Remove dead code in registry package
The only uses of RequestAuthorization and its associated functions were
removed in 7fed379d95
("Update graph to
use vendored distribution client for the v2 codepath")
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This commit is contained in:
parent
138ba39260
commit
4c255a0d41
1 changed files with 0 additions and 89 deletions
89
docs/auth.go
89
docs/auth.go
|
@ -6,100 +6,11 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/docker/docker/cliconfig"
|
||||
)
|
||||
|
||||
type RequestAuthorization struct {
|
||||
authConfig *cliconfig.AuthConfig
|
||||
registryEndpoint *Endpoint
|
||||
resource string
|
||||
scope string
|
||||
actions []string
|
||||
|
||||
tokenLock sync.Mutex
|
||||
tokenCache string
|
||||
tokenExpiration time.Time
|
||||
}
|
||||
|
||||
func NewRequestAuthorization(authConfig *cliconfig.AuthConfig, registryEndpoint *Endpoint, resource, scope string, actions []string) *RequestAuthorization {
|
||||
return &RequestAuthorization{
|
||||
authConfig: authConfig,
|
||||
registryEndpoint: registryEndpoint,
|
||||
resource: resource,
|
||||
scope: scope,
|
||||
actions: actions,
|
||||
}
|
||||
}
|
||||
|
||||
func (auth *RequestAuthorization) getToken() (string, error) {
|
||||
auth.tokenLock.Lock()
|
||||
defer auth.tokenLock.Unlock()
|
||||
now := time.Now()
|
||||
if now.Before(auth.tokenExpiration) {
|
||||
logrus.Debugf("Using cached token for %s", auth.authConfig.Username)
|
||||
return auth.tokenCache, nil
|
||||
}
|
||||
|
||||
for _, challenge := range auth.registryEndpoint.AuthChallenges {
|
||||
switch strings.ToLower(challenge.Scheme) {
|
||||
case "basic":
|
||||
// no token necessary
|
||||
case "bearer":
|
||||
logrus.Debugf("Getting bearer token with %s for %s", challenge.Parameters, auth.authConfig.Username)
|
||||
params := map[string]string{}
|
||||
for k, v := range challenge.Parameters {
|
||||
params[k] = v
|
||||
}
|
||||
params["scope"] = fmt.Sprintf("%s:%s:%s", auth.resource, auth.scope, strings.Join(auth.actions, ","))
|
||||
token, err := getToken(auth.authConfig.Username, auth.authConfig.Password, params, auth.registryEndpoint)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
auth.tokenCache = token
|
||||
auth.tokenExpiration = now.Add(time.Minute)
|
||||
|
||||
return token, nil
|
||||
default:
|
||||
logrus.Infof("Unsupported auth scheme: %q", challenge.Scheme)
|
||||
}
|
||||
}
|
||||
|
||||
// Do not expire cache since there are no challenges which use a token
|
||||
auth.tokenExpiration = time.Now().Add(time.Hour * 24)
|
||||
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// Checks that requests to the v2 registry can be authorized.
|
||||
func (auth *RequestAuthorization) CanAuthorizeV2() bool {
|
||||
if len(auth.registryEndpoint.AuthChallenges) == 0 {
|
||||
return true
|
||||
}
|
||||
scope := fmt.Sprintf("%s:%s:%s", auth.resource, auth.scope, strings.Join(auth.actions, ","))
|
||||
if _, err := loginV2(auth.authConfig, auth.registryEndpoint, scope); err != nil {
|
||||
logrus.Debugf("Cannot authorize against V2 endpoint: %s", auth.registryEndpoint)
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func (auth *RequestAuthorization) Authorize(req *http.Request) error {
|
||||
token, err := auth.getToken()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if token != "" {
|
||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
|
||||
} else if auth.authConfig.Username != "" && auth.authConfig.Password != "" {
|
||||
req.SetBasicAuth(auth.authConfig.Username, auth.authConfig.Password)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Login tries to register/login to the registry server.
|
||||
func Login(authConfig *cliconfig.AuthConfig, registryEndpoint *Endpoint) (string, error) {
|
||||
// Separates the v2 registry login logic from the v1 logic.
|
||||
|
|
Loading…
Reference in a new issue