forked from TrueCloudLab/distribution
Update to fix lint errors
Context should use type values instead of strings. Updated direct calls to WithValue, but still other uses of string keys. Update Acl to ACL in s3 driver. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
parent
99cb7c0946
commit
d35d94dcec
6 changed files with 71 additions and 45 deletions
|
@ -183,6 +183,18 @@ func filterAccessList(ctx context.Context, scope string, requestedAccessList []a
|
||||||
return grantedAccessList
|
return grantedAccessList
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type acctSubject struct{}
|
||||||
|
|
||||||
|
func (acctSubject) String() string { return "acctSubject" }
|
||||||
|
|
||||||
|
type requestedAccess struct{}
|
||||||
|
|
||||||
|
func (requestedAccess) String() string { return "requestedAccess" }
|
||||||
|
|
||||||
|
type grantedAccess struct{}
|
||||||
|
|
||||||
|
func (grantedAccess) String() string { return "grantedAccess" }
|
||||||
|
|
||||||
// getToken handles authenticating the request and authorizing access to the
|
// getToken handles authenticating the request and authorizing access to the
|
||||||
// requested scopes.
|
// requested scopes.
|
||||||
func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *http.Request) {
|
func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *http.Request) {
|
||||||
|
@ -225,17 +237,17 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
|
||||||
|
|
||||||
username := context.GetStringValue(ctx, "auth.user.name")
|
username := context.GetStringValue(ctx, "auth.user.name")
|
||||||
|
|
||||||
ctx = context.WithValue(ctx, "acctSubject", username)
|
ctx = context.WithValue(ctx, acctSubject{}, username)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "acctSubject"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, acctSubject{}))
|
||||||
|
|
||||||
context.GetLogger(ctx).Info("authenticated client")
|
context.GetLogger(ctx).Info("authenticated client")
|
||||||
|
|
||||||
ctx = context.WithValue(ctx, "requestedAccess", requestedAccessList)
|
ctx = context.WithValue(ctx, requestedAccess{}, requestedAccessList)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "requestedAccess"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, requestedAccess{}))
|
||||||
|
|
||||||
grantedAccessList := filterAccessList(ctx, username, requestedAccessList)
|
grantedAccessList := filterAccessList(ctx, username, requestedAccessList)
|
||||||
ctx = context.WithValue(ctx, "grantedAccess", grantedAccessList)
|
ctx = context.WithValue(ctx, grantedAccess{}, grantedAccessList)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "grantedAccess"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, grantedAccess{}))
|
||||||
|
|
||||||
token, err := ts.issuer.CreateJWT(username, service, grantedAccessList)
|
token, err := ts.issuer.CreateJWT(username, service, grantedAccessList)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -347,17 +359,17 @@ func (ts *tokenServer) postToken(ctx context.Context, w http.ResponseWriter, r *
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx = context.WithValue(ctx, "acctSubject", subject)
|
ctx = context.WithValue(ctx, acctSubject{}, subject)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "acctSubject"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, acctSubject{}))
|
||||||
|
|
||||||
context.GetLogger(ctx).Info("authenticated client")
|
context.GetLogger(ctx).Info("authenticated client")
|
||||||
|
|
||||||
ctx = context.WithValue(ctx, "requestedAccess", requestedAccessList)
|
ctx = context.WithValue(ctx, requestedAccess{}, requestedAccessList)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "requestedAccess"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, requestedAccess{}))
|
||||||
|
|
||||||
grantedAccessList := filterAccessList(ctx, subject, requestedAccessList)
|
grantedAccessList := filterAccessList(ctx, subject, requestedAccessList)
|
||||||
ctx = context.WithValue(ctx, "grantedAccess", grantedAccessList)
|
ctx = context.WithValue(ctx, grantedAccess{}, grantedAccessList)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "grantedAccess"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, grantedAccess{}))
|
||||||
|
|
||||||
token, err := ts.issuer.CreateJWT(subject, service, grantedAccessList)
|
token, err := ts.issuer.CreateJWT(subject, service, grantedAccessList)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -16,7 +16,7 @@ func TestSillyAccessController(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
ctx := context.WithValue(nil, "http.request", r)
|
ctx := context.WithRequest(context.Background(), r)
|
||||||
authCtx, err := ac.Authorized(ctx)
|
authCtx, err := ac.Authorized(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch err := err.(type) {
|
switch err := err.(type) {
|
||||||
|
|
|
@ -354,7 +354,7 @@ func TestAccessController(t *testing.T) {
|
||||||
Action: "baz",
|
Action: "baz",
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(nil, "http.request", req)
|
ctx := context.WithRequest(context.Background(), req)
|
||||||
authCtx, err := accessController.Authorized(ctx, testAccess)
|
authCtx, err := accessController.Authorized(ctx, testAccess)
|
||||||
challenge, ok := err.(auth.Challenge)
|
challenge, ok := err.(auth.Challenge)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|
|
@ -461,6 +461,8 @@ func (app *App) configureEvents(configuration *configuration.Configuration) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type redisStartAtKey struct{}
|
||||||
|
|
||||||
func (app *App) configureRedis(configuration *configuration.Configuration) {
|
func (app *App) configureRedis(configuration *configuration.Configuration) {
|
||||||
if configuration.Redis.Addr == "" {
|
if configuration.Redis.Addr == "" {
|
||||||
ctxu.GetLogger(app).Infof("redis not configured")
|
ctxu.GetLogger(app).Infof("redis not configured")
|
||||||
|
@ -470,11 +472,11 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
|
||||||
pool := &redis.Pool{
|
pool := &redis.Pool{
|
||||||
Dial: func() (redis.Conn, error) {
|
Dial: func() (redis.Conn, error) {
|
||||||
// TODO(stevvooe): Yet another use case for contextual timing.
|
// TODO(stevvooe): Yet another use case for contextual timing.
|
||||||
ctx := context.WithValue(app, "redis.connect.startedat", time.Now())
|
ctx := context.WithValue(app, redisStartAtKey{}, time.Now())
|
||||||
|
|
||||||
done := func(err error) {
|
done := func(err error) {
|
||||||
logger := ctxu.GetLoggerWithField(ctx, "redis.connect.duration",
|
logger := ctxu.GetLoggerWithField(ctx, "redis.connect.duration",
|
||||||
ctxu.Since(ctx, "redis.connect.startedat"))
|
ctxu.Since(ctx, redisStartAtKey{}))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Errorf("redis: error connecting: %v", err)
|
logger.Errorf("redis: error connecting: %v", err)
|
||||||
} else {
|
} else {
|
||||||
|
@ -707,6 +709,18 @@ func (app *App) dispatcher(dispatch dispatchFunc) http.Handler {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type errCodeKey struct{}
|
||||||
|
|
||||||
|
func (errCodeKey) String() string { return "err.code" }
|
||||||
|
|
||||||
|
type errMessageKey struct{}
|
||||||
|
|
||||||
|
func (errMessageKey) String() string { return "err.message" }
|
||||||
|
|
||||||
|
type errDetailKey struct{}
|
||||||
|
|
||||||
|
func (errDetailKey) String() string { return "err.detail" }
|
||||||
|
|
||||||
func (app *App) logError(context context.Context, errors errcode.Errors) {
|
func (app *App) logError(context context.Context, errors errcode.Errors) {
|
||||||
for _, e1 := range errors {
|
for _, e1 := range errors {
|
||||||
var c ctxu.Context
|
var c ctxu.Context
|
||||||
|
@ -714,23 +728,23 @@ func (app *App) logError(context context.Context, errors errcode.Errors) {
|
||||||
switch e1.(type) {
|
switch e1.(type) {
|
||||||
case errcode.Error:
|
case errcode.Error:
|
||||||
e, _ := e1.(errcode.Error)
|
e, _ := e1.(errcode.Error)
|
||||||
c = ctxu.WithValue(context, "err.code", e.Code)
|
c = ctxu.WithValue(context, errCodeKey{}, e.Code)
|
||||||
c = ctxu.WithValue(c, "err.message", e.Code.Message())
|
c = ctxu.WithValue(c, errMessageKey{}, e.Code.Message())
|
||||||
c = ctxu.WithValue(c, "err.detail", e.Detail)
|
c = ctxu.WithValue(c, errDetailKey{}, e.Detail)
|
||||||
case errcode.ErrorCode:
|
case errcode.ErrorCode:
|
||||||
e, _ := e1.(errcode.ErrorCode)
|
e, _ := e1.(errcode.ErrorCode)
|
||||||
c = ctxu.WithValue(context, "err.code", e)
|
c = ctxu.WithValue(context, errCodeKey{}, e)
|
||||||
c = ctxu.WithValue(c, "err.message", e.Message())
|
c = ctxu.WithValue(c, errMessageKey{}, e.Message())
|
||||||
default:
|
default:
|
||||||
// just normal go 'error'
|
// just normal go 'error'
|
||||||
c = ctxu.WithValue(context, "err.code", errcode.ErrorCodeUnknown)
|
c = ctxu.WithValue(context, errCodeKey{}, errcode.ErrorCodeUnknown)
|
||||||
c = ctxu.WithValue(c, "err.message", e1.Error())
|
c = ctxu.WithValue(c, errMessageKey{}, e1.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
c = ctxu.WithLogger(c, ctxu.GetLogger(c,
|
c = ctxu.WithLogger(c, ctxu.GetLogger(c,
|
||||||
"err.code",
|
errCodeKey{},
|
||||||
"err.message",
|
errMessageKey{},
|
||||||
"err.detail"))
|
errDetailKey{}))
|
||||||
ctxu.GetResponseLogger(c).Errorf("response completed with error")
|
ctxu.GetResponseLogger(c).Errorf("response completed with error")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,8 +76,8 @@ const noStorageClass = "NONE"
|
||||||
// validRegions maps known s3 region identifiers to region descriptors
|
// validRegions maps known s3 region identifiers to region descriptors
|
||||||
var validRegions = map[string]struct{}{}
|
var validRegions = map[string]struct{}{}
|
||||||
|
|
||||||
// validObjectAcls contains known s3 object Acls
|
// validObjectACLs contains known s3 object Acls
|
||||||
var validObjectAcls = map[string]struct{}{}
|
var validObjectACLs = map[string]struct{}{}
|
||||||
|
|
||||||
//DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
|
//DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
|
||||||
type DriverParameters struct {
|
type DriverParameters struct {
|
||||||
|
@ -97,7 +97,7 @@ type DriverParameters struct {
|
||||||
RootDirectory string
|
RootDirectory string
|
||||||
StorageClass string
|
StorageClass string
|
||||||
UserAgent string
|
UserAgent string
|
||||||
ObjectAcl string
|
ObjectACL string
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -118,7 +118,7 @@ func init() {
|
||||||
validRegions[region] = struct{}{}
|
validRegions[region] = struct{}{}
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, objectAcl := range []string{
|
for _, objectACL := range []string{
|
||||||
s3.ObjectCannedACLPrivate,
|
s3.ObjectCannedACLPrivate,
|
||||||
s3.ObjectCannedACLPublicRead,
|
s3.ObjectCannedACLPublicRead,
|
||||||
s3.ObjectCannedACLPublicReadWrite,
|
s3.ObjectCannedACLPublicReadWrite,
|
||||||
|
@ -127,7 +127,7 @@ func init() {
|
||||||
s3.ObjectCannedACLBucketOwnerRead,
|
s3.ObjectCannedACLBucketOwnerRead,
|
||||||
s3.ObjectCannedACLBucketOwnerFullControl,
|
s3.ObjectCannedACLBucketOwnerFullControl,
|
||||||
} {
|
} {
|
||||||
validObjectAcls[objectAcl] = struct{}{}
|
validObjectACLs[objectACL] = struct{}{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Register this as the default s3 driver in addition to s3aws
|
// Register this as the default s3 driver in addition to s3aws
|
||||||
|
@ -153,7 +153,7 @@ type driver struct {
|
||||||
MultipartCopyThresholdSize int64
|
MultipartCopyThresholdSize int64
|
||||||
RootDirectory string
|
RootDirectory string
|
||||||
StorageClass string
|
StorageClass string
|
||||||
ObjectAcl string
|
ObjectACL string
|
||||||
}
|
}
|
||||||
|
|
||||||
type baseEmbed struct {
|
type baseEmbed struct {
|
||||||
|
@ -313,18 +313,18 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
||||||
userAgent = ""
|
userAgent = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
objectAcl := s3.ObjectCannedACLPrivate
|
objectACL := s3.ObjectCannedACLPrivate
|
||||||
objectAclParam := parameters["objectacl"]
|
objectACLParam := parameters["objectacl"]
|
||||||
if objectAclParam != nil {
|
if objectACLParam != nil {
|
||||||
objectAclString, ok := objectAclParam.(string)
|
objectACLString, ok := objectACLParam.(string)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("Invalid value for objectacl parameter: %v", objectAclParam)
|
return nil, fmt.Errorf("Invalid value for objectacl parameter: %v", objectACLParam)
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, ok = validObjectAcls[objectAclString]; !ok {
|
if _, ok = validObjectACLs[objectACLString]; !ok {
|
||||||
return nil, fmt.Errorf("Invalid value for objectacl parameter: %v", objectAclParam)
|
return nil, fmt.Errorf("Invalid value for objectacl parameter: %v", objectACLParam)
|
||||||
}
|
}
|
||||||
objectAcl = objectAclString
|
objectACL = objectACLString
|
||||||
}
|
}
|
||||||
|
|
||||||
params := DriverParameters{
|
params := DriverParameters{
|
||||||
|
@ -344,7 +344,7 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
||||||
fmt.Sprint(rootDirectory),
|
fmt.Sprint(rootDirectory),
|
||||||
storageClass,
|
storageClass,
|
||||||
fmt.Sprint(userAgent),
|
fmt.Sprint(userAgent),
|
||||||
objectAcl,
|
objectACL,
|
||||||
}
|
}
|
||||||
|
|
||||||
return New(params)
|
return New(params)
|
||||||
|
@ -459,7 +459,7 @@ func New(params DriverParameters) (*Driver, error) {
|
||||||
MultipartCopyThresholdSize: params.MultipartCopyThresholdSize,
|
MultipartCopyThresholdSize: params.MultipartCopyThresholdSize,
|
||||||
RootDirectory: params.RootDirectory,
|
RootDirectory: params.RootDirectory,
|
||||||
StorageClass: params.StorageClass,
|
StorageClass: params.StorageClass,
|
||||||
ObjectAcl: params.ObjectAcl,
|
ObjectACL: params.ObjectACL,
|
||||||
}
|
}
|
||||||
|
|
||||||
return &Driver{
|
return &Driver{
|
||||||
|
@ -912,7 +912,7 @@ func (d *driver) getContentType() *string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *driver) getACL() *string {
|
func (d *driver) getACL() *string {
|
||||||
return aws.String(d.ObjectAcl)
|
return aws.String(d.ObjectACL)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *driver) getStorageClass() *string {
|
func (d *driver) getStorageClass() *string {
|
||||||
|
|
|
@ -33,7 +33,7 @@ func init() {
|
||||||
secure := os.Getenv("S3_SECURE")
|
secure := os.Getenv("S3_SECURE")
|
||||||
v4Auth := os.Getenv("S3_V4_AUTH")
|
v4Auth := os.Getenv("S3_V4_AUTH")
|
||||||
region := os.Getenv("AWS_REGION")
|
region := os.Getenv("AWS_REGION")
|
||||||
objectAcl := os.Getenv("S3_OBJECT_ACL")
|
objectACL := os.Getenv("S3_OBJECT_ACL")
|
||||||
root, err := ioutil.TempDir("", "driver-")
|
root, err := ioutil.TempDir("", "driver-")
|
||||||
regionEndpoint := os.Getenv("REGION_ENDPOINT")
|
regionEndpoint := os.Getenv("REGION_ENDPOINT")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -83,7 +83,7 @@ func init() {
|
||||||
rootDirectory,
|
rootDirectory,
|
||||||
storageClass,
|
storageClass,
|
||||||
driverName + "-test",
|
driverName + "-test",
|
||||||
objectAcl,
|
objectACL,
|
||||||
}
|
}
|
||||||
|
|
||||||
return New(parameters)
|
return New(parameters)
|
||||||
|
|
Loading…
Reference in a new issue