From dbcbe80084a7406d8d2b681c48f9135a97b9555a Mon Sep 17 00:00:00 2001
From: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
Date: Sat, 5 Nov 2016 00:57:57 -0200
Subject: [PATCH 1/5] Improve Project Name handling for Docker Notary requests
---
src/ui/service/token/authutils.go | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/ui/service/token/authutils.go b/src/ui/service/token/authutils.go
index d9ce76400..7cc25ab5b 100644
--- a/src/ui/service/token/authutils.go
+++ b/src/ui/service/token/authutils.go
@@ -105,8 +105,15 @@ func FilterAccess(username string, a *token.ResourceActions) {
//clear action list to assign to new acess element after perm check.
a.Actions = []string{}
if a.Type == "repository" {
- if strings.Contains(a.Name, "/") { //Only check the permission when the requested image has a namespace, i.e. project
- projectName := a.Name[0:strings.LastIndex(a.Name, "/")]
+ repoSplit := strings.Split(a.Name, "/")
+ repoLength := len(repoSplit)
+ if repoLength > 0 { //Only check the permission when the requested image has a namespace, i.e. project
+ var projectName string
+ if repoLength > 2 { //If the repo contains more than 1 separation (as privateregistry.local/library/alpine) consider the second item from array (library)
+ projectName = repoSplit[1]
+ } else { // Otherwise (only library/alpine) consider the first item from array (library)
+ projectName = repoSplit[0]
+ }
var permission string
if len(username) > 0 {
isAdmin, err := dao.IsAdminRole(username)
From 802fea663329e4c8631842c4c128fb278bf3d4d5 Mon Sep 17 00:00:00 2001
From: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
Date: Sat, 5 Nov 2016 01:04:52 -0200
Subject: [PATCH 2/5] Fix the repoLenght variable verification
---
src/ui/service/token/authutils.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ui/service/token/authutils.go b/src/ui/service/token/authutils.go
index 7cc25ab5b..ffe7fcdb4 100644
--- a/src/ui/service/token/authutils.go
+++ b/src/ui/service/token/authutils.go
@@ -107,7 +107,7 @@ func FilterAccess(username string, a *token.ResourceActions) {
if a.Type == "repository" {
repoSplit := strings.Split(a.Name, "/")
repoLength := len(repoSplit)
- if repoLength > 0 { //Only check the permission when the requested image has a namespace, i.e. project
+ if repoLength > 1 { //Only check the permission when the requested image has a namespace, i.e. project/alpine
var projectName string
if repoLength > 2 { //If the repo contains more than 1 separation (as privateregistry.local/library/alpine) consider the second item from array (library)
projectName = repoSplit[1]
From 72b44a17c6d5452f14745679cedd057cd36bdb17 Mon Sep 17 00:00:00 2001
From: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
Date: Tue, 8 Nov 2016 20:12:58 -0200
Subject: [PATCH 3/5] Improved Harbor URL detection on Notary Requests
---
src/ui/service/token/authutils.go | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/ui/service/token/authutils.go b/src/ui/service/token/authutils.go
index ffe7fcdb4..9e41409a6 100644
--- a/src/ui/service/token/authutils.go
+++ b/src/ui/service/token/authutils.go
@@ -107,11 +107,13 @@ func FilterAccess(username string, a *token.ResourceActions) {
if a.Type == "repository" {
repoSplit := strings.Split(a.Name, "/")
repoLength := len(repoSplit)
- if repoLength > 1 { //Only check the permission when the requested image has a namespace, i.e. project/alpine
+ if repoLength > 1 { //Only check the permission when the requested image has a namespace, i.e. project
var projectName string
- if repoLength > 2 { //If the repo contains more than 1 separation (as privateregistry.local/library/alpine) consider the second item from array (library)
+ registryUrl := os.Getenv("HARBOR_REG_URL")
+ if repoSplit[0] == registryUrl {
projectName = repoSplit[1]
- } else { // Otherwise (only library/alpine) consider the first item from array (library)
+ log.Infof("Detected Registry URL in Project Name. Assuming this is a notary request and setting Project Name as %s\n", projectName)
+ } else {
projectName = repoSplit[0]
}
var permission string
From 804759cbdb7614195e37bdf447ef2bf5c37154f6 Mon Sep 17 00:00:00 2001
From: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
Date: Tue, 8 Nov 2016 21:36:53 -0200
Subject: [PATCH 4/5] Corrected the registryURL var name
---
src/ui/service/token/authutils.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ui/service/token/authutils.go b/src/ui/service/token/authutils.go
index 9e41409a6..f41d0f4d9 100644
--- a/src/ui/service/token/authutils.go
+++ b/src/ui/service/token/authutils.go
@@ -109,7 +109,7 @@ func FilterAccess(username string, a *token.ResourceActions) {
repoLength := len(repoSplit)
if repoLength > 1 { //Only check the permission when the requested image has a namespace, i.e. project
var projectName string
- registryUrl := os.Getenv("HARBOR_REG_URL")
+ registryURL := os.Getenv("HARBOR_REG_URL")
if repoSplit[0] == registryUrl {
projectName = repoSplit[1]
log.Infof("Detected Registry URL in Project Name. Assuming this is a notary request and setting Project Name as %s\n", projectName)
From 7a1212db45a35788a6b11437a8d004d4be3dc0e0 Mon Sep 17 00:00:00 2001
From: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
Date: Tue, 8 Nov 2016 21:52:22 -0200
Subject: [PATCH 5/5] Corrected the registryURL var name
---
src/ui/service/token/authutils.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ui/service/token/authutils.go b/src/ui/service/token/authutils.go
index f41d0f4d9..63e884f5b 100644
--- a/src/ui/service/token/authutils.go
+++ b/src/ui/service/token/authutils.go
@@ -110,7 +110,7 @@ func FilterAccess(username string, a *token.ResourceActions) {
if repoLength > 1 { //Only check the permission when the requested image has a namespace, i.e. project
var projectName string
registryURL := os.Getenv("HARBOR_REG_URL")
- if repoSplit[0] == registryUrl {
+ if repoSplit[0] == registryURL {
projectName = repoSplit[1]
log.Infof("Detected Registry URL in Project Name. Assuming this is a notary request and setting Project Name as %s\n", projectName)
} else {