mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-18 13:41:21 +01:00
token request posted to token service directly
This commit is contained in:
parent
61a888926e
commit
5fbe2c1a72
@ -16,14 +16,10 @@
|
|||||||
package replication
|
package replication
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
|
||||||
"fmt"
|
|
||||||
"io/ioutil"
|
|
||||||
"net/http"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/vmware/harbor/models"
|
"github.com/vmware/harbor/models"
|
||||||
"github.com/vmware/harbor/utils/log"
|
"github.com/vmware/harbor/utils/log"
|
||||||
|
"github.com/vmware/harbor/utils/registry"
|
||||||
|
"github.com/vmware/harbor/utils/registry/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -42,11 +38,20 @@ type Deleter struct {
|
|||||||
|
|
||||||
insecure bool
|
insecure bool
|
||||||
|
|
||||||
|
dstClient *registry.Repository
|
||||||
|
|
||||||
logger *log.Logger
|
logger *log.Logger
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewDeleter returns a Deleter
|
// NewDeleter returns a Deleter
|
||||||
func NewDeleter(repository string, tags []string, dstURL, dstUsr, dstPwd string, insecure bool, logger *log.Logger) *Deleter {
|
func NewDeleter(repository string, tags []string, dstURL, dstUsr, dstPwd string, insecure bool, logger *log.Logger) (*Deleter, error) {
|
||||||
|
dstCred := auth.NewBasicAuthCredential(dstUsr, dstPwd)
|
||||||
|
dstClient, err := newRepositoryClient(dstURL, insecure, dstCred,
|
||||||
|
repository, "repository", repository, "pull", "push", "*")
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
deleter := &Deleter{
|
deleter := &Deleter{
|
||||||
repository: repository,
|
repository: repository,
|
||||||
tags: tags,
|
tags: tags,
|
||||||
@ -54,11 +59,12 @@ func NewDeleter(repository string, tags []string, dstURL, dstUsr, dstPwd string,
|
|||||||
dstUsr: dstUsr,
|
dstUsr: dstUsr,
|
||||||
dstPwd: dstPwd,
|
dstPwd: dstPwd,
|
||||||
insecure: insecure,
|
insecure: insecure,
|
||||||
|
dstClient: dstClient,
|
||||||
logger: logger,
|
logger: logger,
|
||||||
}
|
}
|
||||||
deleter.logger.Infof("initialization completed: repository: %s, tags: %v, destination URL: %s, destination user: %s",
|
deleter.logger.Infof("initialization completed: repository: %s, tags: %v, destination URL: %s, destination user: %s",
|
||||||
deleter.repository, deleter.tags, deleter.dstURL, deleter.dstUsr)
|
deleter.repository, deleter.tags, deleter.dstURL, deleter.dstUsr)
|
||||||
return deleter
|
return deleter, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Exit ...
|
// Exit ...
|
||||||
@ -68,25 +74,22 @@ func (d *Deleter) Exit() error {
|
|||||||
|
|
||||||
// Enter deletes repository or tags
|
// Enter deletes repository or tags
|
||||||
func (d *Deleter) Enter() (string, error) {
|
func (d *Deleter) Enter() (string, error) {
|
||||||
url := strings.TrimRight(d.dstURL, "/") + "/api/repositories/"
|
|
||||||
|
|
||||||
// delete repository
|
|
||||||
if len(d.tags) == 0 {
|
if len(d.tags) == 0 {
|
||||||
u := url + "?repo_name=" + d.repository
|
tags, err := d.dstClient.ListTag()
|
||||||
if err := del(u, d.dstUsr, d.dstPwd, d.insecure); err != nil {
|
if err != nil {
|
||||||
d.logger.Errorf("an error occurred while deleting repository %s on %s with user %s: %v", d.repository, d.dstURL, d.dstUsr, err)
|
d.logger.Errorf("an error occurred while listing tags of repository %s on %s with user %s: %v", d.repository, d.dstURL, d.dstUsr, err)
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
d.logger.Infof("repository %s on %s has been deleted", d.repository, d.dstURL)
|
d.tags = append(d.tags, tags...)
|
||||||
|
|
||||||
return models.JobFinished, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// delele tags
|
d.logger.Infof("tags %v will be deleted", d.tags)
|
||||||
|
|
||||||
for _, tag := range d.tags {
|
for _, tag := range d.tags {
|
||||||
u := url + "?repo_name=" + d.repository + "&tag=" + tag
|
|
||||||
if err := del(u, d.dstUsr, d.dstPwd, d.insecure); err != nil {
|
if err := d.dstClient.DeleteTag(tag); err != nil {
|
||||||
d.logger.Errorf("an error occurred while deleting repository %s:%s on %s with user %s: %v", d.repository, tag, d.dstURL, d.dstUsr, err)
|
d.logger.Errorf("an error occurred while deleting repository %s:%s on %s with user %s: %v", d.repository, tag, d.dstURL, d.dstUsr, err)
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
@ -96,37 +99,3 @@ func (d *Deleter) Enter() (string, error) {
|
|||||||
|
|
||||||
return models.JobFinished, nil
|
return models.JobFinished, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func del(url, username, password string, insecure bool) error {
|
|
||||||
req, err := http.NewRequest("DELETE", url, nil)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
req.SetBasicAuth(username, password)
|
|
||||||
|
|
||||||
client := &http.Client{
|
|
||||||
Transport: &http.Transport{
|
|
||||||
TLSClientConfig: &tls.Config{
|
|
||||||
InsecureSkipVerify: insecure,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
resp, err := client.Do(req)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if resp.StatusCode == http.StatusOK {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
defer resp.Body.Close()
|
|
||||||
b, err := ioutil.ReadAll(resp.Body)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return fmt.Errorf("%d %s", resp.StatusCode, string(b))
|
|
||||||
}
|
|
||||||
|
@ -432,7 +432,7 @@ func newRepositoryClient(endpoint string, insecure bool, credential auth.Credent
|
|||||||
}
|
}
|
||||||
|
|
||||||
uam := &userAgentModifier{
|
uam := &userAgentModifier{
|
||||||
userAgent: "registry-client",
|
userAgent: "harbor-registry-client",
|
||||||
}
|
}
|
||||||
|
|
||||||
client, err := registry.NewRepositoryWithModifiers(repository, endpoint, insecure, store, uam)
|
client, err := registry.NewRepositoryWithModifiers(repository, endpoint, insecure, store, uam)
|
||||||
|
@ -260,12 +260,9 @@ func (sm *SM) Reset(jid int64) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func addImgTransferTransition(sm *SM) error {
|
func addImgTransferTransition(sm *SM) error {
|
||||||
// TODO read variable from config file
|
|
||||||
insecure := true
|
|
||||||
|
|
||||||
base, err := replication.InitBaseHandler(sm.Parms.Repository, sm.Parms.LocalRegURL, config.UISecret(),
|
base, err := replication.InitBaseHandler(sm.Parms.Repository, sm.Parms.LocalRegURL, config.UISecret(),
|
||||||
sm.Parms.TargetURL, sm.Parms.TargetUsername, sm.Parms.TargetPassword,
|
sm.Parms.TargetURL, sm.Parms.TargetUsername, sm.Parms.TargetPassword,
|
||||||
insecure, sm.Parms.Tags, sm.Logger)
|
sm.Parms.Insecure, sm.Parms.Tags, sm.Logger)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -279,10 +276,11 @@ func addImgTransferTransition(sm *SM) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func addImgDeleteTransition(sm *SM) error {
|
func addImgDeleteTransition(sm *SM) error {
|
||||||
// TODO read variable from config file
|
deleter, err := replication.NewDeleter(sm.Parms.Repository, sm.Parms.Tags, sm.Parms.TargetURL,
|
||||||
insecure := true
|
sm.Parms.TargetUsername, sm.Parms.TargetPassword, sm.Parms.Insecure, sm.Logger)
|
||||||
deleter := replication.NewDeleter(sm.Parms.Repository, sm.Parms.Tags, sm.Parms.TargetURL,
|
if err != nil {
|
||||||
sm.Parms.TargetUsername, sm.Parms.TargetPassword, insecure, sm.Logger)
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
sm.AddTransition(models.JobRunning, replication.StateDelete, deleter)
|
sm.AddTransition(models.JobRunning, replication.StateDelete, deleter)
|
||||||
sm.AddTransition(replication.StateDelete, models.JobFinished, &StatusUpdater{DummyHandler{JobID: sm.JobID}, models.JobFinished})
|
sm.AddTransition(replication.StateDelete, models.JobFinished, &StatusUpdater{DummyHandler{JobID: sm.JobID}, models.JobFinished})
|
||||||
|
@ -56,7 +56,7 @@ func (n *NotificationHandler) Post() {
|
|||||||
matched = false
|
matched = false
|
||||||
}
|
}
|
||||||
if matched && (strings.HasPrefix(e.Request.UserAgent, "docker") ||
|
if matched && (strings.HasPrefix(e.Request.UserAgent, "docker") ||
|
||||||
strings.ToLower(strings.TrimSpace(e.Request.UserAgent)) == "registry-client") {
|
strings.ToLower(strings.TrimSpace(e.Request.UserAgent)) == "harbor-registry-client") {
|
||||||
username = e.Actor.Name
|
username = e.Actor.Name
|
||||||
action = e.Action
|
action = e.Action
|
||||||
repo = e.Target.Repository
|
repo = e.Target.Repository
|
||||||
|
@ -22,6 +22,7 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
@ -162,6 +163,8 @@ func NewStandardTokenAuthorizer(credential Credential, insecure bool, scopeType,
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *standardTokenAuthorizer) generateToken(realm, service string, scopes []string) (token string, expiresIn int, issuedAt *time.Time, err error) {
|
func (s *standardTokenAuthorizer) generateToken(realm, service string, scopes []string) (token string, expiresIn int, issuedAt *time.Time, err error) {
|
||||||
|
realm = tokenURL(realm)
|
||||||
|
|
||||||
u, err := url.Parse(realm)
|
u, err := url.Parse(realm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
@ -223,6 +226,22 @@ func (s *standardTokenAuthorizer) generateToken(realm, service string, scopes []
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// when the registry client is used inside Harbor, the token request
|
||||||
|
// can be posted to token service directly rather than going through nginx.
|
||||||
|
// this solution can resolve two problems:
|
||||||
|
// 1. performance issue
|
||||||
|
// 2. the realm field returned by registry is an IP which can not reachable
|
||||||
|
// inside Harbor
|
||||||
|
func tokenURL(realm string) string {
|
||||||
|
extEndpoint := os.Getenv("EXT_ENDPOINT")
|
||||||
|
tokenURL := os.Getenv("TOKEN_URL")
|
||||||
|
if len(extEndpoint) != 0 && len(tokenURL) != 0 &&
|
||||||
|
strings.Contains(realm, extEndpoint) {
|
||||||
|
realm = strings.TrimRight(tokenURL, "/") + "/service/token"
|
||||||
|
}
|
||||||
|
return realm
|
||||||
|
}
|
||||||
|
|
||||||
// Implements interface Handler
|
// Implements interface Handler
|
||||||
type usernameTokenAuthorizer struct {
|
type usernameTokenAuthorizer struct {
|
||||||
tokenAuthorizer
|
tokenAuthorizer
|
||||||
|
Loading…
Reference in New Issue
Block a user