mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-18 22:57:38 +01:00
Add temporary secret for harbor proxy service
Use GenerateRandomStringWithLength function to generate secret for harbor_proxyservice Add harbor-proxyservice secret used by proxy service Signed-off-by: stonezdj <stonezdj@gmail.com>
This commit is contained in:
parent
373ac25b9b
commit
82f59cb760
@ -17,6 +17,8 @@ package secret
|
||||
const (
|
||||
// JobserviceUser is the name of jobservice user
|
||||
JobserviceUser = "harbor-jobservice"
|
||||
// ProxyserviceUser is the name of proxyservice user
|
||||
ProxyserviceUser = "harbor-proxyservice"
|
||||
// CoreUser is the name of ui user
|
||||
CoreUser = "harbor-core"
|
||||
)
|
||||
|
@ -79,5 +79,7 @@ func (s *SecurityContext) Can(action types.Action, resource types.Resource) bool
|
||||
if s.store == nil {
|
||||
return false
|
||||
}
|
||||
return s.store.GetUsername(s.secret) == secret.JobserviceUser || s.store.GetUsername(s.secret) == secret.CoreUser
|
||||
return s.store.GetUsername(s.secret) == secret.JobserviceUser ||
|
||||
s.store.GetUsername(s.secret) == secret.CoreUser ||
|
||||
s.store.GetUsername(s.secret) == secret.ProxyserviceUser
|
||||
}
|
||||
|
@ -64,10 +64,9 @@ func ParseRepository(repository string) (project, rest string) {
|
||||
return
|
||||
}
|
||||
|
||||
// GenerateRandomString generates a random string
|
||||
func GenerateRandomString() string {
|
||||
length := 32
|
||||
const chars = "abcdefghijklmnopqrstuvwxyz0123456789"
|
||||
// GenerateRandomStringWithLen generates a random string with length
|
||||
func GenerateRandomStringWithLen(length int) string {
|
||||
const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
||||
l := len(chars)
|
||||
result := make([]byte, length)
|
||||
_, err := rand.Read(result)
|
||||
@ -80,6 +79,11 @@ func GenerateRandomString() string {
|
||||
return string(result)
|
||||
}
|
||||
|
||||
// GenerateRandomString generate a random string with 32 byte length
|
||||
func GenerateRandomString() string {
|
||||
return GenerateRandomStringWithLen(32)
|
||||
}
|
||||
|
||||
// TestTCPConn tests TCP connection
|
||||
// timeout: the total time before returning if something is wrong
|
||||
// with the connection, in second
|
||||
|
@ -153,6 +153,13 @@ func TestGenerateRandomString(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestGenerateRandomStringWithLen(t *testing.T) {
|
||||
str := GenerateRandomStringWithLen(16)
|
||||
if len(str) != 16 {
|
||||
t.Errorf("Failed to generate ramdom string with fixed length.")
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseLink(t *testing.T) {
|
||||
raw := ""
|
||||
links := ParseLink(raw)
|
||||
|
@ -29,6 +29,8 @@ import (
|
||||
"github.com/goharbor/harbor/src/core/promgr"
|
||||
"github.com/goharbor/harbor/src/core/promgr/pmsdriver/local"
|
||||
"github.com/goharbor/harbor/src/lib/log"
|
||||
|
||||
"github.com/goharbor/harbor/src/common/utils"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -48,6 +50,8 @@ var (
|
||||
// defined as a var for testing.
|
||||
defaultCACertPath = "/etc/core/ca/ca.crt"
|
||||
cfgMgr *comcfg.CfgManager
|
||||
// ProxyServiceSecret is the secret used by proxy service
|
||||
ProxyServiceSecret = utils.GenerateRandomStringWithLen(16)
|
||||
)
|
||||
|
||||
// Init configurations
|
||||
@ -88,6 +92,7 @@ func initKeyProvider() {
|
||||
func initSecretStore() {
|
||||
m := map[string]string{}
|
||||
m[JobserviceSecret()] = secret.JobserviceUser
|
||||
m[ProxyServiceSecret] = secret.ProxyserviceUser
|
||||
SecretStore = secret.NewStore(m)
|
||||
}
|
||||
|
||||
|
@ -16,7 +16,6 @@ package token
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
@ -27,6 +26,7 @@ import (
|
||||
"github.com/docker/libtrust"
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
"github.com/goharbor/harbor/src/common/security"
|
||||
"github.com/goharbor/harbor/src/common/utils"
|
||||
"github.com/goharbor/harbor/src/core/config"
|
||||
"github.com/goharbor/harbor/src/core/promgr"
|
||||
"github.com/goharbor/harbor/src/lib/log"
|
||||
@ -150,10 +150,7 @@ func makeTokenCore(issuer, subject, audience string, expiration int,
|
||||
KeyID: signingKey.KeyID(),
|
||||
}
|
||||
|
||||
jwtID, err := randString(16)
|
||||
if err != nil {
|
||||
return nil, 0, nil, fmt.Errorf("Error to generate jwt id: %s", err)
|
||||
}
|
||||
jwtID := utils.GenerateRandomStringWithLen(16)
|
||||
|
||||
now := time.Now().UTC()
|
||||
issuedAt = &now
|
||||
@ -194,19 +191,6 @@ func makeTokenCore(issuer, subject, audience string, expiration int,
|
||||
return
|
||||
}
|
||||
|
||||
func randString(length int) (string, error) {
|
||||
const alphanum = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
||||
rb := make([]byte, length)
|
||||
_, err := rand.Read(rb)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
for i, b := range rb {
|
||||
rb[i] = alphanum[int(b)%len(alphanum)]
|
||||
}
|
||||
return string(rb), nil
|
||||
}
|
||||
|
||||
func base64UrlEncode(b []byte) string {
|
||||
return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user