fix(replication): refactor quay adapter to fix authorization and support quay.io and enterprise quay (#10317)

Signed-off-by: chlins <chlins.zhang@gmail.com>
This commit is contained in:
chlins 2020-01-13 15:15:02 +08:00
parent 6b9929d848
commit b765cfe0ce
10 changed files with 125 additions and 45 deletions

View File

@ -111,4 +111,7 @@ BEGIN
END $$; END $$;
ALTER TABLE schedule DROP COLUMN IF EXISTS job_id; ALTER TABLE schedule DROP COLUMN IF EXISTS job_id;
ALTER TABLE schedule DROP COLUMN IF EXISTS status; ALTER TABLE schedule DROP COLUMN IF EXISTS status;
/*replication quay.io update vendor type*/
UPDATE registry SET type = 'quay' WHERE type = 'quay-io';

View File

@ -45,7 +45,7 @@ import (
// register the Jfrog Artifactory adapter // register the Jfrog Artifactory adapter
_ "github.com/goharbor/harbor/src/replication/adapter/jfrog" _ "github.com/goharbor/harbor/src/replication/adapter/jfrog"
// register the Quay.io adapter // register the Quay.io adapter
_ "github.com/goharbor/harbor/src/replication/adapter/quayio" _ "github.com/goharbor/harbor/src/replication/adapter/quay"
// register the Helm Hub adapter // register the Helm Hub adapter
_ "github.com/goharbor/harbor/src/replication/adapter/helmhub" _ "github.com/goharbor/harbor/src/replication/adapter/helmhub"
// register the GitLab adapter // register the GitLab adapter

View File

@ -1,14 +1,17 @@
package quayio package quay
import ( import (
"bytes" "bytes"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"io"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"strings" "strings"
"github.com/goharbor/harbor/src/pkg/registry/auth/basic"
common_http "github.com/goharbor/harbor/src/common/http" common_http "github.com/goharbor/harbor/src/common/http"
"github.com/goharbor/harbor/src/common/http/modifier" "github.com/goharbor/harbor/src/common/http/modifier"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
@ -25,31 +28,51 @@ var (
type adapter struct { type adapter struct {
*native.Adapter *native.Adapter
registry *model.Registry autoCreateNs bool
client *common_http.Client registry *model.Registry
client *common_http.Client
} }
func init() { func init() {
err := adp.RegisterFactory(model.RegistryTypeQuayio, new(factory)) err := adp.RegisterFactory(model.RegistryTypeQuay, new(factory))
if err != nil { if err != nil {
log.Errorf("failed to register factory for Quay.io: %v", err) log.Errorf("failed to register factory for Quay: %v", err)
return return
} }
log.Infof("the factory of Quay.io adapter was registered") log.Infof("the factory of Quay adapter was registered")
} }
func newAdapter(registry *model.Registry) (*adapter, error) { func newAdapter(registry *model.Registry) (*adapter, error) {
modifiers := []modifier.Modifier{} var modifiers []modifier.Modifier
var authorizer modifier.Modifier
if registry.Credential != nil && len(registry.Credential.AccessKey) != 0 { var (
authorizer = NewAPIKeyAuthorizer("Authorization", fmt.Sprintf("Bearer %s", registry.Credential.AccessKey), APIKeyInHeader) autoCreateNs bool
basicAuthorizer, apiKeyAuthorizer modifier.Modifier
)
if registry.Credential != nil && len(registry.Credential.AccessSecret) != 0 {
var jsonCred cred
err := json.Unmarshal([]byte(registry.Credential.AccessSecret), &jsonCred)
if err != nil {
return nil, err
}
basicAuthorizer = basic.NewAuthorizer(jsonCred.AccountName, jsonCred.DockerCliPassword)
if len(jsonCred.OAuth2Token) != 0 {
autoCreateNs = true
apiKeyAuthorizer = NewAPIKeyAuthorizer("Authorization", fmt.Sprintf("Bearer %s", jsonCred.OAuth2Token), APIKeyInHeader)
}
} }
if authorizer != nil {
modifiers = append(modifiers, authorizer) nativeRegistryAdapter := native.NewAdapterWithAuthorizer(registry, basicAuthorizer)
if apiKeyAuthorizer != nil {
modifiers = append(modifiers, apiKeyAuthorizer)
} }
return &adapter{ return &adapter{
Adapter: native.NewAdapterWithAuthorizer(registry, authorizer), Adapter: nativeRegistryAdapter,
registry: registry, autoCreateNs: autoCreateNs,
registry: registry,
client: common_http.NewClient( client: common_http.NewClient(
&http.Client{ &http.Client{
Transport: util.GetHTTPTransport(registry.Insecure), Transport: util.GetHTTPTransport(registry.Insecure),
@ -69,13 +92,22 @@ func (f *factory) Create(r *model.Registry) (adp.Adapter, error) {
// AdapterPattern ... // AdapterPattern ...
func (f *factory) AdapterPattern() *model.AdapterPattern { func (f *factory) AdapterPattern() *model.AdapterPattern {
return nil info := &model.AdapterPattern{
EndpointPattern: model.NewDefaultEndpointPattern(),
CredentialPattern: &model.CredentialPattern{
AccessKeyType: model.AccessKeyTypeFix,
AccessKeyData: "json_file",
AccessSecretType: model.AccessSecretTypeFile,
AccessSecretData: "",
},
}
return info
} }
// Info returns information of the registry // Info returns information of the registry
func (a *adapter) Info() (*model.RegistryInfo, error) { func (a *adapter) Info() (*model.RegistryInfo, error) {
return &model.RegistryInfo{ return &model.RegistryInfo{
Type: model.RegistryTypeQuayio, Type: model.RegistryTypeQuay,
SupportedResourceTypes: []model.ResourceType{ SupportedResourceTypes: []model.ResourceType{
model.ResourceTypeImage, model.ResourceTypeImage,
}, },
@ -109,6 +141,9 @@ func (a *adapter) HealthCheck() (model.HealthStatus, error) {
// PrepareForPush does the prepare work that needed for pushing/uploading the resource // PrepareForPush does the prepare work that needed for pushing/uploading the resource
// eg: create the namespace or repository // eg: create the namespace or repository
func (a *adapter) PrepareForPush(resources []*model.Resource) error { func (a *adapter) PrepareForPush(resources []*model.Resource) error {
if !a.autoCreateNs {
return nil
}
namespaces := []string{} namespaces := []string{}
for _, resource := range resources { for _, resource := range resources {
if resource == nil { if resource == nil {
@ -133,14 +168,14 @@ func (a *adapter) PrepareForPush(resources []*model.Resource) error {
Name: namespace, Name: namespace,
}) })
if err != nil { if err != nil {
return fmt.Errorf("create namespace '%s' in Quay.io error: %v", namespace, err) return fmt.Errorf("create namespace '%s' in Quay error: %v", namespace, err)
} }
log.Debugf("namespace %s created", namespace) log.Debugf("namespace %s created", namespace)
} }
return nil return nil
} }
// createNamespace creates a new namespace in Quay.io // createNamespace creates a new namespace in Quay
func (a *adapter) createNamespace(namespace *model.Namespace) error { func (a *adapter) createNamespace(namespace *model.Namespace) error {
ns, err := a.getNamespace(namespace.Name) ns, err := a.getNamespace(namespace.Name)
if err != nil { if err != nil {
@ -149,24 +184,25 @@ func (a *adapter) createNamespace(namespace *model.Namespace) error {
// If the namespace already exist, return succeeded directly. // If the namespace already exist, return succeeded directly.
if ns != nil { if ns != nil {
log.Infof("Namespace %s already exist in Quay.io, skip it.", namespace.Name) log.Infof("Namespace %s already exist in Quay, skip it.", namespace.Name)
return nil return nil
} }
org := &orgCreate{ org := &orgCreate{
Name: namespace.Name, Name: namespace.Name,
Email: namespace.GetStringMetadata("email", namespace.Name), Email: fmt.Sprintf("%s@quay.io", namespace.Name),
} }
b, err := json.Marshal(org) b, err := json.Marshal(org)
if err != nil { if err != nil {
return err return err
} }
req, err := http.NewRequest(http.MethodPost, buildOrgURL(""), bytes.NewReader(b)) req, err := http.NewRequest(http.MethodPost, buildOrgURL(a.registry.URL, ""), bytes.NewBuffer(b))
if err != nil { if err != nil {
return err return err
} }
req.Header.Set("Content-Type", "application/json")
resp, err := a.client.Do(req) resp, err := a.client.Do(req)
if err != nil { if err != nil {
return err return err
@ -185,9 +221,9 @@ func (a *adapter) createNamespace(namespace *model.Namespace) error {
return fmt.Errorf("%d -- %s", resp.StatusCode, body) return fmt.Errorf("%d -- %s", resp.StatusCode, body)
} }
// getNamespace get namespace from Quay.io, if the namespace not found, two nil would be returned. // getNamespace get namespace from Quay, if the namespace not found, two nil would be returned.
func (a *adapter) getNamespace(namespace string) (*model.Namespace, error) { func (a *adapter) getNamespace(namespace string) (*model.Namespace, error) {
req, err := http.NewRequest(http.MethodGet, buildOrgURL(namespace), nil) req, err := http.NewRequest(http.MethodGet, buildOrgURL(a.registry.URL, namespace), nil)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -216,3 +252,35 @@ func (a *adapter) getNamespace(namespace string) (*model.Namespace, error) {
Name: namespace, Name: namespace,
}, nil }, nil
} }
// PushManifest ...
func (a *adapter) PushManifest(repository, reference, mediaType string, payload []byte) (string, error) {
digest, err := a.Adapter.PushManifest(repository, reference, mediaType, payload)
if err != nil {
if comErr, ok := err.(*common_http.Error); ok {
if comErr.Code == http.StatusAccepted {
return digest, nil
}
}
}
return digest, err
}
// PullBlob ...
func (a *adapter) PullBlob(repository, digest string) (size int64, blob io.ReadCloser, err error) {
size, blob, err = a.Adapter.PullBlob(repository, digest)
if err != nil && blob != nil {
if size == 0 {
var data []byte
defer blob.Close()
data, err = ioutil.ReadAll(blob)
if err != nil {
return
}
size = int64(len(data))
blob = ioutil.NopCloser(bytes.NewReader(data))
return size, blob, nil
}
}
return
}

View File

@ -1,4 +1,4 @@
package quayio package quay
import ( import (
"testing" "testing"
@ -9,9 +9,9 @@ import (
) )
func getMockAdapter(t *testing.T) adp.Adapter { func getMockAdapter(t *testing.T) adp.Adapter {
factory, _ := adp.GetFactory(model.RegistryTypeQuayio) factory, _ := adp.GetFactory(model.RegistryTypeQuay)
adapter, err := factory.Create(&model.Registry{ adapter, err := factory.Create(&model.Registry{
Type: model.RegistryTypeQuayio, Type: model.RegistryTypeQuay,
URL: "https://quay.io", URL: "https://quay.io",
}) })
assert.Nil(t, err) assert.Nil(t, err)
@ -22,7 +22,7 @@ func TestAdapter_NewAdapter(t *testing.T) {
assert.Nil(t, factory) assert.Nil(t, factory)
assert.NotNil(t, err) assert.NotNil(t, err)
factory, err = adp.GetFactory(model.RegistryTypeQuayio) factory, err = adp.GetFactory(model.RegistryTypeQuay)
assert.Nil(t, err) assert.Nil(t, err)
assert.NotNil(t, factory) assert.NotNil(t, factory)
} }

View File

@ -1,4 +1,4 @@
package quayio package quay
import ( import (
"fmt" "fmt"

View File

@ -1,4 +1,4 @@
package quayio package quay
import ( import (
"net/http" "net/http"

View File

@ -0,0 +1,21 @@
package quay
import (
"fmt"
"strings"
)
type cred struct {
OAuth2Token string `json:"oauth2_token"`
AccountName string `json:"account_name"`
DockerCliPassword string `json:"docker_cli_password"`
}
type orgCreate struct {
Name string `json:"name"`
Email string `json:"email"`
}
func buildOrgURL(endpoint, orgName string) string {
return fmt.Sprintf("%s/api/v1/organization/%s", strings.TrimRight(endpoint, "/"), orgName)
}

View File

@ -1,12 +0,0 @@
package quayio
import "fmt"
type orgCreate struct {
Name string `json:"name"`
Email string `json:"email"`
}
func buildOrgURL(orgName string) string {
return fmt.Sprintf("https://quay.io/api/v1/organization/%s", orgName)
}

View File

@ -29,7 +29,7 @@ const (
RegistryTypeAzureAcr RegistryType = "azure-acr" RegistryTypeAzureAcr RegistryType = "azure-acr"
RegistryTypeAliAcr RegistryType = "ali-acr" RegistryTypeAliAcr RegistryType = "ali-acr"
RegistryTypeJfrogArtifactory RegistryType = "jfrog-artifactory" RegistryTypeJfrogArtifactory RegistryType = "jfrog-artifactory"
RegistryTypeQuayio RegistryType = "quay-io" RegistryTypeQuay RegistryType = "quay"
RegistryTypeGitLab RegistryType = "gitlab" RegistryTypeGitLab RegistryType = "gitlab"
RegistryTypeHelmHub RegistryType = "helm-hub" RegistryTypeHelmHub RegistryType = "helm-hub"

View File

@ -46,7 +46,7 @@ import (
// register the Jfrog Artifactory adapter // register the Jfrog Artifactory adapter
_ "github.com/goharbor/harbor/src/replication/adapter/jfrog" _ "github.com/goharbor/harbor/src/replication/adapter/jfrog"
// register the Quay.io adapter // register the Quay.io adapter
_ "github.com/goharbor/harbor/src/replication/adapter/quayio" _ "github.com/goharbor/harbor/src/replication/adapter/quay"
// register the Helm Hub adapter // register the Helm Hub adapter
_ "github.com/goharbor/harbor/src/replication/adapter/helmhub" _ "github.com/goharbor/harbor/src/replication/adapter/helmhub"
// register the GitLab adapter // register the GitLab adapter