Integrate auth.AccessController into registry app

This changeset integrates the AccessController into the main registry app. This includes support for configuration and a test implementation, called "silly" auth. Auth is only enabled if the configuration is present but takes measure to ensure that configuration errors don't allow the appserver to start with open access.
2014-12-18 12:30:19 -08:00
parent 3b8847f489
commit d0a9e9b475
9 changed files with 413 additions and 17 deletions
--- a/configuration/configuration_test.go
+++ b/configuration/configuration_test.go
@@ -29,6 +29,12 @@ var configStruct = Configuration{
 			"port":      42,
 		},
 	},
+	Auth: Auth{
+		"silly": Parameters{
+			"realm":   "silly",
+			"service": "silly",
+		},
+	},
 	Reporting: Reporting{
 		Bugsnag: BugsnagReporting{
 			APIKey: "BugsnagApiKey",
@@ -51,6 +57,10 @@ storage:
    secretkey: SUPERSECRET
    host: ~
    port: 42
+auth:
+  silly:
+    realm: silly
+    service: silly
 reporting:
  bugsnag:
    apikey: BugsnagApiKey
@@ -62,6 +72,10 @@ var inmemoryConfigYamlV0_1 = `
 version: 0.1
 loglevel: info
 storage: inmemory
+auth:
+  silly:
+    realm: silly
+    service: silly
 `

 type ConfigSuite struct {
@@ -113,10 +127,13 @@ func (suite *ConfigSuite) TestParseIncomplete(c *C) {
 	c.Assert(err, NotNil)

 	suite.expectedConfig.Storage = Storage{"filesystem": Parameters{"rootdirectory": "/tmp/testroot"}}
+	suite.expectedConfig.Auth = Auth{"silly": Parameters{"realm": "silly"}}
 	suite.expectedConfig.Reporting = Reporting{}

 	os.Setenv("REGISTRY_STORAGE", "filesystem")
 	os.Setenv("REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY", "/tmp/testroot")
+	os.Setenv("REGISTRY_AUTH", "silly")
+	os.Setenv("REGISTRY_AUTH_SILLY_REALM", "silly")

 	config, err := Parse(bytes.NewReader([]byte(incompleteConfigYaml)))
 	c.Assert(err, IsNil)
@@ -259,5 +276,10 @@ func copyConfig(config Configuration) *Configuration {
 		NewRelic: NewRelicReporting{config.Reporting.NewRelic.LicenseKey, config.Reporting.NewRelic.Name},
 	}

+	configCopy.Auth = Auth{config.Auth.Type(): Parameters{}}
+	for k, v := range config.Auth.Parameters() {
+		configCopy.Auth.setParameter(k, v)
+	}
+
 	return configCopy
 }