Revert "Enable POST method support for token fetch"

This reverts commit d2fcf67ded6d27b4ce6257bbd8b431720ba0120d.

Reverting due to https://bugs.launchpad.net/starlingx/+bug/1859686

Change-Id: If30034c4011162361c469072bd08c8e3b4975c33

registry-token-server/src/keystone/access.go

@@ -16,8 +16,8 @@ import (
 
 	"github.com/docker/distribution/context"
 	"github.com/docker/distribution/registry/auth"
-	"github.com/gophercloud/gophercloud"
+        "github.com/gophercloud/gophercloud"
-	"github.com/gophercloud/gophercloud/openstack"
+        "github.com/gophercloud/gophercloud/openstack"
 )
 
 type accessController struct {
@@ -57,9 +57,9 @@ func (ac *accessController) Authorized(ctx context.Context, accessRecords ...aut
 
 	opts := gophercloud.AuthOptions{
 		IdentityEndpoint: ac.endpoint,
-		Username:         username,
+		Username: username,
-		Password:         password,
+		Password: password,
-		DomainID:         "default",
+		DomainID: "default",
 	}
 
 	if _, err := openstack.AuthenticatedClient(opts); err != nil {
@@ -73,25 +73,6 @@ func (ac *accessController) Authorized(ctx context.Context, accessRecords ...aut
 	return auth.WithUser(ctx, auth.UserInfo{Name: username}), nil
 }
 
-// AuthenticateUser checks a given user:password credential by keystone.
-// If the check passes, nil is returned.
-func (ac *accessController) AuthenticateUser(username string, password string) error {
-
-	opts := gophercloud.AuthOptions{
-		IdentityEndpoint: ac.endpoint,
-		Username:         username,
-		Password:         password,
-		DomainID:         "default",
-	}
-
-	if _, err := openstack.AuthenticatedClient(opts); err != nil {
-		context.GetLogger(context.Background()).Errorf("error authenticating user %q: %v", username, err)
-		return auth.ErrAuthenticationFailure
-	}
-
-	return nil
-}
-
 // challenge implements the auth.Challenge interface.
 type challenge struct {
 	realm string
@@ -112,3 +93,4 @@ func (ch challenge) Error() string {
 func init() {
 	auth.Register("keystone", auth.InitFunc(newAccessController))
 }
+

registry-token-server/src/main.go

@@ -20,9 +20,9 @@ import (
 	"github.com/docker/distribution/context"
 	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/docker/distribution/registry/auth"
+	_ "registry-token-server/keystone"
 	"github.com/docker/libtrust"
 	"github.com/gorilla/mux"
-	_ "registry-token-server/keystone"
 )
 
 var (
@@ -82,8 +82,8 @@ func main() {
 	}
 
 	ac, err := auth.GetAccessController("keystone", map[string]interface{}{
-		"realm":    realm,
+		"realm": realm,
-		"endpoint": keystoneEndpoint,
+		"endpoint":  keystoneEndpoint,
 	})
 	if err != nil {
 		logrus.Fatalf("Error initializing access controller: %v", err)
@@ -179,9 +179,9 @@ func filterAccessList(ctx context.Context, scope string, requestedAccessList []a
 	grantedAccessList := make([]auth.Access, 0, len(requestedAccessList))
 	for _, access := range requestedAccessList {
 		if access.Type == "repository" {
-			// filter access to repos if the user is not "admin"
+                        // filter access to repos if the user is not "admin"
-			// need to have a "/" at the end because it adds one at the beginning of the fcn
+                        // need to have a "/" at the end because it adds one at the beginning of the fcn
-			// probably to prevent people making accounts like "adminnot" to steal admin powers
+                        // probably to prevent people making accounts like "adminnot" to steal admin powers
 			if !strings.HasPrefix(access.Name, scope) && scope != "admin/" {
 				context.GetLogger(ctx).Debugf("Resource scope not allowed: %s", access.Name)
 				continue