endpoints.v2: yapf format
This commit is contained in:
Jimmy Zelinskie
parent
0e26a03f7e
commit
b1434b0380
9 changed files with 152 additions and 216 deletions
|
|
@ -16,15 +16,15 @@ from endpoints.v2.errors import InvalidLogin, NameInvalid, InvalidRequest, Unsup
|
|||
from endpoints.v2.models_pre_oci import data_model as model
|
||||
from util.cache import no_cache
|
||||
from util.names import parse_namespace_repository, REPOSITORY_NAME_REGEX
|
||||
from util.security.registry_jwt import (generate_bearer_token, build_context_and_subject, QUAY_TUF_ROOT,
|
||||
SIGNER_TUF_ROOT, DISABLED_TUF_ROOT)
|
||||
from util.security.registry_jwt import (generate_bearer_token, build_context_and_subject,
|
||||
QUAY_TUF_ROOT, SIGNER_TUF_ROOT, DISABLED_TUF_ROOT)
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
TOKEN_VALIDITY_LIFETIME_S = 60 * 60 # 1 hour
|
||||
SCOPE_REGEX_TEMPLATE = r'^repository:((?:{}\/)?((?:[\.a-zA-Z0-9_\-]+\/)*[\.a-zA-Z0-9_\-]+)):((?:push|pull|\*)(?:,(?:push|pull|\*))*)$'
|
||||
|
||||
|
||||
@lru_cache(maxsize=1)
|
||||
def get_scope_regex():
|
||||
hostname = re.escape(app.config['SERVER_HOSTNAME'])
|
||||
|
|
@ -64,8 +64,7 @@ def generate_registry_jwt(auth_result):
|
|||
|
||||
access = []
|
||||
user_event_data = {
|
||||
'action': 'login',
|
||||
}
|
||||
'action': 'login',}
|
||||
tuf_root = DISABLED_TUF_ROOT
|
||||
|
||||
if len(scope_param) > 0:
|
||||
|
|
@ -101,8 +100,8 @@ def generate_registry_jwt(auth_result):
|
|||
repo_is_public = repo is not None and repo.is_public
|
||||
invalid_repo_message = ''
|
||||
if repo is not None and repo.kind != 'image':
|
||||
invalid_repo_message = (('This repository is for managing %s resources ' +
|
||||
'and not container images.') % repo.kind)
|
||||
invalid_repo_message = ((
|
||||
'This repository is for managing %s resources ' + 'and not container images.') % repo.kind)
|
||||
|
||||
if 'push' in actions:
|
||||
# If there is no valid user or token, then the repository cannot be
|
||||
|
|
@ -150,8 +149,7 @@ def generate_registry_jwt(auth_result):
|
|||
access.append({
|
||||
'type': 'repository',
|
||||
'name': registry_and_repo,
|
||||
'actions': final_actions,
|
||||
})
|
||||
'actions': final_actions,})
|
||||
|
||||
# Set the user event data for the auth.
|
||||
if 'push' in final_actions:
|
||||
|
|
@ -164,8 +162,7 @@ def generate_registry_jwt(auth_result):
|
|||
user_event_data = {
|
||||
'action': user_action,
|
||||
'repository': reponame,
|
||||
'namespace': namespace,
|
||||
}
|
||||
'namespace': namespace,}
|
||||
tuf_root = get_tuf_root(repo, namespace, reponame)
|
||||
|
||||
elif user is None and token is None:
|
||||
|
|
@ -179,7 +176,8 @@ def generate_registry_jwt(auth_result):
|
|||
event.publish_event_data('docker-cli', user_event_data)
|
||||
|
||||
# Build the signed JWT.
|
||||
context, subject = build_context_and_subject(user=user, token=token, oauthtoken=oauthtoken, tuf_root=tuf_root)
|
||||
context, subject = build_context_and_subject(user=user, token=token, oauthtoken=oauthtoken,
|
||||
tuf_root=tuf_root)
|
||||
token = generate_bearer_token(audience_param, subject, context, access,
|
||||
TOKEN_VALIDITY_LIFETIME_S, instance_keys)
|
||||
return jsonify({'token': token})
|
||||
|
|
|
|||
Reference in a new issue