Merge pull request #2923 from ywk253100/170728_registry

Remove useless insecure flag
2024-12-23 17:17:46 +01:00 · 2017-08-04 10:14:40 +08:00 · 2017-08-04 10:14:40 +08:00 · d5a6d25082
commit d5a6d25082
parent 1c3830086a 8963a15520
11 changed files with 64 additions and 63 deletions
--- a/src/common/utils/registry/auth/tokenauthorizer.go
+++ b/src/common/utils/registry/auth/tokenauthorizer.go
@ -253,13 +253,8 @@ func ping(client *http.Client, endpoint string) (string, string, error) {
 // NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token
 // from token server and add it to the origin request
 // If customizedTokenService is set, the token request will be sent to it instead of the server get from authorizer
-func NewStandardTokenAuthorizer(credential Credential, insecure bool,
+func NewStandardTokenAuthorizer(client *http.Client, credential Credential,
 	customizedTokenService ...string) registry.Modifier {
 	client := &http.Client{
 		Transport: registry.GetHTTPTransport(insecure),
 		Timeout:   30 * time.Second,
 	}
 	generator := &standardTokenGenerator{
 		credential: credential,
 		client:     client,
--- a/src/common/utils/registry/auth/tokenauthorizer_test.go
+++ b/src/common/utils/registry/auth/tokenauthorizer_test.go
@ -199,7 +199,7 @@ func TestModifyOfStandardTokenAuthorizer(t *testing.T) {
 	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/v2/", registryServer.URL), nil)
 	require.Nil(t, err)
-	authorizer := NewStandardTokenAuthorizer(nil, false)
+	authorizer := NewStandardTokenAuthorizer(http.DefaultClient, nil)
 	err = authorizer.Modify(req)
 	require.Nil(t, err)
--- a/src/common/utils/registry/registry.go
+++ b/src/common/utils/registry/registry.go
@ -33,9 +33,11 @@ type Registry struct {
 	client   *http.Client
 }
-var secureHTTPTransport, insecureHTTPTransport *http.Transport
+var defaultHTTPTransport, secureHTTPTransport, insecureHTTPTransport *http.Transport
 func init() {
 	defaultHTTPTransport = &http.Transport{}
 	secureHTTPTransport = &http.Transport{
 		TLSClientConfig: &tls.Config{
 			InsecureSkipVerify: false,
@ -49,8 +51,11 @@ func init() {
 }
 // GetHTTPTransport returns HttpTransport based on insecure configuration
-func GetHTTPTransport(insecure bool) *http.Transport {
+func GetHTTPTransport(insecure ...bool) *http.Transport {
-	if insecure {
+	if len(insecure) == 0 {
 		return defaultHTTPTransport
 	}
 	if insecure[0] {
 		return insecureHTTPTransport
 	}
 	return secureHTTPTransport
@ -71,19 +76,6 @@ func NewRegistry(endpoint string, client *http.Client) (*Registry, error) {
 	return registry, nil
 }
 // NewRegistryWithModifiers returns an instance of Registry according to the modifiers
 func NewRegistryWithModifiers(endpoint string, insecure bool, modifiers ...Modifier) (*Registry, error) {
 	transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
 	return NewRegistry(endpoint, &http.Client{
 		Transport: transport,
 		// If there are hunderds of repositories in docker registry,
 		// timeout option will abort HTTP request on getting catalog
 		// Timeout:   30 * time.Second,
 	})
 }
 // Catalog ...
 func (r *Registry) Catalog() ([]string, error) {
 	repos := []string{}
--- a/src/common/utils/registry/registry_test.go
+++ b/src/common/utils/registry/registry_test.go
@ -25,13 +25,6 @@ import (
 	"github.com/vmware/harbor/src/common/utils/test"
 )
 func TestNewRegistryWithModifiers(t *testing.T) {
 	_, err := NewRegistryWithModifiers("http://registry.org", false, nil)
 	if err != nil {
 		t.Errorf("fail to crearte client of registry: %v", err)
 	}
 }
 func TestPing(t *testing.T) {
 	server := test.NewServer(
 		&test.RequestHandlerMapping{
--- a/src/common/utils/registry/repository.go
+++ b/src/common/utils/registry/repository.go
@ -59,17 +59,6 @@ func NewRepository(name, endpoint string, client *http.Client) (*Repository, err
 	return repository, nil
 }
 // NewRepositoryWithModifiers returns an instance of Repository according to the modifiers
 func NewRepositoryWithModifiers(name, endpoint string, insecure bool, modifiers ...Modifier) (*Repository, error) {
 	transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
 	return NewRepository(name, endpoint, &http.Client{
 		Transport: transport,
 		//  for transferring large image, OS will handle i/o timeout
 		//	Timeout:   30 * time.Second,
 	})
 }
 func parseError(err error) error {
 	if urlErr, ok := err.(*url.Error); ok {
 		if regErr, ok := urlErr.Err.(*registry_error.HTTPError); ok {
--- a/src/common/utils/registry/repository_test.go
+++ b/src/common/utils/registry/repository_test.go
@ -43,14 +43,6 @@ var (
 	digest = "sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b"
 )
 func TestNewRepositoryWithModifiers(t *testing.T) {
 	_, err := NewRepositoryWithModifiers("library/ubuntu",
 		"http://registry.org", true, nil)
 	if err != nil {
 		t.Fatalf("failed to create client for repository: %v", err)
 	}
 }
 func TestBlobExist(t *testing.T) {
 	handler := func(w http.ResponseWriter, r *http.Request) {
 		path := r.URL.Path
--- a/src/jobservice/scan/handlers.go
+++ b/src/jobservice/scan/handlers.go
@ -19,12 +19,10 @@ import (
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/vmware/harbor/src/common/models"
 	"github.com/vmware/harbor/src/common/utils/clair"
 	"github.com/vmware/harbor/src/common/utils/registry/auth"
 	"github.com/vmware/harbor/src/jobservice/config"
 	"github.com/vmware/harbor/src/jobservice/utils"
 	"fmt"
 	"net/http"
 )
 // Initializer will handle the initialise state pull the manifest, prepare token.
@ -41,9 +39,7 @@ func (iz *Initializer) Enter() (string, error) {
 		logger.Errorf("Failed to read regURL, error: %v", err)
 		return "", err
 	}
-	c := &http.Cookie{Name: models.UISecretCookie, Value: config.JobserviceSecret()}
+	repoClient, err := utils.NewRepositoryClientForJobservice(iz.Context.Repository)
 	repoClient, err := utils.NewRepositoryClient(regURL, false, auth.NewCookieCredential(c),
 		config.InternalTokenServiceEndpoint(), iz.Context.Repository)
 	if err != nil {
 		logger.Errorf("An error occurred while creating repository client: %v", err)
 		return "", err
--- a/src/jobservice/utils/utils.go
+++ b/src/jobservice/utils/utils.go
@ -25,17 +25,51 @@ import (
 	"github.com/vmware/harbor/src/jobservice/config"
 )
-//NewRepositoryClient create a repository client with scope type "reopsitory" and scope as the repository it would access.
+// NewRepositoryClient creates a repository client with standard token authorizer
 func NewRepositoryClient(endpoint string, insecure bool, credential auth.Credential,
 	tokenServiceEndpoint, repository string) (*registry.Repository, error) {
-	authorizer := auth.NewStandardTokenAuthorizer(credential, insecure,
+
-		tokenServiceEndpoint)
+	transport := registry.GetHTTPTransport(insecure)
 	authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
 		Transport: transport,
 	}, credential, tokenServiceEndpoint)
 	uam := &userAgentModifier{
 		userAgent: "harbor-registry-client",
 	}
-	return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer, uam)
+	return registry.NewRepository(repository, endpoint, &http.Client{
 		Transport: registry.NewTransport(transport, authorizer, uam),
 	})
 }
 // NewRepositoryClientForJobservice creates a repository client that can only be used to
 // access the internal registry
 func NewRepositoryClientForJobservice(repository string) (*registry.Repository, error) {
 	endpoint, err := config.LocalRegURL()
 	if err != nil {
 		return nil, err
 	}
 	transport := registry.GetHTTPTransport()
 	credential := auth.NewCookieCredential(&http.Cookie{
 		Name:  models.UISecretCookie,
 		Value: config.JobserviceSecret(),
 	})
 	authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
 		Transport: transport,
 	}, credential, config.InternalTokenServiceEndpoint())
 	uam := &userAgentModifier{
 		userAgent: "harbor-registry-client",
 	}
 	return registry.NewRepository(repository, endpoint, &http.Client{
 		Transport: registry.NewTransport(transport, authorizer, uam),
 	})
 }
 type userAgentModifier struct {
--- a/src/ui/api/target.go
+++ b/src/ui/api/target.go
@ -345,9 +345,14 @@ func (t *TargetAPI) Delete() {
 }
 func newRegistryClient(endpoint string, insecure bool, username, password string) (*registry.Registry, error) {
 	transport := registry.GetHTTPTransport(insecure)
 	credential := auth.NewBasicAuthCredential(username, password)
-	authorizer := auth.NewStandardTokenAuthorizer(credential, insecure)
+	authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
-	return registry.NewRegistryWithModifiers(endpoint, insecure, authorizer)
+		Transport: transport,
 	}, credential)
 	return registry.NewRegistry(endpoint, &http.Client{
 		Transport: registry.NewTransport(transport, authorizer),
 	})
 }
 // ListPolicies ...
--- a/src/ui/api/utils.go
+++ b/src/ui/api/utils.go
@ -380,7 +380,9 @@ func initRegistryClient() (r *registry.Registry, err error) {
 	}
 	authorizer := auth.NewRawTokenAuthorizer("harbor-ui", token.Registry)
-	return registry.NewRegistryWithModifiers(endpoint, true, authorizer)
+	return registry.NewRegistry(endpoint, &http.Client{
 		Transport: registry.NewTransport(registry.GetHTTPTransport(), authorizer),
 	})
 }
 func buildReplicationURL() string {
--- a/src/ui/utils/utils.go
+++ b/src/ui/utils/utils.go
@ -130,7 +130,10 @@ func NewRepositoryClientForUI(username, repository string) (*registry.Repository
 		return nil, err
 	}
 	insecure := true
 	authorizer := auth.NewRawTokenAuthorizer(username, token.Registry)
-	return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer)
+	transport := registry.NewTransport(http.DefaultTransport, authorizer)
 	client := &http.Client{
 		Transport: transport,
 	}
 	return registry.NewRepository(repository, endpoint, client)
 }