Change build_context_and_subject to take kwargs

util/secscan/api.py

@@ -105,7 +105,7 @@ class SecurityScannerAPI(object):
 
       # Generate the JWT which will authorize this
       audience = self._app.config['SERVER_HOSTNAME']
-      context, subject = build_context_and_subject(None, None, None, None)
+      context, subject = build_context_and_subject()
       access = [{
         'type': 'repository',
         'name': repository_and_namespace,

util/security/registry_jwt.py

@@ -100,11 +100,11 @@ def _generate_jwt_object(audience, subject, context, access, lifetime_s, issuer,
   return jwt.encode(token_data, private_key, ALGORITHM, headers=token_headers)
 
 
-def build_context_and_subject(user, token, oauthtoken, tuf_root):
+def build_context_and_subject(user=None, token=None, oauthtoken=None, tuf_root=None):
   """ Builds the custom context field for the JWT signed token and returns it,
       along with the subject for the JWT signed token. """
   
-  # Serve quay root if not explicitly granted permission to see signer root
+  # Default to quay root if not explicitly granted permission to see signer root
   if not tuf_root:
     tuf_root = 'quay'
     
@@ -115,7 +115,6 @@ def build_context_and_subject(user, token, oauthtoken, tuf_root):
       'oauth': oauthtoken.uuid,
       CLAIM_TUF_ROOT: tuf_root,
     }
-
     return (context, user.username)
 
   if user: