Merge pull request #2923 from ywk253100/170728_registry

Remove useless insecure flag
This commit is contained in:
Wenkai Yin 2017-08-04 10:14:40 +08:00 committed by GitHub
commit d5a6d25082
11 changed files with 64 additions and 63 deletions

View File

@ -253,13 +253,8 @@ func ping(client *http.Client, endpoint string) (string, string, error) {
// NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token // NewStandardTokenAuthorizer returns a standard token authorizer. The authorizer will request a token
// from token server and add it to the origin request // from token server and add it to the origin request
// If customizedTokenService is set, the token request will be sent to it instead of the server get from authorizer // If customizedTokenService is set, the token request will be sent to it instead of the server get from authorizer
func NewStandardTokenAuthorizer(credential Credential, insecure bool, func NewStandardTokenAuthorizer(client *http.Client, credential Credential,
customizedTokenService ...string) registry.Modifier { customizedTokenService ...string) registry.Modifier {
client := &http.Client{
Transport: registry.GetHTTPTransport(insecure),
Timeout: 30 * time.Second,
}
generator := &standardTokenGenerator{ generator := &standardTokenGenerator{
credential: credential, credential: credential,
client: client, client: client,

View File

@ -199,7 +199,7 @@ func TestModifyOfStandardTokenAuthorizer(t *testing.T) {
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/v2/", registryServer.URL), nil) req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/v2/", registryServer.URL), nil)
require.Nil(t, err) require.Nil(t, err)
authorizer := NewStandardTokenAuthorizer(nil, false) authorizer := NewStandardTokenAuthorizer(http.DefaultClient, nil)
err = authorizer.Modify(req) err = authorizer.Modify(req)
require.Nil(t, err) require.Nil(t, err)

View File

@ -33,9 +33,11 @@ type Registry struct {
client *http.Client client *http.Client
} }
var secureHTTPTransport, insecureHTTPTransport *http.Transport var defaultHTTPTransport, secureHTTPTransport, insecureHTTPTransport *http.Transport
func init() { func init() {
defaultHTTPTransport = &http.Transport{}
secureHTTPTransport = &http.Transport{ secureHTTPTransport = &http.Transport{
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
InsecureSkipVerify: false, InsecureSkipVerify: false,
@ -49,8 +51,11 @@ func init() {
} }
// GetHTTPTransport returns HttpTransport based on insecure configuration // GetHTTPTransport returns HttpTransport based on insecure configuration
func GetHTTPTransport(insecure bool) *http.Transport { func GetHTTPTransport(insecure ...bool) *http.Transport {
if insecure { if len(insecure) == 0 {
return defaultHTTPTransport
}
if insecure[0] {
return insecureHTTPTransport return insecureHTTPTransport
} }
return secureHTTPTransport return secureHTTPTransport
@ -71,19 +76,6 @@ func NewRegistry(endpoint string, client *http.Client) (*Registry, error) {
return registry, nil return registry, nil
} }
// NewRegistryWithModifiers returns an instance of Registry according to the modifiers
func NewRegistryWithModifiers(endpoint string, insecure bool, modifiers ...Modifier) (*Registry, error) {
transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
return NewRegistry(endpoint, &http.Client{
Transport: transport,
// If there are hunderds of repositories in docker registry,
// timeout option will abort HTTP request on getting catalog
// Timeout: 30 * time.Second,
})
}
// Catalog ... // Catalog ...
func (r *Registry) Catalog() ([]string, error) { func (r *Registry) Catalog() ([]string, error) {
repos := []string{} repos := []string{}

View File

@ -25,13 +25,6 @@ import (
"github.com/vmware/harbor/src/common/utils/test" "github.com/vmware/harbor/src/common/utils/test"
) )
func TestNewRegistryWithModifiers(t *testing.T) {
_, err := NewRegistryWithModifiers("http://registry.org", false, nil)
if err != nil {
t.Errorf("fail to crearte client of registry: %v", err)
}
}
func TestPing(t *testing.T) { func TestPing(t *testing.T) {
server := test.NewServer( server := test.NewServer(
&test.RequestHandlerMapping{ &test.RequestHandlerMapping{

View File

@ -59,17 +59,6 @@ func NewRepository(name, endpoint string, client *http.Client) (*Repository, err
return repository, nil return repository, nil
} }
// NewRepositoryWithModifiers returns an instance of Repository according to the modifiers
func NewRepositoryWithModifiers(name, endpoint string, insecure bool, modifiers ...Modifier) (*Repository, error) {
transport := NewTransport(GetHTTPTransport(insecure), modifiers...)
return NewRepository(name, endpoint, &http.Client{
Transport: transport,
// for transferring large image, OS will handle i/o timeout
// Timeout: 30 * time.Second,
})
}
func parseError(err error) error { func parseError(err error) error {
if urlErr, ok := err.(*url.Error); ok { if urlErr, ok := err.(*url.Error); ok {
if regErr, ok := urlErr.Err.(*registry_error.HTTPError); ok { if regErr, ok := urlErr.Err.(*registry_error.HTTPError); ok {

View File

@ -43,14 +43,6 @@ var (
digest = "sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b" digest = "sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b"
) )
func TestNewRepositoryWithModifiers(t *testing.T) {
_, err := NewRepositoryWithModifiers("library/ubuntu",
"http://registry.org", true, nil)
if err != nil {
t.Fatalf("failed to create client for repository: %v", err)
}
}
func TestBlobExist(t *testing.T) { func TestBlobExist(t *testing.T) {
handler := func(w http.ResponseWriter, r *http.Request) { handler := func(w http.ResponseWriter, r *http.Request) {
path := r.URL.Path path := r.URL.Path

View File

@ -19,12 +19,10 @@ import (
"github.com/docker/distribution/manifest/schema2" "github.com/docker/distribution/manifest/schema2"
"github.com/vmware/harbor/src/common/models" "github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/src/common/utils/clair" "github.com/vmware/harbor/src/common/utils/clair"
"github.com/vmware/harbor/src/common/utils/registry/auth"
"github.com/vmware/harbor/src/jobservice/config" "github.com/vmware/harbor/src/jobservice/config"
"github.com/vmware/harbor/src/jobservice/utils" "github.com/vmware/harbor/src/jobservice/utils"
"fmt" "fmt"
"net/http"
) )
// Initializer will handle the initialise state pull the manifest, prepare token. // Initializer will handle the initialise state pull the manifest, prepare token.
@ -41,9 +39,7 @@ func (iz *Initializer) Enter() (string, error) {
logger.Errorf("Failed to read regURL, error: %v", err) logger.Errorf("Failed to read regURL, error: %v", err)
return "", err return "", err
} }
c := &http.Cookie{Name: models.UISecretCookie, Value: config.JobserviceSecret()} repoClient, err := utils.NewRepositoryClientForJobservice(iz.Context.Repository)
repoClient, err := utils.NewRepositoryClient(regURL, false, auth.NewCookieCredential(c),
config.InternalTokenServiceEndpoint(), iz.Context.Repository)
if err != nil { if err != nil {
logger.Errorf("An error occurred while creating repository client: %v", err) logger.Errorf("An error occurred while creating repository client: %v", err)
return "", err return "", err

View File

@ -25,17 +25,51 @@ import (
"github.com/vmware/harbor/src/jobservice/config" "github.com/vmware/harbor/src/jobservice/config"
) )
//NewRepositoryClient create a repository client with scope type "reopsitory" and scope as the repository it would access. // NewRepositoryClient creates a repository client with standard token authorizer
func NewRepositoryClient(endpoint string, insecure bool, credential auth.Credential, func NewRepositoryClient(endpoint string, insecure bool, credential auth.Credential,
tokenServiceEndpoint, repository string) (*registry.Repository, error) { tokenServiceEndpoint, repository string) (*registry.Repository, error) {
authorizer := auth.NewStandardTokenAuthorizer(credential, insecure,
tokenServiceEndpoint) transport := registry.GetHTTPTransport(insecure)
authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
Transport: transport,
}, credential, tokenServiceEndpoint)
uam := &userAgentModifier{ uam := &userAgentModifier{
userAgent: "harbor-registry-client", userAgent: "harbor-registry-client",
} }
return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer, uam) return registry.NewRepository(repository, endpoint, &http.Client{
Transport: registry.NewTransport(transport, authorizer, uam),
})
}
// NewRepositoryClientForJobservice creates a repository client that can only be used to
// access the internal registry
func NewRepositoryClientForJobservice(repository string) (*registry.Repository, error) {
endpoint, err := config.LocalRegURL()
if err != nil {
return nil, err
}
transport := registry.GetHTTPTransport()
credential := auth.NewCookieCredential(&http.Cookie{
Name: models.UISecretCookie,
Value: config.JobserviceSecret(),
})
authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
Transport: transport,
}, credential, config.InternalTokenServiceEndpoint())
uam := &userAgentModifier{
userAgent: "harbor-registry-client",
}
return registry.NewRepository(repository, endpoint, &http.Client{
Transport: registry.NewTransport(transport, authorizer, uam),
})
} }
type userAgentModifier struct { type userAgentModifier struct {

View File

@ -345,9 +345,14 @@ func (t *TargetAPI) Delete() {
} }
func newRegistryClient(endpoint string, insecure bool, username, password string) (*registry.Registry, error) { func newRegistryClient(endpoint string, insecure bool, username, password string) (*registry.Registry, error) {
transport := registry.GetHTTPTransport(insecure)
credential := auth.NewBasicAuthCredential(username, password) credential := auth.NewBasicAuthCredential(username, password)
authorizer := auth.NewStandardTokenAuthorizer(credential, insecure) authorizer := auth.NewStandardTokenAuthorizer(&http.Client{
return registry.NewRegistryWithModifiers(endpoint, insecure, authorizer) Transport: transport,
}, credential)
return registry.NewRegistry(endpoint, &http.Client{
Transport: registry.NewTransport(transport, authorizer),
})
} }
// ListPolicies ... // ListPolicies ...

View File

@ -380,7 +380,9 @@ func initRegistryClient() (r *registry.Registry, err error) {
} }
authorizer := auth.NewRawTokenAuthorizer("harbor-ui", token.Registry) authorizer := auth.NewRawTokenAuthorizer("harbor-ui", token.Registry)
return registry.NewRegistryWithModifiers(endpoint, true, authorizer) return registry.NewRegistry(endpoint, &http.Client{
Transport: registry.NewTransport(registry.GetHTTPTransport(), authorizer),
})
} }
func buildReplicationURL() string { func buildReplicationURL() string {

View File

@ -130,7 +130,10 @@ func NewRepositoryClientForUI(username, repository string) (*registry.Repository
return nil, err return nil, err
} }
insecure := true
authorizer := auth.NewRawTokenAuthorizer(username, token.Registry) authorizer := auth.NewRawTokenAuthorizer(username, token.Registry)
return registry.NewRepositoryWithModifiers(repository, endpoint, insecure, authorizer) transport := registry.NewTransport(http.DefaultTransport, authorizer)
client := &http.Client{
Transport: transport,
}
return registry.NewRepository(repository, endpoint, client)
} }