JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2161 from tonistiigi/auth-context 

session: make sure all token request keep correct context
v0.9
Akihiro Suda 2021-06-11 14:38:40 +09:00 committed by GitHub
parent 5648df8bcc 53e7116197
commit 59d2f76e5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
session/auth/auth.go
View File

@ -52,8 +52,8 @@ func CredentialsFunc(sm *session.Manager, g session.Group) func(string) (session
}
}
func FetchToken(req *FetchTokenRequest, sm *session.Manager, g session.Group) (resp *FetchTokenResponse, err error) {
err = sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
func FetchToken(ctx context.Context, req *FetchTokenRequest, sm *session.Manager, g session.Group) (resp *FetchTokenResponse, err error) {
err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
client := NewAuthClient(c.Conn())
resp, err = client.FetchToken(ctx, req)
@ -68,9 +68,9 @@ func FetchToken(req *FetchTokenRequest, sm *session.Manager, g session.Group) (r
return resp, nil
}
func VerifyTokenAuthority(host string, pubKey *[32]byte, sm *session.Manager, g session.Group) (sessionID string, ok bool, err error) {
func VerifyTokenAuthority(ctx context.Context, host string, pubKey *[32]byte, sm *session.Manager, g session.Group) (sessionID string, ok bool, err error) {
var verified bool
err = sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
client := NewAuthClient(c.Conn())
payload := make([]byte, 32)
@ -100,8 +100,8 @@ func VerifyTokenAuthority(host string, pubKey *[32]byte, sm *session.Manager, g
return sessionID, verified, nil
}
func GetTokenAuthority(host string, sm *session.Manager, g session.Group) (sessionID string, pubKey *[32]byte, err error) {
err = sm.Any(context.TODO(), g, func(ctx context.Context, id string, c session.Caller) error {
func GetTokenAuthority(ctx context.Context, host string, sm *session.Manager, g session.Group) (sessionID string, pubKey *[32]byte, err error) {
err = sm.Any(ctx, g, func(ctx context.Context, id string, c session.Caller) error {
client := NewAuthClient(c.Conn())
resp, err := client.GetTokenAuthority(ctx, &GetTokenAuthorityRequest{

12
util/resolver/authorizer.go
View File

@ -40,7 +40,7 @@ func newAuthHandlerNS(sm *session.Manager) *authHandlerNS {
}
}
func (a *authHandlerNS) get(host string, sm *session.Manager, g session.Group) *authHandler {
func (a *authHandlerNS) get(ctx context.Context, host string, sm *session.Manager, g session.Group) *authHandler {
if g != nil {
if iter := g.SessionIterator(); iter != nil {
for {
@ -65,7 +65,7 @@ func (a *authHandlerNS) get(host string, sm *session.Manager, g session.Group) *
}
if parts[0] == host {
if h.authority != nil {
session, ok, err := sessionauth.VerifyTokenAuthority(host, h.authority, sm, g)
session, ok, err := sessionauth.VerifyTokenAuthority(ctx, host, h.authority, sm, g)
if err == nil && ok {
a.handlers[host+"/"+session] = h
h.lastUsed = time.Now()
@ -122,7 +122,7 @@ func (a *dockerAuthorizer) Authorize(ctx context.Context, req *http.Request) err
defer a.handlers.mu.Unlock()
// skip if there is no auth handler
ah := a.handlers.get(req.URL.Host, a.sm, a.session)
ah := a.handlers.get(ctx, req.URL.Host, a.sm, a.session)
if ah == nil {
return nil
}
@ -147,7 +147,7 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R
last := responses[len(responses)-1]
host := last.Request.URL.Host
handler := a.handlers.get(host, a.sm, a.session)
handler := a.handlers.get(ctx, host, a.sm, a.session)
for _, c := range auth.ParseAuthHeader(last.Header) {
if c.Scheme == auth.BearerAuth {
@ -177,7 +177,7 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R
}
var username, secret string
session, pubKey, err := sessionauth.GetTokenAuthority(host, a.sm, a.session)
session, pubKey, err := sessionauth.GetTokenAuthority(ctx, host, a.sm, a.session)
if err != nil {
return err
}
@ -339,7 +339,7 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
}()
if ah.authority != nil {
resp, err := sessionauth.FetchToken(&sessionauth.FetchTokenRequest{
resp, err := sessionauth.FetchToken(ctx, &sessionauth.FetchTokenRequest{
ClientID: "buildkit-client",
Host: ah.host,
Realm: to.Realm,