Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-30 14:13:43 +01:00
Code Issues Projects Releases Wiki Activity

Make sure middleware handle scanner-pull claim for v2token

Browse Source 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
Daniel Jiang 2020-04-05 01:10:45 +08:00
parent 08f9ffa000
commit e8f98259dd
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/common/security/v2token/context.go
View File

@ -24,7 +24,7 @@ type tokenSecurityCtx struct {
} }
func (t *tokenSecurityCtx) Name() string { func (t *tokenSecurityCtx) Name() string {
return "internal_token" return "v2token"
} }
func (t *tokenSecurityCtx) IsAuthenticated() bool { func (t *tokenSecurityCtx) IsAuthenticated() bool {

2
src/server/middleware/contenttrust/contenttrust.go
View File

@ -44,7 +44,7 @@ func Middleware() func(http.Handler) http.Handler {
securityCtx, ok := security.FromContext(ctx) securityCtx, ok := security.FromContext(ctx)
// only authenticated robot account with scanner pull access can bypass. // only authenticated robot account with scanner pull access can bypass.
if ok && securityCtx.IsAuthenticated() && if ok && securityCtx.IsAuthenticated() &&
securityCtx.Name() == "robot" && (securityCtx.Name() == "robot" || securityCtx.Name() == "v2token") &&
securityCtx.Can(rbac.ActionScannerPull, rbac.NewProjectNamespace(pro.ProjectID).Resource(rbac.ResourceRepository)) { securityCtx.Can(rbac.ActionScannerPull, rbac.NewProjectNamespace(pro.ProjectID).Resource(rbac.ResourceRepository)) {
// the artifact is pulling by the scanner, skip the checking // the artifact is pulling by the scanner, skip the checking
logger.Debugf("artifact %s@%s is pulling by the scanner, skip the checking", af.Repository, af.Digest) logger.Debugf("artifact %s@%s is pulling by the scanner, skip the checking", af.Repository, af.Digest)

2
src/server/middleware/vulnerable/vulnerable.go
View File

@ -73,7 +73,7 @@ func Middleware() func(http.Handler) http.Handler {
securityCtx, ok := security.FromContext(ctx) securityCtx, ok := security.FromContext(ctx)
if ok && if ok &&
securityCtx.Name() == "robot" && (securityCtx.Name() == "robot" || securityCtx.Name() == "v2token") &&
securityCtx.Can(rbac.ActionScannerPull, rbac.NewProjectNamespace(proj.ProjectID).Resource(rbac.ResourceRepository)) { securityCtx.Can(rbac.ActionScannerPull, rbac.NewProjectNamespace(proj.ProjectID).Resource(rbac.ResourceRepository)) {
// the artifact is pulling by the scanner, skip the checking // the artifact is pulling by the scanner, skip the checking
logger.Debugf("artifact %s@%s is pulling by the scanner, skip the checking", art.RepositoryName, art.Digest) logger.Debugf("artifact %s@%s is pulling by the scanner, skip the checking", art.RepositoryName, art.Digest)