enable bearer token auth (#409)

fixes #383 this is largely a copy/paste of #384 by @ilyesAj with the changes requested by @flbla --------- Signed-off-by: robert lestak <[email protected]> Signed-off-by: flbla <[email protected]> Co-authored-by: flbla <[email protected]>
goharbor · Feb 7, 2024 · a2eb1bd · a2eb1bd
1 parent 9f2dc61
commit a2eb1bd
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 32 deletions.
diff --git a/client/client.go b/client/client.go
@@ -13,22 +13,24 @@ import (
 )
 
 type Client struct {
-	url        string
-	username   string
-	password   string
-	insecure   bool
-	httpClient *http.Client
+	url         string
+	username    string
+	password    string
+	bearerToken string
+	insecure    bool
+	httpClient  *http.Client
 }
 
 // NewClient creates common settings
-func NewClient(url string, username string, password string, insecure bool) *Client {
+func NewClient(url string, username string, password string, bearerToken string, insecure bool) *Client {
 
 	return &Client{
-		url:        url,
-		username:   username,
-		password:   password,
-		insecure:   insecure,
-		httpClient: &http.Client{},
+		url:         url,
+		username:    username,
+		password:    password,
+		bearerToken: bearerToken,
+		insecure:    insecure,
+		httpClient:  &http.Client{},
 	}
 }
 
@@ -56,7 +58,13 @@ func (c *Client) SendRequest(method string, path string, payload interface{}, st
 		return "", "", 0, err
 	}
 
-	req.SetBasicAuth(c.username, c.password)
+	// Use access token authentification if bearer Token is specified
+	if c.bearerToken != "" {
+		req.Header.Add("Authorization", "Bearer "+c.bearerToken)
+	} else {
+		req.SetBasicAuth(c.username, c.password)
+	}
+
 	req.Header.Add("Content-Type", "application/json")
 
 	resp, err := client.Do(req)

diff --git a/docs/index.md b/docs/index.md
@@ -26,6 +26,7 @@ provider "harbor" {
   url      = "https://harbor.aceme_corpartion.com"
   username = "insert_admin_username_here"
   password = "insert_password_here"
+  bearer_token = "insert_bearer_token_here"
 }
 ```
 
@@ -34,6 +35,7 @@ Alternatively, these environment variables can be used to set the provider confi
 HARBOR_URL
 HARBOR_USERNAME
 HARBOR_PASSWORD
+HARBOR_BEARER_TOKEN
 HARBOR_IGNORE_CERT
 ```
 
@@ -43,5 +45,6 @@ The following arguments are supported:
 * **url** - (Required) The url of harbor
 * **username** - (Required) The username to be used to access harbor
 * **password** - (Required) The password to be used to access harbor
+* **bearer_token** - (Optional) The bearer token to be used to access harbor. Will take precedence over username and password if set
 * **insecure** - (Optional) Choose to ignore certificate errors
 * **api_version** - (Optional) Choose which version of the api you would like to use 1 or 2. Default is `2`
diff --git a/docs/resources/robot_account.md b/docs/resources/robot_account.md
@@ -35,14 +35,6 @@ resource "harbor_robot_account" "system" {
       action   = "push"
       resource = "repository"
     }
-    access {
-      action   = "read"
-      resource = "helm-chart"
-    }
-    access {
-      action   = "read"
-      resource = "helm-chart-version"
-    }
     kind      = "project"
     namespace = harbor_project.main.name
   }
@@ -61,7 +53,6 @@ The above example, creates a system level robot account with permissions to
 - permission to create labels on system level
 - pull repository across all projects
 - push repository to project "my-project-name"
-- read helm-chart and helm-chart-version in project "my-project-name"
 
 ### Project Level
 
@@ -147,7 +138,7 @@ The following arguments are supported:
 ### Access Arguments
 * **action** - (string, required) Eg. `push`, `pull`, `read`, etc. Check [available actions](https://github.com/goharbor/harbor/blob/-/src/common/rbac/const.go).
 
-* **resource** - (string, required) Eg. `repository`, `helm-chart`, `labels`, etc. Check [available resources](https://github.com/goharbor/harbor/blob/-/src/common/rbac/const.go).
+* **resource** - (string, required) Eg. `repository`, `labels`, etc. Check [available resources](https://github.com/goharbor/harbor/blob/-/src/common/rbac/const.go).
 
 * **effect** - (string, optional) Either `allow` or `deny`. Defaults to `allow`.
 

diff --git a/provider/provider.go b/provider/provider.go
@@ -28,6 +28,11 @@ func Provider() *schema.Provider {
 				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("HARBOR_PASSWORD", ""),
 			},
+			"bearer_token": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("HARBOR_BEARER_TOKEN", ""),
+			},
 			"insecure": {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -88,6 +93,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 
 	username := d.Get("username").(string)
 	password := d.Get("password").(string)
+	bearerToken := d.Get("bearer_token").(string)
 	insecure := d.Get("insecure").(bool)
 	apiVersion := d.Get("api_version").(int)
 
@@ -101,5 +107,5 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		apiPath = "/api/v2.0"
 	}
 
-	return client.NewClient(url+apiPath, username, password, insecure), nil
+	return client.NewClient(url+apiPath, username, password, bearerToken, insecure), nil
 }
diff --git a/provider/resource_robot_account_test.go b/provider/resource_robot_account_test.go
@@ -86,7 +86,7 @@ func testAccCheckRobotSystem(projectName string) string {
 	  permissions {
 		access {
 		  action   = "create"
-		  resource = "labels"
+		  resource = "label"
 		}
 		kind      = "system"
 		namespace = "/"
@@ -96,14 +96,6 @@ func testAccCheckRobotSystem(projectName string) string {
 		  action   = "push"
 		  resource = "repository"
 		}
-		access {
-		  action   = "read"
-		  resource = "helm-chart"
-		}
-		access {
-		  action   = "read"
-		  resource = "helm-chart-version"
-		}
 		kind      = "project"
 		namespace = harbor_project.main.name
 	  }