daniel
/
distribution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extend authChallenger interface to remove type cast. 

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
master
Richard Scothern 2016-02-17 10:42:34 -08:00
parent 56af60ad24
commit 4ce15476bd
3 changed files with 39 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
registry/proxy/proxyauth.go
View File

@ -25,7 +25,7 @@ func (c credentials) Basic(u *url.URL) (string, string) {
return up.username, up.password return up.username, up.password
} }
// ConfigureAuth stores credentials for challenge responses // configureAuth stores credentials for challenge responses
func configureAuth(username, password string) (auth.CredentialStore, error) { func configureAuth(username, password string) (auth.CredentialStore, error) {
creds := map[string]userpass{ creds := map[string]userpass{
tokenURL: { tokenURL: {

17
registry/proxy/proxymanifeststore_test.go
View File

@ -11,6 +11,7 @@ import (
"github.com/docker/distribution/manifest" "github.com/docker/distribution/manifest"
"github.com/docker/distribution/manifest/schema1" "github.com/docker/distribution/manifest/schema1"
"github.com/docker/distribution/reference" "github.com/docker/distribution/reference"
"github.com/docker/distribution/registry/client/auth"
"github.com/docker/distribution/registry/proxy/scheduler" "github.com/docker/distribution/registry/proxy/scheduler"
"github.com/docker/distribution/registry/storage" "github.com/docker/distribution/registry/storage"
"github.com/docker/distribution/registry/storage/cache/memory" "github.com/docker/distribution/registry/storage/cache/memory"
@ -71,11 +72,19 @@ type mockChallenger struct {
} }
// Called for remote operations only // Called for remote operations only
func (mc *mockChallenger) tryEstablishChallenges(context.Context) error { func (m *mockChallenger) tryEstablishChallenges(context.Context) error {
mc.Lock() m.Lock()
defer mc.Unlock() defer m.Unlock()
mc.count++ m.count++
return nil
}
func (m *mockChallenger) credentialStore() auth.CredentialStore {
return nil
}
func (m *mockChallenger) challengeManager() auth.ChallengeManager {
return nil return nil
} }

43
registry/proxy/proxyregistry.go
View File

@ -101,9 +101,9 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
scheduler: s, scheduler: s,
remoteURL: config.RemoteURL, remoteURL: config.RemoteURL,
authChallenger: &remoteAuthChallenger{ authChallenger: &remoteAuthChallenger{
remoteURL: config.RemoteURL, remoteURL: config.RemoteURL,
challengeManager: auth.NewSimpleChallengeManager(), cm: auth.NewSimpleChallengeManager(),
credentialStore: cs, cs: cs,
}, },
}, nil }, nil
} }
@ -117,13 +117,10 @@ func (pr *proxyingRegistry) Repositories(ctx context.Context, repos []string, la
} }
func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named) (distribution.Repository, error) { func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named) (distribution.Repository, error) {
hcm, ok := pr.authChallenger.(*remoteAuthChallenger) c := pr.authChallenger
if !ok {
return nil, fmt.Errorf("unexpected challenge manager type %T", pr.authChallenger)
}
tr := transport.NewTransport(http.DefaultTransport, tr := transport.NewTransport(http.DefaultTransport,
auth.NewAuthorizer(hcm.challengeManager, auth.NewTokenHandler(http.DefaultTransport, hcm.credentialStore, name.Name(), "pull"))) auth.NewAuthorizer(c.challengeManager(), auth.NewTokenHandler(http.DefaultTransport, c.credentialStore(), name.Name(), "pull")))
localRepo, err := pr.embedded.Repository(ctx, name) localRepo, err := pr.embedded.Repository(ctx, name)
if err != nil { if err != nil {
@ -172,22 +169,32 @@ func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named
// authChallenger encapsulates a request to the upstream to establish credential challenges // authChallenger encapsulates a request to the upstream to establish credential challenges
type authChallenger interface { type authChallenger interface {
tryEstablishChallenges(context.Context) error tryEstablishChallenges(context.Context) error
challengeManager() auth.ChallengeManager
credentialStore() auth.CredentialStore
} }
type remoteAuthChallenger struct { type remoteAuthChallenger struct {
remoteURL string remoteURL string
sync.Mutex sync.Mutex
challengeManager auth.ChallengeManager cm auth.ChallengeManager
credentialStore auth.CredentialStore cs auth.CredentialStore
} }
// tryEstablishChallenges will attempt to get a challenge types for the upstream if none currently exist func (r *remoteAuthChallenger) credentialStore() auth.CredentialStore {
func (hcm *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) error { return r.cs
hcm.Lock() }
defer hcm.Unlock()
remoteURL := hcm.remoteURL + "/v2/" func (r *remoteAuthChallenger) challengeManager() auth.ChallengeManager {
challenges, err := hcm.challengeManager.GetChallenges(remoteURL) return r.cm
}
// tryEstablishChallenges will attempt to get a challenge type for the upstream if none currently exist
func (r *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) error {
r.Lock()
defer r.Unlock()
remoteURL := r.remoteURL + "/v2/"
challenges, err := r.cm.GetChallenges(remoteURL)
if err != nil { if err != nil {
return err return err
} }
@ -197,11 +204,11 @@ func (hcm *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) err
} }
// establish challenge type with upstream // establish challenge type with upstream
if err := ping(hcm.challengeManager, remoteURL, challengeHeader); err != nil { if err := ping(r.cm, remoteURL, challengeHeader); err != nil {
return err return err
} }
context.GetLogger(ctx).Infof("Challenge established with upstream : %s %s", remoteURL, hcm.challengeManager) context.GetLogger(ctx).Infof("Challenge established with upstream : %s %s", remoteURL, r.cm)
return nil return nil
} }