Change build_context_and_subject to take kwargs

2017-03-22 13:19:22 -04:00 · 2017-03-22 13:19:22 -04:00 · 6ad107709c
commit 6ad107709c
parent 21d969d309
4 changed files with 5 additions and 6 deletions
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@ -175,7 +175,7 @@ def generate_registry_jwt(auth_result):
    event.publish_event_data('docker-cli', user_event_data)

  # Build the signed JWT.
-  context, subject = build_context_and_subject(user, token, oauthtoken, tuf_root)
+  context, subject = build_context_and_subject(user=user, token=token, oauthtoken=oauthtoken, tuf_root=tuf_root)
  token = generate_bearer_token(audience_param, subject, context, access,
                                TOKEN_VALIDITY_LIFETIME_S, instance_keys)
  return jsonify({'token': token})
--- a/test/test_registry_v2_auth.py
+++ b/test/test_registry_v2_auth.py
@ -28,7 +28,7 @@ class TestRegistryV2Auth(unittest.TestCase):
  def _generate_token_data(self, access=[], context=None, audience=TEST_AUDIENCE, user=TEST_USER, iat=None,
                           exp=None, nbf=None, iss=None):

-    _, subject = build_context_and_subject(user, None, None, None)
+    _, subject = build_context_and_subject(user=user)
    return {
      'iss': iss or instance_keys.service_name,
      'aud': audience,
--- a/util/secscan/api.py
+++ b/util/secscan/api.py
@ -105,7 +105,7 @@ class SecurityScannerAPI(object):

      # Generate the JWT which will authorize this
      audience = self._app.config['SERVER_HOSTNAME']
-      context, subject = build_context_and_subject(None, None, None, None)
+      context, subject = build_context_and_subject()
      access = [{
        'type': 'repository',
        'name': repository_and_namespace,
--- a/util/security/registry_jwt.py
+++ b/util/security/registry_jwt.py
@ -100,11 +100,11 @@ def _generate_jwt_object(audience, subject, context, access, lifetime_s, issuer,
  return jwt.encode(token_data, private_key, ALGORITHM, headers=token_headers)


-def build_context_and_subject(user, token, oauthtoken, tuf_root):
+def build_context_and_subject(user=None, token=None, oauthtoken=None, tuf_root=None):
  """ Builds the custom context field for the JWT signed token and returns it,
      along with the subject for the JWT signed token. """
  
-  # Serve quay root if not explicitly granted permission to see signer root
+  # Default to quay root if not explicitly granted permission to see signer root
  if not tuf_root:
    tuf_root = 'quay'
    
@ -115,7 +115,6 @@ def build_context_and_subject(user, token, oauthtoken, tuf_root):
      'oauth': oauthtoken.uuid,
      CLAIM_TUF_ROOT: tuf_root,
    }
-
    return (context, user.username)

  if user: