From f31d469758a53e0118f9f960b209eaa22d0b56b3 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Wed, 29 Jun 2016 18:09:47 +0800 Subject: [PATCH 1/3] pass insecure env to ui --- Deploy/prepare | 3 ++- Deploy/templates/ui/env | 1 + api/config.go | 35 +++++++++++++++++++++++++++++++++++ api/repository.go | 6 ++---- api/target.go | 4 +--- 5 files changed, 41 insertions(+), 8 deletions(-) create mode 100644 api/config.go diff --git a/Deploy/prepare b/Deploy/prepare index d861f58e3..5a301ce61 100755 --- a/Deploy/prepare +++ b/Deploy/prepare @@ -98,7 +98,8 @@ render(os.path.join(templates_dir, "ui", "env"), ldap_url=ldap_url, ldap_basedn=ldap_basedn, self_registration=self_registration, - ui_secret=ui_secret) + ui_secret=ui_secret, + verify_remote_cert=verify_remote_cert) render(os.path.join(templates_dir, "ui", "app.conf"), ui_conf, diff --git a/Deploy/templates/ui/env b/Deploy/templates/ui/env index 5098fa1a7..a77452f41 100644 --- a/Deploy/templates/ui/env +++ b/Deploy/templates/ui/env @@ -17,3 +17,4 @@ LOG_LEVEL=debug GODEBUG=netdns=cgo EXT_ENDPOINT=$ui_url TOKEN_URL=http://ui +VERIFY_REMOTE_CERT=$verify_remote_cert diff --git a/api/config.go b/api/config.go new file mode 100644 index 000000000..aceb1c1b3 --- /dev/null +++ b/api/config.go @@ -0,0 +1,35 @@ +/* + Copyright (c) 2016 VMware, Inc. All Rights Reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package api + +import ( + "os" +) + +var ( + Insecure bool +) + +func init() { + verifyRemoteCert := os.Getenv("VERIFY_REMOTE_CERT") + if len(verifyRemoteCert) == 0 { + verifyRemoteCert = "on" + } + + if verifyRemoteCert == "off" { + Insecure = false + } +} diff --git a/api/repository.go b/api/repository.go index b4b36c090..254349901 100644 --- a/api/repository.go +++ b/api/repository.go @@ -255,12 +255,10 @@ func (ra *RepositoryAPI) GetManifests() { func (ra *RepositoryAPI) initRepositoryClient(repoName string) (r *registry.Repository, err error) { endpoint := os.Getenv("REGISTRY_URL") - // TODO read variable from config file - insecure := true username, password, ok := ra.Ctx.Request.BasicAuth() if ok { - return newRepositoryClient(endpoint, insecure, username, password, + return newRepositoryClient(endpoint, Insecure, username, password, repoName, "repository", repoName, "pull", "push", "*") } @@ -269,7 +267,7 @@ func (ra *RepositoryAPI) initRepositoryClient(repoName string) (r *registry.Repo return nil, err } - return cache.NewRepositoryClient(endpoint, insecure, username, repoName, + return cache.NewRepositoryClient(endpoint, Insecure, username, repoName, "repository", repoName, "pull", "push", "*") } diff --git a/api/target.go b/api/target.go index 2271b142f..e22d91b62 100644 --- a/api/target.go +++ b/api/target.go @@ -92,9 +92,7 @@ func (t *TargetAPI) Ping() { password = t.GetString("password") } - // TODO read variable from config file - insecure := true - registry, err := newRegistryClient(endpoint, insecure, username, password, + registry, err := newRegistryClient(endpoint, Insecure, username, password, "", "", "") if err != nil { // timeout, dns resolve error, connection refused, etc. From 5f75156e1dc3b7448b16d40adcac0ee4a6c34909 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Wed, 29 Jun 2016 18:20:53 +0800 Subject: [PATCH 2/3] pass golint --- api/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/api/config.go b/api/config.go index aceb1c1b3..3857fc408 100644 --- a/api/config.go +++ b/api/config.go @@ -20,6 +20,7 @@ import ( ) var ( + // Insecure represents whether verify cert if connecting to a https server. Insecure bool ) From 92193f34566d4e64beb0039dd7dc8ac6e5329962 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Wed, 29 Jun 2016 18:52:24 +0800 Subject: [PATCH 3/3] update --- api/base.go | 12 ++++++++++++ api/config.go | 36 ------------------------------------ api/repository.go | 4 ++-- api/target.go | 2 +- 4 files changed, 15 insertions(+), 39 deletions(-) delete mode 100644 api/config.go diff --git a/api/base.go b/api/base.go index 7fac8e9b8..72f9da50b 100644 --- a/api/base.go +++ b/api/base.go @@ -19,6 +19,7 @@ import ( "encoding/json" "fmt" "net/http" + "os" "strconv" "github.com/astaxie/beego/validation" @@ -136,3 +137,14 @@ func (b *BaseAPI) GetIDFromURL() int64 { return id } + +func getIsInsecure() bool { + insecure := false + + verifyRemoteCert := os.Getenv("VERIFY_REMOTE_CERT") + if verifyRemoteCert == "off" { + insecure = true + } + + return insecure +} diff --git a/api/config.go b/api/config.go deleted file mode 100644 index 3857fc408..000000000 --- a/api/config.go +++ /dev/null @@ -1,36 +0,0 @@ -/* - Copyright (c) 2016 VMware, Inc. All Rights Reserved. - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package api - -import ( - "os" -) - -var ( - // Insecure represents whether verify cert if connecting to a https server. - Insecure bool -) - -func init() { - verifyRemoteCert := os.Getenv("VERIFY_REMOTE_CERT") - if len(verifyRemoteCert) == 0 { - verifyRemoteCert = "on" - } - - if verifyRemoteCert == "off" { - Insecure = false - } -} diff --git a/api/repository.go b/api/repository.go index 254349901..c6f7ee9a2 100644 --- a/api/repository.go +++ b/api/repository.go @@ -258,7 +258,7 @@ func (ra *RepositoryAPI) initRepositoryClient(repoName string) (r *registry.Repo username, password, ok := ra.Ctx.Request.BasicAuth() if ok { - return newRepositoryClient(endpoint, Insecure, username, password, + return newRepositoryClient(endpoint, getIsInsecure(), username, password, repoName, "repository", repoName, "pull", "push", "*") } @@ -267,7 +267,7 @@ func (ra *RepositoryAPI) initRepositoryClient(repoName string) (r *registry.Repo return nil, err } - return cache.NewRepositoryClient(endpoint, Insecure, username, repoName, + return cache.NewRepositoryClient(endpoint, getIsInsecure(), username, repoName, "repository", repoName, "pull", "push", "*") } diff --git a/api/target.go b/api/target.go index e22d91b62..c89f1a3fd 100644 --- a/api/target.go +++ b/api/target.go @@ -92,7 +92,7 @@ func (t *TargetAPI) Ping() { password = t.GetString("password") } - registry, err := newRegistryClient(endpoint, Insecure, username, password, + registry, err := newRegistryClient(endpoint, getIsInsecure(), username, password, "", "", "") if err != nil { // timeout, dns resolve error, connection refused, etc.