diff --git a/Deploy/log/Dockerfile b/Deploy/log/Dockerfile index 18a86b0af..3f02ad542 100644 --- a/Deploy/log/Dockerfile +++ b/Deploy/log/Dockerfile @@ -2,15 +2,9 @@ FROM library/ubuntu:14.04 # run logrotate hourly, disable imklog model, provides TCP/UDP syslog reception RUN mv /etc/cron.daily/logrotate /etc/cron.hourly/ \ - && sed 's/$ModLoad imklog/#$ModLoad imklog/' -i /etc/rsyslog.conf \ - && sed 's/$KLogPermitNonKernelFacility on/#$KLogPermitNonKernelFacility on/' -i /etc/rsyslog.conf \ - && sed 's/#$ModLoad imudp/$ModLoad imudp/' -i /etc/rsyslog.conf \ - && sed 's/#$UDPServerRun 514/$UDPServerRun 514/' -i /etc/rsyslog.conf \ - && sed 's/#$ModLoad imtcp/$ModLoad imtcp/' -i /etc/rsyslog.conf \ - && sed 's/#$InputTCPServerRun 514/$InputTCPServerRun 514/' -i /etc/rsyslog.conf \ - && sed 's/$PrivDropToUser syslog/#$PrivDropToUser syslog/' -i /etc/rsyslog.conf \ - && sed 's/$PrivDropToGroup syslog/#$PrivDropToGroup syslog/' -i /etc/rsyslog.conf \ - && rm /etc/rsyslog.d/* + && rm /etc/rsyslog.d/* \ + && rm /etc/rsyslog.conf +ADD rsyslog.conf /etc/rsyslog.conf # logrotate configuration file for docker ADD logrotate_docker.conf /etc/logrotate.d/ @@ -23,4 +17,3 @@ VOLUME /var/log/docker/ EXPOSE 514 CMD cron && rsyslogd -n - diff --git a/Deploy/log/rsyslog.conf b/Deploy/log/rsyslog.conf new file mode 100644 index 000000000..8b5c4fd84 --- /dev/null +++ b/Deploy/log/rsyslog.conf @@ -0,0 +1,60 @@ +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html +# +# Default logging rules can be found in /etc/rsyslog.d/50-default.conf + + +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging +#$ModLoad imklog # provides kernel logging support +#$ModLoad immark # provides --MARK-- message capability + +# provides UDP syslog reception +$ModLoad imudp +$UDPServerRun 514 + +# provides TCP syslog reception +$ModLoad imtcp +$InputTCPServerRun 514 + +# Enable non-kernel facility klog messages +#$KLogPermitNonKernelFacility on + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# Filter duplicated messages +$RepeatedMsgReduction on + +# +# Set the default permissions for all log files. +# +$FileOwner syslog +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 +#$PrivDropToUser syslog +#$PrivDropToGroup syslog + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf diff --git a/dao/accesslog.go b/dao/accesslog.go index 908fb9280..dc18e9d66 100644 --- a/dao/accesslog.go +++ b/dao/accesslog.go @@ -20,13 +20,11 @@ import ( "github.com/vmware/harbor/models" "github.com/vmware/harbor/utils/log" - - "github.com/astaxie/beego/orm" ) // AddAccessLog persists the access logs func AddAccessLog(accessLog models.AccessLog) error { - o := orm.NewOrm() + o := GetOrmer() p, err := o.Raw(`insert into access_log (user_id, project_id, repo_name, repo_tag, guid, operation, op_time) values (?, ?, ?, ?, ?, ?, now())`).Prepare() @@ -43,7 +41,7 @@ func AddAccessLog(accessLog models.AccessLog) error { //GetAccessLogs gets access logs according to different conditions func GetAccessLogs(accessLog models.AccessLog) ([]models.AccessLog, error) { - o := orm.NewOrm() + o := GetOrmer() sql := `select a.log_id, u.username, a.repo_name, a.repo_tag, a.operation, a.op_time from access_log a left join user u on a.user_id = u.user_id where a.project_id = ? ` @@ -106,7 +104,7 @@ func GetAccessLogs(accessLog models.AccessLog) ([]models.AccessLog, error) { // AccessLog ... func AccessLog(username, projectName, repoName, repoTag, action string) error { - o := orm.NewOrm() + o := GetOrmer() sql := "insert into access_log (user_id, project_id, repo_name, repo_tag, operation, op_time) " + "select (select user_id as user_id from user where username=?), " + "(select project_id as project_id from project where name=?), ?, ?, ?, now() " diff --git a/dao/base.go b/dao/base.go index fe1c5a0ed..5a74252c8 100644 --- a/dao/base.go +++ b/dao/base.go @@ -22,6 +22,7 @@ import ( "os" "strings" + "sync" "time" "github.com/astaxie/beego/orm" @@ -97,3 +98,14 @@ func InitDB() { panic(err) } } + +var globalOrm orm.Ormer +var once sync.Once + +// GetOrmer :set ormer singleton +func GetOrmer() orm.Ormer { + once.Do(func() { + globalOrm = orm.NewOrm() + }) + return globalOrm +} diff --git a/dao/dao_test.go b/dao/dao_test.go index 8e300740d..e281a8d2c 100644 --- a/dao/dao_test.go +++ b/dao/dao_test.go @@ -715,3 +715,10 @@ func TestDeleteUser(t *testing.T) { t.Errorf("user is not nil after deletion, user: %+v", user) } } + +func TestGetOrmer(t *testing.T) { + o := GetOrmer() + if o == nil { + t.Errorf("Error get ormer.") + } +} diff --git a/dao/project.go b/dao/project.go index 399cad6aa..60f32e367 100644 --- a/dao/project.go +++ b/dao/project.go @@ -22,7 +22,6 @@ import ( "fmt" "time" - "github.com/astaxie/beego/orm" "github.com/vmware/harbor/utils/log" ) @@ -38,7 +37,7 @@ func AddProject(project models.Project) (int64, error) { return 0, errors.New("project name contains illegal characters") } - o := orm.NewOrm() + o := GetOrmer() p, err := o.Raw("insert into project (owner_id, name, creation_time, update_time, deleted, public) values (?, ?, ?, ?, ?, ?)").Prepare() if err != nil { @@ -81,7 +80,7 @@ func IsProjectPublic(projectName string) bool { //ProjectExists returns whether the project exists according to its name of ID. func ProjectExists(nameOrID interface{}) (bool, error) { - o := orm.NewOrm() + o := GetOrmer() type dummy struct{} sql := `select project_id from project where deleted = 0 and ` switch nameOrID.(type) { @@ -104,7 +103,7 @@ func ProjectExists(nameOrID interface{}) (bool, error) { // GetProjectByID ... func GetProjectByID(id int64) (*models.Project, error) { - o := orm.NewOrm() + o := GetOrmer() sql := `select p.project_id, p.name, u.username as owner_name, p.owner_id, p.creation_time, p.update_time, p.public from project p left join user u on p.owner_id = u.user_id where p.deleted = 0 and p.project_id = ?` @@ -127,7 +126,7 @@ func GetProjectByID(id int64) (*models.Project, error) { // GetProjectByName ... func GetProjectByName(name string) (*models.Project, error) { - o := orm.NewOrm() + o := GetOrmer() var p []models.Project n, err := o.Raw(`select * from project where name = ? and deleted = 0`, name).QueryRows(&p) if err != nil { @@ -143,7 +142,7 @@ func GetProjectByName(name string) (*models.Project, error) { // GetPermission gets roles that the user has according to the project. func GetPermission(username, projectName string) (string, error) { - o := orm.NewOrm() + o := GetOrmer() sql := `select r.role_code from role as r inner join project_member as pm on r.role_id = pm.role @@ -166,7 +165,7 @@ func GetPermission(username, projectName string) (string, error) { // ToggleProjectPublicity toggles the publicity of the project. func ToggleProjectPublicity(projectID int64, publicity int) error { - o := orm.NewOrm() + o := GetOrmer() sql := "update project set public = ? where project_id = ?" _, err := o.Raw(sql, publicity, projectID).Exec() return err @@ -177,7 +176,7 @@ func ToggleProjectPublicity(projectID int64, publicity int) error { // 1. the project is not deleted // 2. the prject is public or the user is a member of the project func SearchProjects(userID int) ([]models.Project, error) { - o := orm.NewOrm() + o := GetOrmer() sql := `select distinct p.project_id, p.name, p.public from project p left join project_member pm on p.project_id = pm.project_id @@ -194,7 +193,7 @@ func SearchProjects(userID int) ([]models.Project, error) { // GetUserRelevantProjects returns the projects of the user which are not deleted and name like projectName func GetUserRelevantProjects(userID int, projectName string) ([]models.Project, error) { - o := orm.NewOrm() + o := GetOrmer() sql := `select distinct p.project_id, p.owner_id, p.name,p.creation_time, p.update_time, p.public, pm.role role from project p @@ -235,7 +234,7 @@ func GetAllProjects(projectName string) ([]models.Project, error) { } func getProjects(public int, projectName string) ([]models.Project, error) { - o := orm.NewOrm() + o := GetOrmer() sql := `select project_id, owner_id, creation_time, update_time, name, public from project where deleted = 0` diff --git a/dao/projectmember.go b/dao/projectmember.go index d994afb43..52947f869 100644 --- a/dao/projectmember.go +++ b/dao/projectmember.go @@ -16,13 +16,12 @@ package dao import ( - "github.com/astaxie/beego/orm" "github.com/vmware/harbor/models" ) // AddProjectMember inserts a record to table project_member func AddProjectMember(projectID int64, userID int, role int) error { - o := orm.NewOrm() + o := GetOrmer() sql := "insert into project_member (project_id, user_id , role) values (?, ?, ?)" @@ -33,7 +32,7 @@ func AddProjectMember(projectID int64, userID int, role int) error { // UpdateProjectMember updates the record in table project_member func UpdateProjectMember(projectID int64, userID int, role int) error { - o := orm.NewOrm() + o := GetOrmer() sql := "update project_member set role = ? where project_id = ? and user_id = ?" @@ -44,7 +43,7 @@ func UpdateProjectMember(projectID int64, userID int, role int) error { // DeleteProjectMember delete the record from table project_member func DeleteProjectMember(projectID int64, userID int) error { - o := orm.NewOrm() + o := GetOrmer() sql := "delete from project_member where project_id = ? and user_id = ?" @@ -57,7 +56,7 @@ func DeleteProjectMember(projectID int64, userID int) error { // GetUserByProject gets all members of the project. func GetUserByProject(projectID int64, queryUser models.User) ([]models.User, error) { - o := orm.NewOrm() + o := GetOrmer() u := []models.User{} sql := `select u.user_id, u.username, r.name rolename, r.role_id from user u diff --git a/dao/register.go b/dao/register.go index 6f5351504..3dc388c16 100644 --- a/dao/register.go +++ b/dao/register.go @@ -22,8 +22,6 @@ import ( "github.com/vmware/harbor/models" "github.com/vmware/harbor/utils" - - "github.com/astaxie/beego/orm" ) // Register is used for user to register, the password is encrypted before the record is inserted into database. @@ -34,7 +32,7 @@ func Register(user models.User) (int64, error) { return 0, err } - o := orm.NewOrm() + o := GetOrmer() p, err := o.Raw("insert into user (username, password, realname, email, comment, salt, sysadmin_flag, creation_time, update_time) values (?, ?, ?, ?, ?, ?, ?, ?, ?)").Prepare() if err != nil { @@ -108,7 +106,7 @@ func UserExists(user models.User, target string) (bool, error) { return false, errors.New("User name and email are blank.") } - o := orm.NewOrm() + o := GetOrmer() sql := `select user_id from user where 1=1 ` queryParam := make([]interface{}, 1) diff --git a/dao/role.go b/dao/role.go index 2adf93aaa..00281f40d 100644 --- a/dao/role.go +++ b/dao/role.go @@ -18,14 +18,13 @@ package dao import ( "fmt" - "github.com/astaxie/beego/orm" "github.com/vmware/harbor/models" ) // GetUserProjectRoles returns roles that the user has according to the project. func GetUserProjectRoles(userID int, projectID int64) ([]models.Role, error) { - o := orm.NewOrm() + o := GetOrmer() sql := `select * from role @@ -76,7 +75,7 @@ func IsAdminRole(userIDOrUsername interface{}) (bool, error) { // GetRoleByID ... func GetRoleByID(id int) (*models.Role, error) { - o := orm.NewOrm() + o := GetOrmer() sql := `select * from role diff --git a/dao/user.go b/dao/user.go index 3d94d2a76..d337a55e2 100644 --- a/dao/user.go +++ b/dao/user.go @@ -22,14 +22,13 @@ import ( "github.com/vmware/harbor/models" "github.com/vmware/harbor/utils" - "github.com/astaxie/beego/orm" "github.com/vmware/harbor/utils/log" ) // GetUser ... func GetUser(query models.User) (*models.User, error) { - o := orm.NewOrm() + o := GetOrmer() sql := `select user_id, username, email, realname, comment, reset_uuid, salt, sysadmin_flag, creation_time, update_time @@ -66,7 +65,7 @@ func GetUser(query models.User) (*models.User, error) { // LoginByDb is used for user to login with database auth mode. func LoginByDb(auth models.AuthModel) (*models.User, error) { - o := orm.NewOrm() + o := GetOrmer() var users []models.User n, err := o.Raw(`select * from user where (username = ? or email = ?) and deleted = 0`, @@ -91,7 +90,7 @@ func LoginByDb(auth models.AuthModel) (*models.User, error) { // ListUsers lists all users according to different conditions. func ListUsers(query models.User) ([]models.User, error) { - o := orm.NewOrm() + o := GetOrmer() u := []models.User{} sql := `select user_id, username, email, realname, comment, reset_uuid, salt, sysadmin_flag, creation_time, update_time @@ -111,7 +110,7 @@ func ListUsers(query models.User) ([]models.User, error) { // ToggleUserAdminRole gives a user admin role. func ToggleUserAdminRole(u models.User) error { - o := orm.NewOrm() + o := GetOrmer() sql := `update user set sysadmin_flag =not sysadmin_flag where user_id = ?` @@ -133,7 +132,7 @@ func ChangeUserPassword(u models.User, oldPassword ...string) (err error) { return errors.New("Wrong numbers of params.") } - o := orm.NewOrm() + o := GetOrmer() var r sql.Result if len(oldPassword) == 0 { @@ -159,7 +158,7 @@ func ChangeUserPassword(u models.User, oldPassword ...string) (err error) { // ResetUserPassword ... func ResetUserPassword(u models.User) error { - o := orm.NewOrm() + o := GetOrmer() r, err := o.Raw(`update user set password=?, reset_uuid=? where reset_uuid=?`, utils.Encrypt(u.Password, u.Salt), "", u.ResetUUID).Exec() if err != nil { return err @@ -176,7 +175,7 @@ func ResetUserPassword(u models.User) error { // UpdateUserResetUUID ... func UpdateUserResetUUID(u models.User) error { - o := orm.NewOrm() + o := GetOrmer() _, err := o.Raw(`update user set reset_uuid=? where email=?`, u.ResetUUID, u.Email).Exec() return err } @@ -207,7 +206,7 @@ func CheckUserPassword(query models.User) (*models.User, error) { queryParam = append(queryParam, currentUser.Username) queryParam = append(queryParam, utils.Encrypt(query.Password, currentUser.Salt)) } - o := orm.NewOrm() + o := GetOrmer() var user []models.User n, err := o.Raw(sql, queryParam).QueryRows(&user) @@ -226,7 +225,7 @@ func CheckUserPassword(query models.User) (*models.User, error) { // DeleteUser ... func DeleteUser(userID int) error { - o := orm.NewOrm() + o := GetOrmer() _, err := o.Raw(`update user set deleted = 1 where user_id = ?`, userID).Exec() return err } diff --git a/service/token/authutils.go b/service/token/authutils.go index 3ea15c294..4c30648c4 100644 --- a/service/token/authutils.go +++ b/service/token/authutils.go @@ -46,10 +46,24 @@ func GetResourceActions(scopes []string) []*token.ResourceActions { continue } items := strings.Split(s, ":") + length := len(items) + + typee := items[0] + + name := "" + if length > 1 { + name = items[1] + } + + actions := []string{} + if length > 2 { + actions = strings.Split(items[2], ",") + } + res = append(res, &token.ResourceActions{ - Type: items[0], - Name: items[1], - Actions: strings.Split(items[2], ","), + Type: typee, + Name: name, + Actions: actions, }) } return res