Update push and pull to registry 2.1 specification

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2014-12-16 16:57:37 -08:00 · 2014-12-16 16:57:37 -08:00 · 751a1a8dd0
commit 751a1a8dd0
parent ee1e1abb15
2 changed files with 151 additions and 200 deletions
--- a/docs/auth.go
+++ b/docs/auth.go
@ -37,6 +37,59 @@ type ConfigFile struct {
 	rootPath string
 }
 type RequestAuthorization struct {
 	Token    string
 	Username string
 	Password string
 }
 func NewRequestAuthorization(authConfig *AuthConfig, registryEndpoint *Endpoint, resource, scope string, actions []string) (*RequestAuthorization, error) {
 	var auth RequestAuthorization
 	client := &http.Client{
 		Transport: &http.Transport{
 			DisableKeepAlives: true,
 			Proxy:             http.ProxyFromEnvironment,
 		},
 		CheckRedirect: AddRequiredHeadersToRedirectedRequests,
 	}
 	factory := HTTPRequestFactory(nil)
 	for _, challenge := range registryEndpoint.AuthChallenges {
 		log.Debugf("Using %q auth challenge with params %s for %s", challenge.Scheme, challenge.Parameters, authConfig.Username)
 		switch strings.ToLower(challenge.Scheme) {
 		case "basic":
 			auth.Username = authConfig.Username
 			auth.Password = authConfig.Password
 		case "bearer":
 			params := map[string]string{}
 			for k, v := range challenge.Parameters {
 				params[k] = v
 			}
 			params["scope"] = fmt.Sprintf("%s:%s:%s", resource, scope, strings.Join(actions, ","))
 			token, err := getToken(authConfig.Username, authConfig.Password, params, registryEndpoint, client, factory)
 			if err != nil {
 				return nil, err
 			}
 			auth.Token = token
 		default:
 			log.Infof("Unsupported auth scheme: %q", challenge.Scheme)
 		}
 	}
 	return &auth, nil
 }
 func (auth *RequestAuthorization) Authorize(req *http.Request) {
 	if auth.Token != "" {
 		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", auth.Token))
 	} else if auth.Username != "" && auth.Password != "" {
 		req.SetBasicAuth(auth.Username, auth.Password)
 	}
 }
 // create a base64 encoded auth string to store in config
 func encodeAuth(authConfig *AuthConfig) string {
 	authStr := authConfig.Username + ":" + authConfig.Password
--- a/docs/session_v2.go
+++ b/docs/session_v2.go
@ -9,100 +9,34 @@ import (
 	"strconv"
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/docker/registry/v2"
 	"github.com/docker/docker/utils"
 	"github.com/gorilla/mux"
 )
-func newV2RegistryRouter() *mux.Router {
+var registryURLBuilder *v2.URLBuilder
 	router := mux.NewRouter()
-	v2Router := router.PathPrefix("/v2/").Subrouter()
+func init() {
 	// Version Info
 	v2Router.Path("/version").Name("version")
 	// Image Manifests
 	v2Router.Path("/manifest/{imagename:[a-z0-9-._/]+}/{tagname:[a-zA-Z0-9-._]+}").Name("manifests")
 	// List Image Tags
 	v2Router.Path("/tags/{imagename:[a-z0-9-._/]+}").Name("tags")
 	// Download a blob
 	v2Router.Path("/blob/{imagename:[a-z0-9-._/]+}/{sumtype:[a-z0-9._+-]+}/{sum:[a-fA-F0-9]{4,}}").Name("downloadBlob")
 	// Upload a blob
 	v2Router.Path("/blob/{imagename:[a-z0-9-._/]+}/{sumtype:[a-z0-9._+-]+}").Name("uploadBlob")
 	// Mounting a blob in an image
 	v2Router.Path("/blob/{imagename:[a-z0-9-._/]+}/{sumtype:[a-z0-9._+-]+}/{sum:[a-fA-F0-9]{4,}}").Name("mountBlob")
 	return router
 }
 // APIVersion2 /v2/
 var v2HTTPRoutes = newV2RegistryRouter()
 func getV2URL(e *Endpoint, routeName string, vars map[string]string) (*url.URL, error) {
 	route := v2HTTPRoutes.Get(routeName)
 	if route == nil {
 		return nil, fmt.Errorf("unknown regisry v2 route name: %q", routeName)
 	}
 	varReplace := make([]string, 0, len(vars)*2)
 	for key, val := range vars {
 		varReplace = append(varReplace, key, val)
 	}
 	routePath, err := route.URLPath(varReplace...)
 	if err != nil {
 		return nil, fmt.Errorf("unable to make registry route %q with vars %v: %s", routeName, vars, err)
 	}
 	u, err := url.Parse(REGISTRYSERVER)
 	if err != nil {
-		return nil, fmt.Errorf("invalid registry url: %s", err)
+		panic(fmt.Errorf("invalid registry url: %s", err))
 	}
-
+	registryURLBuilder = v2.NewURLBuilder(u)
 	return &url.URL{
 		Scheme: u.Scheme,
 		Host:   u.Host,
 		Path:   routePath.Path,
 	}, nil
 }
-// V2 Provenance POC
+func getV2Builder(e *Endpoint) *v2.URLBuilder {
 	return registryURLBuilder
 }
-func (r *Session) GetV2Version(token []string) (*RegistryInfo, error) {
+// GetV2Authorization gets the authorization needed to the given image
-	routeURL, err := getV2URL(r.indexEndpoint, "version", nil)
+// If readonly access is requested, then only the authorization may
-	if err != nil {
+// only be used for Get operations.
-		return nil, err
+func (r *Session) GetV2Authorization(imageName string, readOnly bool) (*RequestAuthorization, error) {
 	scopes := []string{"pull"}
 	if !readOnly {
 		scopes = append(scopes, "push")
 	}
-	method := "GET"
+	return NewRequestAuthorization(r.GetAuthConfig(true), r.indexEndpoint, "repository", imageName, scopes)
 	log.Debugf("[registry] Calling %q %s", method, routeURL.String())
 	req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil)
 	if err != nil {
 		return nil, err
 	}
 	setTokenAuth(req, token)
 	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, err
 	}
 	defer res.Body.Close()
 	if res.StatusCode != 200 {
 		return nil, utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d fetching Version", res.StatusCode), res)
 	}
 	decoder := json.NewDecoder(res.Body)
 	versionInfo := new(RegistryInfo)
 	err = decoder.Decode(versionInfo)
 	if err != nil {
 		return nil, fmt.Errorf("unable to decode GetV2Version JSON response: %s", err)
 	}
 	return versionInfo, nil
 }
 //
@ -112,25 +46,20 @@ func (r *Session) GetV2Version(token []string) (*RegistryInfo, error) {
 //  1.c) if anything else, err
 // 2) PUT the created/signed manifest
 //
-func (r *Session) GetV2ImageManifest(imageName, tagName string, token []string) ([]byte, error) {
+func (r *Session) GetV2ImageManifest(imageName, tagName string, auth *RequestAuthorization) ([]byte, error) {
-	vars := map[string]string{
+	routeURL, err := getV2Builder(r.indexEndpoint).BuildManifestURL(imageName, tagName)
 		"imagename": imageName,
 		"tagname":   tagName,
 	}
 	routeURL, err := getV2URL(r.indexEndpoint, "manifests", vars)
 	if err != nil {
 		return nil, err
 	}
 	method := "GET"
-	log.Debugf("[registry] Calling %q %s", method, routeURL.String())
+	log.Debugf("[registry] Calling %q %s", method, routeURL)
-	req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil)
+	req, err := r.reqFactory.NewRequest(method, routeURL, nil)
 	if err != nil {
 		return nil, err
 	}
-	setTokenAuth(req, token)
+	auth.Authorize(req)
 	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, err
@ -155,26 +84,20 @@ func (r *Session) GetV2ImageManifest(imageName, tagName string, token []string)
 // - Succeeded to mount for this image scope
 // - Failed with no error (So continue to Push the Blob)
 // - Failed with error
-func (r *Session) PostV2ImageMountBlob(imageName, sumType, sum string, token []string) (bool, error) {
+func (r *Session) PostV2ImageMountBlob(imageName, sumType, sum string, auth *RequestAuthorization) (bool, error) {
-	vars := map[string]string{
+	routeURL, err := getV2Builder(r.indexEndpoint).BuildBlobURL(imageName, sumType+":"+sum)
 		"imagename": imageName,
 		"sumtype":   sumType,
 		"sum":       sum,
 	}
 	routeURL, err := getV2URL(r.indexEndpoint, "mountBlob", vars)
 	if err != nil {
 		return false, err
 	}
-	method := "POST"
+	method := "HEAD"
-	log.Debugf("[registry] Calling %q %s", method, routeURL.String())
+	log.Debugf("[registry] Calling %q %s", method, routeURL)
-	req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil)
+	req, err := r.reqFactory.NewRequest(method, routeURL, nil)
 	if err != nil {
 		return false, err
 	}
-	setTokenAuth(req, token)
+	auth.Authorize(req)
 	res, _, err := r.doRequest(req)
 	if err != nil {
 		return false, err
@ -191,25 +114,19 @@ func (r *Session) PostV2ImageMountBlob(imageName, sumType, sum string, token []s
 	return false, fmt.Errorf("Failed to mount %q - %s:%s : %d", imageName, sumType, sum, res.StatusCode)
 }
-func (r *Session) GetV2ImageBlob(imageName, sumType, sum string, blobWrtr io.Writer, token []string) error {
+func (r *Session) GetV2ImageBlob(imageName, sumType, sum string, blobWrtr io.Writer, auth *RequestAuthorization) error {
-	vars := map[string]string{
+	routeURL, err := getV2Builder(r.indexEndpoint).BuildBlobURL(imageName, sumType+":"+sum)
 		"imagename": imageName,
 		"sumtype":   sumType,
 		"sum":       sum,
 	}
 	routeURL, err := getV2URL(r.indexEndpoint, "downloadBlob", vars)
 	if err != nil {
 		return err
 	}
 	method := "GET"
-	log.Debugf("[registry] Calling %q %s", method, routeURL.String())
+	log.Debugf("[registry] Calling %q %s", method, routeURL)
-	req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil)
+	req, err := r.reqFactory.NewRequest(method, routeURL, nil)
 	if err != nil {
 		return err
 	}
-	setTokenAuth(req, token)
+	auth.Authorize(req)
 	res, _, err := r.doRequest(req)
 	if err != nil {
 		return err
@ -226,25 +143,19 @@ func (r *Session) GetV2ImageBlob(imageName, sumType, sum string, blobWrtr io.Wri
 	return err
 }
-func (r *Session) GetV2ImageBlobReader(imageName, sumType, sum string, token []string) (io.ReadCloser, int64, error) {
+func (r *Session) GetV2ImageBlobReader(imageName, sumType, sum string, auth *RequestAuthorization) (io.ReadCloser, int64, error) {
-	vars := map[string]string{
+	routeURL, err := getV2Builder(r.indexEndpoint).BuildBlobURL(imageName, sumType+":"+sum)
 		"imagename": imageName,
 		"sumtype":   sumType,
 		"sum":       sum,
 	}
 	routeURL, err := getV2URL(r.indexEndpoint, "downloadBlob", vars)
 	if err != nil {
 		return nil, 0, err
 	}
 	method := "GET"
-	log.Debugf("[registry] Calling %q %s", method, routeURL.String())
+	log.Debugf("[registry] Calling %q %s", method, routeURL)
-	req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil)
+	req, err := r.reqFactory.NewRequest(method, routeURL, nil)
 	if err != nil {
 		return nil, 0, err
 	}
-	setTokenAuth(req, token)
+	auth.Authorize(req)
 	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, 0, err
@ -267,85 +178,76 @@ func (r *Session) GetV2ImageBlobReader(imageName, sumType, sum string, token []s
 // Push the image to the server for storage.
 // 'layer' is an uncompressed reader of the blob to be pushed.
 // The server will generate it's own checksum calculation.
-func (r *Session) PutV2ImageBlob(imageName, sumType, sumStr string, blobRdr io.Reader, token []string) (serverChecksum string, err error) {
+func (r *Session) PutV2ImageBlob(imageName, sumType, sumStr string, blobRdr io.Reader, auth *RequestAuthorization) error {
-	vars := map[string]string{
+	routeURL, err := getV2Builder(r.indexEndpoint).BuildBlobUploadURL(imageName)
-		"imagename": imageName,
+	if err != nil {
-		"sumtype":   sumType,
+		return err
 	}
-	routeURL, err := getV2URL(r.indexEndpoint, "uploadBlob", vars)
+	log.Debugf("[registry] Calling %q %s", "POST", routeURL)
 	req, err := r.reqFactory.NewRequest("POST", routeURL, nil)
 	if err != nil {
-		return "", err
+		return err
 	}
-	method := "PUT"
+	auth.Authorize(req)
 	log.Debugf("[registry] Calling %q %s", method, routeURL.String())
 	req, err := r.reqFactory.NewRequest(method, routeURL.String(), blobRdr)
 	if err != nil {
 		return "", err
 	}
 	setTokenAuth(req, token)
 	req.Header.Set("X-Tarsum", sumStr)
 	res, _, err := r.doRequest(req)
 	if err != nil {
-		return "", err
+		return err
 	}
 	location := res.Header.Get("Location")
 	method := "PUT"
 	log.Debugf("[registry] Calling %q %s", method, location)
 	req, err = r.reqFactory.NewRequest(method, location, blobRdr)
 	if err != nil {
 		return err
 	}
 	queryParams := url.Values{}
 	queryParams.Add("digest", sumType+":"+sumStr)
 	req.URL.RawQuery = queryParams.Encode()
 	auth.Authorize(req)
 	res, _, err = r.doRequest(req)
 	if err != nil {
 		return err
 	}
 	defer res.Body.Close()
 	if res.StatusCode != 201 {
 		if res.StatusCode == 401 {
 			return "", errLoginRequired
 		}
 		return "", utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to push %s blob", res.StatusCode, imageName), res)
 	}
 	type sumReturn struct {
 		Checksum string `json:"checksum"`
 	}
 	decoder := json.NewDecoder(res.Body)
 	var sumInfo sumReturn
 	err = decoder.Decode(&sumInfo)
 	if err != nil {
 		return "", fmt.Errorf("unable to decode PutV2ImageBlob JSON response: %s", err)
 	}
 	if sumInfo.Checksum != sumStr {
 		return "", fmt.Errorf("failed checksum comparison. serverChecksum: %q, localChecksum: %q", sumInfo.Checksum, sumStr)
 	}
 	// XXX this is a json struct from the registry, with its checksum
 	return sumInfo.Checksum, nil
 }
 // Finally Push the (signed) manifest of the blobs we've just pushed
 func (r *Session) PutV2ImageManifest(imageName, tagName string, manifestRdr io.Reader, token []string) error {
 	vars := map[string]string{
 		"imagename": imageName,
 		"tagname":   tagName,
 	}
 	routeURL, err := getV2URL(r.indexEndpoint, "manifests", vars)
 	if err != nil {
 		return err
 	}
 	method := "PUT"
 	log.Debugf("[registry] Calling %q %s", method, routeURL.String())
 	req, err := r.reqFactory.NewRequest(method, routeURL.String(), manifestRdr)
 	if err != nil {
 		return err
 	}
 	setTokenAuth(req, token)
 	res, _, err := r.doRequest(req)
 	if err != nil {
 		return err
 	}
 	res.Body.Close()
 	if res.StatusCode != 201 {
 		if res.StatusCode == 401 {
 			return errLoginRequired
 		}
 		return utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to push %s blob", res.StatusCode, imageName), res)
 	}
 	return nil
 }
 // Finally Push the (signed) manifest of the blobs we've just pushed
 func (r *Session) PutV2ImageManifest(imageName, tagName string, manifestRdr io.Reader, auth *RequestAuthorization) error {
 	routeURL, err := getV2Builder(r.indexEndpoint).BuildManifestURL(imageName, tagName)
 	if err != nil {
 		return err
 	}
 	method := "PUT"
 	log.Debugf("[registry] Calling %q %s", method, routeURL)
 	req, err := r.reqFactory.NewRequest(method, routeURL, manifestRdr)
 	if err != nil {
 		return err
 	}
 	auth.Authorize(req)
 	res, _, err := r.doRequest(req)
 	if err != nil {
 		return err
 	}
 	b, _ := ioutil.ReadAll(res.Body)
 	res.Body.Close()
 	if res.StatusCode != 200 {
 		if res.StatusCode == 401 {
 			return errLoginRequired
 		}
 		log.Debugf("Unexpected response from server: %q %#v", b, res.Header)
 		return utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to push %s:%s manifest", res.StatusCode, imageName, tagName), res)
 	}
@ -353,24 +255,20 @@ func (r *Session) PutV2ImageManifest(imageName, tagName string, manifestRdr io.R
 }
 // Given a repository name, returns a json array of string tags
-func (r *Session) GetV2RemoteTags(imageName string, token []string) ([]string, error) {
+func (r *Session) GetV2RemoteTags(imageName string, auth *RequestAuthorization) ([]string, error) {
-	vars := map[string]string{
+	routeURL, err := getV2Builder(r.indexEndpoint).BuildTagsURL(imageName)
 		"imagename": imageName,
 	}
 	routeURL, err := getV2URL(r.indexEndpoint, "tags", vars)
 	if err != nil {
 		return nil, err
 	}
 	method := "GET"
-	log.Debugf("[registry] Calling %q %s", method, routeURL.String())
+	log.Debugf("[registry] Calling %q %s", method, routeURL)
-	req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil)
+	req, err := r.reqFactory.NewRequest(method, routeURL, nil)
 	if err != nil {
 		return nil, err
 	}
-	setTokenAuth(req, token)
+	auth.Authorize(req)
 	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, err