audit deleting repository

This commit is contained in:
Wenkai Yin 2016-06-28 17:33:39 +08:00
parent 1c8cdb8a6b
commit a2b6355fb5
2 changed files with 72 additions and 45 deletions

View File

@ -154,17 +154,7 @@ func (ra *RepositoryAPI) Delete() {
ra.CustomAbort(http.StatusInternalServerError, "internal error") ra.CustomAbort(http.StatusInternalServerError, "internal error")
} }
log.Infof("delete tag: %s %s", repoName, t) log.Infof("delete tag: %s %s", repoName, t)
go TriggerReplicationByRepository(repoName, []string{t}, models.RepOpDelete)
} }
go func() {
log.Debug("refreshing catalog cache")
if err := cache.RefreshCatalogCache(); err != nil {
log.Errorf("error occurred while refresh catalog cache: %v", err)
}
}()
} }
type tag struct { type tag struct {

View File

@ -39,55 +39,92 @@ const manifestPattern = `^application/vnd.docker.distribution.manifest.v\d\+json
// Post handles POST request, and records audit log or refreshes cache based on event. // Post handles POST request, and records audit log or refreshes cache based on event.
func (n *NotificationHandler) Post() { func (n *NotificationHandler) Post() {
var notification models.Notification var notification models.Notification
//log.Info("Notification Handler triggered!\n") log.Infof("request body in string: %s", string(n.Ctx.Input.CopyBody(1<<32)))
// log.Infof("request body in string: %s", string(n.Ctx.Input.CopyBody()))
err := json.Unmarshal(n.Ctx.Input.CopyBody(1<<32), &notification) err := json.Unmarshal(n.Ctx.Input.CopyBody(1<<32), &notification)
if err != nil { if err != nil {
log.Errorf("error while decoding json: %v", err) log.Errorf("failed to decode notification: %v", err)
return return
} }
var username, action, repo, project, repoTag string
var matched bool events, err := filterEvents(&notification)
for _, e := range notification.Events { if err != nil {
matched, err = regexp.MatchString(manifestPattern, e.Target.MediaType) log.Errorf("failed to filter events: %v", err)
if err != nil { return
log.Errorf("Failed to match the media type against pattern, error: %v", err) }
matched = false
for _, event := range events {
repository := event.Target.Repository
project := ""
if strings.Contains(repository, "/") {
project = repository[0:strings.LastIndex(repository, "/")]
} }
if matched && (strings.HasPrefix(e.Request.UserAgent, "docker") ||
strings.ToLower(strings.TrimSpace(e.Request.UserAgent)) == "harbor-registry-client") {
username = e.Actor.Name
action = e.Action
repo = e.Target.Repository
repoTag = e.Target.Tag
log.Debugf("repo tag is : %v ", repoTag)
if strings.Contains(repo, "/") { tag := event.Target.Tag
project = repo[0:strings.LastIndex(repo, "/")] action := event.Action
}
if username == "" {
username = "anonymous"
}
if action == "pull" && username == "job-service-user" { user := event.Actor.Name
return if len(user) == 0 {
} user = "anonymous"
}
go dao.AccessLog(username, project, repo, repoTag, action) go dao.AccessLog(user, project, repository, tag, action)
if action == "push" || action == "delete" {
go func() {
if err := cache.RefreshCatalogCache(); err != nil {
log.Errorf("failed to refresh cache: %v", err)
}
}()
operation := ""
if action == "push" { if action == "push" {
go func() { operation = models.RepOpTransfer
err2 := cache.RefreshCatalogCache() } else {
if err2 != nil { operation = models.RepOpDelete
log.Errorf("Error happens when refreshing cache: %v", err2)
}
}()
go api.TriggerReplicationByRepository(repo, []string{repoTag}, models.RepOpTransfer)
} }
go api.TriggerReplicationByRepository(repository, []string{tag}, operation)
}
}
}
func filterEvents(notification *models.Notification) ([]*models.Event, error) {
events := []*models.Event{}
for _, event := range notification.Events {
//delete
// TODO add tag field
if event.Action == "delete" {
events = append(events, &event)
continue
}
isManifest, err := regexp.MatchString(manifestPattern, event.Target.MediaType)
if err != nil {
log.Errorf("failed to match the media type against pattern: %v", err)
continue
}
if !isManifest {
continue
}
//pull and push manifest by docker-client
if strings.HasPrefix(event.Request.UserAgent, "docker") && (event.Action == "pull" || event.Action == "push") {
events = append(events, &event)
continue
}
//push manifest by docker-client or job-service
if strings.ToLower(strings.TrimSpace(event.Request.UserAgent)) == "harbor-registry-client" && event.Action == "push" {
events = append(events, &event)
continue
} }
} }
return events, nil
} }
// Render returns nil as it won't render any template. // Render returns nil as it won't render any template.