* passing context in layer calls
* more contexting
* clair folder and context in handlers
* fixed token transport to reuse request context
* tests
* taking out context pass in server handlers
* Test for TokenTransport proving memory leak
* Fix memory leak on wrong auth challenge header
* Add test for memory leak during authentication
The body of the first request must be closed before doing the request to
the authentication service
* Fix memory leak during authentication
Multiple calls to request.Header.Add() will overwrite the last value.
This formats the value of the Accept headers correctly so that a
registry can perform content-type negotiation.
Rather than returning an error that requires pattern-matching from
`parseChallenge` when the challenge header requires basic
authentication, return a distinguished error value. This makes checking
for this error a bit easier.
This commit also updates the check in `r.Headers` to use the new error
value and adds a couple of regression tests.
Using a registry having basic auth enabled the authentication was not
submitted to Clair. This newly introduced error fixes the missing auth
but needs testing with non-basic auth protected registries.
Also maybe the test for the "malformed auth..." string can now be
removed as it does not trigger on registries with basic auth enabled?
Signed-off-by: Knut Ahlers <knut@ahlers.me>
* Add more useful error for bad credentials.
The www-authenticate: basic response currently gets caught by
the token transport, which fails to parse it and spits out
a rather oblique "malformed auth challenge header" error.
Make the token transport ignore basic auth types, and make
the error transport handle a 401 response.
* Format authchallenge.go correctly.
Basic auth only worked if a full url was supplied. The reason is that
BasicTransport.RoundTrip checked if the resulting request URL has a the
transport's URL as a prefix.
This is fixed by setting the transport's URL to the canonical URL that is
computed a few lines earlier.
* Allow for non-SSL access
* Reuqire --insecure option to use http protocol
* Fixed lint error
* Added --force-non-ssl option. Also moved check to allow handling of docker config
