Skip to content

Commit

Permalink
Allow for override of authorization scope
Browse files Browse the repository at this point in the history
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
  • Loading branch information
pmengelbert committed Apr 10, 2020
1 parent 87668d9 commit fdc3e0d
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 3 deletions.
9 changes: 9 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,15 @@ Here is a visual of this auth flow copied from the [Docker docs](https://docs.do

![](./v2-registry-auth.png)

#### Custom Auth Scope

It may be necessary to override the `scope` obtained from the `Www-Authenticate` header in the registry's response. This can be done on the client level:

```
client, err := reggie.NewClient("http://localhost:5000",
reggie.WithAuthScope("repository:mystuff/myrepo:pull,push"))
```

## Other Features

### Method Chaining
Expand Down
5 changes: 4 additions & 1 deletion auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,12 @@ func (client *Client) retryRequestWithAuth(originalRequest *Request, originalRes
SetHeader("Accept", "application/json").
SetHeader("User-Agent", client.Config.UserAgent).
SetBasicAuth(client.Config.Username, client.Config.Password)
if h.Scope != "" {
if s := client.Config.AuthScope; s != "" {
req.SetQueryParam("scope", s)
} else if h.Scope != "" {
req.SetQueryParam("scope", h.Scope)
}

authResp, err := req.Execute(GET, h.Realm)
if err != nil {
return nil, err
Expand Down
8 changes: 8 additions & 0 deletions client.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ type (

clientConfig struct {
Address string
AuthScope string
Username string
Password string
Debug bool
Expand Down Expand Up @@ -65,6 +66,13 @@ func WithUsernamePassword(username string, password string) clientOption {
}
}

// WithAuthScope overrides the scope provided by the authorization server.
func WithAuthScope(authScope string) clientOption {
return func(c *clientConfig) {
c.AuthScope = authScope
}
}

// WithDefaultName sets the default registry namespace configuration setting.
func WithDefaultName(namespace string) clientOption {
return func(c *clientConfig) {
Expand Down
13 changes: 11 additions & 2 deletions client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,17 @@ func TestClient(t *testing.T) {
t.Errorf("Setting the debug flag didn't work")
}

// test setting auth scope
testScope := `realm="https://silly.com/v2/auth",service="testservice",scope="pull,push"`
client3, err := NewClient(registryTestServer.URL, WithAuthScope(testScope))
if err != nil {
t.Fatalf("Errors creating client: %s", err)
}

if s := client3.Config.AuthScope; s != testScope {
t.Errorf("Setting the auth scope didn't work: %s", s)
}

// test default name
req := client.NewRequest(GET, "/v2/<name>/tags/list")
if !strings.HasSuffix(req.URL, "/v2/testname/tags/list") {
Expand All @@ -99,8 +110,6 @@ func TestClient(t *testing.T) {
t.Fatalf("Expected response code 200 but was %d", status)
}



// test default name reset
client.SetDefaultName("othername")
req = client.NewRequest(GET, "/v2/<name>/tags/list")
Expand Down

0 comments on commit fdc3e0d

Please sign in to comment.