mirror of
https://github.com/goharbor/harbor.git
synced 2024-07-06 11:46:11 +02:00
Trust Root CA of VIC appliance when accessing Admiral
This commit is contained in:
Tan Jiang
parent
debcf7858a
commit
5dd75bb0b0
|
|
@ -61,7 +61,7 @@ var adminServerDefaultConfig = map[string]interface{}{
|
||||||
common.TokenExpiration: 30,
|
common.TokenExpiration: 30,
|
||||||
common.CfgExpiration: 5,
|
common.CfgExpiration: 5,
|
||||||
common.AdminInitialPassword: "password",
|
common.AdminInitialPassword: "password",
|
||||||
common.AdmiralEndpoint: "http://www.vmware.com",
|
common.AdmiralEndpoint: "",
|
||||||
common.WithNotary: false,
|
common.WithNotary: false,
|
||||||
common.WithClair: false,
|
common.WithClair: false,
|
||||||
common.ClairDBUsername: "postgres",
|
common.ClairDBUsername: "postgres",
|
||||||
|
|
@ -84,8 +84,13 @@ func NewAdminserver(config map[string]interface{}) (*httptest.Server, error) {
|
||||||
m := []*RequestHandlerMapping{}
|
m := []*RequestHandlerMapping{}
|
||||||
if config == nil {
|
if config == nil {
|
||||||
config = adminServerDefaultConfig
|
config = adminServerDefaultConfig
|
||||||
|
} else {
|
||||||
|
for k, v := range adminServerDefaultConfig {
|
||||||
|
if _, ok := config[k]; !ok {
|
||||||
|
config[k] = v
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
b, err := json.Marshal(config)
|
b, err := json.Marshal(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
|
|
@ -16,8 +16,10 @@ package config
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
@ -58,6 +60,8 @@ var (
|
||||||
TokenReader admiral.TokenReader
|
TokenReader admiral.TokenReader
|
||||||
// GlobalJobserviceClient is a global client for jobservice
|
// GlobalJobserviceClient is a global client for jobservice
|
||||||
GlobalJobserviceClient jobservice_client.Client
|
GlobalJobserviceClient jobservice_client.Client
|
||||||
|
|
||||||
|
defaultCACertPath = "/etc/ui/ca/ca.crt"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Init configurations
|
// Init configurations
|
||||||
|
|
@ -94,8 +98,12 @@ func InitByURL(adminServerURL string) error {
|
||||||
initSecretStore()
|
initSecretStore()
|
||||||
|
|
||||||
// init project manager based on deploy mode
|
// init project manager based on deploy mode
|
||||||
initProjectManager()
|
if err := initProjectManager(); err != nil {
|
||||||
|
log.Errorf("Failed to initialise project manager, error: %v", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
//TODO: No longer needed after shifting to the new job service.
|
||||||
GlobalJobserviceClient = jobservice_client.NewDefaultClient(InternalJobServiceURL(),
|
GlobalJobserviceClient = jobservice_client.NewDefaultClient(InternalJobServiceURL(),
|
||||||
&jobservice_client.Config{
|
&jobservice_client.Config{
|
||||||
Secret: UISecret(),
|
Secret: UISecret(),
|
||||||
|
|
@ -120,20 +128,28 @@ func initSecretStore() {
|
||||||
SecretStore = secret.NewStore(m)
|
SecretStore = secret.NewStore(m)
|
||||||
}
|
}
|
||||||
|
|
||||||
func initProjectManager() {
|
func initProjectManager() error {
|
||||||
var driver pmsdriver.PMSDriver
|
var driver pmsdriver.PMSDriver
|
||||||
if WithAdmiral() {
|
if WithAdmiral() {
|
||||||
// integration with admiral
|
log.Debugf("Initialising Admiral client with certificate: %s", defaultCACertPath)
|
||||||
log.Info("initializing the project manager based on PMS...")
|
content, err := ioutil.ReadFile(defaultCACertPath)
|
||||||
// TODO read ca/cert file and pass it to the TLS config
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
pool := x509.NewCertPool()
|
||||||
|
if ok := pool.AppendCertsFromPEM(content); !ok {
|
||||||
|
return fmt.Errorf("failed to append cert content into cert pool")
|
||||||
|
}
|
||||||
AdmiralClient = &http.Client{
|
AdmiralClient = &http.Client{
|
||||||
Transport: &http.Transport{
|
Transport: &http.Transport{
|
||||||
TLSClientConfig: &tls.Config{
|
TLSClientConfig: &tls.Config{
|
||||||
InsecureSkipVerify: true,
|
RootCAs: pool,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// integration with admiral
|
||||||
|
log.Info("initializing the project manager based on PMS...")
|
||||||
path := os.Getenv("SERVICE_TOKEN_FILE_PATH")
|
path := os.Getenv("SERVICE_TOKEN_FILE_PATH")
|
||||||
if len(path) == 0 {
|
if len(path) == 0 {
|
||||||
path = defaultTokenFilePath
|
path = defaultTokenFilePath
|
||||||
|
|
@ -149,6 +165,7 @@ func initProjectManager() {
|
||||||
driver = local.NewDriver()
|
driver = local.NewDriver()
|
||||||
}
|
}
|
||||||
GlobalProjectMgr = promgr.NewDefaultProjectManager(driver, true)
|
GlobalProjectMgr = promgr.NewDefaultProjectManager(driver, true)
|
||||||
|
return nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,8 @@ package config
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
|
"path"
|
||||||
|
"runtime"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
|
@ -24,7 +26,12 @@ import (
|
||||||
|
|
||||||
// test functions under package ui/config
|
// test functions under package ui/config
|
||||||
func TestConfig(t *testing.T) {
|
func TestConfig(t *testing.T) {
|
||||||
server, err := test.NewAdminserver(nil)
|
|
||||||
|
defaultCACertPath = path.Join(currPath(), "test", "ca.crt")
|
||||||
|
c := map[string]interface{}{
|
||||||
|
common.AdmiralEndpoint: "http://www.vmware.com",
|
||||||
|
}
|
||||||
|
server, err := test.NewAdminserver(c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("failed to create a mock admin server: %v", err)
|
t.Fatalf("failed to create a mock admin server: %v", err)
|
||||||
}
|
}
|
||||||
|
|
@ -190,3 +197,11 @@ func TestConfig(t *testing.T) {
|
||||||
assert.Equal("http://myui:8888/service/token", InternalTokenServiceEndpoint())
|
assert.Equal("http://myui:8888/service/token", InternalTokenServiceEndpoint())
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func currPath() string {
|
||||||
|
_, f, _, ok := runtime.Caller(0)
|
||||||
|
if !ok {
|
||||||
|
panic("Failed to get current directory")
|
||||||
|
}
|
||||||
|
return path.Dir(f)
|
||||||
|
}
|
||||||
|
|
|
||||||
18
src/ui/config/test/ca.crt
Normal file
18
src/ui/config/test/ca.crt
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIC7TCCAdWgAwIBAgIJAKmFRnILlp3XMA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNV
|
||||||
|
BAMMAmNhMB4XDTE3MDkyNDA3MDA1M1oXDTI3MDkyMjA3MDA1M1owDTELMAkGA1UE
|
||||||
|
AwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr4+HxXkY81j1p
|
||||||
|
5OD3htFkbJI+XulBgc7ja5YorU323VB7JfNBnau3rDZS8NdyvkLLEQT4rKw5Dd4p
|
||||||
|
phlmdKsmIq9ej1OlDjWnCOGr+HG2jG5POgPYRCf5WgCGoQ4eUIA+IXcVroG8f1YM
|
||||||
|
LDzZEBKlEP80W0zyh0ma/BYN8HG4Ica4q/iIjffJc7ob/tWFGt2HobI9wbTSyBgR
|
||||||
|
s7JSs6MBIISXGAuOE3cs7vJNzKtWhQSBw4j8FFUZSYCyONFYfOg2OtZG6z1XhpTC
|
||||||
|
rfVMm6cEsYla/mf9bJB2AqtRiUdUZwAOWQbalWPFKEO73Bj4/5sVNHKFCd/S6J1z
|
||||||
|
LHaWM0W7AgMBAAGjUDBOMB0GA1UdDgQWBBR0jFgTuL9K2iWE0wzU7r4RZT0k+zAf
|
||||||
|
BgNVHSMEGDAWgBR0jFgTuL9K2iWE0wzU7r4RZT0k+zAMBgNVHRMEBTADAQH/MA0G
|
||||||
|
CSqGSIb3DQEBCwUAA4IBAQCemrfEKHPe5ahb2III89+iuIDmbPgVESXqnf88UUdS
|
||||||
|
Iv+htE8hu9CkSemsErXcC0kUbPSM0vWN9IbHINq78cXucVyi+YTzaKJ8zsK01/zf
|
||||||
|
x0xYeK5bffYTQzs+BopTCwVqd9zHSs9a2zPnsBVHXCn25j30anQgQH9ODsspXZ3i
|
||||||
|
WUAkEOmZDnNuX7tGDesA+7h8BPcZ8zrz94kxsrdneMXuHdT1iHxS/hTxTEUUhOMF
|
||||||
|
FntwT6zx3fGL4cNG06d+pdjjp+CuUR+8GRxeASbYBWhXeiY1ykipiptxkp1zhZ3x
|
||||||
|
SNandCCdeMRntnNs/+xvRhsEGbhyrvzg2WFL2NrqiKtg
|
||||||
|
-----END CERTIFICATE-----
|
||||||
Loading…
Reference in New Issue
Block a user