vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Refactor auth code to be cleaner and more extensible

Browse source 
We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).
This commit is contained in:
Joseph Schorr 2018-01-05 16:27:03 -05:00
parent 8ba2e71fb1
commit e220b50543
31 changed files with 822 additions and 436 deletions
Download patch file Download diff file Expand all files Collapse all files

12
util/tufmetadata/api.py
View file

@ -1,9 +1,10 @@
import logging
from urlparse import urljoin
from posixpath import join
from abc import ABCMeta, abstractmethod
from six import add_metaclass
from urlparse import urljoin
from posixpath import join
import requests
@ -11,7 +12,8 @@ from data.database import CloseForLongOperation
from util.abchelpers import nooper
from util.failover import failover, FailoverException
from util.security.instancekeys import InstanceKeys
from util.security.registry_jwt import build_context_and_subject, generate_bearer_token, QUAY_TUF_ROOT, SIGNER_TUF_ROOT
from util.security.registry_jwt import (build_context_and_subject, generate_bearer_token,
SIGNER_TUF_ROOT)
DEFAULT_HTTP_HEADERS = {'Connection': 'close'}
@ -223,7 +225,7 @@ class ImplementedTUFMetadataAPI(TUFMetadataAPIInterface):
except Non200ResponseException as ex:
logger.exception('Failed request for %s: %s', gun, str(ex))
except InvalidMetadataException as ex:
logger.exception('Failed to parse targets from metadata', str(ex))
logger.exception('Failed to parse targets from metadata: %s', str(ex))
return None
def _parse_signed(self, json_response):
@ -240,7 +242,7 @@ class ImplementedTUFMetadataAPI(TUFMetadataAPIInterface):
'name': gun,
'actions': actions,
}]
context, subject = build_context_and_subject(user=None, token=None, oauthtoken=None, tuf_root=SIGNER_TUF_ROOT)
context, subject = build_context_and_subject(auth_context=None, tuf_root=SIGNER_TUF_ROOT)
token = generate_bearer_token(self._config["SERVER_HOSTNAME"], subject, context, access,
TOKEN_VALIDITY_LIFETIME_S, self._instance_keys)
return {'Authorization': 'Bearer %s' % token}