mirror of https://github.com/goharbor/harbor.git
Merge branch 'main' into 24apr19_set_default_capabilities
This commit is contained in:
commit
d365a02b8d
|
@ -70,10 +70,11 @@ const (
|
|||
artfiactKey = "artifact"
|
||||
registrationKey = "registration"
|
||||
|
||||
artifactIDKey = "artifact_id"
|
||||
artifactTagKey = "artifact_tag"
|
||||
reportUUIDsKey = "report_uuids"
|
||||
robotIDKey = "robot_id"
|
||||
artifactIDKey = "artifact_id"
|
||||
artifactTagKey = "artifact_tag"
|
||||
reportUUIDsKey = "report_uuids"
|
||||
robotIDKey = "robot_id"
|
||||
enabledCapabilities = "enabled_capabilities"
|
||||
)
|
||||
|
||||
// uuidGenerator is a func template which is for generating UUID.
|
||||
|
@ -317,6 +318,9 @@ func (bc *basicController) Scan(ctx context.Context, artifact *ar.Artifact, opti
|
|||
"id": r.ID,
|
||||
"name": r.Name,
|
||||
},
|
||||
enabledCapabilities: map[string]interface{}{
|
||||
"type": opts.GetScanType(),
|
||||
},
|
||||
}
|
||||
if op := operator.FromContext(ctx); op != "" {
|
||||
extraAttrs["operator"] = op
|
||||
|
|
|
@ -907,7 +907,7 @@ export class ArtifactListTabComponent implements OnInit, OnDestroy {
|
|||
this.scanStoppedArtifactLength += 1;
|
||||
// all selected scan action has stopped
|
||||
if (this.scanStoppedArtifactLength === this.onStopScanArtifactsLength) {
|
||||
this.onSendingScanCommand = e;
|
||||
this.onSendingStopScanCommand = e;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -923,7 +923,7 @@ export class ArtifactListTabComponent implements OnInit, OnDestroy {
|
|||
this.sbomStoppedArtifactLength += 1;
|
||||
// all selected scan action has stopped
|
||||
if (this.sbomStoppedArtifactLength === this.onStopSbomArtifactsLength) {
|
||||
this.onSendingSbomCommand = e;
|
||||
this.onSendingStopSbomCommand = e;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -28,6 +28,7 @@ import (
|
|||
"github.com/goharbor/harbor/src/controller/proxy"
|
||||
"github.com/goharbor/harbor/src/controller/registry"
|
||||
"github.com/goharbor/harbor/src/lib"
|
||||
"github.com/goharbor/harbor/src/lib/config"
|
||||
"github.com/goharbor/harbor/src/lib/errors"
|
||||
httpLib "github.com/goharbor/harbor/src/lib/http"
|
||||
"github.com/goharbor/harbor/src/lib/log"
|
||||
|
@ -259,16 +260,21 @@ func setHeaders(w http.ResponseWriter, size int64, mediaType string, dig string)
|
|||
}
|
||||
|
||||
// isProxySession check if current security context is proxy session
|
||||
func isProxySession(ctx context.Context) bool {
|
||||
func isProxySession(ctx context.Context, projectName string) bool {
|
||||
sc, ok := security.FromContext(ctx)
|
||||
if !ok {
|
||||
log.Error("Failed to get security context")
|
||||
return false
|
||||
}
|
||||
if sc.GetUsername() == proxycachesecret.ProxyCacheService {
|
||||
username := sc.GetUsername()
|
||||
if username == proxycachesecret.ProxyCacheService {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
// it should include the auto generate SBOM session, so that it could generate SBOM accessory in proxy cache project
|
||||
robotPrefix := config.RobotPrefix(ctx)
|
||||
scannerPrefix := config.ScannerRobotPrefix(ctx)
|
||||
prefix := fmt.Sprintf("%s%s+%s", robotPrefix, projectName, scannerPrefix)
|
||||
return strings.HasPrefix(username, prefix)
|
||||
}
|
||||
|
||||
// DisableBlobAndManifestUploadMiddleware disable push artifact to a proxy project with a non-proxy session
|
||||
|
@ -281,7 +287,7 @@ func DisableBlobAndManifestUploadMiddleware() func(http.Handler) http.Handler {
|
|||
httpLib.SendError(w, err)
|
||||
return
|
||||
}
|
||||
if p.IsProxy() && !isProxySession(ctx) {
|
||||
if p.IsProxy() && !isProxySession(ctx, art.ProjectName) {
|
||||
httpLib.SendError(w,
|
||||
errors.DeniedError(
|
||||
errors.Errorf("can not push artifact to a proxy project: %v", p.Name)))
|
||||
|
|
|
@ -18,7 +18,9 @@ import (
|
|||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
"github.com/goharbor/harbor/src/common/security"
|
||||
"github.com/goharbor/harbor/src/common/security/local"
|
||||
"github.com/goharbor/harbor/src/common/security/proxycachesecret"
|
||||
securitySecret "github.com/goharbor/harbor/src/common/security/secret"
|
||||
)
|
||||
|
@ -29,6 +31,19 @@ func TestIsProxySession(t *testing.T) {
|
|||
|
||||
sc2 := proxycachesecret.NewSecurityContext("library/hello-world")
|
||||
proxyCtx := security.NewContext(context.Background(), sc2)
|
||||
|
||||
user := &models.User{
|
||||
Username: "robot$library+scanner-8ec3b47a-fd29-11ee-9681-0242c0a87009",
|
||||
}
|
||||
userSc := local.NewSecurityContext(user)
|
||||
scannerCtx := security.NewContext(context.Background(), userSc)
|
||||
|
||||
otherRobot := &models.User{
|
||||
Username: "robot$library+test-8ec3b47a-fd29-11ee-9681-0242c0a87009",
|
||||
}
|
||||
userSc2 := local.NewSecurityContext(otherRobot)
|
||||
nonScannerCtx := security.NewContext(context.Background(), userSc2)
|
||||
|
||||
cases := []struct {
|
||||
name string
|
||||
in context.Context
|
||||
|
@ -44,15 +59,24 @@ func TestIsProxySession(t *testing.T) {
|
|||
in: proxyCtx,
|
||||
want: true,
|
||||
},
|
||||
{
|
||||
name: `robot account`,
|
||||
in: scannerCtx,
|
||||
want: true,
|
||||
},
|
||||
{
|
||||
name: `non scanner robot`,
|
||||
in: nonScannerCtx,
|
||||
want: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range cases {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
got := isProxySession(tt.in)
|
||||
got := isProxySession(tt.in, "library")
|
||||
if got != tt.want {
|
||||
t.Errorf(`(%v) = %v; want "%v"`, tt.in, got, tt.want)
|
||||
}
|
||||
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue