session: make sure all token request keep correct context
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>v0.9
parent
7e4e6768f3
commit
53e7116197
|
@ -52,8 +52,8 @@ func CredentialsFunc(sm *session.Manager, g session.Group) func(string) (session
|
|||
}
|
||||
}
|
||||
|
||||
func FetchToken(req *FetchTokenRequest, sm *session.Manager, g session.Group) (resp *FetchTokenResponse, err error) {
|
||||
err = sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
|
||||
func FetchToken(ctx context.Context, req *FetchTokenRequest, sm *session.Manager, g session.Group) (resp *FetchTokenResponse, err error) {
|
||||
err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
|
||||
client := NewAuthClient(c.Conn())
|
||||
|
||||
resp, err = client.FetchToken(ctx, req)
|
||||
|
@ -68,9 +68,9 @@ func FetchToken(req *FetchTokenRequest, sm *session.Manager, g session.Group) (r
|
|||
return resp, nil
|
||||
}
|
||||
|
||||
func VerifyTokenAuthority(host string, pubKey *[32]byte, sm *session.Manager, g session.Group) (sessionID string, ok bool, err error) {
|
||||
func VerifyTokenAuthority(ctx context.Context, host string, pubKey *[32]byte, sm *session.Manager, g session.Group) (sessionID string, ok bool, err error) {
|
||||
var verified bool
|
||||
err = sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
|
||||
err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
|
||||
client := NewAuthClient(c.Conn())
|
||||
|
||||
payload := make([]byte, 32)
|
||||
|
@ -100,8 +100,8 @@ func VerifyTokenAuthority(host string, pubKey *[32]byte, sm *session.Manager, g
|
|||
return sessionID, verified, nil
|
||||
}
|
||||
|
||||
func GetTokenAuthority(host string, sm *session.Manager, g session.Group) (sessionID string, pubKey *[32]byte, err error) {
|
||||
err = sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
|
||||
func GetTokenAuthority(ctx context.Context, host string, sm *session.Manager, g session.Group) (sessionID string, pubKey *[32]byte, err error) {
|
||||
err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
|
||||
client := NewAuthClient(c.Conn())
|
||||
|
||||
resp, err := client.GetTokenAuthority(ctx, &GetTokenAuthorityRequest{
|
||||
|
|
|
@ -40,7 +40,7 @@ func newAuthHandlerNS(sm *session.Manager) *authHandlerNS {
|
|||
}
|
||||
}
|
||||
|
||||
func (a *authHandlerNS) get(host string, sm *session.Manager, g session.Group) *authHandler {
|
||||
func (a *authHandlerNS) get(ctx context.Context, host string, sm *session.Manager, g session.Group) *authHandler {
|
||||
if g != nil {
|
||||
if iter := g.SessionIterator(); iter != nil {
|
||||
for {
|
||||
|
@ -65,7 +65,7 @@ func (a *authHandlerNS) get(host string, sm *session.Manager, g session.Group) *
|
|||
}
|
||||
if parts[0] == host {
|
||||
if h.authority != nil {
|
||||
session, ok, err := sessionauth.VerifyTokenAuthority(host, h.authority, sm, g)
|
||||
session, ok, err := sessionauth.VerifyTokenAuthority(ctx, host, h.authority, sm, g)
|
||||
if err == nil && ok {
|
||||
a.handlers[host+"/"+session] = h
|
||||
h.lastUsed = time.Now()
|
||||
|
@ -122,7 +122,7 @@ func (a *dockerAuthorizer) Authorize(ctx context.Context, req *http.Request) err
|
|||
defer a.handlers.mu.Unlock()
|
||||
|
||||
// skip if there is no auth handler
|
||||
ah := a.handlers.get(req.URL.Host, a.sm, a.session)
|
||||
ah := a.handlers.get(ctx, req.URL.Host, a.sm, a.session)
|
||||
if ah == nil {
|
||||
return nil
|
||||
}
|
||||
|
@ -147,7 +147,7 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R
|
|||
last := responses[len(responses)-1]
|
||||
host := last.Request.URL.Host
|
||||
|
||||
handler := a.handlers.get(host, a.sm, a.session)
|
||||
handler := a.handlers.get(ctx, host, a.sm, a.session)
|
||||
|
||||
for _, c := range auth.ParseAuthHeader(last.Header) {
|
||||
if c.Scheme == auth.BearerAuth {
|
||||
|
@ -177,7 +177,7 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R
|
|||
}
|
||||
|
||||
var username, secret string
|
||||
session, pubKey, err := sessionauth.GetTokenAuthority(host, a.sm, a.session)
|
||||
session, pubKey, err := sessionauth.GetTokenAuthority(ctx, host, a.sm, a.session)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -339,7 +339,7 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
|
|||
}()
|
||||
|
||||
if ah.authority != nil {
|
||||
resp, err := sessionauth.FetchToken(&sessionauth.FetchTokenRequest{
|
||||
resp, err := sessionauth.FetchToken(ctx, &sessionauth.FetchTokenRequest{
|
||||
ClientID: "buildkit-client",
|
||||
Host: ah.host,
|
||||
Realm: to.Realm,
|
||||
|
|
Loading…
Reference in New Issue