Merge pull request #15459 from yunkunrao/master

Refactor ping method into util pkg

src/lib/errors/const.go

@@ -17,6 +17,8 @@ const (
 	PreconditionCode = "PRECONDITION"
 	// GeneralCode ...
 	GeneralCode = "UNKNOWN"
+	// ChallengesUnsupportedCode ...
+	ChallengesUnsupportedCode = "ChallengesUnsupportedCode"
 	// DENIED it's used by middleware(readonly, vul and content trust) and returned to docker client to index the request is denied.
 	DENIED = "DENIED"
 	// PROJECTPOLICYVIOLATION ...
@@ -85,3 +87,7 @@ func IsNotFoundErr(err error) bool {
 func IsConflictErr(err error) bool {
 	return IsErr(err, ConflictCode)
 }
+
+func IsChallengesUnsupportedErr(err error) bool {
+	return IsErr(err, ChallengesUnsupportedCode)
+}

src/pkg/reg/adapter/aliacr/adapter.go

@@ -5,15 +5,12 @@ import (
 	"errors"
 	"fmt"
 
-	"net/http"
 	"path/filepath"
 	"regexp"
 	"strings"
 
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
 	"github.com/aliyun/alibaba-cloud-sdk-go/services/cr"
-	"github.com/docker/distribution/registry/client/auth/challenge"
-	commonhttp "github.com/goharbor/harbor/src/common/http"
 	"github.com/goharbor/harbor/src/common/utils"
 	"github.com/goharbor/harbor/src/lib/log"
 	adp "github.com/goharbor/harbor/src/pkg/reg/adapter"
@@ -22,6 +19,8 @@ import (
 	"github.com/goharbor/harbor/src/pkg/reg/model"
 	"github.com/goharbor/harbor/src/pkg/reg/util"
 	"github.com/goharbor/harbor/src/pkg/registry/auth/bearer"
+
+	commonhttp "github.com/goharbor/harbor/src/common/http"
 )
 
 func init() {
@@ -56,7 +55,7 @@ func newAdapter(registry *model.Registry) (*adapter, error) {
 	}
 	// fix url (allow user input cr service url)
 	registry.URL = fmt.Sprintf(registryEndpointTpl, region)
-	realm, service, err := ping(registry)
+	realm, service, err := util.Ping(registry)
 	if err != nil {
 		return nil, err
 	}
@@ -70,25 +69,6 @@ func newAdapter(registry *model.Registry) (*adapter, error) {
 	}, nil
 }
 
-func ping(registry *model.Registry) (string, string, error) {
-	client := &http.Client{
-		Transport: commonhttp.GetHTTPTransport(commonhttp.WithInsecure(registry.Insecure)),
-	}
-
-	resp, err := client.Get(registry.URL + "/v2/")
-	if err != nil {
-		return "", "", err
-	}
-	defer resp.Body.Close()
-	challenges := challenge.ResponseChallenges(resp)
-	for _, challenge := range challenges {
-		if challenge.Scheme == "bearer" {
-			return challenge.Parameters["realm"], challenge.Parameters["service"], nil
-		}
-	}
-	return "", "", fmt.Errorf("bearer auth scheme isn't supported: %v", challenges)
-}
-
 type factory struct {
 }
 

src/pkg/reg/adapter/gitlab/client.go

@@ -10,10 +10,11 @@ import (
 	"net/url"
 	"reflect"
 
-	"github.com/docker/distribution/registry/client/auth/challenge"
+	liberrors "github.com/goharbor/harbor/src/lib/errors"
-	common_http "github.com/goharbor/harbor/src/common/http"
-	"github.com/goharbor/harbor/src/lib/log"
 	"github.com/goharbor/harbor/src/pkg/reg/model"
+	"github.com/goharbor/harbor/src/pkg/reg/util"
+
+	common_http "github.com/goharbor/harbor/src/common/http"
 )
 
 const (
@@ -31,10 +32,8 @@ type Client struct {
 // NewClient creates a new GitLab client.
 func NewClient(registry *model.Registry) (*Client, error) {
 
-	realm, _, err := ping(&http.Client{
+	realm, _, err := util.Ping(registry)
-		Transport: common_http.GetHTTPTransport(common_http.WithInsecure(registry.Insecure)),
+	if err != nil && !liberrors.IsChallengesUnsupportedErr(err) {
-	}, registry.URL)
-	if err != nil {
 		return nil, err
 	}
 	if realm == "" {
@@ -56,26 +55,6 @@ func NewClient(registry *model.Registry) (*Client, error) {
 	return client, nil
 }
 
-// ping returns the realm, service and error
-func ping(client *http.Client, endpoint string) (string, string, error) {
-	resp, err := client.Get(buildPingURL(endpoint))
-	if err != nil {
-		return "", "", err
-	}
-	defer resp.Body.Close()
-
-	challenges := challenge.ResponseChallenges(resp)
-	for _, challenge := range challenges {
-		if scheme == challenge.Scheme {
-			realm := challenge.Parameters["realm"]
-			service := challenge.Parameters["service"]
-			return realm, service, nil
-		}
-	}
-
-	log.Warningf("Schemas %v are unsupported", challenges)
-	return "", "", nil
-}
 func buildPingURL(endpoint string) string {
 	return fmt.Sprintf("%s/v2/", endpoint)
 }

src/pkg/reg/adapter/tencentcr/adapter.go

@@ -10,12 +10,12 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/distribution/registry/client/auth/challenge"
 	commonhttp "github.com/goharbor/harbor/src/common/http"
 	"github.com/goharbor/harbor/src/lib/log"
 	adp "github.com/goharbor/harbor/src/pkg/reg/adapter"
 	"github.com/goharbor/harbor/src/pkg/reg/adapter/native"
 	"github.com/goharbor/harbor/src/pkg/reg/model"
+	"github.com/goharbor/harbor/src/pkg/reg/util"
 	"github.com/goharbor/harbor/src/pkg/registry/auth/bearer"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
@@ -96,7 +96,7 @@ func newAdapter(registry *model.Registry) (a *adapter, err error) {
 		}
 	}
 
-	realm, service, err := ping(registry)
+	realm, service, err := util.Ping(registry)
 	log.Debugf("[tencent-tcr.newAdapter] realm=%s, service=%s error=%v", realm, service, err)
 	if err != nil {
 		log.Errorf("[tencent-tcr.newAdapter] ping failed. error=%v", err)
@@ -165,26 +165,6 @@ func newAdapter(registry *model.Registry) (a *adapter, err error) {
 	}, nil
 }
 
-func ping(registry *model.Registry) (string, string, error) {
-	client := &http.Client{
-		Transport: commonhttp.GetHTTPTransport(commonhttp.WithInsecure(registry.Insecure)),
-	}
-
-	resp, err := client.Get(registry.URL + "/v2/")
-	log.Debugf("[tencent-tcr.ping] error=%v", err)
-	if err != nil {
-		return "", "", err
-	}
-	defer resp.Body.Close()
-	challenges := challenge.ResponseChallenges(resp)
-	for _, challenge := range challenges {
-		if challenge.Scheme == "bearer" {
-			return challenge.Parameters["realm"], challenge.Parameters["service"], nil
-		}
-	}
-	return "", "", fmt.Errorf("[tencent-tcr.ping] bearer auth scheme isn't supported: %v", challenges)
-}
-
 func (a *adapter) Info() (info *model.RegistryInfo, err error) {
 	info = &model.RegistryInfo{
 		Type: model.RegistryTypeTencentTcr,

src/pkg/reg/util/util.go

@@ -15,9 +15,43 @@
 package util
 
 import (
+	"net/http"
 	"strings"
+
+	"github.com/docker/distribution/registry/client/auth/challenge"
+	"github.com/goharbor/harbor/src/lib/errors"
+	"github.com/goharbor/harbor/src/pkg/reg/model"
+
+	commonhttp "github.com/goharbor/harbor/src/common/http"
 )
 
+// GetHTTPTransport can be used to share the common HTTP transport
+func GetHTTPTransport(insecure bool) http.RoundTripper {
+	if insecure {
+		return commonhttp.GetHTTPTransport(commonhttp.WithInsecure(true))
+	}
+	return commonhttp.GetHTTPTransport()
+}
+
+func Ping(registry *model.Registry) (string, string, error) {
+	client := &http.Client{
+		Transport: GetHTTPTransport(registry.Insecure),
+	}
+
+	resp, err := client.Get(registry.URL + "/v2/")
+	if err != nil {
+		return "", "", err
+	}
+	defer resp.Body.Close()
+	challenges := challenge.ResponseChallenges(resp)
+	for _, challenge := range challenges {
+		if challenge.Scheme == "bearer" {
+			return challenge.Parameters["realm"], challenge.Parameters["service"], nil
+		}
+	}
+	return "", "", errors.New(nil).WithCode(errors.ChallengesUnsupportedCode).WithMessage("bearer auth scheme isn't supported: %v", challenges)
+}
+
 // ParseRepository parses the "repository" provided into two parts: namespace and the rest
 // the string before the last "/" is the namespace part
 // c -> [,c]