v2: refactor auth to use data.types

This commit is contained in:
Jimmy Zelinskie 2016-08-01 20:59:39 -04:00
parent 3de6000428
commit a516c08deb
2 changed files with 15 additions and 9 deletions

View file

@ -7,6 +7,14 @@ from data.types import (
Tag,
)
def create_repository(namespace_name, repo_name, user):
model.repository.create_repository(namespace, reponame, user)
def repository_is_public(namespace_name, repo_name):
model.repository.repository_is_public(namespace, reponame)):
def get_repository(namespace_name, repo_name):
repo = model.repository.get_repository(namespace_name, repo_name)
if repo is None:

View file

@ -5,7 +5,6 @@ from cachetools import lru_cache
from flask import request, jsonify, abort
from app import app, userevents, instance_keys
from data import model
from auth.auth import process_auth
from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
@ -21,9 +20,7 @@ logger = logging.getLogger(__name__)
TOKEN_VALIDITY_LIFETIME_S = 60 * 60 # 1 hour
SCOPE_REGEX_TEMPLATE = (
r'^repository:((?:{}\/)?((?:[\.a-zA-Z0-9_\-]+\/)?[\.a-zA-Z0-9_\-]+)):((?:push|pull|\*)(?:,(?:push|pull|\*))*)$'
)
SCOPE_REGEX_TEMPLATE = r'^repository:((?:{}\/)?((?:[\.a-zA-Z0-9_\-]+\/)?[\.a-zA-Z0-9_\-]+)):((?:push|pull|\*)(?:,(?:push|pull|\*))*)$'
@lru_cache(maxsize=1)
@ -38,7 +35,8 @@ def get_scope_regex():
@no_cache
@anon_protect
def generate_registry_jwt():
""" This endpoint will generate a JWT conforming to the Docker registry v2 auth spec:
"""
This endpoint will generate a JWT conforming to the Docker Registry v2 Auth Spec:
https://docs.docker.com/registry/spec/auth/token/
"""
audience_param = request.args.get('service')
@ -97,7 +95,7 @@ def generate_registry_jwt():
if user is not None or token is not None:
# Lookup the repository. If it exists, make sure the entity has modify
# permission. Otherwise, make sure the entity has create permission.
repo = model.repository.get_repository(namespace, reponame)
repo = v2.get_repository(namespace, reponame)
if repo:
if ModifyRepositoryPermission(namespace, reponame).can():
final_actions.append('push')
@ -106,7 +104,7 @@ def generate_registry_jwt():
else:
if CreateRepositoryPermission(namespace).can() and user is not None:
logger.debug('Creating repository: %s/%s', namespace, reponame)
model.repository.create_repository(namespace, reponame, user)
v2.create_repository(namespace, reponame, user)
final_actions.append('push')
else:
logger.debug('No permission to create repository %s/%s', namespace, reponame)
@ -114,7 +112,7 @@ def generate_registry_jwt():
if 'pull' in actions:
# Grant pull if the user can read the repo or it is public.
if (ReadRepositoryPermission(namespace, reponame).can() or
model.repository.repository_is_public(namespace, reponame)):
v2.repository_is_public(namespace, reponame)):
final_actions.append('pull')
else:
logger.debug('No permission to pull repository %s/%s', namespace, reponame)