From 8963a1552049364098482f4d7fdb78e88b37ebe5 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Mon, 31 Jul 2017 13:32:28 +0800 Subject: [PATCH] remove useless insecure flag --- .../utils/registry/auth/tokenauthorizer.go | 7 +--- .../registry/auth/tokenauthorizer_test.go | 2 +- src/common/utils/registry/registry.go | 24 ++++------- src/common/utils/registry/registry_test.go | 7 ---- src/common/utils/registry/repository.go | 11 ----- src/common/utils/registry/repository_test.go | 8 ---- src/jobservice/scan/handlers.go | 6 +-- src/jobservice/utils/utils.go | 42 +++++++++++++++++-- src/ui/api/target.go | 9 +++- src/ui/api/utils.go | 4 +- src/ui/utils/utils.go | 7 +++- 11 files changed, 64 insertions(+), 63 deletions(-) diff --git a/src/common/utils/registry/auth/tokenauthorizer.go b/src/common/utils/registry/auth/tokenauthorizer.go index dee4a5640..bbdb69d9f 100644 --- a/src/common/utils/registry/auth/tokenauthorizer.go +++ b/src/common/utils/registry/auth/tokenauthorizer.go @@ -253,13 +253,8 @@ func ping(client *http.Client, endpoint string) (string, string, error) { // NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token // from token server and add it to the origin request // If customizedTokenService is set, the token request will be sent to it instead of the server get from authorizer -func NewStandardTokenAuthorizer(credential Credential, insecure bool, +func NewStandardTokenAuthorizer(client *http.Client, credential Credential, customizedTokenService ...string) registry.Modifier { - client := &http.Client{ - Transport: registry.GetHTTPTransport(insecure), - Timeout: 30 * time.Second, - } - generator := &standardTokenGenerator{ credential: credential, client: client, diff --git a/src/common/utils/registry/auth/tokenauthorizer_test.go b/src/common/utils/registry/auth/tokenauthorizer_test.go index 5cdcc6e48..107dc5533 100644 --- a/src/common/utils/registry/auth/tokenauthorizer_test.go +++ b/src/common/utils/registry/auth/tokenauthorizer_test.go @@ -199,7 +199,7 @@ func TestModifyOfStandardTokenAuthorizer(t *testing.T) { req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/v2/", registryServer.URL), nil) require.Nil(t, err) - authorizer := NewStandardTokenAuthorizer(nil, false) + authorizer := NewStandardTokenAuthorizer(http.DefaultClient, nil) err = authorizer.Modify(req) require.Nil(t, err) diff --git a/src/common/utils/registry/registry.go b/src/common/utils/registry/registry.go index d560e4346..b84dabb97 100644 --- a/src/common/utils/registry/registry.go +++ b/src/common/utils/registry/registry.go @@ -33,9 +33,11 @@ type Registry struct { client *http.Client } -var secureHTTPTransport, insecureHTTPTransport *http.Transport +var defaultHTTPTransport, secureHTTPTransport, insecureHTTPTransport *http.Transport func init() { + defaultHTTPTransport = &http.Transport{} + secureHTTPTransport = &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: false, @@ -49,8 +51,11 @@ func init() { } // GetHTTPTransport returns HttpTransport based on insecure configuration -func GetHTTPTransport(insecure bool) *http.Transport { - if insecure { +func GetHTTPTransport(insecure ...bool) *http.Transport { + if len(insecure) == 0 { + return defaultHTTPTransport + } + if insecure[0] { return insecureHTTPTransport } return secureHTTPTransport @@ -71,19 +76,6 @@ func NewRegistry(endpoint string, client *http.Client) (*Registry, error) { return registry, nil } -// NewRegistryWithModifiers returns an instance of Registry according to the modifiers -func NewRegistryWithModifiers(endpoint string, insecure bool, modifiers ...Modifier) (*Registry, error) { - - transport := NewTransport(GetHTTPTransport(insecure), modifiers...) - - return NewRegistry(endpoint, &http.Client{ - Transport: transport, - // If there are hunderds of repositories in docker registry, - // timeout option will abort HTTP request on getting catalog - // Timeout: 30 * time.Second, - }) -} - // Catalog ... func (r *Registry) Catalog() ([]string, error) { repos := []string{} diff --git a/src/common/utils/registry/registry_test.go b/src/common/utils/registry/registry_test.go index 798aceed9..4f62ba595 100644 --- a/src/common/utils/registry/registry_test.go +++ b/src/common/utils/registry/registry_test.go @@ -25,13 +25,6 @@ import ( "github.com/vmware/harbor/src/common/utils/test" ) -func TestNewRegistryWithModifiers(t *testing.T) { - _, err := NewRegistryWithModifiers("http://registry.org", false, nil) - if err != nil { - t.Errorf("fail to crearte client of registry: %v", err) - } -} - func TestPing(t *testing.T) { server := test.NewServer( &test.RequestHandlerMapping{ diff --git a/src/common/utils/registry/repository.go b/src/common/utils/registry/repository.go index e08b3ed3f..b3cbc7473 100644 --- a/src/common/utils/registry/repository.go +++ b/src/common/utils/registry/repository.go @@ -59,17 +59,6 @@ func NewRepository(name, endpoint string, client *http.Client) (*Repository, err return repository, nil } -// NewRepositoryWithModifiers returns an instance of Repository according to the modifiers -func NewRepositoryWithModifiers(name, endpoint string, insecure bool, modifiers ...Modifier) (*Repository, error) { - - transport := NewTransport(GetHTTPTransport(insecure), modifiers...) - return NewRepository(name, endpoint, &http.Client{ - Transport: transport, - // for transferring large image, OS will handle i/o timeout - // Timeout: 30 * time.Second, - }) -} - func parseError(err error) error { if urlErr, ok := err.(*url.Error); ok { if regErr, ok := urlErr.Err.(*registry_error.HTTPError); ok { diff --git a/src/common/utils/registry/repository_test.go b/src/common/utils/registry/repository_test.go index 63d43ed64..753504441 100644 --- a/src/common/utils/registry/repository_test.go +++ b/src/common/utils/registry/repository_test.go @@ -43,14 +43,6 @@ var ( digest = "sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b" ) -func TestNewRepositoryWithModifiers(t *testing.T) { - _, err := NewRepositoryWithModifiers("library/ubuntu", - "http://registry.org", true, nil) - if err != nil { - t.Fatalf("failed to create client for repository: %v", err) - } -} - func TestBlobExist(t *testing.T) { handler := func(w http.ResponseWriter, r *http.Request) { path := r.URL.Path diff --git a/src/jobservice/scan/handlers.go b/src/jobservice/scan/handlers.go index cee15a2b6..428f3f575 100644 --- a/src/jobservice/scan/handlers.go +++ b/src/jobservice/scan/handlers.go @@ -19,12 +19,10 @@ import ( "github.com/docker/distribution/manifest/schema2" "github.com/vmware/harbor/src/common/models" "github.com/vmware/harbor/src/common/utils/clair" - "github.com/vmware/harbor/src/common/utils/registry/auth" "github.com/vmware/harbor/src/jobservice/config" "github.com/vmware/harbor/src/jobservice/utils" "fmt" - "net/http" ) // Initializer will handle the initialise state pull the manifest, prepare token. @@ -41,9 +39,7 @@ func (iz *Initializer) Enter() (string, error) { logger.Errorf("Failed to read regURL, error: %v", err) return "", err } - c := &http.Cookie{Name: models.UISecretCookie, Value: config.JobserviceSecret()} - repoClient, err := utils.NewRepositoryClient(regURL, false, auth.NewCookieCredential(c), - config.InternalTokenServiceEndpoint(), iz.Context.Repository) + repoClient, err := utils.NewRepositoryClientForJobservice(iz.Context.Repository) if err != nil { logger.Errorf("An error occurred while creating repository client: %v", err) return "", err diff --git a/src/jobservice/utils/utils.go b/src/jobservice/utils/utils.go index 303572fa8..cf539c4d4 100644 --- a/src/jobservice/utils/utils.go +++ b/src/jobservice/utils/utils.go @@ -25,17 +25,51 @@ import ( "github.com/vmware/harbor/src/jobservice/config" ) -//NewRepositoryClient create a repository client with scope type "reopsitory" and scope as the repository it would access. +// NewRepositoryClient creates a repository client with standard token authorizer func NewRepositoryClient(endpoint string, insecure bool, credential auth.Credential, tokenServiceEndpoint, repository string) (*registry.Repository, error) { - authorizer := auth.NewStandardTokenAuthorizer(credential, insecure, - tokenServiceEndpoint) + + transport := registry.GetHTTPTransport(insecure) + + authorizer := auth.NewStandardTokenAuthorizer(&http.Client{ + Transport: transport, + }, credential, tokenServiceEndpoint) uam := &userAgentModifier{ userAgent: "harbor-registry-client", } - return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer, uam) + return registry.NewRepository(repository, endpoint, &http.Client{ + Transport: registry.NewTransport(transport, authorizer, uam), + }) +} + +// NewRepositoryClientForJobservice creates a repository client that can only be used to +// access the internal registry +func NewRepositoryClientForJobservice(repository string) (*registry.Repository, error) { + endpoint, err := config.LocalRegURL() + if err != nil { + return nil, err + } + + transport := registry.GetHTTPTransport() + + credential := auth.NewCookieCredential(&http.Cookie{ + Name: models.UISecretCookie, + Value: config.JobserviceSecret(), + }) + + authorizer := auth.NewStandardTokenAuthorizer(&http.Client{ + Transport: transport, + }, credential, config.InternalTokenServiceEndpoint()) + + uam := &userAgentModifier{ + userAgent: "harbor-registry-client", + } + + return registry.NewRepository(repository, endpoint, &http.Client{ + Transport: registry.NewTransport(transport, authorizer, uam), + }) } type userAgentModifier struct { diff --git a/src/ui/api/target.go b/src/ui/api/target.go index 6d27f5b23..b289f25da 100644 --- a/src/ui/api/target.go +++ b/src/ui/api/target.go @@ -345,9 +345,14 @@ func (t *TargetAPI) Delete() { } func newRegistryClient(endpoint string, insecure bool, username, password string) (*registry.Registry, error) { + transport := registry.GetHTTPTransport(insecure) credential := auth.NewBasicAuthCredential(username, password) - authorizer := auth.NewStandardTokenAuthorizer(credential, insecure) - return registry.NewRegistryWithModifiers(endpoint, insecure, authorizer) + authorizer := auth.NewStandardTokenAuthorizer(&http.Client{ + Transport: transport, + }, credential) + return registry.NewRegistry(endpoint, &http.Client{ + Transport: registry.NewTransport(transport, authorizer), + }) } // ListPolicies ... diff --git a/src/ui/api/utils.go b/src/ui/api/utils.go index 9378b03aa..ce4dac3d4 100644 --- a/src/ui/api/utils.go +++ b/src/ui/api/utils.go @@ -380,7 +380,9 @@ func initRegistryClient() (r *registry.Registry, err error) { } authorizer := auth.NewRawTokenAuthorizer("harbor-ui", token.Registry) - return registry.NewRegistryWithModifiers(endpoint, true, authorizer) + return registry.NewRegistry(endpoint, &http.Client{ + Transport: registry.NewTransport(registry.GetHTTPTransport(), authorizer), + }) } func buildReplicationURL() string { diff --git a/src/ui/utils/utils.go b/src/ui/utils/utils.go index 5f7858bca..6118551c5 100644 --- a/src/ui/utils/utils.go +++ b/src/ui/utils/utils.go @@ -130,7 +130,10 @@ func NewRepositoryClientForUI(username, repository string) (*registry.Repository return nil, err } - insecure := true authorizer := auth.NewRawTokenAuthorizer(username, token.Registry) - return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer) + transport := registry.NewTransport(http.DefaultTransport, authorizer) + client := &http.Client{ + Transport: transport, + } + return registry.NewRepository(repository, endpoint, client) }