Merge pull request moby#5457 from thaJeztah/resolver_noshadow

tonistiigi · web-flow · commit bbc23fb48153 · 2025-01-09T10:12:41.000-08:00
util/resolver: rename vars that shadowed imports
diff --git a/util/resolver/authorizer.go b/util/resolver/authorizer.go
@@ -70,17 +70,17 @@ func (a *authHandlerNS) get(ctx context.Context, host string, sm *session.Manage
 		}
 		if parts[0] == host {
 			if h.authority != nil {
-				session, ok, err := sessionauth.VerifyTokenAuthority(ctx, host, h.authority, sm, g)
+				sessionID, ok, err := sessionauth.VerifyTokenAuthority(ctx, host, h.authority, sm, g)
 				if err == nil && ok {
-					a.handlers[host+"/"+session] = h
+					a.handlers[host+"/"+sessionID] = h
 					h.lastUsed = time.Now()
 					return h
 				}
 			} else {
-				session, username, password, err := sessionauth.CredentialsFunc(sm, g)(host)
+				sessionID, username, password, err := sessionauth.CredentialsFunc(sm, g)(host)
 				if err == nil {
 					if username == h.common.Username && password == h.common.Secret {
-						a.handlers[host+"/"+session] = h
+						a.handlers[host+"/"+sessionID] = h
 						h.lastUsed = time.Now()
 						return h
 					}
@@ -130,12 +130,12 @@ func (a *dockerAuthorizer) Authorize(ctx context.Context, req *http.Request) err
 		return nil
 	}
 
-	auth, err := ah.authorize(ctx, a.sm, a.session)
+	authHeader, err := ah.authorize(ctx, a.sm, a.session)
 	if err != nil {
 		return err
 	}
 
-	req.Header.Set("Authorization", auth)
+	req.Header.Set("Authorization", authHeader)
 	return nil
 }
 
@@ -163,7 +163,7 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R
 				}
 				handler = nil
 
-				// this hacky way seems to be best method to detect that error is fatal and should not be retried with a new token
+				// this hacky way seems to be the best method to detect that error is fatal and should not be retried with a new token
 				if c.Parameters["error"] == "insufficient_scope" && parseScopes(oldScopes).contains(parseScopes(strings.Split(c.Parameters["scope"], " "))) {
 					return err
 				}
@@ -180,12 +180,12 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R
 			}
 
 			var username, secret string
-			session, pubKey, err := sessionauth.GetTokenAuthority(ctx, host, a.sm, a.session)
+			sessionID, pubKey, err := sessionauth.GetTokenAuthority(ctx, host, a.sm, a.session)
 			if err != nil {
 				return err
 			}
 			if pubKey == nil {
-				session, username, secret, err = a.getCredentials(host)
+				sessionID, username, secret, err = a.getCredentials(host)
 				if err != nil {
 					return err
 				}
@@ -197,23 +197,20 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R
 			}
 			common.Scopes = parseScopes(append(common.Scopes, oldScopes...)).normalize()
 
-			a.handlers.set(host, session, newAuthHandler(host, a.client, c.Scheme, pubKey, common))
+			a.handlers.set(host, sessionID, newAuthHandler(host, a.client, c.Scheme, pubKey, common))
 
 			return nil
 		} else if c.Scheme == auth.BasicAuth {
-			session, username, secret, err := a.getCredentials(host)
+			sessionID, username, secret, err := a.getCredentials(host)
 			if err != nil {
 				return err
 			}
 
 			if username != "" && secret != "" {
-				common := auth.TokenOptions{
+				a.handlers.set(host, sessionID, newAuthHandler(host, a.client, c.Scheme, nil, auth.TokenOptions{
 					Username: username,
 					Secret:   secret,
-				}
-
-				a.handlers.set(host, session, newAuthHandler(host, a.client, c.Scheme, nil, common))
-
+				}))
 				return nil
 			}
 		}
@@ -281,8 +278,8 @@ func (ah *authHandler) doBasicAuth() (string, error) {
 		return "", errors.New("failed to handle basic auth because missing username or secret")
 	}
 
-	auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + secret))
-	return fmt.Sprintf("Basic %s", auth), nil
+	authHeader := base64.StdEncoding.EncodeToString([]byte(username + ":" + secret))
+	return fmt.Sprintf("Basic %s", authHeader), nil
 }
 
 func (ah *authHandler) doBearerAuth(ctx context.Context, sm *session.Manager, g session.Group) (token string, err error) {
diff --git a/util/resolver/resolver.go b/util/resolver/resolver.go
@@ -172,12 +172,11 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
 
 func newMirrorRegistryHost(mirror string) docker.RegistryHost {
 	mirrorHost, mirrorPath := extractMirrorHostAndPath(mirror)
-	path := path.Join(defaultPath, mirrorPath)
 	h := docker.RegistryHost{
 		Scheme:       "https",
 		Client:       newDefaultClient(),
 		Host:         mirrorHost,
-		Path:         path,
+		Path:         path.Join(defaultPath, mirrorPath),
 		Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -70,17 +70,17 @@ func (a authHandlerNS) get(ctx context.Context, host string, sm session.Manage`
`70`	`70`	`}`
`71`	`71`	`if parts[0] == host {`
`72`	`72`	`if h.authority != nil {`
`73`		`- session, ok, err := sessionauth.VerifyTokenAuthority(ctx, host, h.authority, sm, g)`
	`73`	`+ sessionID, ok, err := sessionauth.VerifyTokenAuthority(ctx, host, h.authority, sm, g)`
`74`	`74`	`if err == nil && ok {`
`75`		`- a.handlers[host+"/"+session] = h`
	`75`	`+ a.handlers[host+"/"+sessionID] = h`
`76`	`76`	`h.lastUsed = time.Now()`
`77`	`77`	`return h`
`78`	`78`	`}`
`79`	`79`	`} else {`
`80`		`- session, username, password, err := sessionauth.CredentialsFunc(sm, g)(host)`
	`80`	`+ sessionID, username, password, err := sessionauth.CredentialsFunc(sm, g)(host)`
`81`	`81`	`if err == nil {`
`82`	`82`	`if username == h.common.Username && password == h.common.Secret {`
`83`		`- a.handlers[host+"/"+session] = h`
	`83`	`+ a.handlers[host+"/"+sessionID] = h`
`84`	`84`	`h.lastUsed = time.Now()`
`85`	`85`	`return h`
`86`	`86`	`}`
`@@ -130,12 +130,12 @@ func (a dockerAuthorizer) Authorize(ctx context.Context, req http.Request) err`
`130`	`130`	`return nil`
`131`	`131`	`}`
`132`	`132`
`133`		`- auth, err := ah.authorize(ctx, a.sm, a.session)`
	`133`	`+ authHeader, err := ah.authorize(ctx, a.sm, a.session)`
`134`	`134`	`if err != nil {`
`135`	`135`	`return err`
`136`	`136`	`}`
`137`	`137`
`138`		`- req.Header.Set("Authorization", auth)`
	`138`	`+ req.Header.Set("Authorization", authHeader)`
`139`	`139`	`return nil`
`140`	`140`	`}`
`141`	`141`
`@@ -163,7 +163,7 @@ func (a dockerAuthorizer) AddResponses(ctx context.Context, responses []http.R`
`163`	`163`	`}`
`164`	`164`	`handler = nil`
`165`	`165`
`166`		`- // this hacky way seems to be best method to detect that error is fatal and should not be retried with a new token`
	`166`	`+ // this hacky way seems to be the best method to detect that error is fatal and should not be retried with a new token`
`167`	`167`	`if c.Parameters["error"] == "insufficient_scope" && parseScopes(oldScopes).contains(parseScopes(strings.Split(c.Parameters["scope"], " "))) {`
`168`	`168`	`return err`
`169`	`169`	`}`
`@@ -180,12 +180,12 @@ func (a dockerAuthorizer) AddResponses(ctx context.Context, responses []http.R`
`180`	`180`	`}`
`181`	`181`
`182`	`182`	`var username, secret string`
`183`		`- session, pubKey, err := sessionauth.GetTokenAuthority(ctx, host, a.sm, a.session)`
	`183`	`+ sessionID, pubKey, err := sessionauth.GetTokenAuthority(ctx, host, a.sm, a.session)`
`184`	`184`	`if err != nil {`
`185`	`185`	`return err`
`186`	`186`	`}`
`187`	`187`	`if pubKey == nil {`
`188`		`- session, username, secret, err = a.getCredentials(host)`
	`188`	`+ sessionID, username, secret, err = a.getCredentials(host)`
`189`	`189`	`if err != nil {`
`190`	`190`	`return err`
`191`	`191`	`}`
`@@ -197,23 +197,20 @@ func (a dockerAuthorizer) AddResponses(ctx context.Context, responses []http.R`
`197`	`197`	`}`
`198`	`198`	`common.Scopes = parseScopes(append(common.Scopes, oldScopes...)).normalize()`
`199`	`199`
`200`		`- a.handlers.set(host, session, newAuthHandler(host, a.client, c.Scheme, pubKey, common))`
	`200`	`+ a.handlers.set(host, sessionID, newAuthHandler(host, a.client, c.Scheme, pubKey, common))`
`201`	`201`
`202`	`202`	`return nil`
`203`	`203`	`} else if c.Scheme == auth.BasicAuth {`
`204`		`- session, username, secret, err := a.getCredentials(host)`
	`204`	`+ sessionID, username, secret, err := a.getCredentials(host)`
`205`	`205`	`if err != nil {`
`206`	`206`	`return err`
`207`	`207`	`}`
`208`	`208`
`209`	`209`	`if username != "" && secret != "" {`
`210`		`- common := auth.TokenOptions{`
	`210`	`+ a.handlers.set(host, sessionID, newAuthHandler(host, a.client, c.Scheme, nil, auth.TokenOptions{`
`211`	`211`	`Username: username,`
`212`	`212`	`Secret: secret,`
`213`		`- }`
`214`		`-`
`215`		`- a.handlers.set(host, session, newAuthHandler(host, a.client, c.Scheme, nil, common))`
`216`		`-`
	`213`	`+ }))`
`217`	`214`	`return nil`
`218`	`215`	`}`
`219`	`216`	`}`
`@@ -281,8 +278,8 @@ func (ah *authHandler) doBasicAuth() (string, error) {`
`281`	`278`	`return "", errors.New("failed to handle basic auth because missing username or secret")`
`282`	`279`	`}`
`283`	`280`
`284`		`- auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + secret))`
`285`		`- return fmt.Sprintf("Basic %s", auth), nil`
	`281`	`+ authHeader := base64.StdEncoding.EncodeToString([]byte(username + ":" + secret))`
	`282`	`+ return fmt.Sprintf("Basic %s", authHeader), nil`
`286`	`283`	`}`
`287`	`284`
`288`	`285`	`func (ah authHandler) doBearerAuth(ctx context.Context, sm session.Manager, g session.Group) (token string, err error) {`