mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-27 20:59:10 +01:00
Make sure middleware handle scanner-pull claim for v2token
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
08f9ffa000
commit
e8f98259dd
@ -24,7 +24,7 @@ type tokenSecurityCtx struct {
|
||||
}
|
||||
|
||||
func (t *tokenSecurityCtx) Name() string {
|
||||
return "internal_token"
|
||||
return "v2token"
|
||||
}
|
||||
|
||||
func (t *tokenSecurityCtx) IsAuthenticated() bool {
|
||||
|
@ -44,7 +44,7 @@ func Middleware() func(http.Handler) http.Handler {
|
||||
securityCtx, ok := security.FromContext(ctx)
|
||||
// only authenticated robot account with scanner pull access can bypass.
|
||||
if ok && securityCtx.IsAuthenticated() &&
|
||||
securityCtx.Name() == "robot" &&
|
||||
(securityCtx.Name() == "robot" || securityCtx.Name() == "v2token") &&
|
||||
securityCtx.Can(rbac.ActionScannerPull, rbac.NewProjectNamespace(pro.ProjectID).Resource(rbac.ResourceRepository)) {
|
||||
// the artifact is pulling by the scanner, skip the checking
|
||||
logger.Debugf("artifact %s@%s is pulling by the scanner, skip the checking", af.Repository, af.Digest)
|
||||
|
@ -73,7 +73,7 @@ func Middleware() func(http.Handler) http.Handler {
|
||||
|
||||
securityCtx, ok := security.FromContext(ctx)
|
||||
if ok &&
|
||||
securityCtx.Name() == "robot" &&
|
||||
(securityCtx.Name() == "robot" || securityCtx.Name() == "v2token") &&
|
||||
securityCtx.Can(rbac.ActionScannerPull, rbac.NewProjectNamespace(proj.ProjectID).Resource(rbac.ResourceRepository)) {
|
||||
// the artifact is pulling by the scanner, skip the checking
|
||||
logger.Debugf("artifact %s@%s is pulling by the scanner, skip the checking", art.RepositoryName, art.Digest)
|
||||
|
Loading…
Reference in New Issue
Block a user