Browse code
Fix: Docker Daemon didn't send actual actions client ask for to Token Server
The Docker Daemon should send actual actions client ask for to issue tokens,
not all the permissions that client is guaranteed.
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
xiekeyang authored on 2015/08/27 20:03:00Showing 3 changed files
| ... | ... |
@@ -34,7 +34,7 @@ type v2Puller struct {
|
| 34 | 34 |
|
| 35 | 35 |
func (p *v2Puller) Pull(tag string) (fallback bool, err error) {
|
| 36 | 36 |
// TODO(tiborvass): was ReceiveTimeout |
| 37 |
- p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig) |
|
| 37 |
+ p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull") |
|
| 38 | 38 |
if err != nil {
|
| 39 | 39 |
logrus.Debugf("Error getting v2 registry: %v", err)
|
| 40 | 40 |
return true, err |
| ... | ... |
@@ -30,7 +30,7 @@ type v2Pusher struct {
|
| 30 | 30 |
} |
| 31 | 31 |
|
| 32 | 32 |
func (p *v2Pusher) Push() (fallback bool, err error) {
|
| 33 |
- p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig) |
|
| 33 |
+ p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "push", "pull") |
|
| 34 | 34 |
if err != nil {
|
| 35 | 35 |
logrus.Debugf("Error getting v2 registry: %v", err)
|
| 36 | 36 |
return true, err |
| ... | ... |
@@ -30,7 +30,7 @@ func (dcs dumbCredentialStore) Basic(*url.URL) (string, string) {
|
| 30 | 30 |
// NewV2Repository returns a repository (v2 only). It creates a HTTP transport |
| 31 | 31 |
// providing timeout settings and authentication support, and also verifies the |
| 32 | 32 |
// remote API version. |
| 33 |
-func NewV2Repository(repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *cliconfig.AuthConfig) (distribution.Repository, error) {
|
|
| 33 |
+func NewV2Repository(repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *cliconfig.AuthConfig, actions ...string) (distribution.Repository, error) {
|
|
| 34 | 34 |
ctx := context.Background() |
| 35 | 35 |
|
| 36 | 36 |
repoName := repoInfo.CanonicalName |
| ... | ... |
@@ -91,7 +91,7 @@ func NewV2Repository(repoInfo *registry.RepositoryInfo, endpoint registry.APIEnd |
| 91 | 91 |
} |
| 92 | 92 |
|
| 93 | 93 |
creds := dumbCredentialStore{auth: authConfig}
|
| 94 |
- tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, "push", "pull") |
|
| 94 |
+ tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...) |
|
| 95 | 95 |
basicHandler := auth.NewBasicHandler(creds) |
| 96 | 96 |
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)) |
| 97 | 97 |
tr := transport.NewTransport(base, modifiers...) |