Merge branch 'master' into modify_authentication_of_repository_api

Deploy/log/Dockerfile

@@ -2,15 +2,9 @@ FROM library/ubuntu:14.04
 
 # run logrotate hourly, disable imklog model, provides TCP/UDP syslog reception
 RUN mv /etc/cron.daily/logrotate /etc/cron.hourly/ \
-	&& sed 's/$ModLoad imklog/#$ModLoad imklog/' -i /etc/rsyslog.conf \
-	&& sed 's/$KLogPermitNonKernelFacility on/#$KLogPermitNonKernelFacility on/' -i /etc/rsyslog.conf \
-	&& sed 's/#$ModLoad imudp/$ModLoad imudp/' -i /etc/rsyslog.conf \
-	&& sed 's/#$UDPServerRun 514/$UDPServerRun 514/' -i /etc/rsyslog.conf \
-	&& sed 's/#$ModLoad imtcp/$ModLoad imtcp/' -i /etc/rsyslog.conf \
-	&& sed 's/#$InputTCPServerRun 514/$InputTCPServerRun 514/' -i /etc/rsyslog.conf \
-	&& sed 's/$PrivDropToUser syslog/#$PrivDropToUser syslog/' -i /etc/rsyslog.conf \
-	&& sed 's/$PrivDropToGroup syslog/#$PrivDropToGroup syslog/' -i /etc/rsyslog.conf \
-	&& rm /etc/rsyslog.d/*
+	&& rm /etc/rsyslog.d/* \
+        && rm /etc/rsyslog.conf
+ADD rsyslog.conf /etc/rsyslog.conf
 
 # logrotate configuration file for docker
 ADD logrotate_docker.conf /etc/logrotate.d/
@@ -23,4 +17,3 @@ VOLUME /var/log/docker/
 EXPOSE 514
 
 CMD cron && rsyslogd -n
-

Deploy/log/rsyslog.conf

@@ -0,0 +1,60 @@
+#  /etc/rsyslog.conf	Configuration file for rsyslog.
+#
+#			For more information see
+#			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+#
+#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
+
+
+#################
+#### MODULES ####
+#################
+
+$ModLoad imuxsock # provides support for local system logging
+#$ModLoad imklog   # provides kernel logging support
+#$ModLoad immark  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+$ModLoad imudp
+$UDPServerRun 514
+
+# provides TCP syslog reception
+$ModLoad imtcp
+$InputTCPServerRun 514
+             
+# Enable non-kernel facility klog messages
+#$KLogPermitNonKernelFacility on
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# Filter duplicated messages
+$RepeatedMsgReduction on
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner syslog
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+#$PrivDropToUser syslog
+#$PrivDropToGroup syslog
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf

dao/accesslog.go

@@ -20,13 +20,11 @@ import (
 
 	"github.com/vmware/harbor/models"
 	"github.com/vmware/harbor/utils/log"
-
-	"github.com/astaxie/beego/orm"
 )
 
 // AddAccessLog persists the access logs
 func AddAccessLog(accessLog models.AccessLog) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	p, err := o.Raw(`insert into access_log
 		 (user_id, project_id, repo_name, repo_tag, guid, operation, op_time)
 		 values (?, ?, ?, ?, ?, ?, now())`).Prepare()
@@ -43,7 +41,7 @@ func AddAccessLog(accessLog models.AccessLog) error {
 //GetAccessLogs gets access logs according to different conditions
 func GetAccessLogs(accessLog models.AccessLog) ([]models.AccessLog, error) {
 
-	o := orm.NewOrm()
+	o := GetOrmer()
 	sql := `select a.log_id, u.username, a.repo_name, a.repo_tag, a.operation, a.op_time
 		from access_log a left join user u on a.user_id = u.user_id
 		where a.project_id = ? `
@@ -106,7 +104,7 @@ func GetAccessLogs(accessLog models.AccessLog) ([]models.AccessLog, error) {
 
 // AccessLog ...
 func AccessLog(username, projectName, repoName, repoTag, action string) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	sql := "insert into  access_log (user_id, project_id, repo_name, repo_tag, operation, op_time) " +
 		"select (select user_id as user_id from user where username=?), " +
 		"(select project_id as project_id from project where name=?), ?, ?, ?, now() "

dao/base.go

@@ -22,6 +22,7 @@ import (
 
 	"os"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/astaxie/beego/orm"
@@ -97,3 +98,14 @@ func InitDB() {
 		panic(err)
 	}
 }
+
+var globalOrm orm.Ormer
+var once sync.Once
+
+// GetOrmer :set ormer singleton
+func GetOrmer() orm.Ormer {
+	once.Do(func() {
+		globalOrm = orm.NewOrm()
+	})
+	return globalOrm
+}

dao/dao_test.go

@@ -715,3 +715,10 @@ func TestDeleteUser(t *testing.T) {
 		t.Errorf("user is not nil after deletion, user: %+v", user)
 	}
 }
+
+func TestGetOrmer(t *testing.T) {
+	o := GetOrmer()
+	if o == nil {
+		t.Errorf("Error get ormer.")
+	}
+}

dao/project.go

@@ -22,7 +22,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/astaxie/beego/orm"
 	"github.com/vmware/harbor/utils/log"
 )
 
@@ -38,7 +37,7 @@ func AddProject(project models.Project) (int64, error) {
 		return 0, errors.New("project name contains illegal characters")
 	}
 
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	p, err := o.Raw("insert into project (owner_id, name, creation_time, update_time, deleted, public) values (?, ?, ?, ?, ?, ?)").Prepare()
 	if err != nil {
@@ -81,7 +80,7 @@ func IsProjectPublic(projectName string) bool {
 
 //ProjectExists returns whether the project exists according to its name of ID.
 func ProjectExists(nameOrID interface{}) (bool, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	type dummy struct{}
 	sql := `select project_id from project where deleted = 0 and `
 	switch nameOrID.(type) {
@@ -104,7 +103,7 @@ func ProjectExists(nameOrID interface{}) (bool, error) {
 
 // GetProjectByID ...
 func GetProjectByID(id int64) (*models.Project, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := `select p.project_id, p.name, u.username as owner_name, p.owner_id, p.creation_time, p.update_time, p.public  
 		from project p left join user u on p.owner_id = u.user_id where p.deleted = 0 and p.project_id = ?`
@@ -127,7 +126,7 @@ func GetProjectByID(id int64) (*models.Project, error) {
 
 // GetProjectByName ...
 func GetProjectByName(name string) (*models.Project, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	var p []models.Project
 	n, err := o.Raw(`select * from project where name = ? and deleted = 0`, name).QueryRows(&p)
 	if err != nil {
@@ -143,7 +142,7 @@ func GetProjectByName(name string) (*models.Project, error) {
 
 // GetPermission gets roles that the user has according to the project.
 func GetPermission(username, projectName string) (string, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := `select r.role_code from role as r
 		inner join project_member as pm on r.role_id = pm.role
@@ -166,7 +165,7 @@ func GetPermission(username, projectName string) (string, error) {
 
 // ToggleProjectPublicity toggles the publicity of the project.
 func ToggleProjectPublicity(projectID int64, publicity int) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	sql := "update project set public = ? where project_id = ?"
 	_, err := o.Raw(sql, publicity, projectID).Exec()
 	return err
@@ -177,7 +176,7 @@ func ToggleProjectPublicity(projectID int64, publicity int) error {
 // 1. the project is not deleted
 // 2. the prject is public or the user is a member of the project
 func SearchProjects(userID int) ([]models.Project, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	sql := `select distinct p.project_id, p.name, p.public 
 		from project p 
 		left join project_member pm on p.project_id = pm.project_id 
@@ -194,7 +193,7 @@ func SearchProjects(userID int) ([]models.Project, error) {
 
 // GetUserRelevantProjects returns the projects of the user which are not deleted and name like projectName
 func GetUserRelevantProjects(userID int, projectName string) ([]models.Project, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	sql := `select distinct
 		p.project_id, p.owner_id, p.name,p.creation_time, p.update_time, p.public, pm.role role 
 	 from project p 
@@ -235,7 +234,7 @@ func GetAllProjects(projectName string) ([]models.Project, error) {
 }
 
 func getProjects(public int, projectName string) ([]models.Project, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	sql := `select project_id, owner_id, creation_time, update_time, name, public 
 		from project
 		where deleted = 0`

dao/projectmember.go

@@ -16,13 +16,12 @@
 package dao
 
 import (
-	"github.com/astaxie/beego/orm"
 	"github.com/vmware/harbor/models"
 )
 
 // AddProjectMember inserts a record to table project_member
 func AddProjectMember(projectID int64, userID int, role int) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := "insert into project_member (project_id, user_id , role) values (?, ?, ?)"
 
@@ -33,7 +32,7 @@ func AddProjectMember(projectID int64, userID int, role int) error {
 
 // UpdateProjectMember updates the record in table project_member
 func UpdateProjectMember(projectID int64, userID int, role int) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := "update project_member set role = ? where project_id = ? and user_id = ?"
 
@@ -44,7 +43,7 @@ func UpdateProjectMember(projectID int64, userID int, role int) error {
 
 // DeleteProjectMember delete the record from table project_member
 func DeleteProjectMember(projectID int64, userID int) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := "delete from project_member where project_id = ? and user_id = ?"
 
@@ -57,7 +56,7 @@ func DeleteProjectMember(projectID int64, userID int) error {
 
 // GetUserByProject gets all members of the project.
 func GetUserByProject(projectID int64, queryUser models.User) ([]models.User, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	u := []models.User{}
 	sql := `select u.user_id, u.username, r.name rolename, r.role_id
 		from user u 

dao/register.go

@@ -22,8 +22,6 @@ import (
 
 	"github.com/vmware/harbor/models"
 	"github.com/vmware/harbor/utils"
-
-	"github.com/astaxie/beego/orm"
 )
 
 // Register is used for user to register, the password is encrypted before the record is inserted into database.
@@ -34,7 +32,7 @@ func Register(user models.User) (int64, error) {
 		return 0, err
 	}
 
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	p, err := o.Raw("insert into user (username, password, realname, email, comment, salt, sysadmin_flag, creation_time, update_time) values (?, ?, ?, ?, ?, ?, ?, ?, ?)").Prepare()
 	if err != nil {
@@ -108,7 +106,7 @@ func UserExists(user models.User, target string) (bool, error) {
 		return false, errors.New("User name and email are blank.")
 	}
 
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := `select user_id from user where 1=1 `
 	queryParam := make([]interface{}, 1)

dao/role.go

@@ -18,14 +18,13 @@ package dao
 import (
 	"fmt"
 
-	"github.com/astaxie/beego/orm"
 	"github.com/vmware/harbor/models"
 )
 
 // GetUserProjectRoles returns roles that the user has according to the project.
 func GetUserProjectRoles(userID int, projectID int64) ([]models.Role, error) {
 
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := `select *
 		from role
@@ -76,7 +75,7 @@ func IsAdminRole(userIDOrUsername interface{}) (bool, error) {
 
 // GetRoleByID ...
 func GetRoleByID(id int) (*models.Role, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := `select *
 		from role

dao/user.go

@@ -22,14 +22,13 @@ import (
 	"github.com/vmware/harbor/models"
 	"github.com/vmware/harbor/utils"
 
-	"github.com/astaxie/beego/orm"
 	"github.com/vmware/harbor/utils/log"
 )
 
 // GetUser ...
 func GetUser(query models.User) (*models.User, error) {
 
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := `select user_id, username, email, realname, comment, reset_uuid, salt,
 		sysadmin_flag, creation_time, update_time
@@ -66,7 +65,7 @@ func GetUser(query models.User) (*models.User, error) {
 
 // LoginByDb is used for user to login with database auth mode.
 func LoginByDb(auth models.AuthModel) (*models.User, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	var users []models.User
 	n, err := o.Raw(`select * from user where (username = ? or email = ?) and deleted = 0`,
@@ -91,7 +90,7 @@ func LoginByDb(auth models.AuthModel) (*models.User, error) {
 
 // ListUsers lists all users according to different conditions.
 func ListUsers(query models.User) ([]models.User, error) {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	u := []models.User{}
 	sql := `select  user_id, username, email, realname, comment, reset_uuid, salt,
 		sysadmin_flag, creation_time, update_time
@@ -111,7 +110,7 @@ func ListUsers(query models.User) ([]models.User, error) {
 
 // ToggleUserAdminRole gives a user admin role.
 func ToggleUserAdminRole(u models.User) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	sql := `update user set sysadmin_flag =not sysadmin_flag where user_id = ?`
 
@@ -133,7 +132,7 @@ func ChangeUserPassword(u models.User, oldPassword ...string) (err error) {
 		return errors.New("Wrong numbers of params.")
 	}
 
-	o := orm.NewOrm()
+	o := GetOrmer()
 
 	var r sql.Result
 	if len(oldPassword) == 0 {
@@ -159,7 +158,7 @@ func ChangeUserPassword(u models.User, oldPassword ...string) (err error) {
 
 // ResetUserPassword ...
 func ResetUserPassword(u models.User) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	r, err := o.Raw(`update user set password=?, reset_uuid=? where reset_uuid=?`, utils.Encrypt(u.Password, u.Salt), "", u.ResetUUID).Exec()
 	if err != nil {
 		return err
@@ -176,7 +175,7 @@ func ResetUserPassword(u models.User) error {
 
 // UpdateUserResetUUID ...
 func UpdateUserResetUUID(u models.User) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	_, err := o.Raw(`update user set reset_uuid=? where email=?`, u.ResetUUID, u.Email).Exec()
 	return err
 }
@@ -207,7 +206,7 @@ func CheckUserPassword(query models.User) (*models.User, error) {
 		queryParam = append(queryParam, currentUser.Username)
 		queryParam = append(queryParam, utils.Encrypt(query.Password, currentUser.Salt))
 	}
-	o := orm.NewOrm()
+	o := GetOrmer()
 	var user []models.User
 
 	n, err := o.Raw(sql, queryParam).QueryRows(&user)
@@ -226,7 +225,7 @@ func CheckUserPassword(query models.User) (*models.User, error) {
 
 // DeleteUser ...
 func DeleteUser(userID int) error {
-	o := orm.NewOrm()
+	o := GetOrmer()
 	_, err := o.Raw(`update user set deleted = 1 where user_id = ?`, userID).Exec()
 	return err
 }

service/token/authutils.go

@@ -46,10 +46,24 @@ func GetResourceActions(scopes []string) []*token.ResourceActions {
 			continue
 		}
 		items := strings.Split(s, ":")
+		length := len(items)
+
+		typee := items[0]
+
+		name := ""
+		if length > 1 {
+			name = items[1]
+		}
+
+		actions := []string{}
+		if length > 2 {
+			actions = strings.Split(items[2], ",")
+		}
+
 		res = append(res, &token.ResourceActions{
-			Type:    items[0],
-			Name:    items[1],
-			Actions: strings.Split(items[2], ","),
+			Type:    typee,
+			Name:    name,
+			Actions: actions,
 		})
 	}
 	return res