Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove potentially expired tokens #2062

Merged
merged 1 commit into from
Apr 26, 2021
Merged

Remove potentially expired tokens #2062

merged 1 commit into from
Apr 26, 2021

Conversation

dchw
Copy link
Contributor

@dchw dchw commented Apr 2, 2021

Some registries (notably Quay) issue tokens that expire without providing an expires in value in the authorization payload. Therefore, if a token produces a 401, we should remove it and re-fetch.

I admit this is a hack... likely incomplete and/or the wrong way to approach it. Any guidance would be great. The point is that we need to avoid using tokens that may have expired.

This (or a better approach) should resolve #2055 (and also thereby resolve earthly/earthly#890, too)

@dchw dchw force-pushed the corey/fix-stale-tokens branch 2 times, most recently from d6eb26a to 35c5e37 Compare April 2, 2021 18:34
dchw
dchw commented Apr 2, 2021
View reviewed changes
util/resolver/authorizer.go Outdated Show resolved Hide resolved
@dchw dchw requested a review from tonistiigi April 7, 2021 14:48
@tonistiigi
Copy link
Member

@dchw Please squash commits. lgtm otherwise

tonistiigi
tonistiigi requested changes Apr 15, 2021
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^

@dchw
Copy link
Contributor Author

dchw commented Apr 21, 2021
edited
Loading

Sorry! Things have been a bit crazy for me lately. I will squash and forcepush this ASAP. Done.

@dchw
Remove potentially expired tokens.
9b7a5fc 
Some registries (notably Quay) issue tokens that expire without providing an `expires in` value in the authorization payload. Therefore, if a token produces a 401, we should remove it and re-fetch.

Signed-off-by: Corey Larson <corey@earthly.dev>
@dchw dchw requested a review from tonistiigi April 21, 2021 20:15
@tonistiigi tonistiigi merged commit aa8c1ba into moby:master Apr 26, 2021
@dchw dchw deleted the corey/fix-stale-tokens branch April 26, 2021 16:30
@tonistiigi tonistiigi mentioned this pull request Feb 14, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@dchw @tonistiigi