mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-26 12:15:20 +01:00
Merge pull request #11120 from ywk253100/200318_pro_mgr
Remove the project manager from context
This commit is contained in:
commit
b1e094544f
@ -28,7 +28,6 @@ import (
|
||||
"github.com/goharbor/harbor/src/common/utils"
|
||||
"github.com/goharbor/harbor/src/common/utils/log"
|
||||
"github.com/goharbor/harbor/src/core/config"
|
||||
"github.com/goharbor/harbor/src/core/filter"
|
||||
"github.com/goharbor/harbor/src/core/promgr"
|
||||
internal_errors "github.com/goharbor/harbor/src/internal/error"
|
||||
"github.com/goharbor/harbor/src/pkg/project"
|
||||
@ -75,14 +74,7 @@ func (b *BaseController) Prepare() {
|
||||
return
|
||||
}
|
||||
b.SecurityCtx = ctx
|
||||
|
||||
pm, err := filter.GetProjectManager(b.Ctx.Request)
|
||||
if err != nil {
|
||||
log.Errorf("failed to get project manager: %v", err)
|
||||
b.SendInternalServerError(errors.New(""))
|
||||
return
|
||||
}
|
||||
b.ProjectMgr = pm
|
||||
b.ProjectMgr = config.GlobalProjectMgr
|
||||
}
|
||||
|
||||
// RequireAuthenticated returns true when the request is authenticated
|
||||
|
@ -4,11 +4,11 @@ import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/goharbor/harbor/src/core/config"
|
||||
"net/http"
|
||||
"strconv"
|
||||
|
||||
"github.com/goharbor/harbor/src/common/rbac"
|
||||
"github.com/goharbor/harbor/src/core/filter"
|
||||
"github.com/goharbor/harbor/src/core/promgr"
|
||||
"github.com/goharbor/harbor/src/pkg/retention"
|
||||
"github.com/goharbor/harbor/src/pkg/retention/policy"
|
||||
@ -28,13 +28,7 @@ func (r *RetentionAPI) Prepare() {
|
||||
r.SendUnAuthorizedError(errors.New("UnAuthorized"))
|
||||
return
|
||||
}
|
||||
pm, e := filter.GetProjectManager(r.Ctx.Request)
|
||||
if e != nil {
|
||||
r.SendInternalServerError(e)
|
||||
return
|
||||
}
|
||||
r.pm = pm
|
||||
|
||||
r.pm = config.GlobalProjectMgr
|
||||
}
|
||||
|
||||
// GetMetadatas Get Metadatas
|
||||
|
@ -35,7 +35,6 @@ import (
|
||||
"github.com/goharbor/harbor/src/common/utils/oidc"
|
||||
"github.com/goharbor/harbor/src/core/auth"
|
||||
"github.com/goharbor/harbor/src/core/config"
|
||||
"github.com/goharbor/harbor/src/core/promgr"
|
||||
"github.com/goharbor/harbor/src/pkg/authproxy"
|
||||
"github.com/goharbor/harbor/src/pkg/robot"
|
||||
pkg_token "github.com/goharbor/harbor/src/pkg/token"
|
||||
@ -51,8 +50,6 @@ type pathMethod struct {
|
||||
}
|
||||
|
||||
const (
|
||||
// PmKey is context value key for the project manager
|
||||
PmKey ContextValueKey = "harbor_project_manager"
|
||||
// AuthModeKey is context key for auth mode
|
||||
AuthModeKey ContextValueKey = "harbor_auth_mode"
|
||||
)
|
||||
@ -125,13 +122,10 @@ func (s *secretReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||
}
|
||||
log.Debug("got secret from request")
|
||||
|
||||
log.Debug("using global project manager")
|
||||
pm := config.GlobalProjectMgr
|
||||
|
||||
log.Debug("creating a secret security context...")
|
||||
securCtx := secret.NewSecurityContext(scrt, s.store)
|
||||
|
||||
setSecurCtxAndPM(ctx.Request, securCtx, pm)
|
||||
setSecurCtx(ctx.Request, securCtx)
|
||||
|
||||
return true
|
||||
}
|
||||
@ -175,7 +169,7 @@ func (r *robotAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||
log.Debug("creating robot account security context...")
|
||||
pm := config.GlobalProjectMgr
|
||||
securCtx := robotCtx.NewSecurityContext(robot, pm, rtk.Claims.(*robot_claim.Claim).Access)
|
||||
setSecurCtxAndPM(ctx.Request, securCtx, pm)
|
||||
setSecurCtx(ctx.Request, securCtx)
|
||||
return true
|
||||
}
|
||||
|
||||
@ -204,7 +198,7 @@ func (oc *oidcCliReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||
}
|
||||
pm := config.GlobalProjectMgr
|
||||
sc := local.NewSecurityContext(user, pm)
|
||||
setSecurCtxAndPM(ctx.Request, sc, pm)
|
||||
setSecurCtx(ctx.Request, sc)
|
||||
return true
|
||||
}
|
||||
|
||||
@ -251,7 +245,7 @@ func (it *idTokenReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||
}
|
||||
pm := config.GlobalProjectMgr
|
||||
sc := local.NewSecurityContext(u, pm)
|
||||
setSecurCtxAndPM(ctx.Request, sc, pm)
|
||||
setSecurCtx(ctx.Request, sc)
|
||||
return true
|
||||
}
|
||||
|
||||
@ -322,7 +316,7 @@ func (ap *authProxyReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||
pm := config.GlobalProjectMgr
|
||||
log.Debug("creating local database security context for auth proxy...")
|
||||
securCtx := local.NewSecurityContext(user, pm)
|
||||
setSecurCtxAndPM(ctx.Request, securCtx, pm)
|
||||
setSecurCtx(ctx.Request, securCtx)
|
||||
return true
|
||||
}
|
||||
|
||||
@ -354,11 +348,10 @@ func (b *basicAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||
log.Debug("basic auth user is nil")
|
||||
return false
|
||||
}
|
||||
log.Debug("using local database project manager")
|
||||
pm := config.GlobalProjectMgr
|
||||
log.Debug("creating local database security context...")
|
||||
securCtx := local.NewSecurityContext(user, pm)
|
||||
setSecurCtxAndPM(ctx.Request, securCtx, pm)
|
||||
setSecurCtx(ctx.Request, securCtx)
|
||||
return true
|
||||
}
|
||||
|
||||
@ -376,12 +369,11 @@ func (s *sessionReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||
log.Info("can not get user information from session")
|
||||
return false
|
||||
}
|
||||
log.Debug("using local database project manager")
|
||||
pm := config.GlobalProjectMgr
|
||||
log.Debug("creating local database security context...")
|
||||
securityCtx := local.NewSecurityContext(&user, pm)
|
||||
|
||||
setSecurCtxAndPM(ctx.Request, securityCtx, pm)
|
||||
setSecurCtx(ctx.Request, securityCtx)
|
||||
|
||||
return true
|
||||
}
|
||||
@ -391,38 +383,17 @@ type unauthorizedReqCtxModifier struct{}
|
||||
|
||||
func (u *unauthorizedReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||
log.Debug("user information is nil")
|
||||
log.Debug("using local database project manager")
|
||||
pm := config.GlobalProjectMgr
|
||||
log.Debug("creating local database security context...")
|
||||
securCtx := local.NewSecurityContext(nil, pm)
|
||||
setSecurCtxAndPM(ctx.Request, securCtx, pm)
|
||||
setSecurCtx(ctx.Request, securCtx)
|
||||
return true
|
||||
}
|
||||
|
||||
func setSecurCtxAndPM(req *http.Request, ctx security.Context, pm promgr.ProjectManager) {
|
||||
func setSecurCtx(req *http.Request, ctx security.Context) {
|
||||
*req = *(req.WithContext(security.NewContext(req.Context(), ctx)))
|
||||
addToReqContext(req, PmKey, pm)
|
||||
}
|
||||
|
||||
func addToReqContext(req *http.Request, key, value interface{}) {
|
||||
*req = *(req.WithContext(context.WithValue(req.Context(), key, value)))
|
||||
}
|
||||
|
||||
// GetProjectManager tries to get project manager from request and returns it
|
||||
func GetProjectManager(req *http.Request) (promgr.ProjectManager, error) {
|
||||
if req == nil {
|
||||
return nil, fmt.Errorf("request is nil")
|
||||
}
|
||||
|
||||
pm := req.Context().Value(PmKey)
|
||||
if pm == nil {
|
||||
return nil, fmt.Errorf("the project manager got from request is nil")
|
||||
}
|
||||
|
||||
p, ok := pm.(promgr.ProjectManager)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("the variable got from request is not project manager type")
|
||||
}
|
||||
|
||||
return p, nil
|
||||
}
|
||||
|
@ -43,8 +43,6 @@ import (
|
||||
_ "github.com/goharbor/harbor/src/core/auth/db"
|
||||
_ "github.com/goharbor/harbor/src/core/auth/ldap"
|
||||
"github.com/goharbor/harbor/src/core/config"
|
||||
"github.com/goharbor/harbor/src/core/promgr"
|
||||
driver_local "github.com/goharbor/harbor/src/core/promgr/pmsdriver/local"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"github.com/goharbor/harbor/src/common"
|
||||
@ -85,7 +83,6 @@ func TestSecurityFilter(t *testing.T) {
|
||||
}
|
||||
SecurityFilter(ctx)
|
||||
assert.Nil(t, securityContext(ctx))
|
||||
assert.Nil(t, projectManager(ctx))
|
||||
|
||||
// the pattern of request needs security check
|
||||
req, err := http.NewRequest(http.MethodGet,
|
||||
@ -100,7 +97,6 @@ func TestSecurityFilter(t *testing.T) {
|
||||
}
|
||||
SecurityFilter(ctx)
|
||||
assert.NotNil(t, securityContext(ctx))
|
||||
assert.NotNil(t, projectManager(ctx))
|
||||
}
|
||||
|
||||
func TestConfigCtxModifier(t *testing.T) {
|
||||
@ -143,7 +139,6 @@ func TestSecretReqCtxModifier(t *testing.T) {
|
||||
assert.True(t, modified)
|
||||
assert.IsType(t, &secret.SecurityContext{},
|
||||
securityContext(ctx))
|
||||
assert.NotNil(t, projectManager(ctx))
|
||||
}
|
||||
|
||||
func TestOIDCCliReqCtxModifier(t *testing.T) {
|
||||
@ -301,7 +296,6 @@ func TestBasicAuthReqCtxModifier(t *testing.T) {
|
||||
assert.IsType(t, &local.SecurityContext{}, sc)
|
||||
s := sc.(security.Context)
|
||||
assert.Equal(t, "admin", s.GetUsername())
|
||||
assert.NotNil(t, projectManager(ctx))
|
||||
}
|
||||
|
||||
func TestSessionReqCtxModifier(t *testing.T) {
|
||||
@ -340,8 +334,6 @@ func TestSessionReqCtxModifier(t *testing.T) {
|
||||
s := sc.(security.Context)
|
||||
assert.Equal(t, "admin", s.GetUsername())
|
||||
assert.True(t, s.IsSysAdmin())
|
||||
assert.NotNil(t, projectManager(ctx))
|
||||
|
||||
}
|
||||
|
||||
func TestSessionReqCtxModifierFailed(t *testing.T) {
|
||||
@ -402,7 +394,6 @@ func TestUnauthorizedReqCtxModifier(t *testing.T) {
|
||||
assert.NotNil(t, sc)
|
||||
s := sc.(security.Context)
|
||||
assert.False(t, s.IsAuthenticated())
|
||||
assert.NotNil(t, projectManager(ctx))
|
||||
}
|
||||
|
||||
func newContext(req *http.Request) (*beegoctx.Context, error) {
|
||||
@ -443,40 +434,3 @@ func securityContext(ctx *beegoctx.Context) interface{} {
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func projectManager(ctx *beegoctx.Context) interface{} {
|
||||
if ctx.Request == nil {
|
||||
return nil
|
||||
}
|
||||
return ctx.Request.Context().Value(PmKey)
|
||||
}
|
||||
|
||||
func TestGetProjectManager(t *testing.T) {
|
||||
// nil request
|
||||
pm, err := GetProjectManager(nil)
|
||||
assert.NotNil(t, err)
|
||||
|
||||
// the request contains no project manager
|
||||
req, err := http.NewRequest("", "", nil)
|
||||
assert.Nil(t, err)
|
||||
pm, err = GetProjectManager(req)
|
||||
assert.NotNil(t, err)
|
||||
|
||||
// the request contains a variable which is not the correct type
|
||||
req, err = http.NewRequest("", "", nil)
|
||||
assert.Nil(t, err)
|
||||
req = req.WithContext(context.WithValue(req.Context(),
|
||||
PmKey, "test"))
|
||||
pm, err = GetProjectManager(req)
|
||||
assert.NotNil(t, err)
|
||||
|
||||
// the request contains a correct variable
|
||||
req, err = http.NewRequest("", "", nil)
|
||||
assert.Nil(t, err)
|
||||
req = req.WithContext(context.WithValue(req.Context(),
|
||||
PmKey, promgr.NewDefaultProjectManager(driver_local.NewDriver(), true)))
|
||||
pm, err = GetProjectManager(req)
|
||||
assert.Nil(t, err)
|
||||
_, ok := pm.(promgr.ProjectManager)
|
||||
assert.True(t, ok)
|
||||
}
|
||||
|
@ -26,7 +26,6 @@ import (
|
||||
"github.com/goharbor/harbor/src/common/security"
|
||||
"github.com/goharbor/harbor/src/common/utils/log"
|
||||
"github.com/goharbor/harbor/src/core/config"
|
||||
"github.com/goharbor/harbor/src/core/filter"
|
||||
"github.com/goharbor/harbor/src/core/promgr"
|
||||
)
|
||||
|
||||
@ -208,10 +207,7 @@ func (g generalCreator) Create(r *http.Request) (*models.Token, error) {
|
||||
return nil, fmt.Errorf("failed to get security context from request")
|
||||
}
|
||||
|
||||
pm, err := filter.GetProjectManager(r)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get project manager from request")
|
||||
}
|
||||
pm := config.GlobalProjectMgr
|
||||
|
||||
// for docker login
|
||||
if !ctx.IsAuthenticated() {
|
||||
|
Loading…
Reference in New Issue
Block a user