mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-30 06:03:45 +01:00
audit deleting repository
This commit is contained in:
parent
1c8cdb8a6b
commit
a2b6355fb5
@ -154,17 +154,7 @@ func (ra *RepositoryAPI) Delete() {
|
|||||||
ra.CustomAbort(http.StatusInternalServerError, "internal error")
|
ra.CustomAbort(http.StatusInternalServerError, "internal error")
|
||||||
}
|
}
|
||||||
log.Infof("delete tag: %s %s", repoName, t)
|
log.Infof("delete tag: %s %s", repoName, t)
|
||||||
go TriggerReplicationByRepository(repoName, []string{t}, models.RepOpDelete)
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
go func() {
|
|
||||||
log.Debug("refreshing catalog cache")
|
|
||||||
if err := cache.RefreshCatalogCache(); err != nil {
|
|
||||||
log.Errorf("error occurred while refresh catalog cache: %v", err)
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type tag struct {
|
type tag struct {
|
||||||
|
@ -39,55 +39,92 @@ const manifestPattern = `^application/vnd.docker.distribution.manifest.v\d\+json
|
|||||||
// Post handles POST request, and records audit log or refreshes cache based on event.
|
// Post handles POST request, and records audit log or refreshes cache based on event.
|
||||||
func (n *NotificationHandler) Post() {
|
func (n *NotificationHandler) Post() {
|
||||||
var notification models.Notification
|
var notification models.Notification
|
||||||
//log.Info("Notification Handler triggered!\n")
|
log.Infof("request body in string: %s", string(n.Ctx.Input.CopyBody(1<<32)))
|
||||||
// log.Infof("request body in string: %s", string(n.Ctx.Input.CopyBody()))
|
|
||||||
err := json.Unmarshal(n.Ctx.Input.CopyBody(1<<32), ¬ification)
|
err := json.Unmarshal(n.Ctx.Input.CopyBody(1<<32), ¬ification)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("error while decoding json: %v", err)
|
log.Errorf("failed to decode notification: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var username, action, repo, project, repoTag string
|
|
||||||
var matched bool
|
events, err := filterEvents(¬ification)
|
||||||
for _, e := range notification.Events {
|
if err != nil {
|
||||||
matched, err = regexp.MatchString(manifestPattern, e.Target.MediaType)
|
log.Errorf("failed to filter events: %v", err)
|
||||||
if err != nil {
|
return
|
||||||
log.Errorf("Failed to match the media type against pattern, error: %v", err)
|
}
|
||||||
matched = false
|
|
||||||
|
for _, event := range events {
|
||||||
|
repository := event.Target.Repository
|
||||||
|
|
||||||
|
project := ""
|
||||||
|
if strings.Contains(repository, "/") {
|
||||||
|
project = repository[0:strings.LastIndex(repository, "/")]
|
||||||
}
|
}
|
||||||
if matched && (strings.HasPrefix(e.Request.UserAgent, "docker") ||
|
|
||||||
strings.ToLower(strings.TrimSpace(e.Request.UserAgent)) == "harbor-registry-client") {
|
|
||||||
username = e.Actor.Name
|
|
||||||
action = e.Action
|
|
||||||
repo = e.Target.Repository
|
|
||||||
repoTag = e.Target.Tag
|
|
||||||
log.Debugf("repo tag is : %v ", repoTag)
|
|
||||||
|
|
||||||
if strings.Contains(repo, "/") {
|
tag := event.Target.Tag
|
||||||
project = repo[0:strings.LastIndex(repo, "/")]
|
action := event.Action
|
||||||
}
|
|
||||||
if username == "" {
|
|
||||||
username = "anonymous"
|
|
||||||
}
|
|
||||||
|
|
||||||
if action == "pull" && username == "job-service-user" {
|
user := event.Actor.Name
|
||||||
return
|
if len(user) == 0 {
|
||||||
}
|
user = "anonymous"
|
||||||
|
}
|
||||||
|
|
||||||
go dao.AccessLog(username, project, repo, repoTag, action)
|
go dao.AccessLog(user, project, repository, tag, action)
|
||||||
|
if action == "push" || action == "delete" {
|
||||||
|
go func() {
|
||||||
|
if err := cache.RefreshCatalogCache(); err != nil {
|
||||||
|
log.Errorf("failed to refresh cache: %v", err)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
operation := ""
|
||||||
if action == "push" {
|
if action == "push" {
|
||||||
go func() {
|
operation = models.RepOpTransfer
|
||||||
err2 := cache.RefreshCatalogCache()
|
} else {
|
||||||
if err2 != nil {
|
operation = models.RepOpDelete
|
||||||
log.Errorf("Error happens when refreshing cache: %v", err2)
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
go api.TriggerReplicationByRepository(repo, []string{repoTag}, models.RepOpTransfer)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
go api.TriggerReplicationByRepository(repository, []string{tag}, operation)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func filterEvents(notification *models.Notification) ([]*models.Event, error) {
|
||||||
|
events := []*models.Event{}
|
||||||
|
|
||||||
|
for _, event := range notification.Events {
|
||||||
|
|
||||||
|
//delete
|
||||||
|
// TODO add tag field
|
||||||
|
if event.Action == "delete" {
|
||||||
|
events = append(events, &event)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
isManifest, err := regexp.MatchString(manifestPattern, event.Target.MediaType)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("failed to match the media type against pattern: %v", err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if !isManifest {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
//pull and push manifest by docker-client
|
||||||
|
if strings.HasPrefix(event.Request.UserAgent, "docker") && (event.Action == "pull" || event.Action == "push") {
|
||||||
|
events = append(events, &event)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
//push manifest by docker-client or job-service
|
||||||
|
if strings.ToLower(strings.TrimSpace(event.Request.UserAgent)) == "harbor-registry-client" && event.Action == "push" {
|
||||||
|
events = append(events, &event)
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return events, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Render returns nil as it won't render any template.
|
// Render returns nil as it won't render any template.
|
||||||
|
Loading…
Reference in New Issue
Block a user