Update to address comments

Add logging to resolve scope Clarify response logs Better messaging for tls setup error Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-01-28 15:47:22 -08:00 · 2016-01-28 15:47:22 -08:00 · e28c288444
parent 08d1f035f0
commit e28c288444
2 changed files with 8 additions and 8 deletions
--- a/contrib/token-server/main.go
+++ b/contrib/token-server/main.go
@ -86,7 +86,7 @@ func main() {
 	if cert == "" {
 		err = http.ListenAndServe(addr, router)
 	} else if certKey == "" {
-		logrus.Fatalf("Must provide certficate and key")
+		logrus.Fatalf("Must provide certficate (-tlscert) and key (-tlskey)")
 	} else {
 		err = http.ListenAndServeTLS(addr, cert, certKey, router)
 	}
@ -134,7 +134,7 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
 	service := params.Get("service")
 	scopeSpecifiers := params["scope"]

-	requestedAccessList := ResolveScopeSpecifiers(scopeSpecifiers)
+	requestedAccessList := ResolveScopeSpecifiers(ctx, scopeSpecifiers)

 	authorizedCtx, err := ts.accessController.Authorized(ctx, requestedAccessList...)
 	if err != nil {
@ -150,14 +150,13 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
 		challenge.SetHeaders(w)
 		handleError(ctx, errcode.ErrorCodeUnauthorized.WithDetail(challenge.Error()), w)

-		context.GetResponseLogger(ctx).Info("authentication challenged")
+		context.GetResponseLogger(ctx).Info("get token authentication challenge")

 		return
 	}
 	ctx = authorizedCtx

-	// TODO(dmcgowan): handle case where this could panic?
-	username := ctx.Value("auth.user.name").(string)
+	username := context.GetStringValue(ctx, "auth.user.name")

 	ctx = context.WithValue(ctx, "acctSubject", username)
 	ctx = context.WithLogger(ctx, context.GetLogger(ctx, "acctSubject"))
@ -198,5 +197,5 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
 	w.Header().Set("Content-Type", "application/json")
 	json.NewEncoder(w).Encode(map[string]string{"token": token})

-	context.GetResponseLogger(ctx).Info("getToken complete")
+	context.GetResponseLogger(ctx).Info("get token complete")
 }
--- a/contrib/token-server/token.go
+++ b/contrib/token-server/token.go
@ -10,6 +10,7 @@ import (
 	"strings"
 	"time"

+	"github.com/docker/distribution/context"
 	"github.com/docker/distribution/registry/auth"
 	"github.com/docker/distribution/registry/auth/token"
 	"github.com/docker/libtrust"
@ -17,7 +18,7 @@ import (

 // ResolveScopeSpecifiers converts a list of scope specifiers from a token
 // request's `scope` query parameters into a list of standard access objects.
-func ResolveScopeSpecifiers(scopeSpecs []string) []auth.Access {
+func ResolveScopeSpecifiers(ctx context.Context, scopeSpecs []string) []auth.Access {
 	requestedAccessSet := make(map[auth.Access]struct{}, 2*len(scopeSpecs))

 	for _, scopeSpecifier := range scopeSpecs {
@ -25,7 +26,7 @@ func ResolveScopeSpecifiers(scopeSpecs []string) []auth.Access {
 		parts := strings.SplitN(scopeSpecifier, ":", 3)

 		if len(parts) != 3 {
-			// Ignore malformed scope specifiers.
+			context.GetLogger(ctx).Infof("ignoring unsupported scope format %s", scopeSpecifier)
 			continue
 		}