Merge pull request #852 from reasonerjt/master

fix fd leak issue in registry client

utils/registry/auth/authorizer.go

@@ -16,12 +16,13 @@
 package auth
 
 import (
-	"crypto/tls"
 	"fmt"
 	"net/http"
+	"time"
 
 	au "github.com/docker/distribution/registry/client/auth"
 	"github.com/vmware/harbor/utils"
+	"github.com/vmware/harbor/utils/registry"
 )
 
 // Authorizer authorizes requests according to the schema
@@ -44,11 +45,8 @@ func NewAuthorizerStore(endpoint string, insecure bool, authorizers ...Authorize
 	endpoint = utils.FormatEndpoint(endpoint)
 
 	client := &http.Client{
-		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: insecure,
-			},
-		},
+		Transport: registry.GetHTTPTransport(insecure),
+		Timeout:   30 * time.Second,
 	}
 
 	resp, err := client.Get(buildPingURL(endpoint))

utils/registry/auth/tokenauthorizer.go

@@ -16,7 +16,6 @@
 package auth
 
 import (
-	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -29,6 +28,7 @@ import (
 
 	token_util "github.com/vmware/harbor/service/token"
 	"github.com/vmware/harbor/utils/log"
+	"github.com/vmware/harbor/utils/registry"
 	registry_error "github.com/vmware/harbor/utils/registry/error"
 )
 
@@ -140,15 +140,10 @@ type standardTokenAuthorizer struct {
 // NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token
 // from token server and add it to the origin request
 func NewStandardTokenAuthorizer(credential Credential, insecure bool, scopeType, scopeName string, scopeActions ...string) Authorizer {
-	t := &http.Transport{
-		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: insecure,
-		},
-	}
-
 	authorizer := &standardTokenAuthorizer{
 		client: &http.Client{
-			Transport: t,
+			Transport: registry.GetHTTPTransport(insecure),
+			Timeout:   30 * time.Second,
 		},
 		credential: credential,
 	}

utils/registry/registry.go

@@ -20,6 +20,7 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+	"time"
 
 	"github.com/vmware/harbor/utils"
 	registry_error "github.com/vmware/harbor/utils/registry/error"
@@ -31,6 +32,29 @@ type Registry struct {
 	client   *http.Client
 }
 
+var secureHTTPTransport, insecureHTTPTransport *http.Transport
+
+func init() {
+	secureHTTPTransport = &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: false,
+		},
+	}
+	insecureHTTPTransport = &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+	}
+}
+
+// GetHTTPTransport returns HttpTransport based on insecure configuration
+func GetHTTPTransport(insecure bool) *http.Transport {
+	if insecure {
+		return insecureHTTPTransport
+	}
+	return secureHTTPTransport
+}
+
 // NewRegistry returns an instance of registry
 func NewRegistry(endpoint string, client *http.Client) (*Registry, error) {
 	u, err := utils.ParseEndpoint(endpoint)
@@ -48,16 +72,12 @@ func NewRegistry(endpoint string, client *http.Client) (*Registry, error) {
 
 // NewRegistryWithModifiers returns an instance of Registry according to the modifiers
 func NewRegistryWithModifiers(endpoint string, insecure bool, modifiers ...Modifier) (*Registry, error) {
-	t := &http.Transport{
-		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: insecure,
-		},
-	}
 
-	transport := NewTransport(t, modifiers...)
+	transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
 
 	return NewRegistry(endpoint, &http.Client{
 		Transport: transport,
+		Timeout:   30 * time.Second,
 	})
 }
 

utils/registry/repository.go

@@ -17,7 +17,6 @@ package registry
 
 import (
 	"bytes"
-	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -26,6 +25,7 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/docker/distribution/manifest/schema1"
 	"github.com/docker/distribution/manifest/schema2"
@@ -61,16 +61,11 @@ func NewRepository(name, endpoint string, client *http.Client) (*Repository, err
 
 // NewRepositoryWithModifiers returns an instance of Repository according to the modifiers
 func NewRepositoryWithModifiers(name, endpoint string, insecure bool, modifiers ...Modifier) (*Repository, error) {
-	t := &http.Transport{
-		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: insecure,
-		},
-	}
-
-	transport := NewTransport(t, modifiers...)
 
+	transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
 	return NewRepository(name, endpoint, &http.Client{
 		Transport: transport,
+		Timeout:   30 * time.Second,
 	})
 }