"
"github.com/vmware/harbor/src/common/models" "github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/src/common/utils/test" "github.com/vmware/harbor/src/common/utils/test"
"github.com/vmware/harbor/src/ui/config" "github.com/vmware/harbor/src/ui/config"
@ -126,6 +127,13 @@ func TestAll(t *testing.T) {
if err := proxy.Init(); err != nil { if err := proxy.Init(); err != nil {
panic(err) panic(err)
} }
database, err := config.Database()
if err != nil {
panic(err)
}
if err := dao.InitDatabase(database); err != nil {
panic(err)
}
assert := assert.New(t) assert := assert.New(t)

View File

@ -86,7 +86,6 @@ func initRouters() {
beego.Router("/api/projects/:id([0-9]+)/metadatas/?:name", &api.MetadataAPI{}, "get:Get") beego.Router("/api/projects/:id([0-9]+)/metadatas/?:name", &api.MetadataAPI{}, "get:Get")
beego.Router("/api/projects/:id([0-9]+)/metadatas/", &api.MetadataAPI{}, "post:Post") beego.Router("/api/projects/:id([0-9]+)/metadatas/", &api.MetadataAPI{}, "post:Post")
beego.Router("/api/projects/:id([0-9]+)/metadatas/:name", &api.MetadataAPI{}, "put:Put;delete:Delete") beego.Router("/api/projects/:id([0-9]+)/metadatas/:name", &api.MetadataAPI{}, "put:Put;delete:Delete")
beego.Router("/api/internal/syncregistry", &api.InternalAPI{}, "post:SyncRegistry")
beego.Router("/api/repositories", &api.RepositoryAPI{}, "get:Get") beego.Router("/api/repositories", &api.RepositoryAPI{}, "get:Get")
beego.Router("/api/repositories/scanAll", &api.RepositoryAPI{}, "post:ScanAll") beego.Router("/api/repositories/scanAll", &api.RepositoryAPI{}, "post:ScanAll")
beego.Router("/api/repositories/*", &api.RepositoryAPI{}, "delete:Delete;put:Put") beego.Router("/api/repositories/*", &api.RepositoryAPI{}, "delete:Delete;put:Put")
@ -119,6 +118,9 @@ func initRouters() {
beego.Router("/api/systeminfo/volumes", &api.SystemInfoAPI{}, "get:GetVolumeInfo") beego.Router("/api/systeminfo/volumes", &api.SystemInfoAPI{}, "get:GetVolumeInfo")
beego.Router("/api/systeminfo/getcert", &api.SystemInfoAPI{}, "get:GetCert") beego.Router("/api/systeminfo/getcert", &api.SystemInfoAPI{}, "get:GetCert")
beego.Router("/api/internal/syncregistry", &api.InternalAPI{}, "post:SyncRegistry")
beego.Router("/api/internal/renameadmin", &api.InternalAPI{}, "post:RenameAdmin")
//external service that hosted on harbor process: //external service that hosted on harbor process:
beego.Router("/service/notifications", &registry.NotificationHandler{}) beego.Router("/service/notifications", &registry.NotificationHandler{})
beego.Router("/service/notifications/clair", &clair.Handler{}, "post:Handle") beego.Router("/service/notifications/clair", &clair.Handler{}, "post:Handle")