Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-26 02:28:06 +01:00
Code Issues Projects Releases Wiki Activity

Add verification that robot account duration is not 0 (#19829)

Browse Source 
Signed-off-by: Yang Jiao <yang.jiao@broadcom.com>
This commit is contained in:
Yang Jiao 2024-01-15 13:25:56 +08:00 committed by GitHub
parent 8c0f177299
commit eb125419cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 32 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/v2.0/swagger.yaml
View File

@ -7656,8 +7656,9 @@ definitions:
description: The level of the robot, project or system description: The level of the robot, project or system
duration: duration:
type: integer type: integer
x-nullable: true
format: int64 format: int64
description: The duration of the robot in days description: The duration of the robot in days, duration must be either -1(Never) or a positive integer
editable: editable:
type: boolean type: boolean
x-omitempty: false x-omitempty: false
@ -7704,7 +7705,7 @@ definitions:
duration: duration:
type: integer type: integer
format: int64 format: int64
description: The duration of the robot in days description: The duration of the robot in days, duration must be either -1(Never) or a positive integer
permissions: permissions:
type: array type: array
items: items:

4
src/controller/robot/controller.go
View File

@ -102,10 +102,6 @@ func (d *controller) Create(ctx context.Context, r *Robot) (int64, string, error
var expiresAt int64 var expiresAt int64
if r.Duration == -1 { if r.Duration == -1 {
expiresAt = -1 expiresAt = -1
} else if r.Duration == 0 {
// system default robot duration
r.Duration = int64(config.RobotTokenDuration(ctx))
expiresAt = time.Now().AddDate(0, 0, config.RobotTokenDuration(ctx)).Unix()
} else { } else {
durationStr := strconv.FormatInt(r.Duration, 10) durationStr := strconv.FormatInt(r.Duration, 10)
duration, err := strconv.Atoi(durationStr) duration, err := strconv.Atoi(durationStr)

1
src/controller/scan/base_controller.go
View File

@ -925,6 +925,7 @@ func (bc *basicController) makeRobotAccount(ctx context.Context, projectID int64
Name: fmt.Sprintf("%s-%s-%s", scannerPrefix, registration.Name, UUID), Name: fmt.Sprintf("%s-%s-%s", scannerPrefix, registration.Name, UUID),
Description: "for scan", Description: "for scan",
ProjectID: projectID, ProjectID: projectID,
Duration: -1,
}, },
Level: robot.LEVELPROJECT, Level: robot.LEVELPROJECT,
Permissions: []*robot.Permission{ Permissions: []*robot.Permission{

4
src/controller/scan/base_controller_test.go
View File

@ -199,6 +199,7 @@ func (suite *ControllerTestSuite) SetupSuite() {
Name: rname, Name: rname,
Description: "for scan", Description: "for scan",
ProjectID: suite.artifact.ProjectID, ProjectID: suite.artifact.ProjectID,
Duration: -1,
}, },
Level: robot.LEVELPROJECT, Level: robot.LEVELPROJECT,
Permissions: []*robot.Permission{ Permissions: []*robot.Permission{
@ -229,6 +230,7 @@ func (suite *ControllerTestSuite) SetupSuite() {
Secret: "robot-account", Secret: "robot-account",
Description: "for scan", Description: "for scan",
ProjectID: suite.artifact.ProjectID, ProjectID: suite.artifact.ProjectID,
Duration: -1,
}, },
Level: "project", Level: "project",
}, nil) }, nil)
@ -336,7 +338,7 @@ func (suite *ControllerTestSuite) TestScanControllerScan() {
mock.OnAnything(suite.execMgr, "Create").Return(int64(1), nil).Once() mock.OnAnything(suite.execMgr, "Create").Return(int64(1), nil).Once()
mock.OnAnything(suite.taskMgr, "Create").Return(int64(1), nil).Once() mock.OnAnything(suite.taskMgr, "Create").Return(int64(1), nil).Once()
ctx := orm.NewContext(nil, &ormtesting.FakeOrmer{}) ctx := orm.NewContext(context.TODO(), &ormtesting.FakeOrmer{})
suite.Require().NoError(suite.c.Scan(ctx, suite.artifact)) suite.Require().NoError(suite.c.Scan(ctx, suite.artifact))
} }

2
src/server/v2.0/handler/model/robot.go
View File

@ -44,7 +44,7 @@ func (r *Robot) ToSwagger() *models.Robot {
Name: r.Name, Name: r.Name,
Description: r.Description, Description: r.Description,
ExpiresAt: r.ExpiresAt, ExpiresAt: r.ExpiresAt,
Duration: r.Duration, Duration: &r.Duration,
Level: r.Level, Level: r.Level,
Disable: r.Disabled, Disable: r.Disabled,
Editable: r.Editable, Editable: r.Editable,

21
src/server/v2.0/handler/robot.go
View File

@ -29,7 +29,6 @@ import (
"github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils"
"github.com/goharbor/harbor/src/controller/robot" "github.com/goharbor/harbor/src/controller/robot"
"github.com/goharbor/harbor/src/lib" "github.com/goharbor/harbor/src/lib"
"github.com/goharbor/harbor/src/lib/config"
"github.com/goharbor/harbor/src/lib/errors" "github.com/goharbor/harbor/src/lib/errors"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
"github.com/goharbor/harbor/src/pkg/permission/types" "github.com/goharbor/harbor/src/pkg/permission/types"
@ -276,7 +275,7 @@ func (rAPI *robotAPI) requireAccess(ctx context.Context, level string, projectID
// more validation // more validation
func (rAPI *robotAPI) validate(d int64, level string, permissions []*models.RobotPermission) error { func (rAPI *robotAPI) validate(d int64, level string, permissions []*models.RobotPermission) error {
if !isValidDuration(d) { if !isValidDuration(d) {
return errors.New(nil).WithMessage("bad request error duration input: %d", d).WithCode(errors.BadRequestCode) return errors.New(nil).WithMessage("bad request error duration input: %d, duration must be either -1(Never) or a positive integer", d).WithCode(errors.BadRequestCode)
} }
if !isValidLevel(level) { if !isValidLevel(level) {
@ -323,7 +322,10 @@ func (rAPI *robotAPI) validate(d int64, level string, permissions []*models.Robo
} }
func (rAPI *robotAPI) updateV2Robot(ctx context.Context, params operation.UpdateRobotParams, r *robot.Robot) error { func (rAPI *robotAPI) updateV2Robot(ctx context.Context, params operation.UpdateRobotParams, r *robot.Robot) error {
if err := rAPI.validate(params.Robot.Duration, params.Robot.Level, params.Robot.Permissions); err != nil { if params.Robot.Duration == nil {
params.Robot.Duration = &r.Duration
}
if err := rAPI.validate(*params.Robot.Duration, params.Robot.Level, params.Robot.Permissions); err != nil {
return err return err
} }
if r.Level != robot.LEVELSYSTEM { if r.Level != robot.LEVELSYSTEM {
@ -342,15 +344,12 @@ func (rAPI *robotAPI) updateV2Robot(ctx context.Context, params operation.Update
return errors.BadRequestError(nil).WithMessage("cannot update the level or name of robot") return errors.BadRequestError(nil).WithMessage("cannot update the level or name of robot")
} }
if r.Duration != params.Robot.Duration { if r.Duration != *params.Robot.Duration {
r.Duration = params.Robot.Duration r.Duration = *params.Robot.Duration
if params.Robot.Duration == -1 { if *params.Robot.Duration == -1 {
r.ExpiresAt = -1 r.ExpiresAt = -1
} else if params.Robot.Duration == 0 {
r.Duration = int64(config.RobotTokenDuration(ctx))
r.ExpiresAt = r.CreationTime.AddDate(0, 0, config.RobotTokenDuration(ctx)).Unix()
} else { } else {
r.ExpiresAt = r.CreationTime.AddDate(0, 0, int(params.Robot.Duration)).Unix() r.ExpiresAt = r.CreationTime.AddDate(0, 0, int(*params.Robot.Duration)).Unix()
} }
} }
@ -375,7 +374,7 @@ func isValidLevel(l string) bool {
} }
func isValidDuration(d int64) bool { func isValidDuration(d int64) bool {
return d >= int64(-1) && d < math.MaxInt32 return d >= int64(-1) && d != 0 && d < math.MaxInt32
} }
// validateName validates the robot name, especially '+' cannot be a valid character // validateName validates the robot name, especially '+' cannot be a valid character

2
src/server/v2.0/handler/robot_test.go
View File

@ -47,7 +47,7 @@ func TestValidDuration(t *testing.T) {
}{ }{
{"duration 0", {"duration 0",
0, 0,
true, false,
}, },
{"duration 1", {"duration 1",
1, 1,