mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-23 00:57:44 +01:00
Merge pull request #2536 from wy65701436/pms-interceptor
notary interceptor
This commit is contained in:
commit
6ee631d1eb
@ -2,10 +2,13 @@ package proxy
|
||||
|
||||
import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/vmware/harbor/src/common"
|
||||
"github.com/vmware/harbor/src/common/models"
|
||||
notarytest "github.com/vmware/harbor/src/common/utils/notary/test"
|
||||
utilstest "github.com/vmware/harbor/src/common/utils/test"
|
||||
"github.com/vmware/harbor/src/ui/config"
|
||||
"github.com/vmware/harbor/src/ui/projectmanager/pms"
|
||||
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
@ -17,6 +20,9 @@ var endpoint = "10.117.4.142"
|
||||
var notaryServer *httptest.Server
|
||||
var adminServer *httptest.Server
|
||||
|
||||
var admiralEndpoint = "http://127.0.0.1:8282"
|
||||
var token = ""
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
notaryServer = notarytest.NewNotaryServer(endpoint)
|
||||
defer notaryServer.Close()
|
||||
@ -95,6 +101,31 @@ func TestEnvPolicyChecker(t *testing.T) {
|
||||
assert.False(vulFlag)
|
||||
}
|
||||
|
||||
func TestPMSPolicyChecker(t *testing.T) {
|
||||
pm := pms.NewProjectManager(admiralEndpoint, token)
|
||||
name := "project_for_test_get_true"
|
||||
id, err := pm.Create(&models.Project{
|
||||
Name: name,
|
||||
EnableContentTrust: true,
|
||||
})
|
||||
require.Nil(t, err)
|
||||
defer func(id int64) {
|
||||
if err := pm.Delete(id); err != nil {
|
||||
require.Nil(t, err)
|
||||
}
|
||||
}(id)
|
||||
project, err := pm.Get(id)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, id, project.ProjectID)
|
||||
server, err2 := utilstest.NewAdminserver(nil)
|
||||
if err2 != nil {
|
||||
t.Fatalf("failed to create a mock admin server: %v", err2)
|
||||
}
|
||||
defer server.Close()
|
||||
contentTrustFlag := getPolicyChecker().contentTrustEnabled("project_for_test_get_true")
|
||||
assert.True(t, contentTrustFlag)
|
||||
}
|
||||
|
||||
func TestMatchNotaryDigest(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
//The data from common/utils/notary/helper_test.go
|
||||
|
@ -5,6 +5,8 @@ import (
|
||||
"github.com/vmware/harbor/src/common/utils/log"
|
||||
"github.com/vmware/harbor/src/common/utils/notary"
|
||||
"github.com/vmware/harbor/src/ui/config"
|
||||
"github.com/vmware/harbor/src/ui/projectmanager"
|
||||
"github.com/vmware/harbor/src/ui/projectmanager/pms"
|
||||
|
||||
"context"
|
||||
"fmt"
|
||||
@ -64,8 +66,34 @@ func (ec envPolicyChecker) vulnerableEnabled(name string) bool {
|
||||
return os.Getenv("PROJECT_VULNERABBLE") == "1"
|
||||
}
|
||||
|
||||
//TODO: integrate with PMS to get project policies
|
||||
type pmsPolicyChecker struct {
|
||||
pm projectmanager.ProjectManager
|
||||
}
|
||||
|
||||
func (pc pmsPolicyChecker) contentTrustEnabled(name string) bool {
|
||||
project, err := pc.pm.Get(name)
|
||||
if err != nil {
|
||||
log.Errorf("Unexpected error when getting the project, error: %v", err)
|
||||
return true
|
||||
}
|
||||
return project.EnableContentTrust
|
||||
}
|
||||
func (pc pmsPolicyChecker) vulnerableEnabled(name string) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
// newPMSPolicyChecker returns an instance of an pmsPolicyChecker
|
||||
func newPMSPolicyChecker(pm projectmanager.ProjectManager) policyChecker {
|
||||
return &pmsPolicyChecker{
|
||||
pm: pm,
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: Get project manager with PM factory.
|
||||
func getPolicyChecker() policyChecker {
|
||||
if config.WithAdmiral() {
|
||||
return newPMSPolicyChecker(pms.NewProjectManager(config.AdmiralEndpoint(), ""))
|
||||
}
|
||||
return EnvChecker
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user