Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-10-31 23:59:32 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #14344 from reasonerjt/fix-14303-1.10

Browse Source 
[Cherrypick - 1.10] Add "*" to the claim set in the token for /v2 apis
This commit is contained in:
Daniel Jiang 2021-04-07 17:39:13 +08:00 committed by GitHub
commit a1465a199c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/core/service/token/creator.go
View File

@ -194,6 +194,16 @@ func resourceScopes(sCtx security.Context, rc rbac.Resource) map[string]struct{}
res[s] = struct{}{} res[s] = struct{}{}
} }
} }
// "*" is needed in the token for some API in notary server
// see https://github.com/goharbor/harbor/issues/14303#issuecomment-788010900
// and https://github.com/theupdateframework/notary/blob/84287fd8df4f172c9a8289641cdfa355fc86989d/server/server.go#L200
_, ok1 := res["push"]
_, ok2 := res["pull"]
_, ok3 := res["delete"]
if ok1 && ok2 && ok3 {
res["*"] = struct{}{}
}
return res return res
} }

1
src/core/service/token/token_test.go
View File

@ -326,6 +326,7 @@ func TestResourceScopes(t *testing.T) {
"scanner-pull": {}, "scanner-pull": {},
"push": {}, "push": {},
"delete": {}, "delete": {},
"*": {},
}, },
}, },
{ {