The exported StringSet type is not necessary for the current use case of
validating issues and audiences. The exported fields on VerifyOptions have been
changed to require string slices. The collections package has been removed and
the StringSet has been moved to the token package, where it is used.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
As part of the efforts to break up the common package before disaster strikes,
a new collections package has been created. More may belong there but for now,
it only includes an implementation of StringSet.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
If Context.Name is not set, the acceess controller may allow an unintended
request through. By only allowing a request to proceed without a name on the
base route, we provide some protection if future bugs forget to set the context
properly.
This changeset integrates the AccessController into the main registry app. This
includes support for configuration and a test implementation, called "silly"
auth. Auth is only enabled if the configuration is present but takes measure to
ensure that configuration errors don't allow the appserver to start with open
access.