github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Export repository scope helper functions

Browse Source 
`docker.Authorizer` requires library clients to configure scope via context.
It is helpful for the clients to use the helper (currently private) functions
for generating scope string and to use that function with the combination of
other scope-related ones (e.g. `docker.WithScope`).

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
This commit is contained in:
ktock 2020-10-05 21:06:54 +09:00
parent d852786705
commit 4b882eb93a
5 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
remotes/docker/fetcher.go
View File

@ -45,7 +45,7 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R
return nil, errors.Wrap(errdefs.ErrNotFound, "no pull hosts") return nil, errors.Wrap(errdefs.ErrNotFound, "no pull hosts")
} }
ctx, err := contextWithRepositoryScope(ctx, r.refspec, false) ctx, err := ContextWithRepositoryScope(ctx, r.refspec, false)
if err != nil { if err != nil {
return nil, err return nil, err
} }

4
remotes/docker/pusher.go
View File

@ -45,7 +45,7 @@ type dockerPusher struct {
} }
func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (content.Writer, error) { func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (content.Writer, error) {
ctx, err := contextWithRepositoryScope(ctx, p.refspec, true) ctx, err := ContextWithRepositoryScope(ctx, p.refspec, true)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -130,7 +130,7 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
var resp *http.Response var resp *http.Response
if fromRepo := selectRepositoryMountCandidate(p.refspec, desc.Annotations); fromRepo != "" { if fromRepo := selectRepositoryMountCandidate(p.refspec, desc.Annotations); fromRepo != "" {
preq := requestWithMountFrom(req, desc.Digest.String(), fromRepo) preq := requestWithMountFrom(req, desc.Digest.String(), fromRepo)
pctx := contextWithAppendPullRepositoryScope(ctx, fromRepo) pctx := ContextWithAppendPullRepositoryScope(ctx, fromRepo)
// NOTE: the fromRepo might be private repo and // NOTE: the fromRepo might be private repo and
// auth service still can grant token without error. // auth service still can grant token without error.

2
remotes/docker/resolver.go
View File

@ -263,7 +263,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
return "", ocispec.Descriptor{}, errors.Wrap(errdefs.ErrNotFound, "no resolve hosts") return "", ocispec.Descriptor{}, errors.Wrap(errdefs.ErrNotFound, "no resolve hosts")
} }
ctx, err = contextWithRepositoryScope(ctx, refspec, false) ctx, err = ContextWithRepositoryScope(ctx, refspec, false)
if err != nil { if err != nil {
return "", ocispec.Descriptor{}, err return "", ocispec.Descriptor{}, err
} }

14
remotes/docker/scope.go
View File

@ -26,10 +26,10 @@ import (
"github.com/containerd/containerd/reference" "github.com/containerd/containerd/reference"
) )
// repositoryScope returns a repository scope string such as "repository:foo/bar:pull" // RepositoryScope returns a repository scope string such as "repository:foo/bar:pull"
// for "host/foo/bar:baz". // for "host/foo/bar:baz".
// When push is true, both pull and push are added to the scope. // When push is true, both pull and push are added to the scope.
func repositoryScope(refspec reference.Spec, push bool) (string, error) { func RepositoryScope(refspec reference.Spec, push bool) (string, error) {
u, err := url.Parse("dummy://" + refspec.Locator) u, err := url.Parse("dummy://" + refspec.Locator)
if err != nil { if err != nil {
return "", err return "", err
@ -45,9 +45,9 @@ func repositoryScope(refspec reference.Spec, push bool) (string, error) {
// value: []string (e.g. {"registry:foo/bar:pull"}) // value: []string (e.g. {"registry:foo/bar:pull"})
type tokenScopesKey struct{} type tokenScopesKey struct{}
// contextWithRepositoryScope returns a context with tokenScopesKey{} and the repository scope value. // ContextWithRepositoryScope returns a context with tokenScopesKey{} and the repository scope value.
func contextWithRepositoryScope(ctx context.Context, refspec reference.Spec, push bool) (context.Context, error) { func ContextWithRepositoryScope(ctx context.Context, refspec reference.Spec, push bool) (context.Context, error) {
s, err := repositoryScope(refspec, push) s, err := RepositoryScope(refspec, push)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -66,9 +66,9 @@ func WithScope(ctx context.Context, scope string) context.Context {
return context.WithValue(ctx, tokenScopesKey{}, scopes) return context.WithValue(ctx, tokenScopesKey{}, scopes)
} }
// contextWithAppendPullRepositoryScope is used to append repository pull // ContextWithAppendPullRepositoryScope is used to append repository pull
// scope into existing scopes indexed by the tokenScopesKey{}. // scope into existing scopes indexed by the tokenScopesKey{}.
func contextWithAppendPullRepositoryScope(ctx context.Context, repo string) context.Context { func ContextWithAppendPullRepositoryScope(ctx context.Context, repo string) context.Context {
return WithScope(ctx, fmt.Sprintf("repository:%s:pull", repo)) return WithScope(ctx, fmt.Sprintf("repository:%s:pull", repo))
} }

4
remotes/docker/scope_test.go
View File

@ -50,7 +50,7 @@ func TestRepositoryScope(t *testing.T) {
} }
for _, x := range testCases { for _, x := range testCases {
t.Run(x.refspec.String(), func(t *testing.T) { t.Run(x.refspec.String(), func(t *testing.T) {
actual, err := repositoryScope(x.refspec, x.push) actual, err := RepositoryScope(x.refspec, x.push)
assert.NilError(t, err) assert.NilError(t, err)
assert.Equal(t, x.expected, actual) assert.Equal(t, x.expected, actual)
}) })
@ -99,7 +99,7 @@ func TestGetTokenScopes(t *testing.T) {
func TestCustomScope(t *testing.T) { func TestCustomScope(t *testing.T) {
scope := "whatever:foo/bar:pull" scope := "whatever:foo/bar:pull"
ctx := WithScope(context.Background(), scope) ctx := WithScope(context.Background(), scope)
ctx = contextWithAppendPullRepositoryScope(ctx, "foo/bar") ctx = ContextWithAppendPullRepositoryScope(ctx, "foo/bar")
scopes := GetTokenScopes(ctx, []string{}) scopes := GetTokenScopes(ctx, []string{})
assert.Assert(t, cmp.Len(scopes, 2)) assert.Assert(t, cmp.Len(scopes, 2))