Update to address comments

Add logging to resolve scope
Clarify response logs
Better messaging for tls setup error

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan 2016-01-28 15:47:22 -08:00
parent 08d1f035f0
commit e28c288444
2 changed files with 8 additions and 8 deletions

View file

@ -86,7 +86,7 @@ func main() {
if cert == "" { if cert == "" {
err = http.ListenAndServe(addr, router) err = http.ListenAndServe(addr, router)
} else if certKey == "" { } else if certKey == "" {
logrus.Fatalf("Must provide certficate and key") logrus.Fatalf("Must provide certficate (-tlscert) and key (-tlskey)")
} else { } else {
err = http.ListenAndServeTLS(addr, cert, certKey, router) err = http.ListenAndServeTLS(addr, cert, certKey, router)
} }
@ -134,7 +134,7 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
service := params.Get("service") service := params.Get("service")
scopeSpecifiers := params["scope"] scopeSpecifiers := params["scope"]
requestedAccessList := ResolveScopeSpecifiers(scopeSpecifiers) requestedAccessList := ResolveScopeSpecifiers(ctx, scopeSpecifiers)
authorizedCtx, err := ts.accessController.Authorized(ctx, requestedAccessList...) authorizedCtx, err := ts.accessController.Authorized(ctx, requestedAccessList...)
if err != nil { if err != nil {
@ -150,14 +150,13 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
challenge.SetHeaders(w) challenge.SetHeaders(w)
handleError(ctx, errcode.ErrorCodeUnauthorized.WithDetail(challenge.Error()), w) handleError(ctx, errcode.ErrorCodeUnauthorized.WithDetail(challenge.Error()), w)
context.GetResponseLogger(ctx).Info("authentication challenged") context.GetResponseLogger(ctx).Info("get token authentication challenge")
return return
} }
ctx = authorizedCtx ctx = authorizedCtx
// TODO(dmcgowan): handle case where this could panic? username := context.GetStringValue(ctx, "auth.user.name")
username := ctx.Value("auth.user.name").(string)
ctx = context.WithValue(ctx, "acctSubject", username) ctx = context.WithValue(ctx, "acctSubject", username)
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "acctSubject")) ctx = context.WithLogger(ctx, context.GetLogger(ctx, "acctSubject"))
@ -198,5 +197,5 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]string{"token": token}) json.NewEncoder(w).Encode(map[string]string{"token": token})
context.GetResponseLogger(ctx).Info("getToken complete") context.GetResponseLogger(ctx).Info("get token complete")
} }

View file

@ -10,6 +10,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/docker/distribution/context"
"github.com/docker/distribution/registry/auth" "github.com/docker/distribution/registry/auth"
"github.com/docker/distribution/registry/auth/token" "github.com/docker/distribution/registry/auth/token"
"github.com/docker/libtrust" "github.com/docker/libtrust"
@ -17,7 +18,7 @@ import (
// ResolveScopeSpecifiers converts a list of scope specifiers from a token // ResolveScopeSpecifiers converts a list of scope specifiers from a token
// request's `scope` query parameters into a list of standard access objects. // request's `scope` query parameters into a list of standard access objects.
func ResolveScopeSpecifiers(scopeSpecs []string) []auth.Access { func ResolveScopeSpecifiers(ctx context.Context, scopeSpecs []string) []auth.Access {
requestedAccessSet := make(map[auth.Access]struct{}, 2*len(scopeSpecs)) requestedAccessSet := make(map[auth.Access]struct{}, 2*len(scopeSpecs))
for _, scopeSpecifier := range scopeSpecs { for _, scopeSpecifier := range scopeSpecs {
@ -25,7 +26,7 @@ func ResolveScopeSpecifiers(scopeSpecs []string) []auth.Access {
parts := strings.SplitN(scopeSpecifier, ":", 3) parts := strings.SplitN(scopeSpecifier, ":", 3)
if len(parts) != 3 { if len(parts) != 3 {
// Ignore malformed scope specifiers. context.GetLogger(ctx).Infof("ignoring unsupported scope format %s", scopeSpecifier)
continue continue
} }