When copying an artifact from a remote repository to another, we may code something like below:
// add scope hints
scope := auth.ScopeRepository(dst.Reference.Repository, auth.ActionPull, auth.ActionPush)
ctx = auth.AppendScopes(ctx, scope)
// copy
desc, err := oras.Copy(ctx, src, srcRef, dst, dstRef, opts)
This code snippet adds both pull and push scope hints to ctx for the dst repository in order to decrease the number of auth requests on dst in the later copy operation.
However, auth.AppendScopes does not distinguish scopes between registries, resulting in pull and push scopes being requested for both src and dst repository, which is not safe.
When copying an artifact from a remote repository to another, we may code something like below:
This code snippet adds both
pullandpushscope hints toctxfor thedstrepository in order to decrease the number of auth requests ondstin the later copy operation.However,
auth.AppendScopesdoes not distinguish scopes between registries, resulting inpullandpushscopes being requested for bothsrcanddstrepository, which is not safe.