vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Change build_context_and_subject to take kwargs

Browse source
This commit is contained in:
Evan Cordell 2017-03-22 13:19:22 -04:00
parent 21d969d309
commit 6ad107709c
4 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
endpoints/v2/v2auth.py
View file

@ -175,7 +175,7 @@ def generate_registry_jwt(auth_result):
event.publish_event_data('docker-cli', user_event_data) event.publish_event_data('docker-cli', user_event_data)
# Build the signed JWT. # Build the signed JWT.
context, subject = build_context_and_subject(user, token, oauthtoken, tuf_root) context, subject = build_context_and_subject(user=user, token=token, oauthtoken=oauthtoken, tuf_root=tuf_root)
token = generate_bearer_token(audience_param, subject, context, access, token = generate_bearer_token(audience_param, subject, context, access,
TOKEN_VALIDITY_LIFETIME_S, instance_keys) TOKEN_VALIDITY_LIFETIME_S, instance_keys)
return jsonify({'token': token}) return jsonify({'token': token})

2
test/test_registry_v2_auth.py
View file

@ -28,7 +28,7 @@ class TestRegistryV2Auth(unittest.TestCase):
def _generate_token_data(self, access=[], context=None, audience=TEST_AUDIENCE, user=TEST_USER, iat=None, def _generate_token_data(self, access=[], context=None, audience=TEST_AUDIENCE, user=TEST_USER, iat=None,
exp=None, nbf=None, iss=None): exp=None, nbf=None, iss=None):
_, subject = build_context_and_subject(user, None, None, None) _, subject = build_context_and_subject(user=user)
return { return {
'iss': iss or instance_keys.service_name, 'iss': iss or instance_keys.service_name,
'aud': audience, 'aud': audience,

2
util/secscan/api.py
View file

@ -105,7 +105,7 @@ class SecurityScannerAPI(object):
# Generate the JWT which will authorize this # Generate the JWT which will authorize this
audience = self._app.config['SERVER_HOSTNAME'] audience = self._app.config['SERVER_HOSTNAME']
context, subject = build_context_and_subject(None, None, None, None) context, subject = build_context_and_subject()
access = [{ access = [{
'type': 'repository', 'type': 'repository',
'name': repository_and_namespace, 'name': repository_and_namespace,

5
util/security/registry_jwt.py
View file

@ -100,11 +100,11 @@ def _generate_jwt_object(audience, subject, context, access, lifetime_s, issuer,
return jwt.encode(token_data, private_key, ALGORITHM, headers=token_headers) return jwt.encode(token_data, private_key, ALGORITHM, headers=token_headers)
def build_context_and_subject(user, token, oauthtoken, tuf_root): def build_context_and_subject(user=None, token=None, oauthtoken=None, tuf_root=None):
""" Builds the custom context field for the JWT signed token and returns it, """ Builds the custom context field for the JWT signed token and returns it,
along with the subject for the JWT signed token. """ along with the subject for the JWT signed token. """
# Serve quay root if not explicitly granted permission to see signer root # Default to quay root if not explicitly granted permission to see signer root
if not tuf_root: if not tuf_root:
tuf_root = 'quay' tuf_root = 'quay'
@ -115,7 +115,6 @@ def build_context_and_subject(user, token, oauthtoken, tuf_root):
'oauth': oauthtoken.uuid, 'oauth': oauthtoken.uuid,
CLAIM_TUF_ROOT: tuf_root, CLAIM_TUF_ROOT: tuf_root,
} }
return (context, user.username) return (context, user.username)
if user: if user: