From bf5bb463d9f72cb94c24f682ef54c2c4cb6d6217 Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Thu, 29 Sep 2016 16:17:18 +0800 Subject: [PATCH] fix fd leak issue in registry client --- utils/registry/auth/authorizer.go | 10 ++++---- utils/registry/auth/tokenauthorizer.go | 11 +++------ utils/registry/registry.go | 32 +++++++++++++++++++++----- utils/registry/repository.go | 11 +++------ 4 files changed, 36 insertions(+), 28 deletions(-) diff --git a/utils/registry/auth/authorizer.go b/utils/registry/auth/authorizer.go index ea21dfb02..558a9866a 100644 --- a/utils/registry/auth/authorizer.go +++ b/utils/registry/auth/authorizer.go @@ -16,12 +16,13 @@ package auth import ( - "crypto/tls" "fmt" "net/http" + "time" au "github.com/docker/distribution/registry/client/auth" "github.com/vmware/harbor/utils" + "github.com/vmware/harbor/utils/registry" ) // Authorizer authorizes requests according to the schema @@ -44,11 +45,8 @@ func NewAuthorizerStore(endpoint string, insecure bool, authorizers ...Authorize endpoint = utils.FormatEndpoint(endpoint) client := &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: insecure, - }, - }, + Transport: registry.GetHTTPTransport(insecure), + Timeout: 30 * time.Second, } resp, err := client.Get(buildPingURL(endpoint)) diff --git a/utils/registry/auth/tokenauthorizer.go b/utils/registry/auth/tokenauthorizer.go index 0a255b225..ae2b5f6a1 100644 --- a/utils/registry/auth/tokenauthorizer.go +++ b/utils/registry/auth/tokenauthorizer.go @@ -16,7 +16,6 @@ package auth import ( - "crypto/tls" "encoding/json" "fmt" "io/ioutil" @@ -29,6 +28,7 @@ import ( token_util "github.com/vmware/harbor/service/token" "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/utils/registry" registry_error "github.com/vmware/harbor/utils/registry/error" ) @@ -140,15 +140,10 @@ type standardTokenAuthorizer struct { // NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token // from token server and add it to the origin request func NewStandardTokenAuthorizer(credential Credential, insecure bool, scopeType, scopeName string, scopeActions ...string) Authorizer { - t := &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: insecure, - }, - } - authorizer := &standardTokenAuthorizer{ client: &http.Client{ - Transport: t, + Transport: registry.GetHTTPTransport(insecure), + Timeout: 30 * time.Second, }, credential: credential, } diff --git a/utils/registry/registry.go b/utils/registry/registry.go index 4934c8e8d..b45317bf4 100644 --- a/utils/registry/registry.go +++ b/utils/registry/registry.go @@ -20,6 +20,7 @@ import ( "net/http" "net/url" "strings" + "time" "github.com/vmware/harbor/utils" registry_error "github.com/vmware/harbor/utils/registry/error" @@ -31,6 +32,29 @@ type Registry struct { client *http.Client } +var secureHTTPTransport, insecureHTTPTransport *http.Transport + +func init() { + secureHTTPTransport = &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: false, + }, + } + insecureHTTPTransport = &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + } +} + +// GetHTTPTransport returns HttpTransport based on insecure configuration +func GetHTTPTransport(insecure bool) *http.Transport { + if insecure { + return insecureHTTPTransport + } + return secureHTTPTransport +} + // NewRegistry returns an instance of registry func NewRegistry(endpoint string, client *http.Client) (*Registry, error) { u, err := utils.ParseEndpoint(endpoint) @@ -48,16 +72,12 @@ func NewRegistry(endpoint string, client *http.Client) (*Registry, error) { // NewRegistryWithModifiers returns an instance of Registry according to the modifiers func NewRegistryWithModifiers(endpoint string, insecure bool, modifiers ...Modifier) (*Registry, error) { - t := &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: insecure, - }, - } - transport := NewTransport(t, modifiers...) + transport := NewTransport(GetHTTPTransport(insecure), modifiers...) return NewRegistry(endpoint, &http.Client{ Transport: transport, + Timeout: 30 * time.Second, }) } diff --git a/utils/registry/repository.go b/utils/registry/repository.go index 88d0182b3..a09d33fd0 100644 --- a/utils/registry/repository.go +++ b/utils/registry/repository.go @@ -17,7 +17,6 @@ package registry import ( "bytes" - "crypto/tls" "encoding/json" "fmt" "io" @@ -26,6 +25,7 @@ import ( "net/url" "strconv" "strings" + "time" "github.com/docker/distribution/manifest/schema1" "github.com/docker/distribution/manifest/schema2" @@ -61,16 +61,11 @@ func NewRepository(name, endpoint string, client *http.Client) (*Repository, err // NewRepositoryWithModifiers returns an instance of Repository according to the modifiers func NewRepositoryWithModifiers(name, endpoint string, insecure bool, modifiers ...Modifier) (*Repository, error) { - t := &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: insecure, - }, - } - - transport := NewTransport(t, modifiers...) + transport := NewTransport(GetHTTPTransport(insecure), modifiers...) return NewRepository(name, endpoint, &http.Client{ Transport: transport, + Timeout: 30 * time.Second, }) }