From e28c288444f86321c7ba62d4e517b546efc0d858 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Thu, 28 Jan 2016 15:47:22 -0800 Subject: [PATCH] Update to address comments Add logging to resolve scope Clarify response logs Better messaging for tls setup error Signed-off-by: Derek McGowan (github: dmcgowan) --- contrib/token-server/main.go | 11 +++++------ contrib/token-server/token.go | 5 +++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/contrib/token-server/main.go b/contrib/token-server/main.go index 303ed9ed..e47e11c2 100644 --- a/contrib/token-server/main.go +++ b/contrib/token-server/main.go @@ -86,7 +86,7 @@ func main() { if cert == "" { err = http.ListenAndServe(addr, router) } else if certKey == "" { - logrus.Fatalf("Must provide certficate and key") + logrus.Fatalf("Must provide certficate (-tlscert) and key (-tlskey)") } else { err = http.ListenAndServeTLS(addr, cert, certKey, router) } @@ -134,7 +134,7 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h service := params.Get("service") scopeSpecifiers := params["scope"] - requestedAccessList := ResolveScopeSpecifiers(scopeSpecifiers) + requestedAccessList := ResolveScopeSpecifiers(ctx, scopeSpecifiers) authorizedCtx, err := ts.accessController.Authorized(ctx, requestedAccessList...) if err != nil { @@ -150,14 +150,13 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h challenge.SetHeaders(w) handleError(ctx, errcode.ErrorCodeUnauthorized.WithDetail(challenge.Error()), w) - context.GetResponseLogger(ctx).Info("authentication challenged") + context.GetResponseLogger(ctx).Info("get token authentication challenge") return } ctx = authorizedCtx - // TODO(dmcgowan): handle case where this could panic? - username := ctx.Value("auth.user.name").(string) + username := context.GetStringValue(ctx, "auth.user.name") ctx = context.WithValue(ctx, "acctSubject", username) ctx = context.WithLogger(ctx, context.GetLogger(ctx, "acctSubject")) @@ -198,5 +197,5 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]string{"token": token}) - context.GetResponseLogger(ctx).Info("getToken complete") + context.GetResponseLogger(ctx).Info("get token complete") } diff --git a/contrib/token-server/token.go b/contrib/token-server/token.go index 6661ffce..15ace622 100644 --- a/contrib/token-server/token.go +++ b/contrib/token-server/token.go @@ -10,6 +10,7 @@ import ( "strings" "time" + "github.com/docker/distribution/context" "github.com/docker/distribution/registry/auth" "github.com/docker/distribution/registry/auth/token" "github.com/docker/libtrust" @@ -17,7 +18,7 @@ import ( // ResolveScopeSpecifiers converts a list of scope specifiers from a token // request's `scope` query parameters into a list of standard access objects. -func ResolveScopeSpecifiers(scopeSpecs []string) []auth.Access { +func ResolveScopeSpecifiers(ctx context.Context, scopeSpecs []string) []auth.Access { requestedAccessSet := make(map[auth.Access]struct{}, 2*len(scopeSpecs)) for _, scopeSpecifier := range scopeSpecs { @@ -25,7 +26,7 @@ func ResolveScopeSpecifiers(scopeSpecs []string) []auth.Access { parts := strings.SplitN(scopeSpecifier, ":", 3) if len(parts) != 3 { - // Ignore malformed scope specifiers. + context.GetLogger(ctx).Infof("ignoring unsupported scope format %s", scopeSpecifier) continue }