Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-22 08:38:03 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #9602 from heww/upgrade-clair-adapter

Browse Source 
Upgrade clair adapter to v1.0.0
This commit is contained in:
Steven Zou 2019-10-28 12:19:28 +08:00 committed by GitHub
commit 5c4c04a122
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 28 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -106,7 +106,7 @@ CLAIRDBVERSION=$(VERSIONTAG)
MIGRATORVERSION=$(VERSIONTAG) MIGRATORVERSION=$(VERSIONTAG)
REDISVERSION=$(VERSIONTAG) REDISVERSION=$(VERSIONTAG)
NOTARYMIGRATEVERSION=v3.5.4 NOTARYMIGRATEVERSION=v3.5.4
CLAIRADAPTERVERSION=c7db8b15 CLAIRADAPTERVERSION=v1.0.0
# version of chartmuseum # version of chartmuseum
CHARTMUSEUMVERSION=v0.9.0 CHARTMUSEUMVERSION=v0.9.0
@ -308,8 +308,8 @@ prepare: update_prepare_version
@$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA) @$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
build: build:
make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG) \ make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG) -e GOBUILDIMAGE=$(GOBUILDIMAGE) \
-e REGISTRYVERSION=$(REGISTRYVERSION) -e NGINXVERSION=$(NGINXVERSION) -e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \ -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) -e NGINXVERSION=$(NGINXVERSION) -e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \
-e CLAIRVERSION=$(CLAIRVERSION) -e CLAIRADAPTERVERSION=$(CLAIRADAPTERVERSION) -e CLAIRDBVERSION=$(CLAIRDBVERSION) -e VERSIONTAG=$(VERSIONTAG) \ -e CLAIRVERSION=$(CLAIRVERSION) -e CLAIRADAPTERVERSION=$(CLAIRADAPTERVERSION) -e CLAIRDBVERSION=$(CLAIRDBVERSION) -e VERSIONTAG=$(VERSIONTAG) \
-e BUILDBIN=$(BUILDBIN) -e REDISVERSION=$(REDISVERSION) -e MIGRATORVERSION=$(MIGRATORVERSION) \ -e BUILDBIN=$(BUILDBIN) -e REDISVERSION=$(REDISVERSION) -e MIGRATORVERSION=$(MIGRATORVERSION) \
-e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \ -e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \

13
make/photon/Makefile
View File

@ -146,9 +146,14 @@ _build_clair:
fi fi
_build_clair_adapter: _build_clair_adapter:
# TODO: add support to fetch clair adapter binary from google storage ranther than build from source
@if [ "$(CLAIRFLAG)" = "true" ] ; then \ @if [ "$(CLAIRFLAG)" = "true" ] ; then \
cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder $(CLAIRADAPTERVERSION) && cd - ; \ if [ "$(BUILDBIN)" != "true" ] ; then \
rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && \
$(call _extract_archive, https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz, $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/) && \
mv $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/scanner-clair $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/harbor-scanner-clair; \
else \
cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder $(CLAIRADAPTERVERSION) && cd - ; \
fi ; \
echo "building clair adapter container for photon..." ; \ echo "building clair adapter container for photon..." ; \
$(DOCKERBUILD) -f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) -t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(CLAIRADAPTERVERSION)-$(VERSIONTAG) . ; \ $(DOCKERBUILD) -f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) -t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(CLAIRADAPTERVERSION)-$(VERSIONTAG) . ; \
rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary; \ rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary; \
@ -219,6 +224,10 @@ _build_migrator:
echo "Done."; \ echo "Done."; \
fi fi
define _extract_archive
$(WGET) --timeout 30 --no-check-certificate -O- $1 | tar xvz -C $2
endef
define _get_binary define _get_binary
$(WGET) --timeout 30 --no-check-certificate $1 -O $2 $(WGET) --timeout 30 --no-check-certificate $1 -O $2
endef endef

2
make/photon/clair-adapter/Dockerfile
View File

@ -13,7 +13,7 @@ RUN chown -R 10000:10000 /clair-adapter \
EXPOSE 8080 EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:8080/healthy || exit 1 HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:8080/probe/healthy || exit 1
USER clair-adapter USER clair-adapter

2
make/photon/clair-adapter/builder
View File

@ -20,7 +20,7 @@ cur=$PWD
# the temp folder to store distribution source code... # the temp folder to store distribution source code...
TEMP=`mktemp -d ${TMPDIR-/tmp}/clair-adapter.XXXXXX` TEMP=`mktemp -d ${TMPDIR-/tmp}/clair-adapter.XXXXXX`
git clone https://github.com/danielpacak/harbor-scanner-clair.git $TEMP git clone https://github.com/goharbor/harbor-scanner-clair.git $TEMP
cd $TEMP; git checkout $VERSION; cd - cd $TEMP; git checkout $VERSION; cd -
echo 'build the clair adapter binary bases on the golang:1.12.12' echo 'build the clair adapter binary bases on the golang:1.12.12'

2
make/photon/prepare/utils/docker_compose.py
View File

@ -14,7 +14,7 @@ def prepare_docker_compose(configs, with_clair, with_notary, with_chartmuseum):
REGISTRY_VERSION = versions.get('REGISTRY_VERSION') or 'v2.7.1-patch-2819-2553' REGISTRY_VERSION = versions.get('REGISTRY_VERSION') or 'v2.7.1-patch-2819-2553'
NOTARY_VERSION = versions.get('NOTARY_VERSION') or 'v0.6.1' NOTARY_VERSION = versions.get('NOTARY_VERSION') or 'v0.6.1'
CLAIR_VERSION = versions.get('CLAIR_VERSION') or 'v2.0.9' CLAIR_VERSION = versions.get('CLAIR_VERSION') or 'v2.0.9'
CLAIR_ADAPTER_VERSION = versions.get('CLAIR_ADAPTER_VERSION') or '' CLAIR_ADAPTER_VERSION = versions.get('CLAIR_ADAPTER_VERSION') or 'v1.0.0'
CHARTMUSEUM_VERSION = versions.get('CHARTMUSEUM_VERSION') or 'v0.9.0' CHARTMUSEUM_VERSION = versions.get('CHARTMUSEUM_VERSION') or 'v0.9.0'
rendering_variables = { rendering_variables = {

4
make/photon/registry/builder
View File

@ -19,7 +19,7 @@ cd `dirname $0`
cur=$PWD cur=$PWD
# the temp folder to store distribution source code... # the temp folder to store distribution source code...
TEMP=`mktemp -d /$TMPDIR/distribution.XXXXXX` TEMP=`mktemp -d ${TMPDIR-/tmp}/distribution.XXXXXX`
git clone -b $VERSION https://github.com/docker/distribution.git $TEMP git clone -b $VERSION https://github.com/docker/distribution.git $TEMP
# add patch 2879 # add patch 2879
@ -35,7 +35,7 @@ docker build -f $TEMP/Dockerfile.binary -t registry-golang $TEMP
echo 'copy the registry binary to local...' echo 'copy the registry binary to local...'
ID=$(docker create registry-golang) ID=$(docker create registry-golang)
docker cp $ID:/go/src/github.com/docker/distribution/bin binary docker cp $ID:/go/src/github.com/docker/distribution/bin/registry binary/registry
docker rm -f $ID docker rm -f $ID
docker rmi -f registry-golang docker rmi -f registry-golang

11
src/core/main.go
View File

@ -219,11 +219,12 @@ func main() {
// TODO: change to be internal adapter // TODO: change to be internal adapter
reg := &scanner.Registration{ reg := &scanner.Registration{
Name: "Clair", Name: "Clair",
Description: "The clair scanner adapter", Description: "The clair scanner adapter",
URL: config.ClairAdapterEndpoint(), URL: config.ClairAdapterEndpoint(),
Disabled: false, IsDefault: true,
IsDefault: true, UseInternalAddr: true,
Immutable: true,
} }
if err := scan.EnsureScanner(reg); err != nil { if err := scan.EnsureScanner(reg); err != nil {

4
src/pkg/scan/api/scan/base_controller.go
View File

@ -378,7 +378,7 @@ func (bc *basicController) makeBasicAuthorization(pid int64, repository string,
resource := rbac.NewProjectNamespace(pid).Resource(rbac.ResourceRepository) resource := rbac.NewProjectNamespace(pid).Resource(rbac.ResourceRepository)
access := []*rbac.Policy{{ access := []*rbac.Policy{{
Resource: resource, Resource: resource,
Action: rbac.ActionPull, Action: rbac.ActionScannerPull,
}} }}
robotReq := &model.RobotCreate{ robotReq := &model.RobotCreate{
@ -481,7 +481,7 @@ func makeBearerAuthorization(repository string, username string) (string, error)
{ {
Type: "repository", Type: "repository",
Name: repository, Name: repository,
Actions: []string{"pull"}, Actions: []string{rbac.ActionPull.String(), rbac.ActionScannerPull.String()},
}, },
} }

2
src/pkg/scan/api/scan/base_controller_test.go
View File

@ -161,7 +161,7 @@ func (suite *ControllerTestSuite) SetupSuite() {
resource := fmt.Sprintf("/project/%d/repository", suite.artifact.NamespaceID) resource := fmt.Sprintf("/project/%d/repository", suite.artifact.NamespaceID)
access := []*rbac.Policy{{ access := []*rbac.Policy{{
Resource: rbac.Resource(resource), Resource: rbac.Resource(resource),
Action: "pull", Action: rbac.ActionScannerPull,
}} }}
rname := "the-uuid-123" rname := "the-uuid-123"

4
tests/hostcfg.sh
View File

@ -7,7 +7,3 @@ sudo sed "s/reg.mydomain.com/$IP/" -i make/harbor.yml
echo "https:" >> make/harbor.yml echo "https:" >> make/harbor.yml
echo " certificate: /data/cert/server.crt" >> make/harbor.yml echo " certificate: /data/cert/server.crt" >> make/harbor.yml
echo " private_key: /data/cert/server.key" >> make/harbor.yml echo " private_key: /data/cert/server.key" >> make/harbor.yml
# TODO: remove it when scanner adapter support internal access of harbor
echo "storage_service:" >> make/harbor.yml
echo " ca_bundle: /data/cert/server.crt" >> make/harbor.yml