-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication & Authorization
Security Filter is a hook to collect the information for authentication and authorization for every request. The information includes
- User information
- Project manager is a manager through whom we can get the detail of all projects such as the members of a project.
type ProjectManager interface {
Get(projectIDOrName interface{}) (*models.Project, error)
IsPublic(projectIDOrName interface{}) (bool, error)
Exist(projectIDOrName interface{}) (bool, error)
GetRoles(username string, projectIDOrName interface{}) ([]int, error)
GetPublic() ([]*models.Project, error)
GetByMember(username string) ([]*models.Project, error)
Create(*models.Project) (int64, error)
Delete(projectIDOrName interface{}) error
Update(projectIDOrName interface{}, project *models.Project) error
GetAll(query *models.ProjectQueryParam, base ...*models.BaseProjectCollection) ([]*models.Project, error)
GetTotal(query *models.ProjectQueryParam, base ...*models.BaseProjectCollection) (int64, error)
GetHasReadPerm(username ...string) ([]*models.Project, error)
}
Because access control in Harbor is based on project, it comes as no surprise that project manager is the essential part of the access control component.
The information is stored with Golang's context facility.
Security context abstracts the operations related with authentication and authorization.
type Context interface {
IsAuthenticated() bool
GetUsername() string
IsSysAdmin() bool
HasReadPerm(projectIDOrName interface{}) bool
HasWritePerm(projectIDOrName interface{}) bool
HasAllPerm(projectIDOrName interface{}) bool
}
It has two implementations
Security context just provides information, it DOES NOT make decision on whether a request is allowed or not. It is typically used by the API package. That means it is controllers that make the decision whether a request is valid or not.
TBD
TBD
Authentication is made through the Authenticator interface which provides 2 implementation at the moment.
DB Authenticator compares provided password with credential retrieved from database. Authentication Logic
LDAP authenticator retrieve credential from LDAP server. Besides, Harbor needs to keep track of extra information about the user. Thus associated user record will be added into the database by importing it from LDAP