vbatts/registry
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add support for registry type in scope

Browse source 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan 2016-07-12 17:13:43 -07:00
parent edd7cb5249
commit 022416c502
1 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
contrib/token-server/main.go
View file

@ -163,14 +163,21 @@ func filterAccessList(ctx context.Context, scope string, requestedAccessList []a
} }
grantedAccessList := make([]auth.Access, 0, len(requestedAccessList)) grantedAccessList := make([]auth.Access, 0, len(requestedAccessList))
for _, access := range requestedAccessList { for _, access := range requestedAccessList {
if access.Type != "repository" { if access.Type == "repository" {
if !strings.HasPrefix(access.Name, scope) {
context.GetLogger(ctx).Debugf("Resource scope not allowed: %s", access.Name)
continue
}
} else if access.Type == "registry" {
if access.Name != "catalog" {
context.GetLogger(ctx).Debugf("Unknown registry resource: %s", access.Name)
continue
}
// TODO: Limit some actions to "admin" users
} else {
context.GetLogger(ctx).Debugf("Skipping unsupported resource type: %s", access.Type) context.GetLogger(ctx).Debugf("Skipping unsupported resource type: %s", access.Type)
continue continue
} }
if !strings.HasPrefix(access.Name, scope) {
context.GetLogger(ctx).Debugf("Resource scope not allowed: %s", access.Name)
continue
}
grantedAccessList = append(grantedAccessList, access) grantedAccessList = append(grantedAccessList, access)
} }
return grantedAccessList return grantedAccessList