Skip to content

Commit 064a3f9

Browse files
kbukum1kbukum1
committed
Migrate cargo handler to OIDCRegistry
1 parent d088b52 commit 064a3f9

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

internal/handlers/cargo_registry.go

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ package handlers
22

33
import (
44
"net/http"
5-
"sync"
65

76
"github.com/elazarl/goproxy"
87
"github.com/sirupsen/logrus"
@@ -35,9 +34,8 @@ import (
3534
// credentials locally in this example:
3635
// https://jfrog.com/help/r/artifactory-how-to-integrate-artifactory-with-cargo-using-sparse-indexing/client-configuration
3736
type CargoRegistryHandler struct {
38-
credentials []cargoRepositoryCredentials
39-
oidcCredentials map[string]*oidc.OIDCCredential
40-
mutex sync.RWMutex
37+
credentials []cargoRepositoryCredentials
38+
oidcRegistry *oidc.OIDCRegistry
4139
}
4240

4341
type cargoRepositoryCredentials struct {
@@ -47,8 +45,8 @@ type cargoRepositoryCredentials struct {
4745

4846
func NewCargoRegistryHandler(credentials config.Credentials) *CargoRegistryHandler {
4947
handler := CargoRegistryHandler{
50-
credentials: []cargoRepositoryCredentials{},
51-
oidcCredentials: make(map[string]*oidc.OIDCCredential),
48+
credentials: []cargoRepositoryCredentials{},
49+
oidcRegistry: oidc.NewOIDCRegistry(),
5250
}
5351

5452
for _, credential := range credentials {
@@ -58,12 +56,14 @@ func NewCargoRegistryHandler(credentials config.Credentials) *CargoRegistryHandl
5856

5957
url := credential.GetString("url")
6058

61-
oidcCredential, _ := oidc.CreateOIDCCredential(credential)
62-
if oidcCredential != nil {
63-
if url != "" {
64-
handler.oidcCredentials[url] = oidcCredential
65-
logging.RequestLogf(nil, "registered %s OIDC credentials for cargo registry: %s", oidcCredential.Provider(), url)
59+
// Cargo credentials must remain URL-scoped; do not allow OIDC
60+
// registration to fall back to host-only matching when url is empty.
61+
// OIDC credentials are not used as static credentials.
62+
if url != "" {
63+
if oidcCred, _, _ := handler.oidcRegistry.Register(credential, []string{"url"}, "cargo registry"); oidcCred != nil {
64+
continue
6665
}
66+
} else if oidcCred, _ := oidc.CreateOIDCCredential(credential); oidcCred != nil {
6767
continue
6868
}
6969

@@ -90,7 +90,7 @@ func (h *CargoRegistryHandler) HandleRequest(req *http.Request, ctx *goproxy.Pro
9090
}
9191

9292
// Try OIDC credentials first
93-
if oidc.TryAuthOIDCRequestWithPrefix(&h.mutex, h.oidcCredentials, req, ctx) {
93+
if h.oidcRegistry.TryAuth(req, ctx) {
9494
return req, nil
9595
}
9696

0 commit comments

Comments
 (0)