From 6ad107709c141759d25715d6254a66ea81d2a430 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Wed, 22 Mar 2017 13:19:22 -0400 Subject: [PATCH] Change build_context_and_subject to take kwargs --- endpoints/v2/v2auth.py | 2 +- test/test_registry_v2_auth.py | 2 +- util/secscan/api.py | 2 +- util/security/registry_jwt.py | 5 ++--- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/endpoints/v2/v2auth.py b/endpoints/v2/v2auth.py index 763838a09..66983c332 100644 --- a/endpoints/v2/v2auth.py +++ b/endpoints/v2/v2auth.py @@ -175,7 +175,7 @@ def generate_registry_jwt(auth_result): event.publish_event_data('docker-cli', user_event_data) # Build the signed JWT. - context, subject = build_context_and_subject(user, token, oauthtoken, tuf_root) + context, subject = build_context_and_subject(user=user, token=token, oauthtoken=oauthtoken, tuf_root=tuf_root) token = generate_bearer_token(audience_param, subject, context, access, TOKEN_VALIDITY_LIFETIME_S, instance_keys) return jsonify({'token': token}) diff --git a/test/test_registry_v2_auth.py b/test/test_registry_v2_auth.py index b8cd0a9a2..19982a985 100644 --- a/test/test_registry_v2_auth.py +++ b/test/test_registry_v2_auth.py @@ -28,7 +28,7 @@ class TestRegistryV2Auth(unittest.TestCase): def _generate_token_data(self, access=[], context=None, audience=TEST_AUDIENCE, user=TEST_USER, iat=None, exp=None, nbf=None, iss=None): - _, subject = build_context_and_subject(user, None, None, None) + _, subject = build_context_and_subject(user=user) return { 'iss': iss or instance_keys.service_name, 'aud': audience, diff --git a/util/secscan/api.py b/util/secscan/api.py index e44803e0b..c7092d7f1 100644 --- a/util/secscan/api.py +++ b/util/secscan/api.py @@ -105,7 +105,7 @@ class SecurityScannerAPI(object): # Generate the JWT which will authorize this audience = self._app.config['SERVER_HOSTNAME'] - context, subject = build_context_and_subject(None, None, None, None) + context, subject = build_context_and_subject() access = [{ 'type': 'repository', 'name': repository_and_namespace, diff --git a/util/security/registry_jwt.py b/util/security/registry_jwt.py index 0f3479a9e..9f7457241 100644 --- a/util/security/registry_jwt.py +++ b/util/security/registry_jwt.py @@ -100,11 +100,11 @@ def _generate_jwt_object(audience, subject, context, access, lifetime_s, issuer, return jwt.encode(token_data, private_key, ALGORITHM, headers=token_headers) -def build_context_and_subject(user, token, oauthtoken, tuf_root): +def build_context_and_subject(user=None, token=None, oauthtoken=None, tuf_root=None): """ Builds the custom context field for the JWT signed token and returns it, along with the subject for the JWT signed token. """ - # Serve quay root if not explicitly granted permission to see signer root + # Default to quay root if not explicitly granted permission to see signer root if not tuf_root: tuf_root = 'quay' @@ -115,7 +115,6 @@ def build_context_and_subject(user, token, oauthtoken, tuf_root): 'oauth': oauthtoken.uuid, CLAIM_TUF_ROOT: tuf_root, } - return (context, user.username) if user: