Update registry-token-server to work with docker distribution v2.7.1

This will:
- Align build components be compatible with docker distribution v2.7.1
- Update the code to be compatible with commit
  https://github.com/docker/distribution/commit/9c88801a

Change-Id: Ie959ad8c4179fd8844ef5b87f6dd59a84e38957f
Depends-On: https://review.opendev.org/723790
Story: 2006999
Task: 39578
Signed-off-by: Robert Church <robert.church@windriver.com>

centos_tarball-dl.lst

@@ -1,6 +1,6 @@
-Sirupsen-logrus-55eb11d21d2a31a3cc93838241d04800f52e823d.tar.gz#Sirupsen-logrus#github.com/Sirupsen/logrus/archive/55eb11d21d2a31a3cc93838241d04800f52e823d.tar.gz#http##
+Sirupsen-logrus-3d4380f53a34dcdc95f0c1db702615992b38d9a4.tar.gz#Sirupsen-logrus#github.com/Sirupsen/logrus/archive/3d4380f53a34dcdc95f0c1db702615992b38d9a4.tar.gz#http##
-docker-distribution-48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89.tar.gz#docker-distribution#github.com/docker/distribution/archive/48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89.tar.gz#http##
+docker-distribution-v2.7.1.tar.gz#docker-distribution-2.7.1#https://github.com/docker/distribution/archive/v2.7.1.tar.gz#http##
 docker-libtrust-fa567046d9b14f6aa788882a950d69651d230b21.tar.gz#docker-libtrust#https://github.com/docker/libtrust/archive/fa567046d9b14f6aa788882a950d69651d230b21.tar.gz#http##
 gophercloud-gophercloud-aa00757ee3ab58e53520b6cb910ca0543116400a.tar.gz#gophercloud-gophercloud#github.com/gophercloud/gophercloud/archive/aa00757ee3ab58e53520b6cb910ca0543116400a.tar.gz#http##
 gorilla-context-08b5f424b9271eedf6f9f0ce86cb9396ed337a42.tar.gz#gorilla-context#https://github.com/gorilla/context/archive/08b5f424b9271eedf6f9f0ce86cb9396ed337a42.tar.gz#http##
-gorilla-mux-456bcfa82d672db7cae587c9b541463f65bc2718.tar.gz#gorilla-mux#https://github.com/gorilla/mux/archive/456bcfa82d672db7cae587c9b541463f65bc2718.tar.gz#http##
+gorilla-mux-599cba5e7b6137d46ddf58fb1765f5d928e69604.tar.gz#gorilla-mux#https://github.com/gorilla/mux/archive/599cba5e7b6137d46ddf58fb1765f5d928e69604.tar.gz#http##

registry-token-server/centos/build_srpm.data

@@ -2,11 +2,10 @@ TAR_NAME="registry-token-server"
 SRC_DIR="$PKG_BASE/src"
 COPY_LIST=" \
   $FILES_BASE/* \
-  $STX_BASE/downloads/Sirupsen-logrus-55eb11d21d2a31a3cc93838241d04800f52e823d.tar.gz \
+  $STX_BASE/downloads/Sirupsen-logrus-3d4380f53a34dcdc95f0c1db702615992b38d9a4.tar.gz \
-  $STX_BASE/downloads/docker-distribution-48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89.tar.gz \
+  $STX_BASE/downloads/docker-distribution-v2.7.1.tar.gz \
   $STX_BASE/downloads/docker-libtrust-fa567046d9b14f6aa788882a950d69651d230b21.tar.gz \
   $STX_BASE/downloads/gophercloud-gophercloud-aa00757ee3ab58e53520b6cb910ca0543116400a.tar.gz \
-  $STX_BASE/downloads/gorilla-context-08b5f424b9271eedf6f9f0ce86cb9396ed337a42.tar.gz \
+  $STX_BASE/downloads/gorilla-mux-599cba5e7b6137d46ddf58fb1765f5d928e69604.tar.gz \
-  $STX_BASE/downloads/gorilla-mux-456bcfa82d672db7cae587c9b541463f65bc2718.tar.gz \
 "
-TIS_PATCH_VER=1
+TIS_PATCH_VER=2

registry-token-server/centos/registry-token-server.spec

@@ -12,12 +12,11 @@ Source1:        %{name}.service
 Source2:        token_server.conf
 
 # Go dependencies downloaded as tarballs
-Source10:       Sirupsen-logrus-55eb11d21d2a31a3cc93838241d04800f52e823d.tar.gz
+Source10:       Sirupsen-logrus-3d4380f53a34dcdc95f0c1db702615992b38d9a4.tar.gz
-Source11:       docker-distribution-48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89.tar.gz
+Source11:       docker-distribution-v2.7.1.tar.gz
 Source12:       docker-libtrust-fa567046d9b14f6aa788882a950d69651d230b21.tar.gz
 Source13:       gophercloud-gophercloud-aa00757ee3ab58e53520b6cb910ca0543116400a.tar.gz
-Source14:       gorilla-context-08b5f424b9271eedf6f9f0ce86cb9396ed337a42.tar.gz
+Source14:       gorilla-mux-599cba5e7b6137d46ddf58fb1765f5d928e69604.tar.gz
-Source15:       gorilla-mux-456bcfa82d672db7cae587c9b541463f65bc2718.tar.gz
 
 BuildRequires: systemd
 Requires(post): systemd
@@ -39,11 +38,9 @@ ExclusiveArch:  %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
 %setup -T -D -a 12
 %setup -T -D -a 13
 %setup -T -D -a 14
-%setup -T -D -a 15
 mkdir -p _build/src/github.com/gorilla/ && mv gorilla-mux _build/src/github.com/gorilla/mux
-mkdir -p _build/src/github.com/docker/ && mv docker-distribution _build/src/github.com/docker/distribution
+mkdir -p _build/src/github.com/docker/ && mv docker-distribution-2.7.1 _build/src/github.com/docker/distribution
 mkdir -p _build/src/github.com/docker/ && mv docker-libtrust _build/src/github.com/docker/libtrust
-mkdir -p _build/src/github.com/docker/distribution/ && mv gorilla-context _build/src/github.com/docker/distribution/context
 mkdir -p _build/src/github.com/Sirupsen/ && mv Sirupsen-logrus _build/src/github.com/Sirupsen/logrus
 mkdir -p _build/src/github.com/gophercloud && mv gophercloud-gophercloud _build/src/github.com/gophercloud/gophercloud
 

registry-token-server/src/Gopkg.lock

@@ -2,14 +2,14 @@
 
 
 [[projects]]
-  digest = "1:9c6c19030ff2899d13cfc7a4dc14ff3f2772395d848aa67580f96e6a58aa405f"
+  digest = "1:33e8a0fc9f993b2bc912152420644127e35b74587a6d694362772dd3821ca4cf"
   name = "github.com/Sirupsen/logrus"
   packages = ["."]
   pruneopts = "UT"
-  revision = "55eb11d21d2a31a3cc93838241d04800f52e823d"
+  revision = "3d4380f53a34dcdc95f0c1db702615992b38d9a4"
 
 [[projects]]
-  digest = "1:e894100bb5cc3b952965c9e7d160ea09cc31469a06d7d4bf5326184a87f5c726"
+  digest = "1:c3de2c3f1d92395cccfc9c484168450ed52dd7897e482e362e5f6b45b269eda6"
   name = "github.com/docker/distribution"
   packages = [
     "context",
@@ -19,8 +19,8 @@
     "uuid",
   ]
   pruneopts = "UT"
-  revision = "48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89"
+  revision = "2461543d988979529609e8cb6fca9ca190dc48da"
-  version = "v2.6.2"
+  version = "v2.7.1"
 
 [[projects]]
   digest = "1:0e229970bd76d6cdef6558f51ae493931485fb086d513bc4e3b80003bcf81f39"
@@ -53,11 +53,11 @@
   version = "v1.1.1"
 
 [[projects]]
-  digest = "1:c661dee65a46d437daf269e5f5f462bd9df6d8e7c9750ad1655fb2cafdb177a6"
+  digest = "1:33e16c57473b7c44d261a6846b82c9389392f16fd41bf3d78c6cb5a96d695d1a"
   name = "github.com/gorilla/mux"
   packages = ["."]
   pruneopts = "UT"
-  revision = "e444e69cbd2e2e3e0749a2f3c717cec491552bbf"
+  revision = "599cba5e7b6137d46ddf58fb1765f5d928e69604"
 
 [[projects]]
   branch = "master"

registry-token-server/src/Gopkg.toml

@@ -27,11 +27,11 @@
 
 [[constraint]]
   name = "github.com/Sirupsen/logrus"
-  revision = "55eb11d21d2a31a3cc93838241d04800f52e823d"
+  revision = "3d4380f53a34dcdc95f0c1db702615992b38d9a4"
 
 [[constraint]]
   name = "github.com/docker/distribution"
-  version = "2.6.2"
+  version = "2.7.1"
 
 [prune]
   go-tests = true
@@ -43,7 +43,7 @@
 
 [[constraint]]
   name = "github.com/gorilla/mux"
-  revision = "e444e69cbd2e2e3e0749a2f3c717cec491552bbf"
+  revision = "599cba5e7b6137d46ddf58fb1765f5d928e69604"
 
 [[constraint]]
   name = "github.com/gophercloud/gophercloud"

registry-token-server/src/keystone/access.go

@@ -11,10 +11,11 @@
 package keystone
 
 import (
+        "context"
 	"fmt"
 	"net/http"
 
-	"github.com/docker/distribution/context"
+	dcontext "github.com/docker/distribution/context"
 	"github.com/docker/distribution/registry/auth"
 	"github.com/gophercloud/gophercloud"
 	"github.com/gophercloud/gophercloud/openstack"
@@ -42,7 +43,7 @@ func newAccessController(options map[string]interface{}) (auth.AccessController,
 }
 
 func (ac *accessController) Authorized(ctx context.Context, accessRecords ...auth.Access) (context.Context, error) {
-	req, err := context.GetRequest(ctx)
+	req, err := dcontext.GetRequest(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -63,7 +64,7 @@ func (ac *accessController) Authorized(ctx context.Context, accessRecords ...aut
 	}
 
 	if _, err := openstack.AuthenticatedClient(opts); err != nil {
-		context.GetLogger(ctx).Errorf("error authenticating user %q: %v", username, err)
+		dcontext.GetLogger(ctx).Errorf("error authenticating user %q: %v", username, err)
 		return nil, &challenge{
 			realm: ac.realm,
 			err:   auth.ErrAuthenticationFailure,
@@ -85,7 +86,7 @@ func (ac *accessController) AuthenticateUser(username string, password string) e
 	}
 
 	if _, err := openstack.AuthenticatedClient(opts); err != nil {
-		context.GetLogger(context.Background()).Errorf("error authenticating user %q: %v", username, err)
+		dcontext.GetLogger(context.Background()).Errorf("error authenticating user %q: %v", username, err)
 		return auth.ErrAuthenticationFailure
 	}
 
@@ -101,7 +102,7 @@ type challenge struct {
 var _ auth.Challenge = challenge{}
 
 // SetHeaders sets the basic challenge header on the response.
-func (ch challenge) SetHeaders(w http.ResponseWriter) {
+func (ch challenge) SetHeaders(r *http.Request, w http.ResponseWriter) {
 	w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic realm=%q", ch.realm))
 }
 

registry-token-server/src/main.go

@@ -8,6 +8,7 @@
 package main
 
 import (
+        "context"
 	"encoding/json"
 	"flag"
 	"math/rand"
@@ -17,7 +18,7 @@ import (
 	"time"
 
 	"github.com/Sirupsen/logrus"
-	"github.com/docker/distribution/context"
+	dcontext "github.com/docker/distribution/context"
 	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/docker/distribution/registry/auth"
 	"github.com/docker/libtrust"
@@ -92,7 +93,7 @@ func main() {
 	// TODO: Make configurable
 	issuer.Expiration = 15 * time.Minute
 
-	ctx := context.Background()
+	ctx := dcontext.Background()
 
 	ts := &tokenServer{
 		issuer:           issuer,
@@ -122,23 +123,23 @@ func main() {
 // request context from a base context.
 func handlerWithContext(ctx context.Context, handler func(context.Context, http.ResponseWriter, *http.Request)) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		ctx := context.WithRequest(ctx, r)
+		ctx := dcontext.WithRequest(ctx, r)
-		logger := context.GetRequestLogger(ctx)
+		logger := dcontext.GetRequestLogger(ctx)
-		ctx = context.WithLogger(ctx, logger)
+		ctx = dcontext.WithLogger(ctx, logger)
 
 		handler(ctx, w, r)
 	})
 }
 
 func handleError(ctx context.Context, err error, w http.ResponseWriter) {
-	ctx, w = context.WithResponseWriter(ctx, w)
+	ctx, w = dcontext.WithResponseWriter(ctx, w)
 
 	if serveErr := errcode.ServeJSON(w, err); serveErr != nil {
-		context.GetResponseLogger(ctx).Errorf("error sending error response: %v", serveErr)
+		dcontext.GetResponseLogger(ctx).Errorf("error sending error response: %v", serveErr)
 		return
 	}
 
-	context.GetResponseLogger(ctx).Info("application error")
+	dcontext.GetResponseLogger(ctx).Info("application error")
 }
 
 var refreshCharacters = []rune("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
@@ -183,13 +184,13 @@ func filterAccessList(ctx context.Context, scope string, requestedAccessList []a
 			// need to have a "/" at the end because it adds one at the beginning of the fcn
 			// probably to prevent people making accounts like "adminnot" to steal admin powers
 			if !strings.HasPrefix(access.Name, scope) && scope != "admin/" {
-				context.GetLogger(ctx).Debugf("Resource scope not allowed: %s", access.Name)
+				dcontext.GetLogger(ctx).Debugf("Resource scope not allowed: %s", access.Name)
 				continue
 			}
 			if enforceRepoClass {
 				if class, ok := repositoryClassCache[access.Name]; ok {
 					if class != access.Class {
-						context.GetLogger(ctx).Debugf("Different repository class: %q, previously %q", access.Class, class)
+						dcontext.GetLogger(ctx).Debugf("Different repository class: %q, previously %q", access.Class, class)
 						continue
 					}
 				} else if strings.EqualFold(access.Action, "push") {
@@ -198,12 +199,12 @@ func filterAccessList(ctx context.Context, scope string, requestedAccessList []a
 			}
 		} else if access.Type == "registry" {
 			if access.Name != "catalog" {
-				context.GetLogger(ctx).Debugf("Unknown registry resource: %s", access.Name)
+				dcontext.GetLogger(ctx).Debugf("Unknown registry resource: %s", access.Name)
 				continue
 			}
 			// TODO: Limit some actions to "admin" users
 		} else {
-			context.GetLogger(ctx).Debugf("Skipping unsupported resource type: %s", access.Type)
+			dcontext.GetLogger(ctx).Debugf("Skipping unsupported resource type: %s", access.Type)
 			continue
 		}
 		grantedAccessList = append(grantedAccessList, access)
@@ -226,7 +227,7 @@ func (grantedAccess) String() string { return "grantedAccess" }
 // getToken handles authenticating the request and authorizing access to the
 // requested scopes.
 func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *http.Request) {
-	context.GetLogger(ctx).Info("getToken")
+	dcontext.GetLogger(ctx).Info("getToken")
 
 	params := r.URL.Query()
 	service := params.Get("service")
@@ -252,30 +253,30 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
 		}
 
 		// Get response context.
-		ctx, w = context.WithResponseWriter(ctx, w)
+		ctx, w = dcontext.WithResponseWriter(ctx, w)
 
-		challenge.SetHeaders(w)
+		challenge.SetHeaders(r, w)
 		handleError(ctx, errcode.ErrorCodeUnauthorized.WithDetail(challenge.Error()), w)
 
-		context.GetResponseLogger(ctx).Info("get token authentication challenge")
+		dcontext.GetResponseLogger(ctx).Info("get token authentication challenge")
 
 		return
 	}
 	ctx = authorizedCtx
 
-	username := context.GetStringValue(ctx, "auth.user.name")
+	username := dcontext.GetStringValue(ctx, "auth.user.name")
 
 	ctx = context.WithValue(ctx, acctSubject{}, username)
-	ctx = context.WithLogger(ctx, context.GetLogger(ctx, acctSubject{}))
+	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, acctSubject{}))
 
-	context.GetLogger(ctx).Info("authenticated client")
+	dcontext.GetLogger(ctx).Info("authenticated client")
 
 	ctx = context.WithValue(ctx, requestedAccess{}, requestedAccessList)
-	ctx = context.WithLogger(ctx, context.GetLogger(ctx, requestedAccess{}))
+	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, requestedAccess{}))
 
 	grantedAccessList := filterAccessList(ctx, username, requestedAccessList)
 	ctx = context.WithValue(ctx, grantedAccess{}, grantedAccessList)
-	ctx = context.WithLogger(ctx, context.GetLogger(ctx, grantedAccess{}))
+	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, grantedAccess{}))
 
 	token, err := ts.issuer.CreateJWT(username, service, grantedAccessList)
 	if err != nil {
@@ -283,7 +284,7 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
 		return
 	}
 
-	context.GetLogger(ctx).Info("authorized client")
+	dcontext.GetLogger(ctx).Info("authorized client")
 
 	response := tokenResponse{
 		Token:     token,
@@ -298,12 +299,12 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
 		}
 	}
 
-	ctx, w = context.WithResponseWriter(ctx, w)
+	ctx, w = dcontext.WithResponseWriter(ctx, w)
 
 	w.Header().Set("Content-Type", "application/json")
 	json.NewEncoder(w).Encode(response)
 
-	context.GetResponseLogger(ctx).Info("get token complete")
+	dcontext.GetResponseLogger(ctx).Info("get token complete")
 }
 
 type postTokenResponse struct {
@@ -388,16 +389,16 @@ func (ts *tokenServer) postToken(ctx context.Context, w http.ResponseWriter, r *
 	}
 
 	ctx = context.WithValue(ctx, acctSubject{}, subject)
-	ctx = context.WithLogger(ctx, context.GetLogger(ctx, acctSubject{}))
+	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, acctSubject{}))
 
-	context.GetLogger(ctx).Info("authenticated client")
+	dcontext.GetLogger(ctx).Info("authenticated client")
 
 	ctx = context.WithValue(ctx, requestedAccess{}, requestedAccessList)
-	ctx = context.WithLogger(ctx, context.GetLogger(ctx, requestedAccess{}))
+	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, requestedAccess{}))
 
 	grantedAccessList := filterAccessList(ctx, subject, requestedAccessList)
 	ctx = context.WithValue(ctx, grantedAccess{}, grantedAccessList)
-	ctx = context.WithLogger(ctx, context.GetLogger(ctx, grantedAccess{}))
+	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, grantedAccess{}))
 
 	token, err := ts.issuer.CreateJWT(subject, service, grantedAccessList)
 	if err != nil {
@@ -405,7 +406,7 @@ func (ts *tokenServer) postToken(ctx context.Context, w http.ResponseWriter, r *
 		return
 	}
 
-	context.GetLogger(ctx).Info("authorized client")
+	dcontext.GetLogger(ctx).Info("authorized client")
 
 	response := postTokenResponse{
 		Token:     token,
@@ -426,10 +427,10 @@ func (ts *tokenServer) postToken(ctx context.Context, w http.ResponseWriter, r *
 		response.RefreshToken = rToken
 	}
 
-	ctx, w = context.WithResponseWriter(ctx, w)
+	ctx, w = dcontext.WithResponseWriter(ctx, w)
 
 	w.Header().Set("Content-Type", "application/json")
 	json.NewEncoder(w).Encode(response)
 
-	context.GetResponseLogger(ctx).Info("post token complete")
+	dcontext.GetResponseLogger(ctx).Info("post token complete")
 }

registry-token-server/src/token.go

@@ -6,6 +6,7 @@
 package main
 
 import (
+        "context"
 	"crypto"
 	"crypto/rand"
 	"encoding/base64"
@@ -16,7 +17,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/distribution/context"
+	dcontext "github.com/docker/distribution/context"
 	"github.com/docker/distribution/registry/auth"
 	"github.com/docker/distribution/registry/auth/token"
 	"github.com/docker/libtrust"
@@ -32,7 +33,7 @@ func ResolveScopeSpecifiers(ctx context.Context, scopeSpecs []string) []auth.Acc
 		parts := strings.SplitN(scopeSpecifier, ":", 3)
 
 		if len(parts) != 3 {
-			context.GetLogger(ctx).Infof("ignoring unsupported scope format %s", scopeSpecifier)
+			dcontext.GetLogger(ctx).Infof("ignoring unsupported scope format %s", scopeSpecifier)
 			continue
 		}