Add function to set custom auth scope in context by cpuguy83 · Pull Request #3662 · containerd/containerd

cpuguy83 · 2019-09-18T17:48:23Z

Currently auth.docker.io uses a custom auth scope for (docker) plugins
repository(plugin):<repo>:<perms>.
This makes it impossible to use containerd distribution tooling to fetch
plugins without also supplying a totally custom authorizer.

This changes allows clients to set the correct scope on the context.
It's a little bit nasty but "works".

I'm also a bit suspect of some a couple of these unexported context
functrions. Before the primary one used contextWithRepositoryScope
overwrites any scope value and there is nother one that appends the
scope value.
With this change they both append...

theopenlab-ci · 2019-09-18T18:08:13Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 6m 48s (non-voting)

codecov-io · 2019-09-18T18:12:12Z

Codecov Report

Merging #3662 into master will increase coverage by 0.06%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #3662      +/-   ##
==========================================
+ Coverage   42.37%   42.44%   +0.06%     
==========================================
  Files         127      127              
  Lines       14075    14078       +3     
==========================================
+ Hits         5964     5975      +11     
+ Misses       7211     7203       -8     
  Partials      900      900

Flag	Coverage Δ
#linux	`45.99% <100%> (+0.07%)`	⬆️
#windows	`37.35% <100%> (+0.08%)`	⬆️

Impacted Files	Coverage Δ
remotes/docker/scope.go	`86.36% <100%> (+20.5%)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 324a947...e84a84a. Read the comment docs.

dmcgowan · 2019-09-18T18:28:22Z

Overall looks good, just a few naming nits. As for the repository(plugin) plugin stuff on the hub, I submitted a change for that, so it should be a non-issue in the near future. Either way this is a good change though since it gives the caller more flexibility in the auth requests.

For a little bit of background on why that weird type was added in the first place. The original intent was to prevent older version of Docker which did not check media types from accidentally pulling plugins and attempting to run them. The runtime errors when doing that were non-obvious. Those older versions are mostly out of use and combined with the small number of plugins, the (teeny-)tiny likelihood of it being an issue makes continuing that non-standard approach unnecessary.

Currently auth.docker.io uses a custom auth scope for (docker) plugins `repository(plugin):<repo>:<perms>`. This makes it impossible to use containerd distribution tooling to fetch plugins without also supplying a totally custom authorizer. This changes allows clients to set the correct scope on the context. It's a little bit nasty but "works". I'm also a bit suspect of some a couple of these unexported context functrions. Before the primary one used `contextWithRepositoryScope` overwrites any scope value and there is another one that appends the scope value. With this change they both append... Signed-off-by: Brian Goff <[email protected]>

dmcgowan

LGTM

theopenlab-ci · 2019-09-18T18:49:43Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 7m 55s (non-voting)

crosbymichael · 2019-09-18T19:10:44Z

LGTM

cpuguy83 force-pushed the set_custom_scopes_for_authorizer branch from 6c355f3 to bebf8de Compare September 18, 2019 17:48

dmcgowan reviewed Sep 18, 2019

View reviewed changes

Comment thread remotes/docker/scope.go Outdated

dmcgowan reviewed Sep 18, 2019

View reviewed changes

Comment thread remotes/docker/scope.go Outdated

cpuguy83 force-pushed the set_custom_scopes_for_authorizer branch from bebf8de to e84a84a Compare September 18, 2019 18:29

dmcgowan approved these changes Sep 18, 2019

View reviewed changes

dmcgowan added this to the 1.3 milestone Sep 18, 2019

crosbymichael merged commit 6fafc8a into containerd:master Sep 18, 2019

cpuguy83 deleted the set_custom_scopes_for_authorizer branch September 25, 2019 21:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add function to set custom auth scope in context#3662

Add function to set custom auth scope in context#3662
crosbymichael merged 1 commit intocontainerd:masterfrom
cpuguy83:set_custom_scopes_for_authorizer

cpuguy83 commented Sep 18, 2019

Uh oh!

theopenlab-ci Bot commented Sep 18, 2019

Uh oh!

codecov-io commented Sep 18, 2019 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

dmcgowan commented Sep 18, 2019 •

edited

Loading

Uh oh!

dmcgowan left a comment

Uh oh!

theopenlab-ci Bot commented Sep 18, 2019

Uh oh!

crosbymichael commented Sep 18, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

cpuguy83 commented Sep 18, 2019

Uh oh!

theopenlab-ci Bot commented Sep 18, 2019

Uh oh!

codecov-io commented Sep 18, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

dmcgowan commented Sep 18, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dmcgowan left a comment

Choose a reason for hiding this comment

Uh oh!

theopenlab-ci Bot commented Sep 18, 2019

Uh oh!

crosbymichael commented Sep 18, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

codecov-io commented Sep 18, 2019 •

edited

Loading

dmcgowan commented Sep 18, 2019 •

edited

Loading