Commit graph

1824 commits

Author SHA1 Message Date
Antonio Murdaca
e6b317f94f registry: client: auth: type errors
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-18 09:34:50 +01:00
John Starks
5b0a484739 Add os.version and os.features to platform spec
These changes are needed to differentiate Windows images.

Signed-off-by: John Starks <jostarks@microsoft.com>
2016-03-17 16:54:21 -07:00
Richard Scothern
461816a8d2 Merge pull request #1531 from aaronlehmann/empty-errors-slice
Don't return empty errcode.Errors slices
2016-03-17 10:46:51 -07:00
David Calavera
8562b657c8 Merge pull request #21258 from runcom/res.body.leaks
*: fix response body leaks
2016-03-16 19:20:10 -07:00
Antonio Murdaca
20bba4025a registry: client: repository: close response body
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-16 19:53:17 +01:00
Antonio Murdaca
7f7cb82149 *: fix response body leaks
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-16 17:15:42 +01:00
Antonio Murdaca
b4d9ae6052 registry: endpoint_v1: fix outdated comment
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-16 12:53:11 +01:00
Richard Scothern
e7ad3ced86 Merge pull request #1532 from RichardScothern/azure-error-types
Update missing blob error checking with latest Azure API
2016-03-15 10:08:36 -07:00
Antonio Murdaca
d5160a0211 daemon: update: check len inside public function
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-15 17:24:25 +01:00
Aaron Lehmann
9638c7644e Include status code in UnexpectedHTTPResponseError
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-15 09:03:56 -07:00
Richard Scothern
13adc62fae Merge pull request #1502 from RichardScothern/auth-url-endpoints
URL parse auth endpoints to normalize hostname to lowercase.
2016-03-14 16:28:24 -07:00
Richard Scothern
98140ca0ab Update missing blob error checking with latest Azure API
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-03-14 15:59:03 -07:00
Aaron Lehmann
c94c2a47a3 Don't return empty errcode.Errors slices
If this slice ends up empty after parsing the HTTP response body, it
means the body is not well-formed. We've probably encountered an error
message produced by something that uses a different JSON schema, or
an error that just happens to validate as JSON.

An empty errcode.Errors slice is not a very useful thing to return,
since its Error() output is just `<nil>`. Detect this case, and instend
return an UnexpectedHTTPResponseError.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-14 10:27:01 -07:00
Vincent Demeester
e1089de144 Merge pull request #20970 from dmcgowan/login-oauth
OAuth support for registries
2016-03-14 15:49:44 +01:00
Matt Duch
fcb247dfce registry/storage/driver/s3-aws kms support
Signed-off-by: Matt Duch <matt@learnmetrics.com>
2016-03-11 17:19:01 -06:00
Matt Duch
789c90ac42 registry/storage/driver/s3-aws kms support
Signed-off-by: Matt Duch <matt@learnmetrics.com>
2016-03-11 17:19:01 -06:00
Brian Bland
4c2edee417 Merge pull request #1438 from BrianBland/newStorageDriverWriter
Adds new StorageDriver.FileWriter interface
2016-03-11 15:06:07 -08:00
Brian Bland
c03b5fc5ee Merge pull request #1438 from BrianBland/newStorageDriverWriter
Adds new StorageDriver.FileWriter interface
2016-03-11 15:06:07 -08:00
David Calavera
311e1e9368 Merge pull request #21100 from aaronlehmann/remove-windows-specific-registry
Remove Windows-specific default registry definitions
2016-03-11 09:31:55 -08:00
Aaron Lehmann
2f17057314 Remove Windows-specific default registry definitions
Going forward, Docker won't use a different default registry on Windows.
This changes Windows to use the standard Docker Hub registry as the
default registry.

There is a plan in place to migrate existing images from the Windows
registry to Hub's normal registry, in advance of the 1.11 release. In
the mean time, images on the Windows registry can be accessed by
prefixing them with `registry-win-tp3.docker.io/`.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-10 18:33:14 -08:00
Brian Bland
eea043dc7b Removes ceph rados driver in favor of Swift API gateway support
Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-03-10 16:49:08 -08:00
Brian Bland
5967d33342 Removes ceph rados driver in favor of Swift API gateway support
Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-03-10 16:49:08 -08:00
Sebastiaan van Stijn
187b0b8c28 Merge pull request #21045 from calavera/registry_config_options
Move registry service options to the daemon configuration.
2016-03-11 00:48:55 +01:00
Brian Bland
1d1d92469d Merge pull request #1512 from kmala/master
Added support to specifiy custom endpoint
2016-03-10 13:48:59 -08:00
David Calavera
7caf33d6c5 Move registry service options to the daemon configuration.
Allowing to set their values in the daemon configuration file.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-10 11:53:11 -05:00
allencloud
3e2da4263e fix some typos.
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-03-10 10:09:27 +08:00
Keerthan Mala
19cfa36ec8 Added support to specifiy custom endpoint
Signed-off-by: Keerthan Reddy Mala <keerthan.mala@gmail.com>
2016-03-09 16:12:20 -07:00
Keerthan Mala
2be1b4ef4f Added support to specifiy custom endpoint
Signed-off-by: Keerthan Reddy Mala <keerthan.mala@gmail.com>
2016-03-09 16:12:20 -07:00
Derek McGowan
cbd95acbbc Add support for identity token with token handler
Use token handler options for initialization.
Update auth endpoint to set identity token in response.
Update credential store to match distribution interface changes.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-09 13:47:57 -08:00
Derek McGowan
259ef42c8c Add client ID to token fetch to GET endpoint
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-09 12:44:55 -08:00
Derek McGowan
093fbdbfc4 Add client_id to get token endpoint
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-09 12:35:20 -08:00
Brian Bland
490a2f5a55 Updates Swift driver to support new storagedriver.FileWriter interface
Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-03-08 16:38:39 -08:00
Li Yi
5b48c81545 Support FileWriter interface for OSS storage driver
Change-Id: Ie5533ad85f944800499ca1040fd67bf1378815e0
Signed-off-by: Li Yi <denverdino@gmail.com>
2016-03-08 16:38:39 -08:00
Arthur Baars
9432b18e30 Storagedriver: GCS: add chunksize parameter
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-03-08 16:38:39 -08:00
Arthur Baars
307504713f Storagedriver: GCS: add chunksize parameter
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-03-08 16:38:39 -08:00
Arthur Baars
115a6e5803 Storagedriver: GCS: implement resumable uploads
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-03-08 16:38:39 -08:00
Arthur Baars
34891eb7ab StorageDriver: Testsuite: call Close before getting Size
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-03-08 16:38:38 -08:00
Brian Bland
c69c8a3286 Adds new storagedriver.FileWriter interface
Updates registry storage code to use this for better resumable writes.
Implements this interface for the following drivers:
 + Inmemory
 + Filesystem
 + S3
 + Azure

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-03-08 16:37:44 -08:00
Aaron Lehmann
5ca3b61609 Fix two misspellings in source code comments
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-08 15:13:24 -08:00
Richard Scothern
e09891e2cf URL parse auth endpoints to normalize hostname to lowercase.
It is possible for a middlebox to lowercase the URL at somepoint causing a
lookup in the auth challenges table to fail.  Lowercase hostname before
using as keys to challenge map.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-03-07 14:08:21 -08:00
Brian Bland
2494c28e1f [driver/s3aws] Update s3aws driver parameter parsing to match s3goamz
Mirrors changes from #1414 into the newer driver

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-03-07 11:52:34 -08:00
Eric Yang
85eadae19a command correction in documentation
the original ```$GOPATH/bin/registry $GOPATH/src/github.com/docker/distribution/cmd/registry/config-example.yml``` leads to the error like

```
Error: unknown command "/Users/EricYang/go/src/github.com/docker/distribution/cmd/registry/config-example.yml" for "registry"
Run 'registry --help' for usage.
```

I think the correct command should be ```registry serve```

Signed-off-by: Eric Yang <EricYang@EricdeMacBook-Pro.local>
2016-03-07 10:42:35 +08:00
Derek McGowan
c536ae90a8 Fix oauth cross repository push
Cross repository push tokens were not being cached and could not be used,
now any returned token will be used and the caching is hidden in the getToken function.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-04 15:13:27 -08:00
Derek McGowan
e0420f4045 Add offline token option
Login needs to add an offline token flag to ensure a refresh token is returned by the token endpoint.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-04 14:32:51 -08:00
Derek McGowan
d6a1778282 Add post token implementation
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-04 13:53:06 -08:00
Derek McGowan
6a6c22e2b9 Add options struct to initialize handler
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-04 11:32:48 -08:00
Derek McGowan
f49bf18768 Fetch token by credentials and refresh token
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-04 00:34:17 -08:00
Derek McGowan
66d6eaa83f Update scope list to use space separator
The oauth spec defines using a space to separate parts of a scope.
To better comply with future implementations built on oauth use a space to separate the resource scopes.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-03 17:44:09 -08:00
Derek McGowan
d51f76f903 Update oauth documentation to include returned scope
Add post response values
Update password grant type to match oauth spec

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-03 17:44:09 -08:00
Richard Scothern
becdd83131 Merge pull request #1388 from aibaars/gcs-simplify-move
StorageDriver: GCS: remove support for directory Moves
2016-03-03 10:20:51 -08:00
Arthur Baars
396a73deb7 StorageDriver: GCS: remove support for directory Moves
The Move operation is only used to move uploaded blobs
to their final destination. There is no point in implementing
Move on "folders". Apart from simplifying the code, this also
saves an HTTP request.

Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-03-03 13:28:13 +00:00
Richard Scothern
c8dff1bb57 Merge pull request #1364 from aaronlehmann/content-type-in-api-docs
Add information about manifest content types to API spec
2016-03-01 13:53:49 -08:00
Richard Scothern
4c945fc951 Merge pull request #1364 from aaronlehmann/content-type-in-api-docs
Add information about manifest content types to API spec
2016-03-01 13:53:49 -08:00
Derek McGowan
065ddf0186 Login update and endpoint refactor
Further differentiate the APIEndpoint used with V2 with the endpoint type which is only used for v1 registry interactions
Rename Endpoint to V1Endpoint and remove version ambiguity
Use distribution token handler for login

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-01 11:52:32 -08:00
Ken Cochrane
e123ca925e Remove email address field from login
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server.

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
2016-02-29 17:53:27 -08:00
Richard Scothern
56eb3f51f4 Merge pull request #1386 from andrewnguyen/garbage_collect_pick_from_1050
garbage collection
2016-02-29 15:01:48 -08:00
Andrew T Nguyen
feab4aafbc Implements garbage collection subcommand
- Includes a change in the command to run the registry. The registry
  server itself is now started up as a subcommand.
- Includes changes to the high level interfaces to support enumeration
  of various registry objects.

Signed-off-by: Andrew T Nguyen <andrew.nguyen@docker.com>
2016-02-29 14:15:21 -08:00
Andrew T Nguyen
b7d3424103 Implements garbage collection subcommand
- Includes a change in the command to run the registry. The registry
  server itself is now started up as a subcommand.
- Includes changes to the high level interfaces to support enumeration
  of various registry objects.

Signed-off-by: Andrew T Nguyen <andrew.nguyen@docker.com>
2016-02-29 14:15:21 -08:00
Brian Bland
bf9a688ec7 Merge pull request #1473 from miminar/pass-blob-size
Commit uploaded blob with size
2016-02-29 10:26:45 -08:00
Aaron Lehmann
2040480420 Merge pull request #1474 from miminar/respect-errors
Respect errors returned from middleware code
2016-02-26 23:28:37 -08:00
Brian Bland
bb4d128523 Merge pull request #1482 from stweil/master
Fix some typos in comments and strings
2016-02-23 14:08:21 -08:00
Stefan Weil
d16f3046c6 Fix some typos in comments and strings
All of them were found and fixed by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-02-23 22:33:38 +01:00
Stefan Weil
615c6dfced Fix some typos in comments and strings
All of them were found and fixed by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-02-23 22:33:38 +01:00
Aaron Lehmann
e3a9a99097 Merge pull request #1471 from RichardScothern/tag-headers
Enable proxying registries to downgrade fetched manifests to Schema 1.
2016-02-23 11:08:46 -08:00
Michal Minar
ecc560f46f Commit blob with known size
Signed-off-by: Michal Minar <miminar@redhat.com>
2016-02-23 08:44:06 +01:00
Richard Scothern
29e0411f00 Enable proxying registries to downgrade fetched manifests to Schema 1.
Ensure Accept headers are sent with TagService.Get (which hits manifest
endpoints).  Add support for remote Get and Put for the proxied blobstore.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-02-22 17:56:48 -08:00
Michal Minar
776e01f8bc Defined ErrAccessDenied error
Middleware code may perform additional checks on blobs written. Allow it
to return access denied errors that will result in 403 Forbidden.

Signed-off-by: Michal Minar <miminar@redhat.com>
2016-02-22 21:12:59 +01:00
xiekeyang
c58aa8a50a compare error output in tagstore unit test
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2016-02-22 17:34:22 +08:00
Richard Scothern
db7411ff2e Merge pull request #1466 from RichardScothern/proxy-lazy-auth
Lazily evaluate auth challenges
2016-02-19 15:06:35 -08:00
Aaron Lehmann
9a2cef38e3 Change APIEndpoint to contain the URL in a parsed format
This allows easier URL handling in code that uses APIEndpoint.
If we continued to store the URL unparsed, it would require redundant
parsing whenver we want to extract information from it. Also, parsing
the URL earlier should give improve validation.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-17 17:48:15 -08:00
Richard Scothern
18fd1c0702 Extend authChallenger interface to remove type cast.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-02-17 13:07:14 -08:00
Brian Bland
464d03cdd6 Merge pull request #1469 from noxiouz/fix_storage_interface_desc
Fix description of StorageDriver.WriteStream
2016-02-17 10:46:11 -08:00
Anton Tiurin
2e8244822c Fix description of StorageDriver.WriteStream
Offset can be more than CurrentSize as long as this case is checked
by DriverSuite.testContinueStreamAppend.

Signed-off-by: Anton Tiurin <noxiouz@yandex.ru>
2016-02-17 13:57:20 +03:00
HuKeping
20bc910cdf Cleanup: remove unused log
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-02-17 14:11:20 +08:00
Brian Bland
c6871737bc [driver/s3aws] Fix TestStorageClass
Fixes bug in TestStorageClass for s3aws driver where the "standard" file
was checked for reduced-redundnancy storage.

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-02-16 17:50:55 -08:00
Richard Scothern
7d16fee7a4 To avoid any network use unless necessary, delay establishing authorization
challenges with the upstream until any proxied data is found not to be local.

Implement auth challenges behind an interface and add to unit tests.  Also,
remove a non-sensical unit test.

Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-02-16 11:53:42 -08:00
Brian Bland
881ef1096f Merge pull request #1385 from BrianBland/s3UseAWSLibrary
[driver/s3] Use aws/aws-sdk-go instead of goamz for s3 driver and cloudfront
2016-02-16 11:19:15 -08:00
Derek McGowan
c21f4eb561 Add credential authenticator interface
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-16 10:23:35 -08:00
liuchang0812
7ca24a7f5a fix gofmt
Signed-off-by: liuchang0812 <liuchang0812@gmail.com>
2016-02-16 11:42:09 +08:00
liuchang0812
ad6a0735d2 closes #1461, enhance log message of oss driver
Signed-off-by: liuchang0812 <liuchang0812@gmail.com>
2016-02-16 11:17:09 +08:00
Derek McGowan
3fc4e4cdc8 Add resource scope list definition
Allow providing multiple scopes in a single scope string

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-12 16:07:21 -08:00
Brian Bland
d5a38e4c5f Adds new s3 driver using aws-sdk-go instead of goamz
Keeps old s3 driver, renames to s3goamz, registers new s3 driver as both
"s3" and "s3aws"

Changes cloudfront middleware to use aws-sdk-go

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-02-12 15:59:26 -08:00
Aaron Lehmann
4bb475cd3c Push/pull errors improvement and cleanup
Several improvements to error handling:

- Introduce ImageConfigPullError type, wrapping errors related to
  downloading the image configuration blob in schema2. This allows for a
  more descriptive error message to be seen by the end user.

- Change some logrus.Debugf calls that display errors to logrus.Errorf.
  Add log lines in the push/pull fallback cases to make sure the errors
  leading to the fallback are shown.

- Move error-related types and functions which are only used by the
  distribution package out of the registry package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-11 16:28:56 -08:00
Derek McGowan
6d6c37c06a Update client section
Use client_id as defined in oauth rfc instead of custom client field

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-11 13:57:23 -08:00
Derek McGowan
32931689d5 Add scope documentation
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-11 13:57:23 -08:00
Derek McGowan
d8b59ab637 Add specification for using oauth with the token server
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-11 13:57:23 -08:00
Olivier Gambier
7e0e141948 Merge pull request #1452 from aaronlehmann/export-no-credentials-error
Export "no basic auth credentials" as an error value
2016-02-11 10:09:22 -08:00
Mary Anthony
78aa1d2bb1 Updating Dockerfile
Signed-off-by: Mary Anthony <mary@docker.com>
2016-02-10 21:12:45 -08:00
Olivier Gambier
ff9448cc4b Merge pull request #1451 from aaronlehmann/typo-fixes
Typo fixes in comments
2016-02-10 17:12:00 -08:00
Aaron Lehmann
cffb4bbbfd Export "no basic auth credentials" as an error value
Making this an exported error value will allow users of the
registry/client/auth module to have consistent behavior between
authentication failures and cases where no credentials are provided.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-10 16:46:57 -08:00
Aaron Lehmann
55906ee341 Merge pull request #1445 from dmcgowan/fix-manifest-digest-header
Fix schema1 manifest etag and docker content digest header
2016-02-10 16:27:18 -08:00
Aaron Lehmann
f77c82ebb3 Typo fixes in comments
Correct spelling of words in source code comments.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-10 16:26:29 -08:00
Aaron Lehmann
2177a6a1bf Merge pull request #1420 from dmcgowan/configurable-trust-key
Add option to disable signatures
2016-02-10 16:15:59 -08:00
Aaron Lehmann
a3213ff331 Merge pull request #1420 from dmcgowan/configurable-trust-key
Add option to disable signatures
2016-02-10 16:15:59 -08:00
Derek McGowan
e8eca4db17 Add documentation for compatibility configuration
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-10 15:20:55 -08:00
Derek McGowan
956ece5c70 Add option to disable signatures
Add option for specifying trust key for signing schema1 manifests.
Since schema1 signature key identifiers are not verified anywhere and deprecated, storing signatures is no longer a requirement.
Furthermore in schema2 there is no signature, requiring the registry to already add signatures to generated schema1 manifests.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-10 15:20:39 -08:00
Derek McGowan
ae59517936 Fix schema1 manifest etag and docker content digest header
When schema2 manifests are rewritten as schema1 currently the etag and docker content digest header keep the value for the schema2 manifest.

Fixes #1444

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-09 18:28:43 -08:00
Brian Bland
4bb5f80885 Improves flexibility of configuration handling for S3 driver
Treats nil parameters the same as unprovided parameters (fixes issues
where certain parameters are printed to "<nil>").
Accepts "true" and "false" string values for boolean parameters.

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-02-09 17:27:16 -08:00
igayoso
a940a07fa9 Change certificate hypothetic path
Signed-off-by: igayoso <igayoso@gmail.com>
2016-02-10 01:03:28 +01:00
Richard Scothern
fd7ccc0bdf Add documentation about what is sent for delete events
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-02-08 13:37:35 -08:00
Richard Scothern
8745d31f60 Merge pull request #1419 from aaronlehmann/safer-header-copying
On redirect, only copy headers when they don't already exist in the redirected request
2016-02-05 12:14:01 -08:00
Aaron Lehmann
7761a70389 Add information about manifest content types to API spec
Bring the spec up to date for schema2 changes.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-05 11:27:20 -08:00
Aaron Lehmann
c89f5b3775 Add information about manifest content types to API spec
Bring the spec up to date for schema2 changes.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-05 11:27:20 -08:00
Richard Scothern
9894643c88 Correct type for repo reference
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-02-04 17:32:55 -08:00
Derek McGowan
0751bb3179 Merge pull request #1417 from RichardScothern/token-print
Print the correct token expiration time
2016-02-04 16:57:08 -08:00
Richard Scothern
fe0e76f322 Merge pull request #1350 from aibaars/storage-filewriter-pointer
Storage: remove bufferedFileWriter (dead code)
2016-02-04 16:47:52 -08:00
Richard Scothern
def3e430bb Merge pull request #1401 from BrianBland/s3StorageClass
Adds "storageclass" configuration parameter for S3 driver.
2016-02-04 16:44:13 -08:00
Richard Scothern
2cc6ccbded Merge pull request #1401 from BrianBland/s3StorageClass
Adds "storageclass" configuration parameter for S3 driver.
2016-02-04 16:44:13 -08:00
Richard Scothern
ab6c08691e Merge pull request #1408 from aaronlehmann/repository-interface
Rename Name method of Repository to Named
2016-02-04 16:43:35 -08:00
Olivier Gambier
5596e787b6 Merge pull request #1409 from RichardScothern/recipe-menu
Move 'Recipes' into the Registry menu
2016-02-04 10:32:39 -08:00
Aaron Lehmann
6158eb544d Rename Name method of Repository to Named
This makes code that gets the name as a string read like
repo.Named().Name() instead of repo.Name().Name().

Requested in
https://github.com/docker/docker/pull/19887#discussion_r51479753

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-04 09:55:36 -08:00
Mary Anthony
8fdd7f5dfe Update title of Registry to Docker Registry
Signed-off-by: Mary Anthony <mary@docker.com>
2016-02-04 08:37:45 -08:00
yuzou
95b9c7281b read the actual number of bytes according to the initial size.
Signed-off-by: yuzou <zouyu7@huawei.com>
2016-02-04 16:14:35 +08:00
Aaron Lehmann
bbf983c061 On redirect, only copy headers when they don't already exist in the redirected request
A changeset under consideration for Go 1.7 would automatically copy
headers on redirect. This change future-proofs our code so we won't make
duplicate copies of the headers if net/http does it automatically in the
future.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-03 13:19:44 -08:00
Richard Scothern
091c12f86b Print the correct token expiration time
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-02-03 10:42:32 -08:00
Omer Cohen
d842645de9 Update configuration.md
fixed broken links

Signed-off-by: Omer Cohen <git@omer.io>
2016-02-03 15:57:55 +02:00
Richard Scothern
bd8b81a686 Make 'Recipes' the last item in the list
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-02-02 10:18:35 -08:00
Richard Scothern
586111b11e Merge pull request #1407 from RichardScothern/docs
Add compatibility notes about pull by digest across Docker and Registry versions.
2016-02-02 09:44:27 -08:00
Olivier Gambier
c4b79bda8a Merge pull request #1410 from aaronlehmann/failured
Correct ErrAuthenticationFailure message
2016-02-01 19:20:35 -08:00
Richard Scothern
4f7b32bc23 Add compatibility notes about pull by digest across Docker and Registry versions.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-02-01 17:05:27 -08:00
Aaron Lehmann
95a50c7236 Correct ErrAuthenticationFailure message
This was "authentication failured". Change it to "authentication
failure".

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-01 17:03:41 -08:00
Aaron Lehmann
9b395d0789 Merge pull request #1403 from dmcgowan/auth-const-keys
Update auth context keys to use constant
2016-02-01 16:29:07 -08:00
Aaron Lehmann
db48ad4d0f Merge pull request #1390 from dmcgowan/token-server
Simple integration test token server
2016-02-01 16:27:49 -08:00
Brian Bland
a2ade36ecf Adds test for S3 storage class configuration option
Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-02-01 16:01:55 -08:00
Brian Bland
8e7910826e Adds "storageclass" configuration parameter for S3 driver.
Defaults to STANDARD, also supports REDUCED_REDUNDANCY.

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-02-01 16:01:19 -08:00
Brian Bland
4688d1adc2 Adds "storageclass" configuration parameter for S3 driver.
Defaults to STANDARD, also supports REDUCED_REDUNDANCY.

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-02-01 16:01:19 -08:00
Aaron Lehmann
6417c05a27 Merge pull request #1381 from BrianBland/s3CustomUAString
Adds custom registry User-Agent header to s3 HTTP requests
2016-02-01 15:40:36 -08:00
Richard Scothern
9710599f99 Make 'Recipes' into the Registry menu
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-02-01 15:22:25 -08:00
Brian Bland
f41a408e34 Adds custom registry User-Agent header to s3 HTTP requests
Uses docker/goamz instead of AdRoll/goamz

Adds a registry UA string param to the storage parameters when
constructing the storage driver for the registry App.
This could be used by other storage drivers as well

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-02-01 13:43:46 -08:00
Mary Anthony
01bb31fc42 New navigation for 1.10
Capturing Olivier's comments

Signed-off-by: Mary Anthony <mary@docker.com>
2016-01-28 17:35:54 -08:00
Derek McGowan
badd8c49b6 Update auth context keys to use constant
Prevent using strings throughout the code to reference a string key defined in the auth package.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-01-28 17:02:09 -08:00
Aaron Lehmann
6c135e03ce Merge pull request #1393 from RichardScothern/putbydgst
Add manifest put by digest to the registry client
2016-01-28 14:41:07 -08:00
Derek McGowan
0e96574ea2 Merge pull request #1392 from aaronlehmann/client-range-requests
Support range requests in the client's httpReadSeeker
2016-01-28 13:44:43 -08:00
Aaron Lehmann
8e571dff41 Add a CheckRedirect function to the HTTP client
Use it to preserve Accept and Range headers that were added to the
original request.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-27 16:11:36 -08:00
Aaron Lehmann
a58b7625ba Support range requests in the client's httpReadSeeker
Remove buffering on the reader, because it's not useful. Also remove
artificial io.EOF return.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-27 16:11:36 -08:00
David Calavera
377f556464 Respond with 401 when there is an unauthorized error from the registry.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-27 13:55:33 -05:00
Richard Scothern
3e570e59f1 Invalidate the blob store descriptor caches when content is removed from from
the proxy.  Also, switch to reference in the scheduler API.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-01-26 17:02:59 -08:00
Richard Scothern
a7740f5d0f Correct test digest lengths and enable all unit tests
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-01-26 17:02:46 -08:00
Richard Scothern
f757372dd8 Add manifest put by digest to the registry client
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-01-26 14:20:23 -08:00
Tibor Vass
bd4e6b2de9 Merge pull request #19057 from dnephin/remove_version_from_registry_pkg
Remove dockerversion from registry package
2016-01-25 22:45:06 -08:00
Derek McGowan
1eed0ddd07 Update token header struct to use json.RawMessage pointer
Since RawMessage json receivers take a pointer type, the Header structure should use points in order to call the json.RawMessage marshal and unmarshal functions

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-01-25 20:11:41 -08:00
Arthur Baars
7dee3d19d9 Storage: remove bufferedFileWriter (dead code)
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-01-23 10:30:08 +00:00
Arthur Baars
586b3d47a7 Storage: blobwriter.Write/Seek test case
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-01-23 10:30:07 +00:00
Aaron Lehmann
6149a8c634 Change URLBuilder methods to use references for tags and digests
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-22 14:49:29 -08:00
Aaron Lehmann
e9692b8037 Use reference package internally
Most places in the registry were using string types to refer to
repository names. This changes them to use reference.Named, so the type
system can enforce validation of the naming rules.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-22 14:47:05 -08:00
Mary Anthony
cab284d6b2 - Pulling driver specs out of configuruation.md
- Fixing index metadata error
- Entering all the comments
- Updating with the build fixes
- Fix Microsoft link broken
- Fix collocate, colocate, to unambiguous co-locate

Signed-off-by: Mary Anthony <mary@docker.com>
2016-01-21 10:12:46 -08:00
Aaron Lehmann
e9bcc96ad2 If the media type for a manifest is unrecognized, default to schema1
This is needed for compatibility with some third-party registries that
send an inappropriate Content-Type header such as text/html.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-21 09:34:06 -08:00
Aaron Lehmann
59254013be Handle nonstandard token endpoint errors
https://github.com/docker/distribution/pull/1249 changed token fetching
to parse HTTP error response bodies as serialized errcodes. However,
Docker Hub's authentication endpoint does not return error bodies in
this format. To work around this, convert its format into
ErrCodeUnauthorized or ErrCodeUnknown.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-20 14:45:08 -08:00
Stephen J Day
eb87f00afd spec/api: add missing entries to changelog
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-01-20 12:19:25 -08:00
Aaron Lehmann
0e06c1cad1 Clarify error message when a .cert file is missing a corresponding key
The daemon uses two similar filename extensions to identify different
kinds of certificates. ".crt" files are interpreted as CA certificates,
and ".cert" files are interprted as client certificates. If a CA
certificate is accidentally given the extension ".cert", it will lead to
the following error message:

    Missing key ca.key for certificate ca.cert

To make this slightly less confusing, clarify the error message with a
note that CA certificates should use the extension ".crt".

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-20 11:34:59 -08:00
Arthur Baars
59a9607783 StorageDriver: GCS: retry all api calls
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-01-20 13:24:09 +00:00
Arthur Baars
ffc9527782 StorageDriver: Test suite: improve cleanup
Verify that the file(s) have been deleted after calling Delete,
and retry if this is not the case. Furthermore, report the error
if a Delete operation fails.

Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-01-20 13:24:09 +00:00
Aaron Lehmann
f9a3f028b5 Fix content type for schema1 signed manifests
The Payload function for schema1 currently returns a signed manifest,
but indicates the content type is that of a manifest that isn't signed.

Note that this breaks compatibility with Registry 2.3 alpha 1 and
Docker 1.10-rc1, because they use the incorrect content type.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-18 16:08:02 -08:00
Richard Scothern
0640813179 Merge pull request #1363 from aaronlehmann/media-type-charset
Do not require "charset=utf-8" for a schema1 with content type application/json
2016-01-18 15:20:01 -08:00
Richard Scothern
b2876674f3 Merge pull request #1355 from hopkings2008/master
In testsuites.go, enlarge the size of randomBytes to 128M to fix the …
2016-01-18 12:38:26 -08:00
Sean Boran
07e68b3b04 Carry #1329 : Fixes so that nginx will start
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>

Signed-off-by: Sean Boran <Boran@users.noreply.github.com>
2016-01-18 11:46:39 -08:00
Aaron Lehmann
3da0ee00d8 Do not require "charset=utf-8" for a schema1 with content type application/json
For compatibility with other registries that don't use this exact
variant of the Content-Type header, we need to be more flexible about
what we accept. Any form of "application/json" should be allowed. The
charset should not be included in the comparison.

See docker/docker#19400.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-18 09:59:50 -08:00
Daniel Nephin
6e85a8d94a Remove the use of dockerversion from the registry package
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-01-15 12:43:54 -05:00
Arthur Baars
985c0d602f StorageDriver GCS: try google.DefaultTokenSource first
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-01-15 11:47:47 +00:00
yuzou
d3d9282a30 In testsuites.go, enlarge the size of randomBytes to 128M to fix the crash of running TestConcurrentStreamReads
Signed-off-by: yuzou <zouyu7@huawei.com>
2016-01-15 17:22:43 +08:00
Richard Scothern
05dc6404fd Merge pull request #1332 from RichardScothern/gcs-params
Change the parameters to the GCS drivers to allow CircleCI testing.
2016-01-14 15:50:09 -08:00
Brian Bland
67aef89bc0 Splits up blob create options definitions to be package-specific
Redefines privately in both storage and client packages

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-14 10:47:33 -08:00
Brian Bland
e0d4a45c93 Fixes cross-repo blob mounting in the BlobUploadHandler
Accidentally checked for err != nil instead of err == nil :/
Also now ensures that only a non-nil option is appended to the create
options slice

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-13 19:21:45 -08:00
Richard Scothern
5d35fa34c1 Change the parameters to the GCS drivers to allow CircleCI testing.
Remove the requirement of file system access to run GCS unit tests.  Deconstruct
the input parameters to take the private key and email which can be specified on
the build system via environment variables.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-01-13 18:00:59 -08:00
Brian Bland
ce88d8a6f4 Adds functional options arguments to the Blobs Create method
Removes the Mount operation and instead implements this behavior as part
of Create a From option is provided, which in turn returns a rich
ErrBlobMounted indicating that a blob upload session was not initiated,
but instead the blob was mounted from another repository

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-13 16:42:59 -08:00
Brian Bland
36023174db Adds functional options arguments to the Blobs Create method
Removes the Mount operation and instead implements this behavior as part
of Create a From option is provided, which in turn returns a rich
ErrBlobMounted indicating that a blob upload session was not initiated,
but instead the blob was mounted from another repository

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-13 16:42:59 -08:00
Brian Bland
ac03070245 Fixes error codes in the API spec template
Uses UPPER_UNDERSCORE_CASE instead of the nice error message format
added in #911

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-13 11:53:40 -08:00
Richard Scothern
93b65847ca Fix manifest API unit tests
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-01-11 12:52:21 -08:00
Richard Scothern
b7aee20b81 Merge pull request #1319 from RichardScothern/update-tags
Remove tags referencing deleted manifests.
2016-01-11 11:33:22 -08:00
Richard Scothern
5fe3d68e9c Merge pull request #1269 from BrianBland/crossRepositoryPush
Adds cross-repository blob mounting behavior
2016-01-08 14:37:00 -08:00
Brian Bland
44d95e5841 Allows token authentication handler to request additional scopes
When an auth request provides the "from" query parameter, the token
handler will add a "pull" scope for the provided repository, refreshing
the token if the overall scope has increased

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-08 13:53:23 -08:00
Brian Bland
41e30f626b Adds cross-repository blob mounting behavior
Extends blob upload POST endpoint to support mount and from query
parameters as described in #634

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-08 13:53:18 -08:00
Brian Bland
5df21570a7 Adds cross-repository blob mounting behavior
Extends blob upload POST endpoint to support mount and from query
parameters as described in #634

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-08 13:53:18 -08:00
Richard Scothern
e5e0e2cc2a Merge pull request #1276 from denverdino/oss-test
Support large layer for OSS driver
2016-01-08 13:26:09 -08:00
Stephen Day
c426367881 Merge pull request #1281 from aaronlehmann/new-manifest
Implement schema2 manifest formats
2016-01-07 17:19:56 -08:00
Stephen Day
a7ae88da45 Merge pull request #1281 from aaronlehmann/new-manifest
Implement schema2 manifest formats
2016-01-07 17:19:56 -08:00
Stephen Day
98fecde1c9 Merge pull request #911 from stevvooe/consistent-error-string
More consistent return from ErrorCode.Error()
2016-01-07 17:06:12 -08:00
Aaron Lehmann
bbabb55ccb Move MediaType into manifest.Versioned
This makes content type sniffing cleaner. The document just needs to be
decoded into a manifest.Versioned structure. It's no longer a two-step
process.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-07 15:26:27 -08:00
Aaron Lehmann
fce65b72b3 Recognize clients that don't support manifest lists
Convert a default platform's manifest to schema1 on the fly.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-07 15:26:27 -08:00
Aaron Lehmann
7ef71988a8 Add support for manifest list ("fat manifest")
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-07 15:26:27 -08:00
Aaron Lehmann
9c416f0e94 Add support for manifest list ("fat manifest")
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-07 15:26:27 -08:00
Aaron Lehmann
66a33baa36 Add API unit testing for schema2 manifest
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-07 15:26:26 -08:00
Aaron Lehmann
f14c6a4814 Recognize clients that don't support schema2, and convert manifests to schema1 on the fly
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-07 15:26:26 -08:00
Aaron Lehmann
9c13a8295f Factor out schema-specific portions of manifestStore
Create signedManifestHandler and schema2ManifestHandler. Use these to
unmarshal and put the respective types of manifests from manifestStore.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-07 15:26:26 -08:00
Stephen Day
0be4b3f27d Merge pull request #1283 from djenriquez/master
CloudFront-s3-middleware
2016-01-07 14:58:35 -08:00
David Calavera
981a573eaf Modify import paths to point to the new engine-api package.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-06 19:48:59 -05:00
Richard Scothern
6a248e115b Merge pull request #1321 from aibaars/gcs-fix-retry
GCS storage driver: fix retry function
2016-01-06 12:00:12 -08:00
Arthur Baars
5c6fdc710f GCS Storagedriver: fix test failure caused by #1187
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-01-06 18:36:28 +00:00
Arthur Baars
bf1e41a9f2 GCS driver: fix retry function
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-01-06 17:57:22 +00:00
DJ Enriquez
b49c4fff95 Applying recommended changes
- Adding clarification to the “chunksize” definition
- Changing short-hand “/w” to “with”

Signed-off-by: DJ Enriquez <dj.enriquez@infospace.com>
2016-01-05 15:22:35 -08:00
Richard Scothern
fea0a7ed49 Remove tags referencing deleted manifests.
When a manifest is deleted by digest, look up the referenced tags in the tag
store and remove all associations.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-01-05 13:47:52 -08:00
Phil Estes
062d6cd782 Merge pull request #18889 from aaronlehmann/v1-fallback-pull-all-tags
Allow v1 protocol fallback when pulling all tags from a repository unknown to v2 registry
2016-01-05 16:20:04 -05:00
Stephen Day
5529baa918 Merge pull request #1249 from k4leung4/print-error-msg
Print error for failed HTTP auth request.
2016-01-05 12:23:05 -08:00
Richard Scothern
72432a701a Show the legacy registry flag only in the daemon arguments
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-01-04 14:52:39 -08:00
Stephen Day
1c6c0c8a2d Merge pull request #1097 from hopkings2008/master
use the scheme and host from x-forward-proto and x-forward-host if the…
2015-12-30 16:35:20 -08:00
Sebastiaan van Stijn
ef006ca1a1 docs: mark manifest as "draft"
Markdown linter produced an error on this page;

    running markdownlint
    ERROR (registry/spec/manifest-v2-2.md) frontmatter: Unexpected non-whitespace char: # Image Manifest Version 2, Schema 2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2015-12-30 20:56:02 +01:00
Stephen Day
e4d08a35ca Merge pull request #1304 from BrianBland/fsDriverRelaxedPermissions
Relaxes filesystem driver permissions to 0777 (dirs) and 0666 (files)
2015-12-29 19:06:45 -08:00
David Calavera
4f4b3d5257 Remove usage of pkg sockets and tlsconfig.
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
  circular dependency issue.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
Kenny Leung
731befec93 Merge branch 'print-error-msg' of https://github.com/k4leung4/distribution into print-error-msg
Changed to use typed error instead of formatted string.
Added tests for new public method.

Signed-off-by: Kenny Leung <kleung@google.com>
2015-12-29 16:26:13 -08:00
Kenny Leung
b89c4e8cbf Print error for failed HTTP auth request.
Signed-off-by: Kenny Leung <kleung@google.com>
2015-12-29 11:39:20 -08:00
weiyuan.yl
5dc714b347 Replace 404 to http.StatusNotFound
Change-Id: Ia100975cb93c0a6d94ea5542b1c9ce386bc87649
Signed-off-by: weiyuan.yl <weiyuan.yl@alibaba-inc.com>
2015-12-29 12:09:04 +08:00
Brian Bland
165507a622 Relaxes filesystem driver permissions to 0777 (dirs) and 0666 (files)
Leaves any further permissions restrictions to the process umask

Signed-off-by: Brian Bland <brian.bland@docker.com>
2015-12-28 15:22:28 -08:00
Brian Bland
cf4fdc1be0 Serve blobs when a storage driver supports redirects but are disabled
Fixes issue where an error was returned instead of serving the blob

Signed-off-by: Brian Bland <brian.bland@docker.com>
2015-12-28 11:08:39 -08:00
yuzou
9c7dc47d80 use the scheme and host from x-forward-proto and x-forward-host if they exits and correct the scheme for Location header during image upload
Signed-off-by: yuzou <zouyu7@huawei.com>
2015-12-28 17:28:32 +08:00
weiyuan.yl
dc6944d91d In HEAD request for missing resource, only 404 NOT FOUND is returned
Change-Id: I73caf67b59519e6f4f82f7d78f5d4fd4ad9affcd
Signed-off-by: weiyuan.yl <weiyuan.yl@alibaba-inc.com>
2015-12-28 11:28:42 +08:00
Aaron Lehmann
693eb14e73 Allow v1 protocol fallback when pulling all tags from a repository unknown to v2 registry
This is a followup to #18839. That PR relaxed the fallback logic so that
if a manifest doesn't exist on v2, or the user is unauthorized to access
it, we try again with the v1 protocol. A similar special case is needed
for "pull all tags" (docker pull -a). If the v2 registry doesn't
recognize the repository, or doesn't allow the user to access it, we
should fall back to v1 and try to pull all tags from the v1 registry.
Conversely, if the v2 registry does allow us to list the tags, there
should be no fallback, even if there are errors pulling those tags.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-23 15:21:43 -08:00
DJ Enriquez
5dfc78997d Adding suggested changes
Adding changed suggested by moxiegirl.

Signed-off-by: DJ Enriquez <dj.enriquez@infospace.com>
2015-12-22 11:33:28 -09:00
Olivier Gambier
e02a0b0399 Merge pull request #1244 from carsonoid/carsonoid-nginx-doc-patch
Update nginx.md
2015-12-22 10:25:10 -08:00
Olivier Gambier
236c19fa30 Merge pull request #1255 from donhcd/convergeSwiftDocs
Help converge disagreeing swift docs
2015-12-22 10:23:13 -08:00
Aaron Lehmann
71ddfd40ef When a manifest is not found, allow fallback to v1
PR #18590 caused compatibility issues with registries such as gcr.io
which support both the v1 and v2 protocols, but do not provide the same
set of images over both protocols. After #18590, pulls from these
registries would never use the v1 protocol, because of the
Docker-Distribution-Api-Version header indicating that v2 was supported.

Fix the problem by making an exception for the case where a manifest is
not found. This should allow fallback to v1 in case that image is
exposed over the v1 protocol but not the v2 protocol.

This avoids the overly aggressive fallback behavior before #18590 which
would allow protocol fallback after almost any error, but restores
interoperability with mixed v1/v2 registry setups.

Fixes #18832

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-21 18:19:38 -08:00
Donald Huang
eb654589db help converge disagreeing swift docs
Signed-off-by: Donald Huang <don.hcd@gmail.com>
2015-12-20 23:22:19 +00:00
DJ Enriquez
8108539037 Relocating documentation to s3 storage-driver doc
Since the CloudFront middleware does not work without an S3 backend, it
became obvious that this documentation should exist within the S3
storage-driver documentation.

Signed-off-by: DJ Enriquez <dj.enriquez@infospace.com>
2015-12-18 12:48:13 -08:00
Aaron Lehmann
2e3f4934a7 docs/spec: Proposal for new manifest format
This is a follow-on to PR #62, and it borrows much of the format
from #993, but uses specific formats for the image manifest and manifest
list (fat manifest) instead of a combined generic format.

The intent of this proposed manifest format is to allow multi-arch, and
allow for full content-addressability of images in the Docker engine.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-18 12:26:02 -08:00
DJ Enriquez
4a9f6c7975 Applying recommended changes
- Corrected headings
- Added blank line after headings
- Changed example snippet to use `...`

Signed-off-by: DJ Enriquez <dj.enriquez@infospace.com>
2015-12-18 11:56:48 -08:00
DJ Enriquez
506905fd90 CloudFront-s3-middleware
Adding a more detailed document regarding how to use CloudFront as
middleware for an s3 backed registry.

Signed-off-by: DJ Enriquez <dj.enriquez@infospace.com>
2015-12-17 22:30:10 -08:00
Richard Scothern
13b56c9d20 Merge pull request #1268 from RichardScothern/manifest-refactor-impl
Implementation of the Manifest Service API refactor.
2015-12-17 17:32:55 -08:00
Richard Scothern
8efb9ca329 Implementation of the Manifest Service API refactor.
Add a generic Manifest interface to represent manifests in the registry and
remove references to schema specific manifests.

Add a ManifestBuilder to construct Manifest objects. Concrete manifest builders
will exist for each manifest type and implementations will contain manifest
specific data used to build a manifest.

Remove Signatures() from Repository interface.

Signatures are relevant only to schema1 manifests.  Move access to the signature
store inside the schema1 manifestStore.  Add some API tests to verify
signature roundtripping.

schema1
-------

Change the way data is stored in schema1.Manifest to enable Payload() to be used
to return complete Manifest JSON from the HTTP handler without knowledge of the
schema1 protocol.

tags
----

Move tag functionality to a seperate TagService and update ManifestService
to use the new interfaces.  Implement a driver based tagService to be backward
compatible with the current tag service.

Add a proxyTagService to enable the registry to get a digest for remote manifests
from a tag.

manifest store
--------------

Remove revision store and move all signing functionality into the signed manifeststore.

manifest registration
---------------------

Add a mechanism to register manifest media types and to allow different manifest
types to be Unmarshalled correctly.

client
------

Add ManifestServiceOptions to client functions to allow tags to be passed into Put and
Get for building correct registry URLs.  Change functional arguments to be an interface type
to allow passing data without mutating shared state.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>

Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2015-12-17 17:09:14 -08:00
Richard Scothern
cb6f002350 Implementation of the Manifest Service API refactor.
Add a generic Manifest interface to represent manifests in the registry and
remove references to schema specific manifests.

Add a ManifestBuilder to construct Manifest objects. Concrete manifest builders
will exist for each manifest type and implementations will contain manifest
specific data used to build a manifest.

Remove Signatures() from Repository interface.

Signatures are relevant only to schema1 manifests.  Move access to the signature
store inside the schema1 manifestStore.  Add some API tests to verify
signature roundtripping.

schema1
-------

Change the way data is stored in schema1.Manifest to enable Payload() to be used
to return complete Manifest JSON from the HTTP handler without knowledge of the
schema1 protocol.

tags
----

Move tag functionality to a seperate TagService and update ManifestService
to use the new interfaces.  Implement a driver based tagService to be backward
compatible with the current tag service.

Add a proxyTagService to enable the registry to get a digest for remote manifests
from a tag.

manifest store
--------------

Remove revision store and move all signing functionality into the signed manifeststore.

manifest registration
---------------------

Add a mechanism to register manifest media types and to allow different manifest
types to be Unmarshalled correctly.

client
------

Add ManifestServiceOptions to client functions to allow tags to be passed into Put and
Get for building correct registry URLs.  Change functional arguments to be an interface type
to allow passing data without mutating shared state.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>

Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2015-12-17 17:09:14 -08:00
Stephen Day
f72093134f Merge pull request #1257 from aaronlehmann/remove-extra-stat
Remove unnecessary stat from blob Get method
2015-12-17 14:10:12 -08:00
Aaron Lehmann
5717c8243d Do not fall back to the V1 protocol when we know we are talking to a V2 registry
If we detect a Docker-Distribution-Api-Version header indicating that
the registry speaks the V2 protocol, no fallback to V1 should take
place.

The same applies if a V2 registry operation succeeds while attempting a
push or pull.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-16 15:02:03 -08:00
Tonis Tiigi
46683f6192 Update Named reference with validation of conversions
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Tonis Tiigi
9b8f1a0895 Add own reference package wrapper
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Aaron Lehmann
a077202f88 Remove tarsum support for digest package
tarsum is not actually used by the registry. Remove support for it.

Convert numerous uses in unit tests to SHA256.

Update docs to remove mentions of tarsums (which were often inaccurate).

Remove tarsum dependency.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 17:22:18 -08:00
Aaron Lehmann
4c850e7165 Remove tarsum support for digest package
tarsum is not actually used by the registry. Remove support for it.

Convert numerous uses in unit tests to SHA256.

Update docs to remove mentions of tarsums (which were often inaccurate).

Remove tarsum dependency.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 17:22:18 -08:00
Richard Scothern
9a06c58d70 Merge pull request #1258 from thaJeztah/fix-docs-headers
Fix headers in documentation
2015-12-15 14:55:00 -08:00
David Calavera
35d767115c Merge pull request #18681 from dnephin/move_cliconfig_test
Move the TestEncodeAuth test to the correct package
2015-12-15 12:42:38 -08:00
Daniel Nephin
14d27ab761 Move the TestEncodeAuth test to the correct package.
Also make EncodeAuth and DecodeAuth private because they're only used by cliconfig.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-15 13:36:52 -05:00
gabriell nascimento
74255cd4f2 Fix typo in docs/configuration.md
Signed-off-by: Gabriell Nascimento <gabriellhrn@gmail.com>
2015-12-15 16:14:13 -02:00
Daniel Nephin
0a56a1cbd2 Move registry.SearchResult types to api/types/registry.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-15 11:44:20 -05:00
Aaron Lehmann
58232e50cf Simplify digest.FromBytes calling convention
The current implementation of digest.FromBytes returns an error. This
error can never be non-nil, but its presence in the function signature
means each call site needs error handling code for an error that is
always nil.

I verified that none of the hash.Hash implementations in the standard
library can return an error on Write. Nor can any of the hash.Hash
implementations vendored in distribution.

This commit changes digest.FromBytes not to return an error. If Write
returns an error, it will panic, but as discussed above, this should
never happen.

This commit also avoids using a bytes.Reader to feed data into the hash
function in FromBytes. This makes the hypothetical case that would panic
a bit more explicit, and should also be more performant.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-14 14:30:51 -08:00
Vincent Demeester
239cb0f4e9 Merge pull request #18644 from calavera/remove_timeout_func_dependency_from_api_lib
Remove timeout shared function.
2015-12-14 23:05:29 +01:00
David Calavera
55fad57ac8 Remove timeout shared function.
Handle timeouts when it's necessary based on a Timeout interface.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-14 14:24:21 -05:00
Daniel Nephin
aead731d54 Move IndexInfo and ServiceConfig types to api/types/registry/registry.go
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-14 11:28:02 -05:00
Daniel Nephin
6fc54d049b Move AuthConfig to api/types
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-14 11:22:01 -05:00
Vincent Demeester
4a3b23718b Merge pull request #18618 from dnephin/refactor_resolve_auth_config
Refactor ResolveAuthConfig to remove the builder dependency on cli code
2015-12-14 15:23:36 +01:00
Justas Brazauskas
11e8c03c18 Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2015-12-13 18:04:12 +02:00
Daniel Nephin
f7bb65ca8b Refactor ResolveAuthConfig to remove the builder dependency on cli code.
registry.ResolveAuthConfig() only needs the AuthConfigs from the ConfigFile, so
this change passed just the AuthConfigs.

Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-11 19:31:24 -08:00
Sebastiaan van Stijn
129c9a22f7 Fix headers in documentation
These headers were rendered as body text
because there was no space, but a "tab" after
the `#`.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2015-12-12 01:39:51 +01:00
Aaron Lehmann
4ebaacfcda Remove unnecessary stat from blob Get method
This calls Stat before Open, which should be unnecessary because Open
can handle the case of a nonexistent blob. Removing the Stat saves a
round trip.

This is similar to the removal of stat in Open in #1226.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-11 15:13:03 -08:00
Li Yi
cfd2f03920 Support large layer for OSS driver
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-12-11 10:56:50 +08:00
Aaron Lehmann
00cca12e77 Improved push and pull with upload manager and download manager
This commit adds a transfer manager which deduplicates and schedules
transfers, and also an upload manager and download manager that build on
top of the transfer manager to provide high-level interfaces for uploads
and downloads. The push and pull code is modified to use these building
blocks.

Some benefits of the changes:

- Simplification of push/pull code
- Pushes can upload layers concurrently
- Failed downloads and uploads are retried after backoff delays
- Cancellation is supported, but individual transfers will only be
  cancelled if all pushes or pulls using them are cancelled.
- The distribution code is decoupled from Docker Engine packages and API
  conventions (i.e. streamformatter), which will make it easier to split
  out.

This commit also includes unit tests for the new distribution/xfer
package. The tests cover 87.8% of the statements in the package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-09 19:13:35 -08:00
Richard Scothern
e6363e8a20 Merge pull request #1187 from stevvooe/check-storage-drivers-list-path-not-found
[WIP] registry/storage/driver: checking that non-existent path returns PathNotFoundError
2015-12-08 16:32:02 -08:00
Stephen J Day
d68acc869e storage/driver/s3: adjust s3 driver to return unmunged path
This fixes both the s3 driver and the oss driver to return the unmunged path
when returning errors.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-12-08 15:48:55 -08:00
Stephen Day
3032cd2aa9 Merge pull request #1246 from stevvooe/decrease-driver-testsuite-allocations
storage/driver: decrease memory allocation done during testsuite
2015-12-08 14:52:59 -08:00
Kenny Leung
d38e02c52f Print error for failed HTTP auth request.
Signed-off-by: Kenny Leung <kleung@google.com>
2015-12-08 14:24:03 -08:00
Li Yi
533c912d3e Fix the issue for listing root directory
Change-Id: I1c6181fa4e5666bd2e6ec69cb608c4778ae0fe48
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-12-08 12:04:04 -08:00
Li Yi
3a5c6446d8 Fix for stevvooe:check-storage-drivers-list-path-not-found in OSS driver
Change-Id: I5e96fe761d3833c962084fd2d597f47e8a72e7c2
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-12-08 12:04:04 -08:00
davidli
aa08ced9d7 driver/swift: treat empty object list as a PathNotFoundError
Swift returns an empty object list when trying to read a non-existing object path, treat it as a
PathNotFoundError when trying to list a non existing virtual directory.

Signed-off-by: David li <wenquan.li@hpe.com>
2015-12-08 12:04:04 -08:00
Vincent Giersch
c39158d48c driver/rados: treat OMAP EIO as a PathNotFoundError
RADOS returns a -EIO when trying to read a non-existing OMAP, treat it as a
PathNotFoundError when trying to list a non existing virtual directory.

Signed-off-by: Vincent Giersch <vincent@giersch.fr>
2015-12-08 12:04:04 -08:00
Stephen J Day
10f7b7bf95 storage/driver/s3: correct response on list of missing directory
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-12-08 12:04:03 -08:00
Stephen J Day
dc5b71afb0 storage/driver/base: use correct error format style
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-12-08 12:04:03 -08:00
Stephen J Day
c46d32bfbb driver/filesystem: address filesystem driver on behavior of List
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-12-08 12:04:03 -08:00
Stephen J Day
4829e9685e registry/storage/driver: checking that non-existent path returns PathNotFoundError
Issue #1186 describes a condition where a null tags response is returned when
using the s3 driver. The issue seems to be related to a missing
PathNotFoundError in s3. This change adds a test for that to get an idea of the
lack of compliance across storage drivers. If the failures are manageable,
we'll add this test condition and fix the s3 driver.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-12-08 12:04:03 -08:00
Stephen Day
51c5b868b1 Merge pull request #1238 from noxiouz/fix_comment
Fix comment for PathRegexp
2015-12-08 10:41:16 -08:00
Stephen Day
9bf537dede Merge pull request #1241 from pdevine/catalog-speedup
Make the catalog more efficient
2015-12-08 10:20:51 -08:00
Aaron Lehmann
03778bd1d2 Add missing bounds in ContinueOnError
ContinueOnError assumes that something of type errcode.Errors contains
at least one error. This is generally true, but might not be true if the
remote registry returns an empty error body or invalid JSON. Add the
bounds check, and in the case where it fails, allow fallbacks to v1.

Fixes #18481

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-08 09:54:20 -08:00
Richard Scothern
e7e0b72ae0 Merge pull request #1243 from RichardScothern/client-header-message
Add clearer messaging around missing content-length headers.
2015-12-08 09:54:18 -08:00
Stephen J Day
be2985a35d storage/driver: decrease memory allocation done during testsuite
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-12-07 19:05:13 -08:00
Carson A
2c2fbc4c24 Update nginx.md
Fixes a huge problem where a nginx variable was not escaped and nginx was adding the literal string "always" to all requests.
The most obvious result was that basic auth was entirely broken.

Signed-off-by: Carson Anderson <ca@carson-anderson.com>
2015-12-07 15:47:51 -07:00
Patrick Devine
ecb84029ec Make the catalog more efficient
This change removes the sort() from the Repositories() function since
we're now guaranteed to have a lexigraphically sorted walk.

Signed-off-by: Patrick Devine <patrick.devine@docker.com>
2015-12-07 12:33:01 -08:00
Carson A
de3263c9d6 Update nginx.md
Split commands out from their lead-ins.

Signed-off-by: Carson Anderson <ca@carson-anderson.com>
2015-12-07 12:32:03 -07:00
Richard Scothern
3b7e1a986a Merge pull request #1157 from lebauce/swift-bulk-delete-fixes
Use bulk delete to remove segments in Swift driver
2015-12-07 10:56:32 -08:00
Richard Scothern
fb2142147f Add clearer messaging around missing content-length headers.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-12-07 10:17:49 -08:00
Tibor Vass
3e88c525eb Merge pull request #18105 from mishak87/registry-improvements
Registry tiny code improvements
2015-12-07 13:35:02 +01:00
Sven Dowideit
226d8c4f07 Merge pull request #1234 from SvenDowideit/linkchecker-fixes
Small doc fixes found by the linkchecker
2015-12-05 09:30:58 +10:00
Anton Tiurin
d6cc32965e Fix comment for PathRegexp
Signed-off-by: Anton Tiurin <noxiouz@yandex.ru>
2015-12-04 22:14:21 +03:00
Sylvain Baubeau
b596464d38 Use bulk delete to remove segments in Swift driver
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-12-04 12:16:49 +01:00
Stephen Day
568bf038af Merge pull request #1233 from kendru/patch-1
Escape dollar signs
2015-12-03 12:29:12 -08:00
Stephen Day
fb89fd30f8 Merge pull request #1231 from tonistiigi/digest-length-check
Validate digest length on parsing
2015-12-03 12:17:16 -08:00
Stephen Day
0a71df72a1 Merge pull request #1211 from tt/remove-name-verification
Remove name verification
2015-12-03 11:59:21 -08:00
Sven Dowideit
7d0d94814b Small doc fixes found by the linkchecker
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2015-12-03 21:26:41 +10:00
Andrew Meredith
6357b02236 Escape dollar signs
If this example was copied and pasted, the shell would try to interpolate `$upstream_http_docker_distribution_api_version` and `$docker_distribution_api_version`.

Signed-off-by: Andrew Meredith <andymeredith@gmail.com>
2015-12-02 23:45:09 -07:00
Stephen Day
0aee52fa3d Merge pull request #1227 from stevvooe/walk-sorted
storage: enforce sorted traversal during Walk
2015-12-02 18:37:44 -08:00
Patrick Devine
b084c77c70 Clarify pagination for catalog API endpoint
This change clarifies the way the catalog endpoint returns results
when pagination was not explicitly requested.

Signed-off-by: Patrick Devine <patrick.devine@docker.com>
2015-12-02 18:02:51 -08:00
Tonis Tiigi
1f5f9bad39 Validate digest length on parsing
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-02 16:04:06 -08:00
Aaron Lehmann
bf2cc0a9d6 Avoid stat round-trips when fetching a blob
Without this commit, three round-trips are required to fetch a blob with
a progress bar. The first is a call to Stat (HEAD request), to determine
the size. Then Open is called, which also calls Stat, and finally
performs a GET request.

Only the GET request is actually needed. The size of the blob can be
sniffed from Content-Length in the GET response.

This commit changes HTTPReadSeeker to automatically detect the size from
Content-Length instead of requiring it to be passed in. The Stat call is
removed from Open because it is no longer necessary.

HTTPReadSeeker now takes an additional errorHandler callback argument which
translates an unsuccessful HTTP response into an appropriate API-level
error. Using a callback for this makes it possible to avoid leaking the
repsonse body to Read's caller, which would make lifecycle management
problematic.

Fixes #1223

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-02 14:21:13 -08:00
mqliang
b7d246effb rename req to resp
Signed-off-by: mqliang <mqliang.zju@gmail.com>
2015-12-02 20:38:54 +08:00
Stephen J Day
6693e9667c storage: add further tests for Walk implementation
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-12-01 16:55:10 -08:00
Stephen J Day
93f92498ce storage: enforce sorted traversal during Walk
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-12-01 16:25:30 -08:00
Stephen J Day
7bf8f846c2 storage: correctly handle error during Walk
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-12-01 16:25:29 -08:00
Troels Thomsen
e1cf7c418b Map error type to error code
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-12-01 22:26:37 +01:00
Troels Thomsen
beeff299f8 Use well-known error type
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-12-01 22:23:47 +01:00
Sven Dowideit
9ec49c04fd TOC for configuration page incorrect
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2015-12-01 14:07:55 +10:00
Sven Dowideit
b43d0baec0 Use FROM docs/base:latest again
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2015-11-26 20:34:00 +10:00
Troels Thomsen
8299937613 Verify manifest name format
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-11-26 10:28:35 +01:00
Troels Thomsen
6fb6183083 Verify manifest name length
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-11-26 10:28:28 +01:00
Troels Thomsen
a9a1b57900 Remove name verification
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-11-25 21:16:28 +01:00
Troels Thomsen
8257e8c42a Use case of type name
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-11-25 21:12:49 +01:00
Richard Scothern
4874f111ea Merge pull request #1208 from farmerworking/fix-oss-doc-error
Oss secure option default to true, Fix doc error
2015-11-25 11:25:25 -08:00
Richard Scothern
7647f7fe76 Merge pull request #1204 from MHBauer/gh1197
Formatting content digest calculation to avoid copyright symbols
2015-11-25 11:24:06 -08:00
Michal Gebauer
73a209107e Check if CertsDir is not empty
Signed-off-by: Michal Gebauer <mishak@mishak.net>
2015-11-25 18:12:19 +01:00
mqliang
6bb27bcfda move defer statement for readability
Signed-off-by: mqliang <mqliang.zju@gmail.com>
2015-11-25 22:33:15 +08:00
farmerworking
8acf5a4d63 Oss secure option default to true, Fix doc error
Signed-off-by: farmerworking <farmerworking@gmail.com>
2015-11-25 12:38:44 +08:00
Avi Miller
a7199f5d7c Fixed whitespace and made the command consistent with the other examples.
Signed-off-by: Avi Miller <avi.miller@oracle.com>
2015-11-25 10:41:40 +11:00
Avi Miller
b27d479ad5 Adding additional comment to enable the shared system certificates store.
Signed-off-by: Avi Miller <avi.miller@oracle.com>
2015-11-25 10:30:12 +11:00
Morgan Bauer
17d4e82944
Formatting content digest calculation to avoid copyright symbols
- resolves #1197

Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-11-24 10:13:34 -08:00
Tonis Tiigi
7efcb7496c Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
Sven Dowideit
64bc8af1b9 Doc fixes found by validation job
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2015-11-20 12:21:03 +10:00
Alexander Morozov
dde006ba6b registry/registry.go: simplify logical expression
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-17 16:12:11 -08:00
Alexander Morozov
fc2531f15c Merge pull request #17617 from askb/17168_pull_error_fix
Fix for #17168 issue
2015-11-17 16:10:44 -08:00
David Calavera
3eeebe7be3 Make NormalizeLocalName to not reach the network to normalize names.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-17 03:31:32 -05:00
Anil Belur
1820704288 Fix for #17168 misleading pull error
This fix avoids overwritting the previous error messages, ensures the client gets the correct error messages and not just the most recent message during the pull request.
For this `var lastErr` replaced with a slice which acts as a temp place holder for the list of returned error messages for every attempt.
The slice is later joined and returned to the caller function after searching for the image with diffirent versions(v2,v1,v0).

Updated the code with check for no space left on device error occurance and prevent the
daemon on falling back to v1,v0.

Incorporated the comments from @calavera, @RichardScothern, @cpuguy83

Signed-off-by: Anil Belur <askb23@gmail.com>
2015-11-14 16:24:45 +05:30
Stephen Day
c0d094a72a Merge pull request #1166 from treed/master
De-obfuscate error message
2015-11-11 17:18:25 -08:00
Richard Scothern
a53b1a9989 Merge pull request #1125 from rustyconover/fix-url-path-escaping
Fix failing test case for URL escaping problem.
2015-11-10 16:50:55 -08:00
Richard Scothern
aaf448b2de Merge pull request #1141 from lebauce/swift-no-missing-segment
Ensure read after write for segments
2015-11-10 10:39:43 -08:00
Aaron Lehmann
accfa46f9b Fix empty delete requests with Swift fs driver
The Delete method lists objects under the given path and tries to delete
all of them with a bulk delete request. If the path has no objects
underneath it, the body of this request will be empty, which causes
HTTP-level issues. Specifically, Go's HTTP client senses the empty
request buffer and doesn't include a Content-Length, which causes the
Swift server to fail the request.

This commit fixes the problem by avoiding sending empty bulk delete
requests. This is the correct thing to do anyway, since there's no
reason to request deletion of zero objects.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-09 15:33:05 -08:00
Vincent Demeester
9516a01c56 dockerversion placeholder for library import
- Add a *version* file placeholder.
- Update autogen and builds to use it and an autogen build flag

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-09 19:32:46 +01:00
Ted Reed
f01a70c8a6 De-obfuscate error message
Previously, this error message would stringify as a pointer address,
which isn't particularly helpful.

This change breaks out the elements of the challenge object such that
the error is appropriately represented.

Signed-off-by: Ted Reed <ted.reed@gmail.com>
2015-11-06 17:10:28 -08:00
Richard Scothern
057284b593 Merge pull request #1156 from RichardScothern/manifest-verification
Manifest Verification
2015-11-04 14:09:12 -08:00
Jess Frazelle
0d91f2899e Merge pull request #17614 from LK4D4/fix_golint
Update linting tools to latest versions
2015-11-03 15:32:12 -08:00
Richard Scothern
78b6d648fa Before allowing a schema1 manifest to be stored in the registry, ensure that it
contains equal length History and FSLayer arrays.

This is required to prevent malformed manifests being put to the registry and
failing external verification checks.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-11-03 15:19:46 -08:00
Richard Scothern
e79324edd8 Add a generic error type to capture non-typed errors
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-11-03 11:19:44 -08:00
amitshukla
7840a5bc8f Fix for issue 664: https://github.com/docker/distribution/issues/664
Errors thrown by storage drivers don't have the name of the driver, causing user
confusion about whether the error is coming from Docker or from a storage driver.
This change adds the storage driver name to each error message.

This required changing ErrUnsupportedDriver to a type, leading to code changes
whenever ErrUnsupportedDriver is used.  The tests check whether the driver name
appears in the error message.

Signed-off-by: Amit Shukla <amit.shukla@docker.com>
2015-11-03 11:19:17 -08:00
Richard Scothern
bd958d8b88 Merge pull request #1114 from lebauce/swift-temp-url
Redirect support in Swift driver
2015-11-03 09:34:01 -08:00
Sylvain Baubeau
34c1d0ed50 Ensure read after write for segments
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-11-03 17:09:52 +01:00
Sylvain Baubeau
7c3281861f Add support for temporary URL for Swift driver
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-11-03 09:59:50 +01:00
Sylvain Baubeau
11546b5309 Add support for temporary URL for Swift driver
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-11-03 09:59:50 +01:00
Aaron Lehmann
afd61ce8f2 Vendor updated version of docker/distribution
This updates the vendored docker/distribution to the current master
branch.

Note the following changes:

- The manifest package was split into manifest/schema1. Most references
  to the manifest package in the engine needed to be updated to use
  schema1 instead.

- Validation functions in api/v2 were replaced by the
  distribution/reference package. The engine code has been updated to
  use the reference package for validation where necessary. A future PR
  will change the engine to use the types defined in
  distribution/reference more comprehensively.

- The reference package explicitly allows double _ characters in
  repository names. registry_test.go was updated for this.

- TestPullFailsWithAlteredManifest was corrupting the manifest JSON, now
  that the schema1 package unmarshals the correct payload. The test is
  being changed to modify the JSON without affecting its length, which
  allows the pull to succeed to the point where digest validation
  happens.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-02 12:40:18 -08:00
Stephen J Day
854fa0a4dd registry/storage: close filereader after allocation
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-11-02 11:55:11 -08:00
Alexander Morozov
94913b8f7f Fix go vet warnings
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-02 08:28:34 -08:00
Richard Scothern
00f02b5fbc Buffer writing the scheduler entry state to disk by periodically checking for
changes to the entries index and saving it to the filesystem.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-10-29 11:35:52 -07:00
Richard Scothern
a31e93e1c4 Merge pull request #756 from aibaars/storage-gcs
Storage driver for Google Cloud Storage
2015-10-29 10:41:17 -07:00
Richard Scothern
cbf1f0797c Merge pull request #1096 from aaronlehmann/simplify-proxy-scheduler
Simplify proxy scheduler
2015-10-28 13:23:00 -07:00
Arthur Baars
98ad17f757 Storage driver for: Google Cloud Storage (gcs)
Signed-off-by: Arthur Baars <arthur@semmle.com>
2015-10-28 20:21:56 +00:00
Arthur Baars
59784ecdd0 Storage driver for: Google Cloud Storage (gcs)
Signed-off-by: Arthur Baars <arthur@semmle.com>
2015-10-28 20:21:56 +00:00
Brian Goff
24de26a805 Revert "dockerversion placeholder for library-import"
This reverts commit c2d5c29437.

Commit caused issues on systems with case-insensitive filesystems.
Revert for now

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-10-27 21:23:53 -04:00
Vincent Demeester
c2d5c29437 dockerversion placeholder for library-import
- Move autogen/dockerversion to version
- Update autogen and "builds" to use this package and a build flag

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-10-27 20:36:07 +01:00
Matt Moore
b38b98c8a8 Add expires_in and issued_at to the auth spec.
This extends the specification for the Bearer token response to include
information pertaining to when an issued Bearer token will expire.

This also allows the client to accept `access_token` as an alias for `token`.

Signed-off-by: Matt Moore <mattmoor@google.com>
2015-10-27 11:05:33 -07:00
Matt Moore
0c7cd3fcf8 Add expires_in and issued_at to the auth spec.
This extends the specification for the Bearer token response to include
information pertaining to when an issued Bearer token will expire.

This also allows the client to accept `access_token` as an alias for `token`.

Signed-off-by: Matt Moore <mattmoor@google.com>
2015-10-27 11:05:33 -07:00
Rusty Conover
9293e3db11 Fix failing test case
When building a URL don't include path components in the host parameter.

Closes #1124

Signed-off-by: Rusty Conover <rusty@luckydinosaur.com>
2015-10-25 13:03:22 -04:00
Sebastiaan van Stijn
bf6ca6cb53 Docs: replace emoji with regular warning
The docs don't render emoji, so replaced the `⚠️` with
a `**Warning**:` to keep the formatting consisten with
`**Note**:` used in other parts of the docs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2015-10-22 15:59:48 -07:00
Richard Scothern
a266f99418 Merge pull request #1095 from mrwacky42/api-version-annotated
Add annotated example for adding header; +spelling
2015-10-22 14:04:32 -07:00
Sven Dowideit
a5040860f2 Prevent md->html link generation
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2015-10-22 17:27:21 +10:00
Stephen Day
8cc790cccf Merge pull request #1098 from denverdino/master
Redundant digest verification in validateBlob when pushing a new layer
2015-10-21 14:50:18 -07:00
Tianon Gravi
8263cdeb57 Update "type auth.Challenge" comment example code
This interface was changed in 4a2300aaa9, but the comment wasn't ever updated to match.

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-10-21 11:54:13 -07:00
Aaron Lehmann
fc5ee720d1 Correct two golint comment issues
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-19 16:42:12 -07:00
Richard Scothern
f9317483d3 Clearer documentation around environment variable overrides
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-10-19 14:52:08 -07:00
Richard Scothern
0ce983b4e8 Merge pull request #1006 from RichardScothern/proxy-serialize
Fix a race condition in pull through cache population
2015-10-16 17:13:26 -07:00
Mary Anthony
8e92a8ab00 Updating for Hugo 15 patch
Signed-off-by: Mary Anthony <mary@docker.com>
2015-10-16 12:20:38 -07:00
Stephen Day
eb484b7ddf Merge pull request #827 from aaronlehmann/read-only-mode-2
Add a read-only mode as a configuration option
2015-10-15 11:50:31 -07:00
Stephen Day
dfe60f4cb1 Merge pull request #827 from aaronlehmann/read-only-mode-2
Add a read-only mode as a configuration option
2015-10-15 11:50:31 -07:00
Richard Scothern
539d6312bf Merge pull request #1053 from mrwacky42/patch-1
Fix spelling
2015-10-15 11:44:57 -07:00
Aaron Lehmann
84595fc628 Simplify proxy scheduler
The proxy scheduler implemented its own timer state machine. It's
simpler and more efficient to leverage the Go runtime's timer heap by
using time.AfterFunc.

This commit adds a time.Timer to each scheduler entry, and starts and
stops those timers as necessary. Then the mainloop goroutine and its
associated logic are not needed.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-15 09:18:21 -07:00
Li Yi
c40b2e2341 Redundant digest verification in validateBlob
Change-Id: I03764edadae529db2cc3acf7ecca329570f18659
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-10-15 22:21:14 +08:00
Sharif Nassar
0249cc9cb2 Add annotated example for adding header; +spelling
This adds a variable to help nginx add the
Docker-Distribution-Api-Version when using basic auth, and not add the
header when it sees it from the upstream.

Also fix some minor spelling/grammar issues.

Signed-off-by: Sharif Nassar <sharif@mrwacky.com>
2015-10-14 15:21:18 -07:00
Stephen J Day
26762a54fe Correct unmarshal order for SignedManifest
To ensure that we only unmarshal the verified payload into the contained
manifest, we first copy the entire incoming buffer into Raw and then unmarshal
only the Payload portion of the incoming bytes. If the contents is later
verified, the caller can then be sure that the contents of the Manifest fields
can be trusted.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-14 14:37:34 -07:00
Richard Scothern
da206d64cb Merge pull request #1035 from aaronlehmann/host-parameter-alternate
Add http.host parameter
2015-10-13 14:03:48 -07:00
Richard Scothern
4c4112bdcf Merge pull request #1035 from aaronlehmann/host-parameter-alternate
Add http.host parameter
2015-10-13 14:03:48 -07:00
Stephen Day
80783c058f Merge pull request #1033 from jlhawn/api_spec_update_auth_errors
[api spec] Update authN and authZ errors
2015-10-13 13:52:18 -07:00
Stephen Day
bfd1f423c5 Merge pull request #1033 from jlhawn/api_spec_update_auth_errors
[api spec] Update authN and authZ errors
2015-10-13 13:52:18 -07:00
Sharif Nassar
929595c7d1 Fix spelling
Signed-off-by: Sharif Nassar <sharif@mrwacky.com>
2015-10-12 16:11:30 -07:00
Derek McGowan
582a0661bf Update to provide small and clear interfaces
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-09 16:05:49 -07:00
Tibor Vass
b72f1fd2e3 Add a new reference package abstracting repositories, tags and digests
There seems to be a need for a type that represents a way of pointing
to an image, irrespective of the implementation.

This patch defines a Reference interface and provides 3 implementations:
- TagReference: when only a tag is provided
- DigestReference: when a digest (according to the digest package) is
  provided, can include optional tag as well

Validation of references are purely syntactic.

There is also a strong type for tags, analogous to digests, as well
as a strong type for Repository from which clients can access the
hostname alone, or the repository name without the hostname, or both
together via the String() method.

For Repository, the files names.go and names_test.go were moved from
the v2 package.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-10-09 16:05:34 -07:00
Derek McGowan
ed69ef01ee Update distribution package
Pick up name regexp change in distribution to allow matching of hostnames as a valid component of a repository.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-08 17:16:43 -07:00
Brian Bland
90fe4b9256 Fixes documentation for swift driver "container" parameter
No longer claims that an additional segments container is used

Signed-off-by: Brian Bland <brian.bland@docker.com>
2015-10-08 16:51:57 -07:00
Richard Scothern
36fa22c821 Fix a race condition in pull through cache population by removing the functionality
of readers joining current downloads.  Concurrent requests for the same blob
will not block, but only the first instance will be comitted locally.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-10-08 16:12:29 -07:00
Matt Moore
d5ca577ad1 Allow hostname components in component names.
Fixes https://github.com/docker/distribution/issues/1062

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
2015-10-08 11:29:54 -07:00
Richard Scothern
4946d0d035 Merge pull request #1072 from compnski/patch-1
Update configuration.md
2015-10-08 10:12:21 -07:00
Jason Freidman
1c1917fd5a Update configuration.md
It seems that enabling proxy stops my instance from accepting local pushes, but I can't find mention of that in the docs.

Signed-off-by: Jason Freidman <jason@periscope.io>
2015-10-07 20:02:58 -07:00
Jessica Frazelle
0b543b4767 change flag name to better follow the other flags that start with disable;
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-10-07 10:16:37 -07:00
harche
4ff7656ba1 Typo in command to check registry version
Signed-off-by: Harshal <p.harshal@gmail.com>
2015-10-07 16:38:42 +05:30
Vincent Demeester
60edb40c29 Merge pull request #16509 from HuKeping/search-problem
Fix docker search problem
2015-10-04 18:21:32 +02:00
Hu Keping
82965f6c84 Fix docker search problem
Search terms shouldn't be restricted to only full valid repository
names. It should be perfectly valid to search using a part of a name,
even if it ends with a period, dash or underscore.

Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-10-04 23:23:43 +08:00
Richard Scothern
89bedf1e7f Merge pull request #1048 from docker/docs-secure-default
Correct the default setting of s3's "secure" parameter in configuration.md
2015-10-01 10:26:38 -07:00
Richard Scothern
1039e2dc26 Merge pull request #950 from jackpgriffin/master
Skip creating swift container if already exists
2015-10-01 10:15:54 -07:00
Aaron Lehmann
7f83bfd8af Correct the default setting of s3's "secure" parameter in configuration.md
This defaults to true in the code, but the doc claimed it defaults to
false.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-30 18:41:06 -07:00
Aaron Lehmann
6573d5c119 Add http.host parameter
This allows the administrator to specify an externally-reachable URL for
the registry. It takes precedence over the X-Forwarded-Proto and
X-Forwarded-Host headers, and the hostname in the request.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-30 15:12:01 -07:00
Aaron Lehmann
0a6988195e Add http.host parameter
This allows the administrator to specify an externally-reachable URL for
the registry. It takes precedence over the X-Forwarded-Proto and
X-Forwarded-Host headers, and the hostname in the request.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-30 15:12:01 -07:00
Derek McGowan
618ffe118b Merge pull request #1005 from xiekeyang/spec
add description to manifest spec
2015-09-30 11:47:16 -07:00
Richard Scothern
e760fb2dc6 Merge pull request #988 from tt/fix-incorrect-default
Fix incorrect default
2015-09-30 10:40:11 -07:00
Josh Hawn
fa4c33f5f3 [api spec] Update authN and authZ errors
Associate HTTP 401s with Authentication errors rather than Authorization
errors. Changes the meaning of the UNAUTHORIZED error to be authentication
specific.

Defines DENIED error code to be associated with authorization
errors which result in HTTP 403 responses.

Add 'No Such Repository' errors to more endpoints.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-09-30 09:12:31 -07:00
Josh Hawn
0f670bdc91 [api spec] Update authN and authZ errors
Associate HTTP 401s with Authentication errors rather than Authorization
errors. Changes the meaning of the UNAUTHORIZED error to be authentication
specific.

Defines DENIED error code to be associated with authorization
errors which result in HTTP 403 responses.

Add 'No Such Repository' errors to more endpoints.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-09-30 09:12:31 -07:00
Stephen Day
3532bc3f2c Merge pull request #1024 from aaronlehmann/avoid-testing-import
Avoid importing "testing" in externally-facing code
2015-09-30 13:14:42 +02:00
xiekeyang
da8ef7585d add description to manifest spec
This PR add some description to manifest spec.
It clarifies the relationship between `fsLayers` and `history` fields.

Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-09-30 10:16:46 +08:00
Aaron Lehmann
b045aa2a3d Avoid importing "testing" in externally-facing code
The "testing" package adds some flags in its init function, so utilities
that import distribution code may print a page of extra testing flags in
their help output.

This commit solves the issue by moving an import of "testing" in the
registry/storage/cache package to a new
registry/storage/cache/cachecheck package, which is only imported by
tests.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-29 10:06:39 -07:00
Aaron Lehmann
8a05f9bb4f Merge pull request #1001 from RichardScothern/fix-atrocity
Don't return nil, nil from functions
2015-09-28 13:34:11 -07:00
Troels Thomsen
cfe50c9ef4 Fix incorrect default
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-28 10:08:17 +02:00
Richard Scothern
ebaa771c3b Prevent push and pull to v1 registries by filtering the available endpoints.
Add a daemon flag to control this behaviour.  Add a warning message when pulling
an image from a v1 registry.  The default order of pull is slightly altered
with this changset.

Previously it was:
https v2, https v1, http v2, http v1

now it is:
https v2, http v2, https v1, http v1

Prevent login to v1 registries by explicitly setting the version before ping to
prevent fallback to v1.

Add unit tests for v2 only mode.  Create a mock server that can register
handlers for various endpoints.  Assert no v1 endpoints are hit with legacy
registries disabled for the following commands:  pull, push, build, run and
login.  Assert the opposite when legacy registries are not disabled.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-25 15:59:42 -07:00
Richard Scothern
d03c56129c Merge pull request #991 from mattmoor/expires_in_proposal
Fixes #684
2015-09-25 15:23:28 -07:00
Sungho Moon
7bf66b6855 Minor grammar fix : duplicated coordinators.
Signed-off-by: Sungho Moon <sungho.moon@navercorp.com>
2015-09-23 11:40:13 +09:00
Aaron Lehmann
cbf83ecd31 Add an "enabled" parameter under "readonly", and make it as if the mutable handlers don't exist when read-only mode is enabled
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:49:26 -07:00
Aaron Lehmann
a601f92336 Add an "enabled" parameter under "readonly", and make it as if the mutable handlers don't exist when read-only mode is enabled
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:49:26 -07:00
Aaron Lehmann
df9758ba39 Add a read-only mode as a configuration option
Add "readonly" under the storage/maintenance section. When this is set
to true, uploads and deletions will return 503 Service Unavailable
errors.

Document the parameter and add some unit testing.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:47:48 -07:00
Aaron Lehmann
c9bb330b71 Add a read-only mode as a configuration option
Add "readonly" under the storage/maintenance section. When this is set
to true, uploads and deletions will return 503 Service Unavailable
errors.

Document the parameter and add some unit testing.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:47:48 -07:00
Nuutti Kotivuori
84e7c07c42 Remove initial access check from S3 driver
In the S3 storage driver there is currently an initial access permission check by listing the bucket. If this check fails, registry will panic and exit.

However, this check is broken in two ways. First of all it strips the final slash from the root directory path, meaning that any access permissions which limit access to a single directory will fail, because S3 treats the path as strict prefix match. Secondly it fails to strip any leading slash that might be present, unlike the other access places, which means that the path used is different as a leading slash is allowed and significant in a filename in S3.

Since there is also a periodic health check which correctly checks access permissions and shows the error more cleanly, the best solution seems to be to just remove this initial access check.

Signed-off-by: Nuutti Kotivuori <nuutti.kotivuori@poplatek.fi>
2015-09-19 12:47:12 +03:00
Richard Scothern
9fb5fe4fbb Don't return a nil array and a nil error if the Tags endpoint cannot be found
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-18 16:19:41 -07:00
Richard Scothern
b8a1ec4155 Avoid returning nil, nil when fetching a manifest by tag by introducing a new
error ErrManifestNotModified which can be checked by clients.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-18 16:19:37 -07:00
Matt Moore
ca7c845dc0 Fixes #684
Split the discussion of v2 authentication into two parts:
1) A specification of the handshake between the client, registry and
authentication service.
2) A description of how `docker/distribution` implements this using JWT.

This should make it clearer that `#2` is an implementation detail, and
that clients should regard tokens as opaque entities that only the
registry and authentication service should understand.

Signed-off-by: Matt Moore <mattmoor@google.com>
2015-09-18 15:26:32 -07:00
xiekeyang
78c760f898 typo
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-09-18 17:27:01 +08:00
Aaron Lehmann
f651c5d68e Merge pull request #981 from LouisKottmann/master
Add exemple proxy mistake whith nginx sitting behind an ELB
2015-09-17 14:35:12 -07:00
Louis Kottmann
4075e2bb3d Add exemple proxy mistake whith nginx sitting behind an ELB
closes #970

Signed-off-by: Louis Kottmann <louis.kottmann@gmail.com>
2015-09-17 12:46:12 +02:00
Richard Scothern
4271c60d98 Merge pull request #973 from jlhawn/update_token_spec
[docs/spec/auth] Clarify the Token auth workflow
2015-09-16 10:41:08 -07:00
Stephen J Day
49f080acc8 Add WithVersion to context and other cleanup
By adding WithVersion to the context package, we can simplify context setup in
the application. This avoids some odd bugs where instantiation order can lead
to missing instance.id or version from log messages.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-09-14 17:14:31 -07:00
Josh Hawn
fb481ef843 [docs/spec/auth] Clarify the Token auth workflow
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-09-14 15:57:16 -07:00
Stephen J Day
cabf1fd236 Allow interface{} keys when using logger
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-09-11 11:33:55 -07:00
Aaron Lehmann
6403bf64d5 Only use the distribution/context package in registry.go
This solves a issue from #909 where instance.id was not printed in logs,
because this file was using the background context from
golang.org/x/net/context instead of
github.com/docker/distribution/context.

It's cleaner to standardize on one package, so this commit removes the
import of golang.org/x/net/context entirely. The Context interfaces
defined in both packages are the same, so other code using
golang.org/x/net/context can still pass its context to NewRegistry.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-11 09:54:15 -07:00
Stephen Day
1cdcc0462a Merge pull request #888 from aaronlehmann/config-env-vars
More flexible environment variable overrides
2015-09-10 17:01:30 -07:00
Aaron Lehmann
045db61784 Add a cobra command that implements the entire main function for registry
Use this command in cmd/registry/main.go.

Move debug server to the main command, and change Serve to be a
ListenAndServe function.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-09 14:39:31 -07:00
Aaron Lehmann
8dd51d6460 Move initialization code from main.go to the registry package
This makes it easier to embed a registry instance inside another
application.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-09 14:39:31 -07:00
David Calavera
2b658054bb Make RegistryConfig a typed value in the api.
Remove possible circular dependency that prevented us from using a real
type.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-09-07 19:29:33 -04:00
Jack Griffin
8ceca304b0 Skip creating swift container if already exists
Signed-off-by: Jack Griffin <jackpg14@gmail.com>
2015-09-04 18:53:17 +00:00
Aaron Lehmann
a49bf24abe More flexible environment variable overrides
Overriding configuration parameters with environment variables used to
work by walking the configuration structure and checking for a
corresponding environment variable for each item. This was very limiting
because only variables corresponding to items that already existed in
the configuration structure would be checked. For example, an
environment variable corresponding to nested maps would only be noticed
if the outer map's key already existed.

This commit changes environment variable overriding to iterate over the
environment instead. For environment variables beginning with the
REGISTRY_ prefix, it splits the rest of their names on "_", and
interprets that as a path to the variable to unmarshal into. Map keys
are created as necessary. If we encounter an empty interface partway
through following the path, it becomes an implicit
map[string]interface{}.

With the new unit tests added here, parser.go now has 89.2% test
coverage.

TestParseWithExtraneousEnvStorageParams was removed, because the limit
of one storage driver is no longer enforced while parsing environment
variables. Now, Storage.Type will panic if multiple drivers are
specified.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-03 16:11:53 -07:00
Hua Wang
8f5f6a4e59 Add TrustId parameter to swift driver
github/ncw/swift has added support for trust, so let's add it.

Signed-off-by: Hua Wang <wanghua.humble@gmail.com>
2015-09-02 15:05:29 +08:00
Hua Wang
ddb689ef8b Add TrustId parameter to swift driver
github/ncw/swift has added support for trust, so let's add it.

Signed-off-by: Hua Wang <wanghua.humble@gmail.com>
2015-09-02 15:05:29 +08:00
Olivier Gambier
dbbafe92e9 Merge pull request #941 from liubin/master
add indentations
2015-08-28 12:52:50 -07:00
Olivier Gambier
0c42f0cd63 Granmar and speeling fixes
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-28 12:48:55 -07:00
Olivier Gambier
6197ca7b10 Adding mirror as a recipe
Normalized mirror.md to match other recipes.
Slightly tweaked content, emphasizing the privacy concerns about using login/password on the backend.

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-28 12:47:39 -07:00
Olivier Gambier
5df53c0681 Documentation enhancements
Making metadata:
- more consistent
- more specific (fixed copy pasting)
- refine coverage

Insecure information cleanup

Removing no longer used files:
- mkdocs is gone
- the registry diagram is not used, and is a bit silly :)

Minor fixes

Fixing links

Recipes:
- harmonized code sections style to the rest of the docs
- harmonized recipe "style"
- listing new recipes

Enhance deploying

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-28 12:46:53 -07:00
bin liu
e14e40b68c add indentations
Signed-off-by: bin liu <liubin0329@gmail.com>
2015-08-28 20:09:36 +08:00
Stephen Day
0306c5c453 Merge pull request #934 from stevvooe/sanitize-url-correctly
Correctly sanitize location url preserving parameters
2015-08-27 22:30:21 -07:00
Stephen J Day
6e7718dfce Correctly sanitize location url preserving parameters
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-27 17:06:03 -07:00
Olivier Gambier
21edffdee1 Merge pull request #929 from RichardScothern/docs
Add some clarifying documentation for pull through cache configuration
2015-08-27 16:41:22 -07:00
Richard Scothern
246138598d Add some clarifying documentation for pull through cache configuration
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-27 10:18:36 -07:00
Aaron Vinson
db36173705 add info about redis eviction policy recommended setting 2015-08-26 18:19:13 -07:00
Olivier Gambier
b78a858b5d Merge pull request #918 from aaronlehmann/json-spec
Update JSON spec to point out escaping of <, >, &
2015-08-24 16:58:11 -07:00
Aaron Lehmann
4cb5626d9e Update JSON spec to point out escaping of <, >, &
...and add blurb about not relying on canonicalization to ensure
identical output.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-24 16:28:42 -07:00
Richard Scothern
7a4920d8e5 Merge pull request #897 from dmp42/5.all-ur-proxy-are-belong-to-us
Starting with recipes
2015-08-24 11:28:17 -07:00
Alexander Morozov
ec8bba861e Merge pull request #15389 from aidanhs/aphs-simpler-pull-codepath
Remove unnecessary function parameter, add mirror endpoint test
2015-08-24 11:03:01 -07:00
Stephen J Day
bb098c72a2 Move manifest package to schema1
As we begin our march towards multi-arch, we must prepare for the reality of
multiple manifest schemas. This is the beginning of a set of changes to
facilitate this. We are both moving this package into its target position where
it may live peacefully next to other manfiest versions.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-21 16:29:47 -07:00
Stephen J Day
7dd03e12bb More consistent return from ErrorCode.Error()
To bring ErrorCode into liine with Go conventions, ErrorCode.Error() now
returns the "nice" value of the error code. This ensures error message assembly
works similar to commonly used Go conventions when directly using ErrorCode as
an error.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-20 17:36:24 -07:00
Aaron Lehmann
5b804f7600 Add headers parameter for HTTP checker
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 15:11:16 -07:00
Aaron Lehmann
b67aab2f60 Add headers parameter for HTTP checker
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 15:11:16 -07:00
Aaron Lehmann
ca3d460278 Add a TCP health checker
Also, add timeout and status code parameters to the HTTP checker, and
remove the threshold parameter for the file checker.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 15:11:15 -07:00
Aaron Lehmann
e8f088fea6 Add a TCP health checker
Also, add timeout and status code parameters to the HTTP checker, and
remove the threshold parameter for the file checker.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 15:11:15 -07:00
Aaron Lehmann
cdc3143b7e Expose a Registry type in health package, so unit tests can stay isolated from each other
Update docs.

Change health_test.go tests to create their own registries and register
the checks there. The tests now call CheckStatus directly instead of
polling the HTTP handler, which returns results from the default
registry.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 15:07:54 -07:00
Aaron Lehmann
bbd4699166 Switch tests to import "github.com/docker/distribution/context"
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 14:50:12 -07:00
Aaron Lehmann
68e8532cef Add storagedriver section to health check configuration
Add default storagedriver health check to example configuration files
with parameters matching the previous hardcoded configuration.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 14:50:12 -07:00
Aaron Lehmann
216df32510 Add storagedriver section to health check configuration
Add default storagedriver health check to example configuration files
with parameters matching the previous hardcoded configuration.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 14:50:12 -07:00
Aaron Lehmann
c48e460933 Add configurable file-existence and HTTP health checks
Add a section to the config file called "health". Within this section,
"filecheckers" and "httpcheckers" list checks to run. Each check
specifies a file or URI, a time interval for the check, and a threshold
specifying how many times the check must fail to reach an unhealthy
state.

Document the new options in docs/configuration.md.

Add unit testing for both types of checkers. Add an UnregisterAll
function in the health package to support the unit tests, and an
Unregister function for consistency with Register.

Fix a string conversion problem in the health package's HTTP checker.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 14:50:12 -07:00
Aaron Lehmann
b09b0ffcf9 Add configurable file-existence and HTTP health checks
Add a section to the config file called "health". Within this section,
"filecheckers" and "httpcheckers" list checks to run. Each check
specifies a file or URI, a time interval for the check, and a threshold
specifying how many times the check must fail to reach an unhealthy
state.

Document the new options in docs/configuration.md.

Add unit testing for both types of checkers. Add an UnregisterAll
function in the health package to support the unit tests, and an
Unregister function for consistency with Register.

Fix a string conversion problem in the health package's HTTP checker.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 14:50:12 -07:00
Olivier Gambier
065bda79bb Starting with recipes
- apache recipe
- streamline nginx recipe
- recipes file

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-19 16:15:36 -07:00
Stephen Day
0189e8c218 Merge pull request #893 from aaronlehmann/functional-opts
Functional options for NewRegistryWithDriver
2015-08-19 14:41:08 -07:00
Aaron Lehmann
142b68aaa2 Add a unit test which verifies the ResponseWriter endpoints see implements CloseNotifier
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-19 11:37:53 -07:00
Aaron Lehmann
7fb68446cc Functional options for NewRegistryWithDriver
Clean up calling convention for NewRegistryWithDriver to use functional
arguments.

This is a first step towards the refactor described in #215. I plan to
add additional options in the process of moving configurable items from
the App structure to the registry structure.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-19 11:06:30 -07:00
Jessie Frazelle
e3ebcaa76b Merge pull request #15417 from icecrime/update_windows_registry_endpoint
Update Windows TP3 registry endpoints
2015-08-18 20:35:02 -07:00
Aaron Lehmann
11133181fc Fix CloseNotifier handling and avoid "the ResponseWriter does not implement CloseNotifier" warnings in logs
A change in #763 to address review comments caused problems. Originally,
instrumentedResponseWriter implemented the CloseNotifier interface, and
would panic if it was wrapping something that did not implement that
interface. This was split into a separate instrumentedResponseWriterCN
type that implements CloseNotifier, so there's a fallback if
instrumentedResponseWriter ever needs to wrap something that does not
implement this interface.

instrumentedResponseWriter's Value method would end up upcasting either
type back to instrumentedResponseWriter, which does not implement the
interface. In effect, instrumentedResponseWriterCN was never visible to
the handler.

This fixes the problem by implementing a wrapper Value method for
instrumentedResponseWriterCN.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-18 17:28:51 -07:00
Aaron Lehmann
2e4c643419 Fix tests after #846
Change checkResponse to only expect the configured
X-Content-Type-Options header if it doesn't receive a 405 error, which
means the handler isn't registered for that method.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-18 13:33:26 -07:00
Richard Scothern
cb6fde2f71 Merge pull request #874 from stevvooe/load-balancer-endpoint
Provide yes man endpoint for inflexible load balancers
2015-08-18 12:54:58 -07:00
Richard Scothern
0c16d42a4a Merge pull request #846 from aaronlehmann/http-header-configuration
Add a section to the config file for HTTP headers to add to responses
2015-08-18 12:53:05 -07:00
Richard Scothern
f169359798 Merge pull request #846 from aaronlehmann/http-header-configuration
Add a section to the config file for HTTP headers to add to responses
2015-08-18 12:53:05 -07:00
Stephen J Day
614e8c8277 Remove pathMapper object
The use of the pathMapper is no longer needed the way we have organized the
code base. The extra level of indirection has proved unnecessary and confusing
so we've opted to clean it up. In the future, we may require more flexibility,
but now it is simply not required.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-17 18:51:05 -07:00
Stephen J Day
ad995ab8fa Add guide on load balancing a registry
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-17 13:29:48 -07:00
xg.song
2f9f6c08ed Update example config to avoid deprecated option
The storage cache option layerinfo is deprecated,
so use blobdescriptor instead in example config files.

Signed-off-by: xg.song <xg.song@venusource.com>
2015-08-17 08:25:22 +08:00
Miquel Sabaté
d07ae75f90 docs: added the "delete" subsection in the configuration.md file
Signed-off-by: Miquel Sabaté <msabate@suse.com>
2015-08-13 20:18:35 +02:00
Richard Scothern
9174fc62d2 Merge pull request #864 from stevvooe/use-correct-manifest-link
registry/storage: use correct manifest link
2015-08-12 15:13:45 -07:00
Richard Scothern
fee9a9a469 Merge pull request #865 from dmp42/4.docs-2.1
Fix basic auth documentation
2015-08-12 15:00:21 -07:00
Olivier Gambier
5fb6116c2d Fix basic auth documentation
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-12 13:37:33 -07:00
Stephen J Day
5878a8f401 Maintain manifest link compatibility
Unfortunately, the 2.1 releease has written manfiest links into the wrong
directory. This doesn't affect new 2.1 deployments but fixing this to be 2.0
backwards compatible has broken 2.1.0 compatibility. To ensure we have
compatibility between 2.0, 2.1.0 and future releases, we now check one of
several locations to identify a manifest link.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-12 13:11:13 -07:00
Stephen J Day
5dd78c821a Use correct path for manifest revision path
Unfortunately, the refactor used the incorrect path for manifest links within a
repository. While this didn't stop the registry from working, it did break
compatibility with 2.0 deployments for manifest fetches.

Tests were added to ensure these are locked down to the appropriate paths.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-12 13:10:15 -07:00
Aaron Lehmann
f813c51857 Merge pull request #856 from dmp42/4.docs-2.1
Fix docs.docker.com
2015-08-11 17:50:10 -07:00
Olivier Gambier
633ac16856 Fix docs.docker.com
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-11 17:48:53 -07:00
Aaron Lehmann
d9a20377f3 Add a section to the config file for HTTP headers to add to responses
The example configuration files add X-Content-Type-Options: nosniff.

Add coverage in existing registry/handlers unit tests.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-11 16:41:38 -07:00
Aaron Lehmann
9c3bed6b88 Add a section to the config file for HTTP headers to add to responses
The example configuration files add X-Content-Type-Options: nosniff.

Add coverage in existing registry/handlers unit tests.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-11 16:41:38 -07:00
Olivier Gambier
9ca7921603 Merge pull request #848 from RichardScothern/error-type
Error handling fixes
2015-08-11 15:53:13 -07:00
Richard Scothern
7b0d831e6d Merge pull request #853 from dmp42/4.docs-2.1
Additional fixes
2015-08-11 14:32:57 -07:00
Richard Scothern
c78bfc5c59 Merge pull request #852 from ahmetalpbalkan/docs/typo
docs: Small typo fix in config.md
2015-08-11 14:31:35 -07:00
Ahmet Alp Balkan
c471d986d7 docs: Small typo fix
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-08-11 21:29:33 +00:00
Olivier Gambier
c198f8f279 Additional fixes
Couples of nits that where not addressed.

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-11 14:19:49 -07:00
Richard Scothern
43fc9a195d Change some incorrect error types in proxy stores from API errors to
distribution errors.  Fill in missing checks for mutations on a registry pull-through
cache.  Add unit tests and update documentation.

Also, give v2.ErrorCodeUnsupported an HTTP status code, previously it was
defaulting to 500, now its 405 Method Not Allowed.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-11 14:16:24 -07:00
Richard Scothern
776a4ffbe8 Change some incorrect error types in proxy stores from API errors to
distribution errors.  Fill in missing checks for mutations on a registry pull-through
cache.  Add unit tests and update documentation.

Also, give v2.ErrorCodeUnsupported an HTTP status code, previously it was
defaulting to 500, now its 405 Method Not Allowed.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-11 14:16:24 -07:00
Richard Scothern
528442c015 Merge pull request #831 from stevvooe/add-driver-health-check
Provide simple storage driver health check
2015-08-11 13:30:17 -07:00
Ahmet Alp Balkan
047877c079 docs: Fix markdown in configuration.md
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-08-11 19:03:53 +00:00
Stephen J Day
ed3ecfdccb Move common error codes to errcode package
Several error codes are generally useful but tied to the v2 specification
definitions. This change moves these error code definitions into the common
package for use by the health package, which is not tied to the v2 API.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:58 -07:00
Stephen J Day
f141480d98 Move common error codes to errcode package
Several error codes are generally useful but tied to the v2 specification
definitions. This change moves these error code definitions into the common
package for use by the health package, which is not tied to the v2 API.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:58 -07:00
Stephen J Day
288c46e998 Provide simple storage driver health check
To ensure the ensure the web application is properly operating, we've added a
periodic health check for the storage driver. If the health check fails three
times in a row, the registry will serve 503 response status for any request
until the condition is resolved. The condition is reported in the response body
and via the /debug/health endpoint.

To ensure that all drivers will properly operate with this health check, a
function has been added to the driver testsuite.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:52 -07:00
Vincent Giersch
9bf231e0fa fix(rados): Create OMAP for root directory
When using the RADOS driver, the hierarchy of the files is stored
in OMAPs, but the root OMAP was not created and a call to List("/")
was returning an error instead of returned the first level files
stored. This patches creates an OMAP for "/" and excludes the listed
directory from the list of files returned.

Signed-off-by: Vincent Giersch <vincent@giersch.fr>
2015-08-10 23:46:33 +02:00
Aaron Lehmann
143aae8bc5 Merge pull request #837 from dmp42/4.docs-2.1
[WIP] Updating documentation for 2.1
2015-08-10 14:01:52 -07:00
Olivier Gambier
34067d7d43 Documentation work
- move away insecure & self-signed
- introduce native basic auth
- move "down" nginx based authentication
- overall shortening / smoothing of "deploying" documentation

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-10 13:57:35 -07:00
Dejan Golja
8221fd39bd Added missing auth type in the documentation
Signed-off-by: Dejan Golja <dejan@golja.org>
2015-08-11 00:11:17 +10:00
Veres Lajos
cf9016592e typofix - https://github.com/vlajos/misspell_fixer
Signed-off-by: Veres Lajos <vlajos@gmail.com>
2015-08-07 23:25:49 +01:00
Arnaud Porterie
777fd4c7aa Update Windows TP3 registry endpoints
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-08-07 14:03:46 -07:00
David Calavera
134e4e9dc1 Merge pull request #15370 from cpuguy83/better_error_on_client_connect
Better/more specific error messages on connect
2015-08-07 13:00:44 -07:00
Aidan Hobson Sayers
b82b069475 Remove unnecessary func parameter, add mirror endpoint test
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2015-08-07 02:25:41 +01:00
Stephen J Day
bc5835ba2d Remove dist tool from distribution
We are headed in a different direction. The dist tool analog will not be a part
of this repository.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-06 17:35:36 -07:00
Olivier Gambier
642fb631f4 Merge pull request #818 from dmp42/3.fix-build-docs
Fix relinker
2015-08-06 16:05:24 -07:00
Aaron Lehmann
e7435725af Don't panic when a http.ResponseWriter does not implement CloseNotifier
Instead, provide a variant of instrumentedResponseWriter that does not
implement CloseNotifier, and use that when necessary. In
copyFullPayload, log instead of panicing when we encounter something
that doesn't implement CloseNotifier.

This is more complicated than I'd like, but it's necessary because
instrumentedResponseWriter must not embed CloseNotifier unless there's
really a CloseNotifier to embed.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-06 15:50:54 -07:00
Aaron Lehmann
1670502413 Fix lack of styling on Aliyun OSS documentation page
This page was missing styling once exported to HTML. Adding a
<!--[metadata]> block similar to the ones the other *.md files have
appears to solve the problem.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-06 14:59:07 -07:00
Tibor Vass
a7eb16ad1c registry: Do not push to mirrors
This patch splits LookupEndpoints into LookupPullEndpoints and
LookupPushEndpoints so that mirrors added with --registry-mirror are
skipped in the list returned by LookupPushEndpoints.

Fixes https://github.com/docker/distribution/issues/823

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-08-06 17:41:59 -04:00
Brian Goff
66761c0284 Better/more specific error messages on connect
Closes #15309

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-08-06 16:41:37 -04:00
John Howard
86a3ea91b8 Windows: Fix certificate directory for registry
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-08-05 13:25:41 -07:00
Olivier Gambier
3ad11ff363 Fix relinker
This fixes several flaws in the link rewriter:
- broken links on the docs side
- multiple links on one line being mangled
- byzantine logic

Also generalize the logic of the Dockerfile so it is no longer specific to "registry" (env variable), which is a first step in making it possible to upstream all this into the base image and docs project.

Added a number of tests (test.md) to validate the link replacer behavior (against test.compare.md), and embedded the test so that the doc build will fail if the link replacer does not behave.

This is still sed, unfortunately.

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-04 23:02:34 -07:00
Stephen Day
68c0706bac Merge pull request #779 from RichardScothern/pull-through-cache
Add pull through cache ability to the Registry.
2015-08-04 17:04:56 -07:00
Stephen Day
a0c63372fa Merge pull request #779 from RichardScothern/pull-through-cache
Add pull through cache ability to the Registry.
2015-08-04 17:04:56 -07:00
Richard Scothern
d1cb12fa3d Add pull through cache functionality to the Registry which can be configured
with a new `proxy` section in the configuration file.

Create a new registry type which delegates storage to a proxyBlobStore
and proxyManifestStore.  These stores will pull through data if not present
locally.  proxyBlobStore takes care not to write duplicate data to disk.

Add a scheduler to cleanup expired content. The scheduler runs as a background
goroutine.  When a blob or manifest is pulled through from the remote registry,
an entry is added to the scheduler with a TTL.  When the TTL expires the
scheduler calls a pre-specified function to remove the fetched resource.

Add token authentication to the registry middleware.  Get a token at startup
and preload the credential store with the username and password supplied in the
config file.

Allow resumable digest functionality to be disabled at runtime and disable
it when the registry is a pull through cache.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-04 16:09:55 -07:00
Richard Scothern
94935f39bc Add pull through cache functionality to the Registry which can be configured
with a new `proxy` section in the configuration file.

Create a new registry type which delegates storage to a proxyBlobStore
and proxyManifestStore.  These stores will pull through data if not present
locally.  proxyBlobStore takes care not to write duplicate data to disk.

Add a scheduler to cleanup expired content. The scheduler runs as a background
goroutine.  When a blob or manifest is pulled through from the remote registry,
an entry is added to the scheduler with a TTL.  When the TTL expires the
scheduler calls a pre-specified function to remove the fetched resource.

Add token authentication to the registry middleware.  Get a token at startup
and preload the credential store with the username and password supplied in the
config file.

Allow resumable digest functionality to be disabled at runtime and disable
it when the registry is a pull through cache.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-04 16:09:55 -07:00
Stephen Day
30dc74b7cb Merge pull request #805 from RichardScothern/811
Spelling corrections
2015-08-04 14:50:32 -07:00
Stephen Day
ef1c72b978 Merge pull request #805 from RichardScothern/811
Spelling corrections
2015-08-04 14:50:32 -07:00
Aaron Lehmann
b16d06f831 Merge pull request #514 from denverdino/master
Storage Driver for Aliyun OSS
2015-08-04 12:01:02 -07:00
Aaron Lehmann
3a414deddb Merge pull request #514 from denverdino/master
Storage Driver for Aliyun OSS
2015-08-04 12:01:02 -07:00
Li Yi
d7d34a6c5b Add the OSS link
Change-Id: I940fb50f467ce6fc5fbdd9ceb0f9d848e422ced7
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-08-04 09:18:18 +08:00
Richard Scothern
0db2572382 Merge pull request #763 from aaronlehmann/close-notifier
Use CloseNotifier to supress spurious HTTP 400 errors on early disconnect
2015-08-03 13:57:32 -07:00
Doug Davis
54f0c70d88 Fix vet issue
registry/storage/blob_test.go:149: arg d for printf verb %s of wrong type: github.com/docker/distribution.Descriptor

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-08-03 12:24:34 -07:00
Richard Scothern
4056336100 Add blob delete entry to api description and regenerate api.md
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-03 11:59:19 -07:00
Richard Scothern
fb9662ad5a Add blob delete entry to api description and regenerate api.md
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-03 11:59:19 -07:00
Aaron Lehmann
b51913f619 Set the response code to 499 when a client disconnects during an upload
The response code isn't actually sent to the client, because the
connection has already closed by this point. But it causes the status
code to appear as 499 in the logs instead of 0.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 17:39:30 -07:00
Aaron Lehmann
b0d133045d Factor CloseNotifier use into a new function
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 17:30:26 -07:00
Aaron Lehmann
8fbc1de081 Use CloseNotifier to supress spurious HTTP 400 errors on early disconnect
When a client disconnects without completing a HTTP request, we were
attempting to process the partial request, which usually leads to a 400
error. These errors can pollute the logs and make it more difficult to
track down real bugs.

This change uses CloseNotifier to detect disconnects. In combination
with checking Content-Length, we can detect a disconnect before sending
the full payload, and avoid logging a 400 error.

This logic is only applied to PUT, POST, and PATCH endpoints, as these
are the places where disconnects during a request are most likely to
happen.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 17:30:26 -07:00
Richard Scothern
83c8617cb1 Spelling corrections
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-07-31 16:43:11 -07:00
Richard Scothern
bffa20d6bb Spelling corrections
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-07-31 16:43:11 -07:00
Aaron Lehmann
cfb0b7aa77 Fix uses of "int" where "int64" should be used instead
Some structures use int for sizes and UNIX timestamps. On some
platforms, int is 32 bits, so this can lead to the year 2038 issues and
overflows when dealing with large containers or layers.

Consistently use int64 to store sizes and UNIX timestamps in
api/types/types.go. Update related to code accordingly (i.e.
strconv.FormatInt instead of strconv.Itoa).

Use int64 in progressreader package to avoid integer overflow when
dealing with large quantities. Update related code accordingly.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 16:31:40 -07:00
Alex Chan
51bd34eaed Fix a few typos in the docs
Signed-off-by: Alex Chan <alex.chan@metaswitch.com>
2015-07-31 13:36:43 +01:00
tgic
f01a0694c1 remove unused code and fix todo format
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:56 +08:00
tgic
90595c7ed9 fix goimports
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:56 +08:00
tgic
3eaab7da95 add link to Aliyun OSS doc
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:56 +08:00
tgic
235ccc0590 add include_oss build tag
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:56 +08:00
Li Yi
9c27080c7a Update the comment for the consistency model
Change-Id: Iee49afeda1c11d6af8c0f26c96d8ccc328c22757
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:55 +08:00
Li Yi
5d34d31739 Update the comments for consistence model
Change-Id: I161522ee51f247fb17e42844b3699bd9031e34e8
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:55 +08:00
tgic
faee422420 fix testcase TestReadStreamWithOffset incompatible with oss
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:55 +08:00
tgic
76174ad57e update doc add endpoint 2015-07-31 13:22:55 +08:00
tgic
a9c3f86ce0 fix oss: got 403 in TestContinueStreamAppendLarge
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:55 +08:00
Li Yi
440664a109 Update the OSS test case for latest code change
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:55 +08:00
tgic
fc20dd72d6 check access key and secret before run 2015-07-31 13:22:55 +08:00
tgic
d28a3fa28a add endpoint support 2015-07-31 13:22:54 +08:00
Li Yi
46148721e1 Add the secure access with HTTPS
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:54 +08:00
Li Yi
bffce5722e Fix the warning of golint
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:54 +08:00
Li Yi
d79179884a Support OSS driver
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:54 +08:00
Li Yi
c3b42db014 Add the secure access with HTTPS
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:54 +08:00
Li Yi
9e4975d8ff Support OSS driver
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:54 +08:00
Tibor Vass
56efe43c95 Merge pull request #14970 from tiborvass/windows-registry-endpoint
registry: Change default endpoint on windows to a windows-specific one
2015-07-30 22:41:34 -04:00
Tibor Vass
048339e3f5 registry: allow fallback on unknown errors
This patch fixes a bug where a user specifies a v1 mirror for
--registry-mirror and pull an image from the Hub.

It used to not fallback because of an unexpected error returned when
trying to JSON marshal nginx output.

We now ensure that any unexpected error falls back to the next endpoint
in the list.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-30 19:03:38 -04:00
Aaron Lehmann
6c2ef78aa7 Rename dev-config.yml and example-config.yml to config-dev.yml and config-example.yml
Better for sort order.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 15:51:50 -07:00
Stephen Day
9dac3cc571 Merge pull request #791 from stevvooe/add-double-domain-image-name
Add image name tests around hostnames
2015-07-30 14:35:27 -07:00
Stephen Day
39658be063 Merge pull request #740 from stevvooe/disable-storage-redirects
Allow disabling of storage driver redirects
2015-07-30 14:28:31 -07:00
Stephen Day
ad1b7d8f35 Merge pull request #740 from stevvooe/disable-storage-redirects
Allow disabling of storage driver redirects
2015-07-30 14:28:31 -07:00
Stephen J Day
6a11f5a024 Add image name tests around hostnames
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-30 14:26:21 -07:00
Richard Scothern
7eabb7800e Merge pull request #790 from aaronlehmann/config-files
Sample config file changes
2015-07-30 13:20:43 -07:00
Aaron Lehmann
f0c5284d2d Sample config file changes
Rename config.yml to dev-config.yml

Add example-config.yml, a simple configuration file for the official
This was originally made for the the distribution-library-image repo,
but is being moved here to make sure it stays in sync.

Update Dockerfile and docs for the rename.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 12:14:39 -07:00
Tibor Vass
6f83ba2b29 registry: Change default endpoint on windows to a windows-specific one
Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-30 14:52:41 -04:00
Dave Tucker
9348141616 Fix dead links in configuration.md
Fixes #672

Signed-off-by: Dave Tucker <dt@docker.com>
2015-07-30 17:56:04 +01:00
Stephen Day
4fbea9eb68 Merge pull request #609 from RichardScothern/single-log-line
Log a single line when a response completes.
2015-07-29 17:52:13 -07:00
Richard Scothern
fd404e7850 When a request completes ensure only one log line is printed which
includes the http response.

When debugging non-successful registry requests this will place
the error details and http status fields in the same log line
giving easier visibility to what error occured in the request.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-07-29 16:52:47 -07:00
Aaron Lehmann
e83af616d6 Automatically generate a HTTP secret if none is provided
Log a warning if the registry generates its own secret.

Update configuration doc, and remove the default secret from the
development config file.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-29 14:28:56 -07:00
Aaron Lehmann
70d9a9d543 Automatically generate a HTTP secret if none is provided
Log a warning if the registry generates its own secret.

Update configuration doc, and remove the default secret from the
development config file.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-29 14:28:56 -07:00
Aaron Lehmann
9d73bfe578 Fix for api_test.go
This passed in the #744 before merge, but apparently the test changed
since the PR was created in ways that led to a new failures.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-28 10:59:11 -07:00
Derek McGowan
0355c3026c Merge pull request #744 from aaronlehmann/manifest-put-response-code
Manifest PUT should return 201 Created
2015-07-28 10:42:54 -07:00
Derek McGowan
09dd357016 Merge pull request #744 from aaronlehmann/manifest-put-response-code
Manifest PUT should return 201 Created
2015-07-28 10:42:54 -07:00
Derek McGowan
ba358690c1 Fix login and search TLS configuration
Currently login and search do not load per registry certificates.
This is a regression caused by the last refactor since this was recently fixed.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-28 10:36:57 -07:00
Olivier Gambier
549a3921a4 Merge pull request #752 from stevvooe/add-missing-ampersands
Correctly generate URL examples specifications
2015-07-24 22:05:22 -07:00
Stephen J Day
dcbf2967fd Correctly generate URL examples specifications
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-24 19:00:25 -07:00
Stephen J Day
29a810b68b Allow disabling of starage driver redirects
Storage drivers can implement a method called URLFor which can return a direct
url for a given path. The functionality allows the registry to direct clients
to download content directly from the backend storage. This is commonly used
with s3 and cloudfront. Under certain conditions, such as when the registry is
not local to the backend, these redirects can hurt performance and waste
incoming bandwidth on pulls. This feature addition allows one to disable this
feature, if required.

Signed-off-by: Stephen J Day <stephen.day@docker.com>

Conflicts:
	configuration/configuration.go
	registry/handlers/app.go
	registry/storage/catalog_test.go
	registry/storage/manifeststore_test.go
	registry/storage/registry.go
2015-07-24 16:59:35 -07:00
Stephen J Day
9f9a7f230b Allow disabling of starage driver redirects
Storage drivers can implement a method called URLFor which can return a direct
url for a given path. The functionality allows the registry to direct clients
to download content directly from the backend storage. This is commonly used
with s3 and cloudfront. Under certain conditions, such as when the registry is
not local to the backend, these redirects can hurt performance and waste
incoming bandwidth on pulls. This feature addition allows one to disable this
feature, if required.

Signed-off-by: Stephen J Day <stephen.day@docker.com>

Conflicts:
	configuration/configuration.go
	registry/handlers/app.go
	registry/storage/catalog_test.go
	registry/storage/manifeststore_test.go
	registry/storage/registry.go
2015-07-24 16:59:35 -07:00
Aaron Lehmann
6b4573225c Make the registry client more tolerant about HTTP status codes
Generally, all 2xx and 3xx codes should be treated as success.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-24 16:14:04 -07:00
Stephen Day
a6ef6c0dc3 Merge pull request #736 from stevvooe/authorization-interface-cleanup
Authorization interface cleanup
2015-07-24 15:39:49 -07:00
Stephen Day
3ed723a187 Merge pull request #739 from stevvooe/etags-must-be-quoted
Etags must be quoted according to http spec
2015-07-24 15:08:27 -07:00
Derek McGowan
c219afdb4b Use notary library for trusted image fetch and signing
Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest.
On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server.
If a tag is given, the cli will resolve the tag into a digest and pull by digest.
After pulling, if a tag is given the cli makes a request to tag the image.

Use certificate directory for notary requests

Read certificates using same logic used by daemon for registry requests.

Catch JSON syntax errors from Notary client

When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user.
Provide a generic error when a JSON syntax error occurs.

Catch expiration errors and wrap in additional context.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-24 14:08:20 -07:00
Stephen Day
d1dfac4b98 Revert "Fix typo" 2015-07-24 13:28:10 -07:00
Stephen J Day
345174a34b Etags must be quoted according to http spec
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-24 13:07:38 -07:00
Stephen Day
afc45e8f57 Merge pull request #677 from RichardScothern/soft-delete-remove-links
Manifest and layer soft deletion
2015-07-24 13:02:36 -07:00
Stephen Day
9e9e9a2859 Merge pull request #677 from RichardScothern/soft-delete-remove-links
Manifest and layer soft deletion
2015-07-24 13:02:36 -07:00
Aaron Lehmann
cf32056218 Manifest PUT should return 201 Created
Change handler, update descriptors table, regenerate API spec, and
update test.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-24 12:58:16 -07:00