Use constants for TUF roots

2017-03-22 16:14:56 -04:00 · 2017-03-22 16:14:56 -04:00 · abd78bce56
commit abd78bce56
parent 6ad107709c
3 changed files with 14 additions and 11 deletions
--- a/endpoints/v2/test/test_v2auth.py
+++ b/endpoints/v2/test/test_v2auth.py
@ -5,6 +5,7 @@ from flask_principal import Identity, Principal

 from endpoints.v2.v2auth import get_tuf_root
 from auth import permissions
+from util.security.registry_jwt import QUAY_TUF_ROOT, SIGNER_TUF_ROOT
  
 def admin_identity(namespace, reponame):
  identity = Identity('admin')
@ -31,13 +32,13 @@ def app_with_principal():
  return app, principal

@pytest.mark.parametrize('identity,expected', [
-  (Identity('anon'), 'quay'),
-  (read_identity("namespace", "repo"), 'quay'),
-  (read_identity("different", "repo"), 'quay'),
-  (admin_identity("different", "repo"), 'quay'),
-  (write_identity("different", "repo"), 'quay'),
-  (admin_identity("namespace", "repo"), 'signer'),
-  (write_identity("namespace", "repo"), 'signer'),
+  (Identity('anon'), QUAY_TUF_ROOT),
+  (read_identity("namespace", "repo"), QUAY_TUF_ROOT),
+  (read_identity("different", "repo"), QUAY_TUF_ROOT),
+  (admin_identity("different", "repo"), QUAY_TUF_ROOT),
+  (write_identity("different", "repo"), QUAY_TUF_ROOT),
+  (admin_identity("namespace", "repo"), SIGNER_TUF_ROOT),
+  (write_identity("namespace", "repo"), SIGNER_TUF_ROOT),
 ])
 def test_get_tuf_root(identity, expected):
  app, principal = app_with_principal()
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@ -15,7 +15,7 @@ from endpoints.v2.errors import InvalidLogin
 from data.interfaces.v2 import pre_oci_model as model
 from util.cache import no_cache
 from util.names import parse_namespace_repository, REPOSITORY_NAME_REGEX
-from util.security.registry_jwt import generate_bearer_token, build_context_and_subject
+from util.security.registry_jwt import generate_bearer_token, build_context_and_subject, QUAY_TUF_ROOT, SIGNER_TUF_ROOT

 logger = logging.getLogger(__name__)

@ -184,5 +184,5 @@ def generate_registry_jwt(auth_result):
 def get_tuf_root(namespace, reponame):
  # Users with write access to a repo will see signer-rooted TUF metadata
  if ModifyRepositoryPermission(namespace, reponame).can():
-    return 'signer'
-  return 'quay'
+    return SIGNER_TUF_ROOT
+  return QUAY_TUF_ROOT