mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-23 09:08:26 +01:00
Merge pull request #2923 from ywk253100/170728_registry
Remove useless insecure flag
This commit is contained in:
commit
d5a6d25082
@ -253,13 +253,8 @@ func ping(client *http.Client, endpoint string) (string, string, error) {
|
||||
// NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token
|
||||
// from token server and add it to the origin request
|
||||
// If customizedTokenService is set, the token request will be sent to it instead of the server get from authorizer
|
||||
func NewStandardTokenAuthorizer(credential Credential, insecure bool,
|
||||
func NewStandardTokenAuthorizer(client *http.Client, credential Credential,
|
||||
customizedTokenService ...string) registry.Modifier {
|
||||
client := &http.Client{
|
||||
Transport: registry.GetHTTPTransport(insecure),
|
||||
Timeout: 30 * time.Second,
|
||||
}
|
||||
|
||||
generator := &standardTokenGenerator{
|
||||
credential: credential,
|
||||
client: client,
|
||||
|
@ -199,7 +199,7 @@ func TestModifyOfStandardTokenAuthorizer(t *testing.T) {
|
||||
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/v2/", registryServer.URL), nil)
|
||||
require.Nil(t, err)
|
||||
|
||||
authorizer := NewStandardTokenAuthorizer(nil, false)
|
||||
authorizer := NewStandardTokenAuthorizer(http.DefaultClient, nil)
|
||||
|
||||
err = authorizer.Modify(req)
|
||||
require.Nil(t, err)
|
||||
|
@ -33,9 +33,11 @@ type Registry struct {
|
||||
client *http.Client
|
||||
}
|
||||
|
||||
var secureHTTPTransport, insecureHTTPTransport *http.Transport
|
||||
var defaultHTTPTransport, secureHTTPTransport, insecureHTTPTransport *http.Transport
|
||||
|
||||
func init() {
|
||||
defaultHTTPTransport = &http.Transport{}
|
||||
|
||||
secureHTTPTransport = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: false,
|
||||
@ -49,8 +51,11 @@ func init() {
|
||||
}
|
||||
|
||||
// GetHTTPTransport returns HttpTransport based on insecure configuration
|
||||
func GetHTTPTransport(insecure bool) *http.Transport {
|
||||
if insecure {
|
||||
func GetHTTPTransport(insecure ...bool) *http.Transport {
|
||||
if len(insecure) == 0 {
|
||||
return defaultHTTPTransport
|
||||
}
|
||||
if insecure[0] {
|
||||
return insecureHTTPTransport
|
||||
}
|
||||
return secureHTTPTransport
|
||||
@ -71,19 +76,6 @@ func NewRegistry(endpoint string, client *http.Client) (*Registry, error) {
|
||||
return registry, nil
|
||||
}
|
||||
|
||||
// NewRegistryWithModifiers returns an instance of Registry according to the modifiers
|
||||
func NewRegistryWithModifiers(endpoint string, insecure bool, modifiers ...Modifier) (*Registry, error) {
|
||||
|
||||
transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
|
||||
|
||||
return NewRegistry(endpoint, &http.Client{
|
||||
Transport: transport,
|
||||
// If there are hunderds of repositories in docker registry,
|
||||
// timeout option will abort HTTP request on getting catalog
|
||||
// Timeout: 30 * time.Second,
|
||||
})
|
||||
}
|
||||
|
||||
// Catalog ...
|
||||
func (r *Registry) Catalog() ([]string, error) {
|
||||
repos := []string{}
|
||||
|
@ -25,13 +25,6 @@ import (
|
||||
"github.com/vmware/harbor/src/common/utils/test"
|
||||
)
|
||||
|
||||
func TestNewRegistryWithModifiers(t *testing.T) {
|
||||
_, err := NewRegistryWithModifiers("http://registry.org", false, nil)
|
||||
if err != nil {
|
||||
t.Errorf("fail to crearte client of registry: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPing(t *testing.T) {
|
||||
server := test.NewServer(
|
||||
&test.RequestHandlerMapping{
|
||||
|
@ -59,17 +59,6 @@ func NewRepository(name, endpoint string, client *http.Client) (*Repository, err
|
||||
return repository, nil
|
||||
}
|
||||
|
||||
// NewRepositoryWithModifiers returns an instance of Repository according to the modifiers
|
||||
func NewRepositoryWithModifiers(name, endpoint string, insecure bool, modifiers ...Modifier) (*Repository, error) {
|
||||
|
||||
transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
|
||||
return NewRepository(name, endpoint, &http.Client{
|
||||
Transport: transport,
|
||||
// for transferring large image, OS will handle i/o timeout
|
||||
// Timeout: 30 * time.Second,
|
||||
})
|
||||
}
|
||||
|
||||
func parseError(err error) error {
|
||||
if urlErr, ok := err.(*url.Error); ok {
|
||||
if regErr, ok := urlErr.Err.(*registry_error.HTTPError); ok {
|
||||
|
@ -43,14 +43,6 @@ var (
|
||||
digest = "sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b"
|
||||
)
|
||||
|
||||
func TestNewRepositoryWithModifiers(t *testing.T) {
|
||||
_, err := NewRepositoryWithModifiers("library/ubuntu",
|
||||
"http://registry.org", true, nil)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create client for repository: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBlobExist(t *testing.T) {
|
||||
handler := func(w http.ResponseWriter, r *http.Request) {
|
||||
path := r.URL.Path
|
||||
|
@ -19,12 +19,10 @@ import (
|
||||
"github.com/docker/distribution/manifest/schema2"
|
||||
"github.com/vmware/harbor/src/common/models"
|
||||
"github.com/vmware/harbor/src/common/utils/clair"
|
||||
"github.com/vmware/harbor/src/common/utils/registry/auth"
|
||||
"github.com/vmware/harbor/src/jobservice/config"
|
||||
"github.com/vmware/harbor/src/jobservice/utils"
|
||||
|
||||
"fmt"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// Initializer will handle the initialise state pull the manifest, prepare token.
|
||||
@ -41,9 +39,7 @@ func (iz *Initializer) Enter() (string, error) {
|
||||
logger.Errorf("Failed to read regURL, error: %v", err)
|
||||
return "", err
|
||||
}
|
||||
c := &http.Cookie{Name: models.UISecretCookie, Value: config.JobserviceSecret()}
|
||||
repoClient, err := utils.NewRepositoryClient(regURL, false, auth.NewCookieCredential(c),
|
||||
config.InternalTokenServiceEndpoint(), iz.Context.Repository)
|
||||
repoClient, err := utils.NewRepositoryClientForJobservice(iz.Context.Repository)
|
||||
if err != nil {
|
||||
logger.Errorf("An error occurred while creating repository client: %v", err)
|
||||
return "", err
|
||||
|
@ -25,17 +25,51 @@ import (
|
||||
"github.com/vmware/harbor/src/jobservice/config"
|
||||
)
|
||||
|
||||
//NewRepositoryClient create a repository client with scope type "reopsitory" and scope as the repository it would access.
|
||||
// NewRepositoryClient creates a repository client with standard token authorizer
|
||||
func NewRepositoryClient(endpoint string, insecure bool, credential auth.Credential,
|
||||
tokenServiceEndpoint, repository string) (*registry.Repository, error) {
|
||||
authorizer := auth.NewStandardTokenAuthorizer(credential, insecure,
|
||||
tokenServiceEndpoint)
|
||||
|
||||
transport := registry.GetHTTPTransport(insecure)
|
||||
|
||||
authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
|
||||
Transport: transport,
|
||||
}, credential, tokenServiceEndpoint)
|
||||
|
||||
uam := &userAgentModifier{
|
||||
userAgent: "harbor-registry-client",
|
||||
}
|
||||
|
||||
return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer, uam)
|
||||
return registry.NewRepository(repository, endpoint, &http.Client{
|
||||
Transport: registry.NewTransport(transport, authorizer, uam),
|
||||
})
|
||||
}
|
||||
|
||||
// NewRepositoryClientForJobservice creates a repository client that can only be used to
|
||||
// access the internal registry
|
||||
func NewRepositoryClientForJobservice(repository string) (*registry.Repository, error) {
|
||||
endpoint, err := config.LocalRegURL()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
transport := registry.GetHTTPTransport()
|
||||
|
||||
credential := auth.NewCookieCredential(&http.Cookie{
|
||||
Name: models.UISecretCookie,
|
||||
Value: config.JobserviceSecret(),
|
||||
})
|
||||
|
||||
authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
|
||||
Transport: transport,
|
||||
}, credential, config.InternalTokenServiceEndpoint())
|
||||
|
||||
uam := &userAgentModifier{
|
||||
userAgent: "harbor-registry-client",
|
||||
}
|
||||
|
||||
return registry.NewRepository(repository, endpoint, &http.Client{
|
||||
Transport: registry.NewTransport(transport, authorizer, uam),
|
||||
})
|
||||
}
|
||||
|
||||
type userAgentModifier struct {
|
||||
|
@ -345,9 +345,14 @@ func (t *TargetAPI) Delete() {
|
||||
}
|
||||
|
||||
func newRegistryClient(endpoint string, insecure bool, username, password string) (*registry.Registry, error) {
|
||||
transport := registry.GetHTTPTransport(insecure)
|
||||
credential := auth.NewBasicAuthCredential(username, password)
|
||||
authorizer := auth.NewStandardTokenAuthorizer(credential, insecure)
|
||||
return registry.NewRegistryWithModifiers(endpoint, insecure, authorizer)
|
||||
authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
|
||||
Transport: transport,
|
||||
}, credential)
|
||||
return registry.NewRegistry(endpoint, &http.Client{
|
||||
Transport: registry.NewTransport(transport, authorizer),
|
||||
})
|
||||
}
|
||||
|
||||
// ListPolicies ...
|
||||
|
@ -380,7 +380,9 @@ func initRegistryClient() (r *registry.Registry, err error) {
|
||||
}
|
||||
|
||||
authorizer := auth.NewRawTokenAuthorizer("harbor-ui", token.Registry)
|
||||
return registry.NewRegistryWithModifiers(endpoint, true, authorizer)
|
||||
return registry.NewRegistry(endpoint, &http.Client{
|
||||
Transport: registry.NewTransport(registry.GetHTTPTransport(), authorizer),
|
||||
})
|
||||
}
|
||||
|
||||
func buildReplicationURL() string {
|
||||
|
@ -130,7 +130,10 @@ func NewRepositoryClientForUI(username, repository string) (*registry.Repository
|
||||
return nil, err
|
||||
}
|
||||
|
||||
insecure := true
|
||||
authorizer := auth.NewRawTokenAuthorizer(username, token.Registry)
|
||||
return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer)
|
||||
transport := registry.NewTransport(http.DefaultTransport, authorizer)
|
||||
client := &http.Client{
|
||||
Transport: transport,
|
||||
}
|
||||
return registry.NewRepository(repository, endpoint, client)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user