mirror of
https://github.com/goharbor/harbor
synced 2024-09-20 20:15:30 +00:00
Merge pull request #7504 from reasonerjt/reload-auth-proxy-cert-verify
Update Transport of HTTP cient in auth proxy client
This commit is contained in:
commit
b9f5f1027c
|
@ -30,9 +30,16 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
const refreshDuration = 5 * time.Second
|
||||
const refreshDuration = 2 * time.Second
|
||||
const userEntryComment = "By Authproxy"
|
||||
|
||||
var secureTransport = &http.Transport{}
|
||||
var insecureTransport = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
}
|
||||
|
||||
// Auth implements HTTP authenticator the required attributes.
|
||||
// The attribute Endpoint is the HTTP endpoint to which the POST request should be issued for authentication
|
||||
type Auth struct {
|
||||
|
@ -125,6 +132,9 @@ func (a *Auth) fillInModel(u *models.User) error {
|
|||
func (a *Auth) ensure() error {
|
||||
a.Lock()
|
||||
defer a.Unlock()
|
||||
if a.client == nil {
|
||||
a.client = &http.Client{}
|
||||
}
|
||||
if time.Now().Sub(a.settingTimeStamp) >= refreshDuration {
|
||||
setting, err := config.HTTPAuthProxySetting()
|
||||
if err != nil {
|
||||
|
@ -134,16 +144,12 @@ func (a *Auth) ensure() error {
|
|||
a.SkipCertVerify = !setting.VerifyCert
|
||||
a.AlwaysOnboard = setting.AlwaysOnBoard
|
||||
}
|
||||
if a.client == nil {
|
||||
tr := &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: a.SkipCertVerify,
|
||||
},
|
||||
}
|
||||
a.client = &http.Client{
|
||||
Transport: tr,
|
||||
}
|
||||
if a.SkipCertVerify {
|
||||
a.client.Transport = insecureTransport
|
||||
} else {
|
||||
a.client.Transport = secureTransport
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -15,11 +15,13 @@
|
|||
package authproxy
|
||||
|
||||
import (
|
||||
"github.com/goharbor/harbor/src/common"
|
||||
"github.com/goharbor/harbor/src/common/dao"
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
cut "github.com/goharbor/harbor/src/common/utils/test"
|
||||
"github.com/goharbor/harbor/src/core/auth"
|
||||
"github.com/goharbor/harbor/src/core/auth/authproxy/test"
|
||||
"github.com/goharbor/harbor/src/core/config"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"net/http/httptest"
|
||||
"os"
|
||||
|
@ -45,6 +47,13 @@ func TestMain(m *testing.M) {
|
|||
// So it won't require mocking the cfgManager
|
||||
settingTimeStamp: time.Now(),
|
||||
}
|
||||
conf := map[string]interface{}{
|
||||
common.HTTPAuthProxyEndpoint: "dummy",
|
||||
common.HTTPAuthProxyTokenReviewEndpoint: "dummy",
|
||||
common.HTTPAuthProxyVerifyCert: "false",
|
||||
}
|
||||
|
||||
config.InitWithSettings(conf)
|
||||
rc := m.Run()
|
||||
if err := dao.ClearHTTPAuthProxyUsers(); err != nil {
|
||||
panic(err)
|
||||
|
|
Loading…
Reference in New Issue
Block a user