Merge pull request #2923 from ywk253100/170728_registry

Remove useless insecure flag

src/common/utils/registry/auth/tokenauthorizer.go

@@ -253,13 +253,8 @@ func ping(client *http.Client, endpoint string) (string, string, error) {
 // NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token
 // from token server and add it to the origin request
 // If customizedTokenService is set, the token request will be sent to it instead of the server get from authorizer
-func NewStandardTokenAuthorizer(credential Credential, insecure bool,
+func NewStandardTokenAuthorizer(client *http.Client, credential Credential,
 	customizedTokenService ...string) registry.Modifier {
-	client := &http.Client{
-		Transport: registry.GetHTTPTransport(insecure),
-		Timeout:   30 * time.Second,
-	}
-
 	generator := &standardTokenGenerator{
 		credential: credential,
 		client:     client,

src/common/utils/registry/auth/tokenauthorizer_test.go

@@ -199,7 +199,7 @@ func TestModifyOfStandardTokenAuthorizer(t *testing.T) {
 	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/v2/", registryServer.URL), nil)
 	require.Nil(t, err)
 
-	authorizer := NewStandardTokenAuthorizer(nil, false)
+	authorizer := NewStandardTokenAuthorizer(http.DefaultClient, nil)
 
 	err = authorizer.Modify(req)
 	require.Nil(t, err)

src/common/utils/registry/registry.go

@@ -33,9 +33,11 @@ type Registry struct {
 	client   *http.Client
 }
 
-var secureHTTPTransport, insecureHTTPTransport *http.Transport
+var defaultHTTPTransport, secureHTTPTransport, insecureHTTPTransport *http.Transport
 
 func init() {
+	defaultHTTPTransport = &http.Transport{}
+
 	secureHTTPTransport = &http.Transport{
 		TLSClientConfig: &tls.Config{
 			InsecureSkipVerify: false,
@@ -49,8 +51,11 @@ func init() {
 }
 
 // GetHTTPTransport returns HttpTransport based on insecure configuration
-func GetHTTPTransport(insecure bool) *http.Transport {
-	if insecure {
+func GetHTTPTransport(insecure ...bool) *http.Transport {
+	if len(insecure) == 0 {
+		return defaultHTTPTransport
+	}
+	if insecure[0] {
 		return insecureHTTPTransport
 	}
 	return secureHTTPTransport
@@ -71,19 +76,6 @@ func NewRegistry(endpoint string, client *http.Client) (*Registry, error) {
 	return registry, nil
 }
 
-// NewRegistryWithModifiers returns an instance of Registry according to the modifiers
-func NewRegistryWithModifiers(endpoint string, insecure bool, modifiers ...Modifier) (*Registry, error) {
-
-	transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
-
-	return NewRegistry(endpoint, &http.Client{
-		Transport: transport,
-		// If there are hunderds of repositories in docker registry,
-		// timeout option will abort HTTP request on getting catalog
-		// Timeout:   30 * time.Second,
-	})
-}
-
 // Catalog ...
 func (r *Registry) Catalog() ([]string, error) {
 	repos := []string{}

src/common/utils/registry/registry_test.go

@@ -25,13 +25,6 @@ import (
 	"github.com/vmware/harbor/src/common/utils/test"
 )
 
-func TestNewRegistryWithModifiers(t *testing.T) {
-	_, err := NewRegistryWithModifiers("http://registry.org", false, nil)
-	if err != nil {
-		t.Errorf("fail to crearte client of registry: %v", err)
-	}
-}
-
 func TestPing(t *testing.T) {
 	server := test.NewServer(
 		&test.RequestHandlerMapping{

src/common/utils/registry/repository.go

@@ -59,17 +59,6 @@ func NewRepository(name, endpoint string, client *http.Client) (*Repository, err
 	return repository, nil
 }
 
-// NewRepositoryWithModifiers returns an instance of Repository according to the modifiers
-func NewRepositoryWithModifiers(name, endpoint string, insecure bool, modifiers ...Modifier) (*Repository, error) {
-
-	transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
-	return NewRepository(name, endpoint, &http.Client{
-		Transport: transport,
-		//  for transferring large image, OS will handle i/o timeout
-		//	Timeout:   30 * time.Second,
-	})
-}
-
 func parseError(err error) error {
 	if urlErr, ok := err.(*url.Error); ok {
 		if regErr, ok := urlErr.Err.(*registry_error.HTTPError); ok {

src/common/utils/registry/repository_test.go

@@ -43,14 +43,6 @@ var (
 	digest = "sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b"
 )
 
-func TestNewRepositoryWithModifiers(t *testing.T) {
-	_, err := NewRepositoryWithModifiers("library/ubuntu",
-		"http://registry.org", true, nil)
-	if err != nil {
-		t.Fatalf("failed to create client for repository: %v", err)
-	}
-}
-
 func TestBlobExist(t *testing.T) {
 	handler := func(w http.ResponseWriter, r *http.Request) {
 		path := r.URL.Path

src/jobservice/scan/handlers.go

@@ -19,12 +19,10 @@ import (
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/vmware/harbor/src/common/models"
 	"github.com/vmware/harbor/src/common/utils/clair"
-	"github.com/vmware/harbor/src/common/utils/registry/auth"
 	"github.com/vmware/harbor/src/jobservice/config"
 	"github.com/vmware/harbor/src/jobservice/utils"
 
 	"fmt"
-	"net/http"
 )
 
 // Initializer will handle the initialise state pull the manifest, prepare token.
@@ -41,9 +39,7 @@ func (iz *Initializer) Enter() (string, error) {
 		logger.Errorf("Failed to read regURL, error: %v", err)
 		return "", err
 	}
-	c := &http.Cookie{Name: models.UISecretCookie, Value: config.JobserviceSecret()}
-	repoClient, err := utils.NewRepositoryClient(regURL, false, auth.NewCookieCredential(c),
-		config.InternalTokenServiceEndpoint(), iz.Context.Repository)
+	repoClient, err := utils.NewRepositoryClientForJobservice(iz.Context.Repository)
 	if err != nil {
 		logger.Errorf("An error occurred while creating repository client: %v", err)
 		return "", err

src/jobservice/utils/utils.go

@@ -25,17 +25,51 @@ import (
 	"github.com/vmware/harbor/src/jobservice/config"
 )
 
-//NewRepositoryClient create a repository client with scope type "reopsitory" and scope as the repository it would access.
+// NewRepositoryClient creates a repository client with standard token authorizer
 func NewRepositoryClient(endpoint string, insecure bool, credential auth.Credential,
 	tokenServiceEndpoint, repository string) (*registry.Repository, error) {
-	authorizer := auth.NewStandardTokenAuthorizer(credential, insecure,
-		tokenServiceEndpoint)
+
+	transport := registry.GetHTTPTransport(insecure)
+
+	authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
+		Transport: transport,
+	}, credential, tokenServiceEndpoint)
 
 	uam := &userAgentModifier{
 		userAgent: "harbor-registry-client",
 	}
 
-	return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer, uam)
+	return registry.NewRepository(repository, endpoint, &http.Client{
+		Transport: registry.NewTransport(transport, authorizer, uam),
+	})
+}
+
+// NewRepositoryClientForJobservice creates a repository client that can only be used to
+// access the internal registry
+func NewRepositoryClientForJobservice(repository string) (*registry.Repository, error) {
+	endpoint, err := config.LocalRegURL()
+	if err != nil {
+		return nil, err
+	}
+
+	transport := registry.GetHTTPTransport()
+
+	credential := auth.NewCookieCredential(&http.Cookie{
+		Name:  models.UISecretCookie,
+		Value: config.JobserviceSecret(),
+	})
+
+	authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
+		Transport: transport,
+	}, credential, config.InternalTokenServiceEndpoint())
+
+	uam := &userAgentModifier{
+		userAgent: "harbor-registry-client",
+	}
+
+	return registry.NewRepository(repository, endpoint, &http.Client{
+		Transport: registry.NewTransport(transport, authorizer, uam),
+	})
 }
 
 type userAgentModifier struct {

src/ui/api/target.go

@@ -345,9 +345,14 @@ func (t *TargetAPI) Delete() {
 }
 
 func newRegistryClient(endpoint string, insecure bool, username, password string) (*registry.Registry, error) {
+	transport := registry.GetHTTPTransport(insecure)
 	credential := auth.NewBasicAuthCredential(username, password)
-	authorizer := auth.NewStandardTokenAuthorizer(credential, insecure)
-	return registry.NewRegistryWithModifiers(endpoint, insecure, authorizer)
+	authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
+		Transport: transport,
+	}, credential)
+	return registry.NewRegistry(endpoint, &http.Client{
+		Transport: registry.NewTransport(transport, authorizer),
+	})
 }
 
 // ListPolicies ...

src/ui/api/utils.go

@@ -380,7 +380,9 @@ func initRegistryClient() (r *registry.Registry, err error) {
 	}
 
 	authorizer := auth.NewRawTokenAuthorizer("harbor-ui", token.Registry)
-	return registry.NewRegistryWithModifiers(endpoint, true, authorizer)
+	return registry.NewRegistry(endpoint, &http.Client{
+		Transport: registry.NewTransport(registry.GetHTTPTransport(), authorizer),
+	})
 }
 
 func buildReplicationURL() string {

src/ui/utils/utils.go

@@ -130,7 +130,10 @@ func NewRepositoryClientForUI(username, repository string) (*registry.Repository
 		return nil, err
 	}
 
-	insecure := true
 	authorizer := auth.NewRawTokenAuthorizer(username, token.Registry)
-	return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer)
+	transport := registry.NewTransport(http.DefaultTransport, authorizer)
+	client := &http.Client{
+		Transport: transport,
+	}
+	return registry.NewRepository(repository, endpoint, client)
 }