Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-10-31 23:59:32 +01:00
Code Issues Projects Releases Wiki Activity

make token expiratioin configurable

Browse Source
This commit is contained in:
Wenkai Yin 2016-08-08 11:21:48 +08:00
parent 77448551ee
commit fe34a6a110
4 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Deploy/harbor.cfg
View File

@ -44,6 +44,9 @@ use_compressed_js = on
#Maximum number of job workers in job service #Maximum number of job workers in job service
max_job_workers = 3 max_job_workers = 3
#The expiration of token used by token service, default is 30 minutes
token_expiration = 30
#Determine whether the job service should verify the ssl cert when it connects to a remote registry. #Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate. #Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
verify_remote_cert = on verify_remote_cert = on

4
Deploy/prepare
View File

@ -48,6 +48,7 @@ crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
crt_commonname = rcp.get("configuration", "crt_commonname") crt_commonname = rcp.get("configuration", "crt_commonname")
crt_email = rcp.get("configuration", "crt_email") crt_email = rcp.get("configuration", "crt_email")
max_job_workers = rcp.get("configuration", "max_job_workers") max_job_workers = rcp.get("configuration", "max_job_workers")
token_expiration = rcp.get("configuration", "token_expiration")
verify_remote_cert = rcp.get("configuration", "verify_remote_cert") verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
######## ########
@ -101,7 +102,8 @@ render(os.path.join(templates_dir, "ui", "env"),
self_registration=self_registration, self_registration=self_registration,
use_compressed_js=use_compressed_js, use_compressed_js=use_compressed_js,
ui_secret=ui_secret, ui_secret=ui_secret,
verify_remote_cert=verify_remote_cert) verify_remote_cert=verify_remote_cert,
token_expiration=token_expiration)
render(os.path.join(templates_dir, "ui", "app.conf"), render(os.path.join(templates_dir, "ui", "app.conf"),
ui_conf, ui_conf,

1
Deploy/templates/ui/env
View File

@ -19,3 +19,4 @@ GODEBUG=netdns=cgo
EXT_ENDPOINT=$ui_url EXT_ENDPOINT=$ui_url
TOKEN_URL=http://ui TOKEN_URL=http://ui
VERIFY_REMOTE_CERT=$verify_remote_cert VERIFY_REMOTE_CERT=$verify_remote_cert
TOKEN_EXPIRATION=$token_expiration

27
service/token/authutils.go
View File

@ -21,6 +21,8 @@ import (
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"os"
"strconv"
"strings" "strings"
"time" "time"
@ -34,9 +36,32 @@ import (
const ( const (
issuer = "registry-token-issuer" issuer = "registry-token-issuer"
privateKey = "/etc/ui/private_key.pem" privateKey = "/etc/ui/private_key.pem"
expiration = 5 //minute
) )
var (
expiration = 30 //minutes
)
func init() {
// TODO read it from config
expi := os.Getenv("TOKEN_EXPIRATION")
if len(expi) != 0 {
i, err := strconv.Atoi(expi)
if err != nil {
log.Errorf("failed to parse token expiration: %v, using default value: %d minutes", err, expiration)
return
}
if i <= 0 {
log.Warningf("invalid token expiration, using default value: %d minutes", expiration)
return
}
expiration = i
}
log.Infof("token expiration: %d minutes", expiration)
}
// GetResourceActions ... // GetResourceActions ...
func GetResourceActions(scopes []string) []*token.ResourceActions { func GetResourceActions(scopes []string) []*token.ResourceActions {
log.Debugf("scopes: %+v", scopes) log.Debugf("scopes: %+v", scopes)