b59f83ee5e
* feat(api/bolt): backport bolt changes * feat(api/exec): backport exec changes * feat(api/http): backport http/handler/dockerhub changes * feat(api/http): backport http/handler/endpoints changes * feat(api/http): backport http/handler/registries changes * feat(api/http): backport http/handler/stacks changes * feat(api/http): backport http/handler changes * feat(api/http): backport http/proxy/factory/azure changes * feat(api/http): backport http/proxy/factory/docker changes * feat(api/http): backport http/proxy/factory/utils changes * feat(api/http): backport http/proxy/factory/kubernetes changes * feat(api/http): backport http/proxy/factory changes * feat(api/http): backport http/security changes * feat(api/http): backport http changes * feat(api/internal): backport internal changes * feat(api): backport api changes * feat(api/kubernetes): backport kubernetes changes * fix(api/http): changes on backend following backport
66 lines
2.3 KiB
Go
66 lines
2.3 KiB
Go
package registries
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/gorilla/mux"
|
|
httperror "github.com/portainer/libhttp/error"
|
|
portainer "github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/http/proxy"
|
|
"github.com/portainer/portainer/api/http/security"
|
|
"github.com/portainer/portainer/api/kubernetes/cli"
|
|
)
|
|
|
|
func hideFields(registry *portainer.Registry, hideAccesses bool) {
|
|
registry.Password = ""
|
|
registry.ManagementConfiguration = nil
|
|
if hideAccesses {
|
|
registry.RegistryAccesses = nil
|
|
}
|
|
}
|
|
|
|
// Handler is the HTTP handler used to handle registry operations.
|
|
type Handler struct {
|
|
*mux.Router
|
|
requestBouncer *security.RequestBouncer
|
|
DataStore portainer.DataStore
|
|
FileService portainer.FileService
|
|
ProxyManager *proxy.Manager
|
|
K8sClientFactory *cli.ClientFactory
|
|
}
|
|
|
|
// NewHandler creates a handler to manage registry operations.
|
|
func NewHandler(bouncer *security.RequestBouncer) *Handler {
|
|
h := &Handler{
|
|
Router: mux.NewRouter(),
|
|
requestBouncer: bouncer,
|
|
}
|
|
|
|
h.Handle("/registries",
|
|
bouncer.AdminAccess(httperror.LoggerHandler(h.registryCreate))).Methods(http.MethodPost)
|
|
h.Handle("/registries",
|
|
bouncer.RestrictedAccess(httperror.LoggerHandler(h.registryList))).Methods(http.MethodGet)
|
|
h.Handle("/registries/{id}",
|
|
bouncer.RestrictedAccess(httperror.LoggerHandler(h.registryInspect))).Methods(http.MethodGet)
|
|
h.Handle("/registries/{id}",
|
|
bouncer.AdminAccess(httperror.LoggerHandler(h.registryUpdate))).Methods(http.MethodPut)
|
|
h.Handle("/registries/{id}/configure",
|
|
bouncer.AdminAccess(httperror.LoggerHandler(h.registryConfigure))).Methods(http.MethodPost)
|
|
h.Handle("/registries/{id}",
|
|
bouncer.AdminAccess(httperror.LoggerHandler(h.registryDelete))).Methods(http.MethodDelete)
|
|
h.PathPrefix("/registries/proxies/gitlab").Handler(
|
|
bouncer.AdminAccess(httperror.LoggerHandler(h.proxyRequestsToGitlabAPIWithoutRegistry)))
|
|
return h
|
|
}
|
|
|
|
func (handler *Handler) registriesHaveSameURLAndCredentials(r1, r2 *portainer.Registry) bool {
|
|
hasSameUrl := r1.URL == r2.URL
|
|
hasSameCredentials := r1.Authentication == r2.Authentication && (!r1.Authentication || (r1.Authentication && r1.Username == r2.Username))
|
|
|
|
if r1.Type != portainer.GitlabRegistry || r2.Type != portainer.GitlabRegistry {
|
|
return hasSameUrl && hasSameCredentials
|
|
}
|
|
|
|
return hasSameUrl && hasSameCredentials && r1.Gitlab.ProjectPath == r2.Gitlab.ProjectPath
|
|
}
|