Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-20 15:48:26 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #12214 from stonezdj/20200611_add_proxyservice_secret

Browse Source 
Add temporary secret for harbor proxy service
This commit is contained in:
stonezdj(Daojun Zhang) 2020-06-17 10:46:13 +08:00 committed by GitHub
commit 91bff55b66
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 27 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/common/secret/store.go
View File

@ -17,6 +17,8 @@ package secret
const ( const (
// JobserviceUser is the name of jobservice user // JobserviceUser is the name of jobservice user
JobserviceUser = "harbor-jobservice" JobserviceUser = "harbor-jobservice"
// ProxyserviceUser is the name of proxyservice user
ProxyserviceUser = "harbor-proxyservice"
// CoreUser is the name of ui user // CoreUser is the name of ui user
CoreUser = "harbor-core" CoreUser = "harbor-core"
) )

4
src/common/security/secret/context.go
View File

@ -79,5 +79,7 @@ func (s *SecurityContext) Can(action types.Action, resource types.Resource) bool
if s.store == nil { if s.store == nil {
return false return false
} }
return s.store.GetUsername(s.secret) == secret.JobserviceUser || s.store.GetUsername(s.secret) == secret.CoreUser return s.store.GetUsername(s.secret) == secret.JobserviceUser ||
s.store.GetUsername(s.secret) == secret.CoreUser ||
s.store.GetUsername(s.secret) == secret.ProxyserviceUser
} }

12
src/common/utils/utils.go
View File

@ -64,10 +64,9 @@ func ParseRepository(repository string) (project, rest string) {
return return
} }
// GenerateRandomString generates a random string // GenerateRandomStringWithLen generates a random string with length
func GenerateRandomString() string { func GenerateRandomStringWithLen(length int) string {
length := 32 const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
const chars = "abcdefghijklmnopqrstuvwxyz0123456789"
l := len(chars) l := len(chars)
result := make([]byte, length) result := make([]byte, length)
_, err := rand.Read(result) _, err := rand.Read(result)
@ -80,6 +79,11 @@ func GenerateRandomString() string {
return string(result) return string(result)
} }
// GenerateRandomString generate a random string with 32 byte length
func GenerateRandomString() string {
return GenerateRandomStringWithLen(32)
}
// TestTCPConn tests TCP connection // TestTCPConn tests TCP connection
// timeout: the total time before returning if something is wrong // timeout: the total time before returning if something is wrong
// with the connection, in second // with the connection, in second

7
src/common/utils/utils_test.go
View File

@ -153,6 +153,13 @@ func TestGenerateRandomString(t *testing.T) {
} }
} }
func TestGenerateRandomStringWithLen(t *testing.T) {
str := GenerateRandomStringWithLen(16)
if len(str) != 16 {
t.Errorf("Failed to generate ramdom string with fixed length.")
}
}
func TestParseLink(t *testing.T) { func TestParseLink(t *testing.T) {
raw := "" raw := ""
links := ParseLink(raw) links := ParseLink(raw)

5
src/core/config/config.go
View File

@ -29,6 +29,8 @@ import (
"github.com/goharbor/harbor/src/core/promgr" "github.com/goharbor/harbor/src/core/promgr"
"github.com/goharbor/harbor/src/core/promgr/pmsdriver/local" "github.com/goharbor/harbor/src/core/promgr/pmsdriver/local"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
"github.com/goharbor/harbor/src/common/utils"
) )
const ( const (
@ -48,6 +50,8 @@ var (
// defined as a var for testing. // defined as a var for testing.
defaultCACertPath = "/etc/core/ca/ca.crt" defaultCACertPath = "/etc/core/ca/ca.crt"
cfgMgr *comcfg.CfgManager cfgMgr *comcfg.CfgManager
// ProxyServiceSecret is the secret used by proxy service
ProxyServiceSecret = utils.GenerateRandomStringWithLen(16)
) )
// Init configurations // Init configurations
@ -88,6 +92,7 @@ func initKeyProvider() {
func initSecretStore() { func initSecretStore() {
m := map[string]string{} m := map[string]string{}
m[JobserviceSecret()] = secret.JobserviceUser m[JobserviceSecret()] = secret.JobserviceUser
m[ProxyServiceSecret] = secret.ProxyserviceUser
SecretStore = secret.NewStore(m) SecretStore = secret.NewStore(m)
} }

20
src/core/service/token/authutils.go
View File

@ -16,7 +16,6 @@ package token
import ( import (
"crypto" "crypto"
"crypto/rand"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
@ -27,6 +26,7 @@ import (
"github.com/docker/libtrust" "github.com/docker/libtrust"
"github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/security" "github.com/goharbor/harbor/src/common/security"
"github.com/goharbor/harbor/src/common/utils"
"github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/config"
"github.com/goharbor/harbor/src/core/promgr" "github.com/goharbor/harbor/src/core/promgr"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
@ -150,10 +150,7 @@ func makeTokenCore(issuer, subject, audience string, expiration int,
KeyID: signingKey.KeyID(), KeyID: signingKey.KeyID(),
} }
jwtID, err := randString(16) jwtID := utils.GenerateRandomStringWithLen(16)
if err != nil {
return nil, 0, nil, fmt.Errorf("Error to generate jwt id: %s", err)
}
now := time.Now().UTC() now := time.Now().UTC()
issuedAt = &now issuedAt = &now
@ -194,19 +191,6 @@ func makeTokenCore(issuer, subject, audience string, expiration int,
return return
} }
func randString(length int) (string, error) {
const alphanum = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
rb := make([]byte, length)
_, err := rand.Read(rb)
if err != nil {
return "", err
}
for i, b := range rb {
rb[i] = alphanum[int(b)%len(alphanum)]
}
return string(rb), nil
}
func base64UrlEncode(b []byte) string { func base64UrlEncode(b []byte) string {
return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=") return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
} }