Bugfix: the actions should not always be pull and push

The similiar fix in docker daemon:
- https://github.com/docker/docker/pull/20382

Signed-off-by: Hu Keping <hukeping@huawei.com>

cmd/notary/delegations.go

@@ -78,7 +78,7 @@ func (d *delegationCommander) delegationsList(cmd *cobra.Command, args []string)
 
 	gun := args[0]
 
-	rt, err := getTransport(config, gun, true)
+	rt, err := getTransport(config, gun, true, "pull")
 	if err != nil {
 		return err
 	}

cmd/notary/keys.go

@@ -438,7 +438,7 @@ func (k *keyCommander) keysRotate(cmd *cobra.Command, args []string) error {
 	if k.rotateKeyServerManaged {
 		// this does not actually push the changes, just creates the keys, but
 		// it creates a key remotely so it needs a transport
-		rt, err = getTransport(config, gun, false)
+		rt, err = getTransport(config, gun, false, "push", "pull")
 		if err != nil {
 			return err
 		}

cmd/notary/tuf.go

@@ -153,7 +153,7 @@ func (t *tufCommander) tufInit(cmd *cobra.Command, args []string) error {
 	}
 	gun := args[0]
 
-	rt, err := getTransport(config, gun, false)
+	rt, err := getTransport(config, gun, false, "push", "pull")
 	if err != nil {
 		return err
 	}
@@ -198,7 +198,7 @@ func (t *tufCommander) tufList(cmd *cobra.Command, args []string) error {
 	}
 	gun := args[0]
 
-	rt, err := getTransport(config, gun, true)
+	rt, err := getTransport(config, gun, true, "pull")
 	if err != nil {
 		return err
 	}
@@ -233,7 +233,7 @@ func (t *tufCommander) tufLookup(cmd *cobra.Command, args []string) error {
 	gun := args[0]
 	targetName := args[1]
 
-	rt, err := getTransport(config, gun, true)
+	rt, err := getTransport(config, gun, true, "pull")
 	if err != nil {
 		return err
 	}
@@ -304,7 +304,7 @@ func (t *tufCommander) tufPublish(cmd *cobra.Command, args []string) error {
 
 	cmd.Println("Pushing changes to", gun)
 
-	rt, err := getTransport(config, gun, false)
+	rt, err := getTransport(config, gun, false, "push", "pull")
 	if err != nil {
 		return err
 	}
@@ -369,7 +369,7 @@ func (t *tufCommander) tufVerify(cmd *cobra.Command, args []string) error {
 	gun := args[0]
 	targetName := args[1]
 
-	rt, err := getTransport(config, gun, true)
+	rt, err := getTransport(config, gun, true, "pull")
 	if err != nil {
 		return err
 	}
@@ -444,7 +444,7 @@ func (ps passwordStore) Basic(u *url.URL) (string, string) {
 // The readOnly flag indicates if the operation should be performed as an
 // anonymous read only operation. If the command entered requires write
 // permissions on the server, readOnly must be false
-func getTransport(config *viper.Viper, gun string, readOnly bool) (http.RoundTripper, error) {
+func getTransport(config *viper.Viper, gun string, readOnly bool, actions ...string) (http.RoundTripper, error) {
 	// Attempt to get a root CA from the config file. Nil is the host defaults.
 	rootCAFile := utils.GetPathRelativeToConfig(config, "remote_server.root_ca")
 	clientCert := utils.GetPathRelativeToConfig(config, "remote_server.tls_client_cert")
@@ -481,11 +481,11 @@ func getTransport(config *viper.Viper, gun string, readOnly bool) (http.RoundTri
 		DisableKeepAlives:   true,
 	}
 	trustServerURL := getRemoteTrustServer(config)
-	return tokenAuth(trustServerURL, base, gun, readOnly)
+	return tokenAuth(trustServerURL, base, gun, readOnly, actions...)
 }
 
 func tokenAuth(trustServerURL string, baseTransport *http.Transport, gun string,
-	readOnly bool) (http.RoundTripper, error) {
+	readOnly bool, actions ...string) (http.RoundTripper, error) {
 
 	// TODO(dmcgowan): add notary specific headers
 	authTransport := transport.NewTransport(baseTransport)
@@ -533,7 +533,7 @@ func tokenAuth(trustServerURL string, baseTransport *http.Transport, gun string,
 	}
 
 	ps := passwordStore{anonymous: readOnly}
-	tokenHandler := auth.NewTokenHandler(authTransport, ps, gun, "push", "pull")
+	tokenHandler := auth.NewTokenHandler(authTransport, ps, gun, actions...)
 	basicHandler := auth.NewBasicHandler(ps)
 	modifier := transport.RequestModifier(auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
 	return transport.NewTransport(baseTransport, modifier), nil