github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-18 13:37:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Address code review feedback

Browse Source 
- Use NewBearerAuthorizer constructor instead of manual initialization
- Remove unused CreateOAuth2Config helper function
- Remove unnecessary sleep calls from tests (faster and more reliable)
- Remove unused oauth2 import

Co-authored-by: rchincha <45800463+rchincha@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-14 21:22:50 +00:00
parent 2a064f0fe5
commit 802c2be924
3 changed files with 5 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/authn.go
+5 -5
View File
@@ -498,11 +498,11 @@ func bearerAuthHandler(ctlr *Controller) mux.MiddlewareFunc {
ctlr.Log.Panic().Err(err).Msg("failed to load public key for bearer authentication")
}
traditionalAuthorizer = &BearerAuthorizer{
realm: authConfig.Bearer.Realm,
service: authConfig.Bearer.Service,
key: publicKey,
}
traditionalAuthorizer = NewBearerAuthorizer(
authConfig.Bearer.Realm,
authConfig.Bearer.Service,
publicKey,
)
}
// OIDC bearer auth for workload identity
pkg/api/bearer_oidc.go
-19
View File
@@ -7,7 +7,6 @@ import (
"time"
"github.com/coreos/go-oidc/v3/oidc"
"golang.org/x/oauth2"
zerr "zotregistry.dev/zot/v2/errors"
"zotregistry.dev/zot/v2/pkg/api/config"
@@ -200,21 +199,3 @@ func (a *OIDCBearerAuthorizer) AuthenticateRequest(ctx context.Context, authHead
return username, groups, true, nil
}
// CreateOAuth2Config creates an oauth2.Config for use with the OIDC provider.
// This is a helper method for testing purposes.
func CreateOAuth2Config(issuer string, clientID string, clientSecret string, redirectURL string, scopes []string) (*oauth2.Config, error) {
ctx := context.Background()
provider, err := oidc.NewProvider(ctx, issuer)
if err != nil {
return nil, fmt.Errorf("failed to create OIDC provider: %w", err)
}
return &oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
RedirectURL: redirectURL,
Endpoint: provider.Endpoint(),
Scopes: scopes,
}, nil
}
pkg/api/bearer_oidc_test.go
-17
View File
@@ -164,9 +164,6 @@ func TestOIDCBearerAuthorizer(t *testing.T) {
authHeader := "Bearer " + token
// Give the server time to be ready
time.Sleep(100 * time.Millisecond)
username, groups, err := authorizer.Authenticate(ctx, authHeader)
So(err, ShouldBeNil)
So(username, ShouldEqual, subject)
@@ -183,8 +180,6 @@ func TestOIDCBearerAuthorizer(t *testing.T) {
authHeader := "Bearer " + token
time.Sleep(100 * time.Millisecond)
username, extractedGroups, err := authorizer.Authenticate(ctx, authHeader)
So(err, ShouldBeNil)
So(username, ShouldEqual, subject)
@@ -198,8 +193,6 @@ func TestOIDCBearerAuthorizer(t *testing.T) {
authHeader := "Bearer " + token
time.Sleep(100 * time.Millisecond)
username, groups, err := authorizer.Authenticate(ctx, authHeader)
So(err, ShouldNotBeNil)
So(username, ShouldEqual, "")
@@ -225,8 +218,6 @@ func TestOIDCBearerAuthorizer(t *testing.T) {
authHeader := "Bearer " + tokenString
time.Sleep(100 * time.Millisecond)
username, groups, err := authorizer.Authenticate(ctx, authHeader)
So(err, ShouldNotBeNil)
So(username, ShouldEqual, "")
@@ -259,8 +250,6 @@ func TestOIDCBearerAuthorizer(t *testing.T) {
authHeader := "Bearer " + token
time.Sleep(100 * time.Millisecond)
username, groups, err := authorizer.Authenticate(ctx, authHeader)
So(err, ShouldBeNil)
So(username, ShouldEqual, customUsername)
@@ -274,8 +263,6 @@ func TestOIDCBearerAuthorizer(t *testing.T) {
authHeader := "Bearer " + token
time.Sleep(100 * time.Millisecond)
username, groups, err := authorizer.Authenticate(ctx, authHeader)
So(err, ShouldBeNil)
So(username, ShouldEqual, subject)
@@ -302,8 +289,6 @@ func TestOIDCBearerAuthorizer(t *testing.T) {
authHeader := "Bearer " + token
time.Sleep(100 * time.Millisecond)
username, groups, err := authorizer.Authenticate(ctx, authHeader)
So(err, ShouldBeNil)
So(username, ShouldEqual, subject)
@@ -317,8 +302,6 @@ func TestOIDCBearerAuthorizer(t *testing.T) {
authHeader := "Bearer " + token
time.Sleep(100 * time.Millisecond)
username, groups, err := authorizer.Authenticate(ctx, authHeader)
So(err, ShouldBeNil)
So(username, ShouldEqual, subject)