Merge pull request #14344 from reasonerjt/fix-14303-1.10

[Cherrypick - 1.10] Add "*" to the claim set in the token for /v2 apis
2024-11-23 10:45:45 +01:00 · 2021-04-07 17:39:13 +08:00 · 2021-04-07 17:39:13 +08:00 · a1465a199c
commit a1465a199c
parent c42e98a089 b6c7a31a70
2 changed files with 11 additions and 0 deletions
--- a/src/core/service/token/creator.go
+++ b/src/core/service/token/creator.go
@ -194,6 +194,16 @@ func resourceScopes(sCtx security.Context, rc rbac.Resource) map[string]struct{}
 			res[s] = struct{}{}
 		}
 	}
+
+	// "*" is needed in the token for some API in notary server
+	// see https://github.com/goharbor/harbor/issues/14303#issuecomment-788010900
+	// and https://github.com/theupdateframework/notary/blob/84287fd8df4f172c9a8289641cdfa355fc86989d/server/server.go#L200
+	_, ok1 := res["push"]
+	_, ok2 := res["pull"]
+	_, ok3 := res["delete"]
+	if ok1 && ok2 && ok3 {
+		res["*"] = struct{}{}
+	}
 	return res
 }

--- a/src/core/service/token/token_test.go
+++ b/src/core/service/token/token_test.go
@ -326,6 +326,7 @@ func TestResourceScopes(t *testing.T) {
 				"scanner-pull": {},
 				"push":         {},
 				"delete":       {},
+				"*":            {},
 			},
 		},
 		{