Commit graph

13 commits

Author SHA1 Message Date
Josh Hawn
2c3d738a05 Use context for auth access controllers
The auth package has been updated to use "golang.org/x/net/context" for
passing information between the application and the auth backend.

AccessControllers should now set a "auth.user" context value to a AuthUser
struct containing a single "Name" field for now with possible, optional, values
in the future.

The "silly" auth backend always sets the name to "silly", while the "token" auth
backend will set the name to match the "subject" claim of the JWT.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-02-04 19:17:33 -08:00
Stephen J Day
aea52c7fb5 Remove exported StringSet type and collections package
The exported StringSet type is not necessary for the current use case of
validating issues and audiences. The exported fields on VerifyOptions have been
changed to require string slices. The collections package has been removed and
the StringSet has been moved to the token package, where it is used.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-05 18:21:03 -08:00
Stephen J Day
1266f13afa Move StringSet to new collections package
As part of the efforts to break up the common package before disaster strikes,
a new collections package has been created. More may belong there but for now,
it only includes an implementation of StringSet.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-05 15:18:03 -08:00
Olivier Gambier
67ca9d10cf Move from docker-registry to distribution 2014-12-23 17:13:02 -08:00
Stephen J Day
b1f36c3fe5 Ensure that unset Context.Name only allowed on base route
If Context.Name is not set, the acceess controller may allow an unintended
request through. By only allowing a request to proceed without a name on the
base route, we provide some protection if future bugs forget to set the context
properly.
2014-12-18 17:25:06 -08:00
Olivier Gambier
e50fcc0ab9 Merge pull request #862 from jlhawn/ng_auth_package
Refactor token verification to support x5c header
2014-12-18 15:18:07 -08:00
Stephen J Day
d0a9e9b475 Integrate auth.AccessController into registry app
This changeset integrates the AccessController into the main registry app. This
includes support for configuration and a test implementation, called "silly"
auth. Auth is only enabled if the configuration is present but takes measure to
ensure that configuration errors don't allow the appserver to start with open
access.
2014-12-18 12:34:56 -08:00
Josh Hawn
4c42477abf Refactored out usage of strconv.Quote()
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-17 16:16:02 -08:00
Josh Hawn
2e3af8efcf Refactor token verification to support x5c header
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-17 16:12:57 -08:00
Josh Hawn
b54bf450dc Fixes typo on auth/token VerifyOptions field
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-17 12:16:32 -08:00
Josh Hawn
d30a8321d8 Address auth package comments from stevvooe
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-17 11:35:35 -08:00
Josh Hawn
88de2e11fb Refactor auth stringSet into common.StringSet
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-17 10:57:05 -08:00
Josh Hawn
56f685c0dd Adds auth package with token auth backend
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-16 23:14:12 -08:00