mirror of
https://github.com/goharbor/harbor.git
synced 2024-10-03 07:47:54 +02:00
Merge pull request #852 from reasonerjt/master
fix fd leak issue in registry client
This commit is contained in:
Daniel Jiang
GitHub
commit
917e75e7bd
@ -16,12 +16,13 @@
|
|||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
au "github.com/docker/distribution/registry/client/auth"
|
au "github.com/docker/distribution/registry/client/auth"
|
||||||
"github.com/vmware/harbor/utils"
|
"github.com/vmware/harbor/utils"
|
||||||
|
"github.com/vmware/harbor/utils/registry"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Authorizer authorizes requests according to the schema
|
// Authorizer authorizes requests according to the schema
|
||||||
@ -44,11 +45,8 @@ func NewAuthorizerStore(endpoint string, insecure bool, authorizers ...Authorize
|
|||||||
endpoint = utils.FormatEndpoint(endpoint)
|
endpoint = utils.FormatEndpoint(endpoint)
|
||||||
|
|
||||||
client := &http.Client{
|
client := &http.Client{
|
||||||
Transport: &http.Transport{
|
Transport: registry.GetHTTPTransport(insecure),
|
||||||
TLSClientConfig: &tls.Config{
|
Timeout: 30 * time.Second,
|
||||||
InsecureSkipVerify: insecure,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resp, err := client.Get(buildPingURL(endpoint))
|
resp, err := client.Get(buildPingURL(endpoint))
|
||||||
|
|||||||
@ -16,7 +16,6 @@
|
|||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
@ -29,6 +28,7 @@ import (
|
|||||||
|
|
||||||
token_util "github.com/vmware/harbor/service/token"
|
token_util "github.com/vmware/harbor/service/token"
|
||||||
"github.com/vmware/harbor/utils/log"
|
"github.com/vmware/harbor/utils/log"
|
||||||
|
"github.com/vmware/harbor/utils/registry"
|
||||||
registry_error "github.com/vmware/harbor/utils/registry/error"
|
registry_error "github.com/vmware/harbor/utils/registry/error"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -140,15 +140,10 @@ type standardTokenAuthorizer struct {
|
|||||||
// NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token
|
// NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token
|
||||||
// from token server and add it to the origin request
|
// from token server and add it to the origin request
|
||||||
func NewStandardTokenAuthorizer(credential Credential, insecure bool, scopeType, scopeName string, scopeActions ...string) Authorizer {
|
func NewStandardTokenAuthorizer(credential Credential, insecure bool, scopeType, scopeName string, scopeActions ...string) Authorizer {
|
||||||
t := &http.Transport{
|
|
||||||
TLSClientConfig: &tls.Config{
|
|
||||||
InsecureSkipVerify: insecure,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
authorizer := &standardTokenAuthorizer{
|
authorizer := &standardTokenAuthorizer{
|
||||||
client: &http.Client{
|
client: &http.Client{
|
||||||
Transport: t,
|
Transport: registry.GetHTTPTransport(insecure),
|
||||||
|
Timeout: 30 * time.Second,
|
||||||
},
|
},
|
||||||
credential: credential,
|
credential: credential,
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,6 +20,7 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/vmware/harbor/utils"
|
"github.com/vmware/harbor/utils"
|
||||||
registry_error "github.com/vmware/harbor/utils/registry/error"
|
registry_error "github.com/vmware/harbor/utils/registry/error"
|
||||||
@ -31,6 +32,29 @@ type Registry struct {
|
|||||||
client *http.Client
|
client *http.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var secureHTTPTransport, insecureHTTPTransport *http.Transport
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
secureHTTPTransport = &http.Transport{
|
||||||
|
TLSClientConfig: &tls.Config{
|
||||||
|
InsecureSkipVerify: false,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
insecureHTTPTransport = &http.Transport{
|
||||||
|
TLSClientConfig: &tls.Config{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetHTTPTransport returns HttpTransport based on insecure configuration
|
||||||
|
func GetHTTPTransport(insecure bool) *http.Transport {
|
||||||
|
if insecure {
|
||||||
|
return insecureHTTPTransport
|
||||||
|
}
|
||||||
|
return secureHTTPTransport
|
||||||
|
}
|
||||||
|
|
||||||
// NewRegistry returns an instance of registry
|
// NewRegistry returns an instance of registry
|
||||||
func NewRegistry(endpoint string, client *http.Client) (*Registry, error) {
|
func NewRegistry(endpoint string, client *http.Client) (*Registry, error) {
|
||||||
u, err := utils.ParseEndpoint(endpoint)
|
u, err := utils.ParseEndpoint(endpoint)
|
||||||
@ -48,16 +72,12 @@ func NewRegistry(endpoint string, client *http.Client) (*Registry, error) {
|
|||||||
|
|
||||||
// NewRegistryWithModifiers returns an instance of Registry according to the modifiers
|
// NewRegistryWithModifiers returns an instance of Registry according to the modifiers
|
||||||
func NewRegistryWithModifiers(endpoint string, insecure bool, modifiers ...Modifier) (*Registry, error) {
|
func NewRegistryWithModifiers(endpoint string, insecure bool, modifiers ...Modifier) (*Registry, error) {
|
||||||
t := &http.Transport{
|
|
||||||
TLSClientConfig: &tls.Config{
|
|
||||||
InsecureSkipVerify: insecure,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
transport := NewTransport(t, modifiers...)
|
transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
|
||||||
|
|
||||||
return NewRegistry(endpoint, &http.Client{
|
return NewRegistry(endpoint, &http.Client{
|
||||||
Transport: transport,
|
Transport: transport,
|
||||||
|
Timeout: 30 * time.Second,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -17,7 +17,6 @@ package registry
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/tls"
|
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
@ -26,6 +25,7 @@ import (
|
|||||||
"net/url"
|
"net/url"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/docker/distribution/manifest/schema1"
|
"github.com/docker/distribution/manifest/schema1"
|
||||||
"github.com/docker/distribution/manifest/schema2"
|
"github.com/docker/distribution/manifest/schema2"
|
||||||
@ -61,16 +61,11 @@ func NewRepository(name, endpoint string, client *http.Client) (*Repository, err
|
|||||||
|
|
||||||
// NewRepositoryWithModifiers returns an instance of Repository according to the modifiers
|
// NewRepositoryWithModifiers returns an instance of Repository according to the modifiers
|
||||||
func NewRepositoryWithModifiers(name, endpoint string, insecure bool, modifiers ...Modifier) (*Repository, error) {
|
func NewRepositoryWithModifiers(name, endpoint string, insecure bool, modifiers ...Modifier) (*Repository, error) {
|
||||||
t := &http.Transport{
|
|
||||||
TLSClientConfig: &tls.Config{
|
|
||||||
InsecureSkipVerify: insecure,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
transport := NewTransport(t, modifiers...)
|
|
||||||
|
|
||||||
|
transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
|
||||||
return NewRepository(name, endpoint, &http.Client{
|
return NewRepository(name, endpoint, &http.Client{
|
||||||
Transport: transport,
|
Transport: transport,
|
||||||
|
Timeout: 30 * time.Second,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user