Fix and templatize the logic for external JWT AuthN and registry v2 Auth.
Make it explicit that the registry-v2 stuff is not ready for prime time.
This commit is contained in:
Jake Moshenko
parent
768192927a
commit
bc29561f8f
11 changed files with 223 additions and 79 deletions
|
|
@ -216,6 +216,11 @@ class DefaultConfig(object):
|
|||
# Signed registry grant token expiration in seconds
|
||||
SIGNED_GRANT_EXPIRATION_SEC = 60 * 60 * 24 # One day to complete a push/pull
|
||||
|
||||
# Registry v2 JWT Auth config
|
||||
JWT_AUTH_MAX_FRESH_S = 60 * 5 # At most the JWT can be signed for 300s in the future
|
||||
JWT_AUTH_CERTIFICATE_PATH = 'conf/selfsigned/jwt.crt'
|
||||
JWT_AUTH_PRIVATE_KEY_PATH = 'conf/selfsigned/jwt.key.insecure'
|
||||
|
||||
# The URL endpoint to which we redirect OAuth when generating a token locally.
|
||||
LOCAL_OAUTH_HANDLER = '/oauth/localapp'
|
||||
|
||||
|
|
|
|||
Reference in a new issue