mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-22 18:25:56 +01:00
make token expiratioin configurable
This commit is contained in:
parent
77448551ee
commit
fe34a6a110
@ -44,6 +44,9 @@ use_compressed_js = on
|
||||
#Maximum number of job workers in job service
|
||||
max_job_workers = 3
|
||||
|
||||
#The expiration of token used by token service, default is 30 minutes
|
||||
token_expiration = 30
|
||||
|
||||
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
|
||||
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
|
||||
verify_remote_cert = on
|
||||
|
@ -48,6 +48,7 @@ crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
|
||||
crt_commonname = rcp.get("configuration", "crt_commonname")
|
||||
crt_email = rcp.get("configuration", "crt_email")
|
||||
max_job_workers = rcp.get("configuration", "max_job_workers")
|
||||
token_expiration = rcp.get("configuration", "token_expiration")
|
||||
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
|
||||
########
|
||||
|
||||
@ -101,7 +102,8 @@ render(os.path.join(templates_dir, "ui", "env"),
|
||||
self_registration=self_registration,
|
||||
use_compressed_js=use_compressed_js,
|
||||
ui_secret=ui_secret,
|
||||
verify_remote_cert=verify_remote_cert)
|
||||
verify_remote_cert=verify_remote_cert,
|
||||
token_expiration=token_expiration)
|
||||
|
||||
render(os.path.join(templates_dir, "ui", "app.conf"),
|
||||
ui_conf,
|
||||
|
@ -19,3 +19,4 @@ GODEBUG=netdns=cgo
|
||||
EXT_ENDPOINT=$ui_url
|
||||
TOKEN_URL=http://ui
|
||||
VERIFY_REMOTE_CERT=$verify_remote_cert
|
||||
TOKEN_EXPIRATION=$token_expiration
|
||||
|
@ -21,6 +21,8 @@ import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
@ -34,9 +36,32 @@ import (
|
||||
const (
|
||||
issuer = "registry-token-issuer"
|
||||
privateKey = "/etc/ui/private_key.pem"
|
||||
expiration = 5 //minute
|
||||
)
|
||||
|
||||
var (
|
||||
expiration = 30 //minutes
|
||||
)
|
||||
|
||||
func init() {
|
||||
// TODO read it from config
|
||||
expi := os.Getenv("TOKEN_EXPIRATION")
|
||||
if len(expi) != 0 {
|
||||
i, err := strconv.Atoi(expi)
|
||||
if err != nil {
|
||||
log.Errorf("failed to parse token expiration: %v, using default value: %d minutes", err, expiration)
|
||||
return
|
||||
}
|
||||
|
||||
if i <= 0 {
|
||||
log.Warningf("invalid token expiration, using default value: %d minutes", expiration)
|
||||
return
|
||||
}
|
||||
|
||||
expiration = i
|
||||
}
|
||||
log.Infof("token expiration: %d minutes", expiration)
|
||||
}
|
||||
|
||||
// GetResourceActions ...
|
||||
func GetResourceActions(scopes []string) []*token.ResourceActions {
|
||||
log.Debugf("scopes: %+v", scopes)
|
||||
|
Loading…
Reference in New Issue
Block a user