address comments

Signed-off-by: Lixia (Sylvia) Lei <lixlei@microsoft.com>

content.go

@@ -90,7 +90,7 @@ func TagN(ctx context.Context, target Target, srcReference string, dstReferences
 			if err != nil {
 				return ocispec.Descriptor{}, err
 			}
-			ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull, auth.ActionPush)
+			ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull, auth.ActionPush)
 		}
 
 		desc, contentBytes, err := FetchBytes(ctx, target, srcReference, FetchBytesOptions{
@@ -148,7 +148,7 @@ func Tag(ctx context.Context, target Target, src, dst string) (ocispec.Descripto
 			if err != nil {
 				return ocispec.Descriptor{}, err
 			}
-			ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull, auth.ActionPush)
+			ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull, auth.ActionPush)
 		}
 		desc, rc, err := refFetcher.FetchReference(ctx, src)
 		if err != nil {

registry/remote/auth/scope.go

@@ -57,8 +57,8 @@ func ScopeRepository(repository string, actions ...string) string {
 	}, ":")
 }
 
-// AppendScopeHints returns a new context containing scope hints for the auth
-// client to fetch bearer tokens with the given actions on the repository.
+// AppendRepositoryScope returns a new context containing scope hints for the
+// auth client to fetch bearer tokens with the given actions on the repository.
 // If called multiple times, the new scopes will be appended to the existing
 // scopes. The resulted scopes are de-duplicated.
 //
@@ -67,11 +67,11 @@ func ScopeRepository(repository string, actions ...string) string {
 // `repository:hello-world:pull`, and the auth client will fetch a token for
 // that challenge. Later, the POST request will return a challenge for scope
 // `repository:hello-world:push`, and the auth client will fetch a token for
-// that challenge again. By invoking AppendScopeHints with the actions
+// that challenge again. By invoking AppendRepositoryScope with the actions
 // [ActionPull] and [ActionPush] for the repository `hello-world`,
 // the auth client with cache is hinted to fetch a token via a single token
 // fetch request for all the HEAD, POST, PUT requests.
-func AppendScopeHints(ctx context.Context, ref registry.Reference, actions ...string) context.Context {
+func AppendRepositoryScope(ctx context.Context, ref registry.Reference, actions ...string) context.Context {
 	if len(actions) == 0 {
 		return ctx
 	}
@@ -177,16 +177,16 @@ func getAllScopesForHost(ctx context.Context, host string) []string {
 	scopes := GetScopesForHost(ctx, host)
 	globalScopes := GetScopes(ctx)
 
-	switch {
-	case len(scopes) == 0:
+	if len(scopes) == 0 {
 		return globalScopes
-	case len(globalScopes) == 0:
+	}
+	if len(globalScopes) == 0 {
 		return scopes
-	default:
-		// re-clean the scopes
-		allScopes := append(scopes, globalScopes...)
-		return CleanScopes(allScopes)
 	}
+
+	// re-clean the scopes
+	allScopes := append(scopes, globalScopes...)
+	return CleanScopes(allScopes)
 }
 
 // CleanScopes merges and sort the actions in ascending order if the scopes have

registry/remote/auth/scope_test.go

@@ -123,8 +123,8 @@ func TestWithScopeHints(t *testing.T) {
 	want2 := []string{
 		"repository:foo:push",
 	}
-	ctx = AppendScopeHints(ctx, ref1, ActionPull)
-	ctx = AppendScopeHints(ctx, ref2, ActionPush)
+	ctx = AppendRepositoryScope(ctx, ref1, ActionPull)
+	ctx = AppendRepositoryScope(ctx, ref2, ActionPush)
 	if got := GetScopesForHost(ctx, ref1.Host()); !reflect.DeepEqual(got, want1) {
 		t.Errorf("GetScopesPerRegistry(WithScopeHints()) = %v, want %v", got, want1)
 	}
@@ -149,8 +149,8 @@ func TestWithScopeHints(t *testing.T) {
 	want2 = []string{
 		"repository:foo:delete,push",
 	}
-	ctx = AppendScopeHints(ctx, ref1, scopes1...)
-	ctx = AppendScopeHints(ctx, ref2, scopes2...)
+	ctx = AppendRepositoryScope(ctx, ref1, scopes1...)
+	ctx = AppendRepositoryScope(ctx, ref2, scopes2...)
 	if got := GetScopesForHost(ctx, ref1.Host()); !reflect.DeepEqual(got, want1) {
 		t.Errorf("GetScopesPerRegistry(WithScopeHints()) = %v, want %v", got, want1)
 	}
@@ -159,8 +159,8 @@ func TestWithScopeHints(t *testing.T) {
 	}
 
 	// append empty scopes
-	ctx = AppendScopeHints(ctx, ref1)
-	ctx = AppendScopeHints(ctx, ref2)
+	ctx = AppendRepositoryScope(ctx, ref1)
+	ctx = AppendRepositoryScope(ctx, ref2)
 	if got := GetScopesForHost(ctx, ref1.Host()); !reflect.DeepEqual(got, want1) {
 		t.Errorf("GetScopesPerRegistry(WithScopeHints()) = %v, want %v", got, want1)
 	}

registry/remote/repository.go

@@ -391,7 +391,7 @@ func (r *Repository) ParseReference(reference string) (registry.Reference, error
 //   - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc3/spec.md#content-discovery
 //   - https://docs.docker.com/registry/spec/api/#tags
 func (r *Repository) Tags(ctx context.Context, last string, fn func(tags []string) error) error {
-	ctx = auth.AppendScopeHints(ctx, r.Reference, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, r.Reference, auth.ActionPull)
 	url := buildRepositoryTagListURL(r.PlainHTTP, r.Reference)
 	var err error
 	for err == nil {
@@ -508,7 +508,7 @@ func (r *Repository) Referrers(ctx context.Context, desc ocispec.Descriptor, art
 func (r *Repository) referrersByAPI(ctx context.Context, desc ocispec.Descriptor, artifactType string, fn func(referrers []ocispec.Descriptor) error) error {
 	ref := r.Reference
 	ref.Reference = desc.Digest.String()
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull)
 
 	url := buildReferrersURL(r.PlainHTTP, ref, artifactType)
 	var err error
@@ -642,7 +642,7 @@ func (r *Repository) pingReferrers(ctx context.Context) (bool, error) {
 
 	ref := r.Reference
 	ref.Reference = zeroDigest
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull)
 
 	url := buildReferrersURL(r.PlainHTTP, ref, "")
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
@@ -676,7 +676,7 @@ func (r *Repository) pingReferrers(ctx context.Context) (bool, error) {
 func (r *Repository) delete(ctx context.Context, target ocispec.Descriptor, isManifest bool) error {
 	ref := r.Reference
 	ref.Reference = target.Digest.String()
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionDelete)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionDelete)
 	buildURL := buildRepositoryBlobURL
 	if isManifest {
 		buildURL = buildRepositoryManifestURL
@@ -712,7 +712,7 @@ type blobStore struct {
 func (s *blobStore) Fetch(ctx context.Context, target ocispec.Descriptor) (rc io.ReadCloser, err error) {
 	ref := s.repo.Reference
 	ref.Reference = target.Digest.String()
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull)
 	url := buildRepositoryBlobURL(s.repo.PlainHTTP, ref)
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
 	if err != nil {
@@ -754,12 +754,12 @@ func (s *blobStore) Fetch(ctx context.Context, target ocispec.Descriptor) (rc io
 func (s *blobStore) Mount(ctx context.Context, desc ocispec.Descriptor, fromRepo string, getContent func() (io.ReadCloser, error)) error {
 	// pushing usually requires both pull and push actions.
 	// Reference: https://github.com/distribution/distribution/blob/v2.7.1/registry/handlers/app.go#L921-L930
-	ctx = auth.AppendScopeHints(ctx, s.repo.Reference, auth.ActionPull, auth.ActionPush)
+	ctx = auth.AppendRepositoryScope(ctx, s.repo.Reference, auth.ActionPull, auth.ActionPush)
 
 	// We also need pull access to the source repo.
 	fromRef := s.repo.Reference
 	fromRef.Repository = fromRepo
-	ctx = auth.AppendScopeHints(ctx, fromRef, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, fromRef, auth.ActionPull)
 
 	url := buildRepositoryBlobMountURL(s.repo.PlainHTTP, s.repo.Reference, desc.Digest, fromRepo)
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, nil)
@@ -832,7 +832,7 @@ func (s *blobStore) Push(ctx context.Context, expected ocispec.Descriptor, conte
 	// start an upload
 	// pushing usually requires both pull and push actions.
 	// Reference: https://github.com/distribution/distribution/blob/v2.7.1/registry/handlers/app.go#L921-L930
-	ctx = auth.AppendScopeHints(ctx, s.repo.Reference, auth.ActionPull, auth.ActionPush)
+	ctx = auth.AppendRepositoryScope(ctx, s.repo.Reference, auth.ActionPull, auth.ActionPush)
 	url := buildRepositoryBlobUploadURL(s.repo.PlainHTTP, s.repo.Reference)
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, nil)
 	if err != nil {
@@ -933,7 +933,7 @@ func (s *blobStore) Resolve(ctx context.Context, reference string) (ocispec.Desc
 	if err != nil {
 		return ocispec.Descriptor{}, err
 	}
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull)
 	url := buildRepositoryBlobURL(s.repo.PlainHTTP, ref)
 	req, err := http.NewRequestWithContext(ctx, http.MethodHead, url, nil)
 	if err != nil {
@@ -968,7 +968,7 @@ func (s *blobStore) FetchReference(ctx context.Context, reference string) (desc
 		return ocispec.Descriptor{}, nil, err
 	}
 
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull)
 	url := buildRepositoryBlobURL(s.repo.PlainHTTP, ref)
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
 	if err != nil {
@@ -1043,7 +1043,7 @@ type manifestStore struct {
 func (s *manifestStore) Fetch(ctx context.Context, target ocispec.Descriptor) (rc io.ReadCloser, err error) {
 	ref := s.repo.Reference
 	ref.Reference = target.Digest.String()
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull)
 	url := buildRepositoryManifestURL(s.repo.PlainHTTP, ref)
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
 	if err != nil {
@@ -1169,7 +1169,7 @@ func (s *manifestStore) Resolve(ctx context.Context, reference string) (ocispec.
 	if err != nil {
 		return ocispec.Descriptor{}, err
 	}
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull)
 	url := buildRepositoryManifestURL(s.repo.PlainHTTP, ref)
 	req, err := http.NewRequestWithContext(ctx, http.MethodHead, url, nil)
 	if err != nil {
@@ -1201,7 +1201,7 @@ func (s *manifestStore) FetchReference(ctx context.Context, reference string) (d
 		return ocispec.Descriptor{}, nil, err
 	}
 
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull)
 	url := buildRepositoryManifestURL(s.repo.PlainHTTP, ref)
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
 	if err != nil {
@@ -1244,7 +1244,7 @@ func (s *manifestStore) Tag(ctx context.Context, desc ocispec.Descriptor, refere
 		return err
 	}
 
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull, auth.ActionPush)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull, auth.ActionPush)
 	rc, err := s.Fetch(ctx, desc)
 	if err != nil {
 		return err
@@ -1269,7 +1269,7 @@ func (s *manifestStore) push(ctx context.Context, expected ocispec.Descriptor, c
 	ref.Reference = reference
 	// pushing usually requires both pull and push actions.
 	// Reference: https://github.com/distribution/distribution/blob/v2.7.1/registry/handlers/app.go#L921-L930
-	ctx = auth.AppendScopeHints(ctx, ref, auth.ActionPull, auth.ActionPush)
+	ctx = auth.AppendRepositoryScope(ctx, ref, auth.ActionPull, auth.ActionPush)
 	url := buildRepositoryManifestURL(s.repo.PlainHTTP, ref)
 	// unwrap the content for optimizations of built-in types.
 	body := ioutil.UnwrapNopCloser(content)