Commit graph

413 commits

Author SHA1 Message Date
Derek McGowan
cbd95acbbc Add support for identity token with token handler
Use token handler options for initialization.
Update auth endpoint to set identity token in response.
Update credential store to match distribution interface changes.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-09 13:47:57 -08:00
Derek McGowan
065ddf0186 Login update and endpoint refactor
Further differentiate the APIEndpoint used with V2 with the endpoint type which is only used for v1 registry interactions
Rename Endpoint to V1Endpoint and remove version ambiguity
Use distribution token handler for login

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-01 11:52:32 -08:00
Ken Cochrane
e123ca925e Remove email address field from login
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server.

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
2016-02-29 17:53:27 -08:00
Aaron Lehmann
9a2cef38e3 Change APIEndpoint to contain the URL in a parsed format
This allows easier URL handling in code that uses APIEndpoint.
If we continued to store the URL unparsed, it would require redundant
parsing whenver we want to extract information from it. Also, parsing
the URL earlier should give improve validation.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-17 17:48:15 -08:00
Aaron Lehmann
4bb475cd3c Push/pull errors improvement and cleanup
Several improvements to error handling:

- Introduce ImageConfigPullError type, wrapping errors related to
  downloading the image configuration blob in schema2. This allows for a
  more descriptive error message to be seen by the end user.

- Change some logrus.Debugf calls that display errors to logrus.Errorf.
  Add log lines in the push/pull fallback cases to make sure the errors
  leading to the fallback are shown.

- Move error-related types and functions which are only used by the
  distribution package out of the registry package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-11 16:28:56 -08:00
David Calavera
377f556464 Respond with 401 when there is an unauthorized error from the registry.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-27 13:55:33 -05:00
Tibor Vass
bd4e6b2de9 Merge pull request #19057 from dnephin/remove_version_from_registry_pkg
Remove dockerversion from registry package
2016-01-25 22:45:06 -08:00
Aaron Lehmann
0e06c1cad1 Clarify error message when a .cert file is missing a corresponding key
The daemon uses two similar filename extensions to identify different
kinds of certificates. ".crt" files are interpreted as CA certificates,
and ".cert" files are interprted as client certificates. If a CA
certificate is accidentally given the extension ".cert", it will lead to
the following error message:

    Missing key ca.key for certificate ca.cert

To make this slightly less confusing, clarify the error message with a
note that CA certificates should use the extension ".crt".

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-20 11:34:59 -08:00
Daniel Nephin
6e85a8d94a Remove the use of dockerversion from the registry package
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-01-15 12:43:54 -05:00
David Calavera
981a573eaf Modify import paths to point to the new engine-api package.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-06 19:48:59 -05:00
Phil Estes
062d6cd782 Merge pull request #18889 from aaronlehmann/v1-fallback-pull-all-tags
Allow v1 protocol fallback when pulling all tags from a repository unknown to v2 registry
2016-01-05 16:20:04 -05:00
Richard Scothern
72432a701a Show the legacy registry flag only in the daemon arguments
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-01-04 14:52:39 -08:00
David Calavera
4f4b3d5257 Remove usage of pkg sockets and tlsconfig.
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
  circular dependency issue.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
Aaron Lehmann
693eb14e73 Allow v1 protocol fallback when pulling all tags from a repository unknown to v2 registry
This is a followup to #18839. That PR relaxed the fallback logic so that
if a manifest doesn't exist on v2, or the user is unauthorized to access
it, we try again with the v1 protocol. A similar special case is needed
for "pull all tags" (docker pull -a). If the v2 registry doesn't
recognize the repository, or doesn't allow the user to access it, we
should fall back to v1 and try to pull all tags from the v1 registry.
Conversely, if the v2 registry does allow us to list the tags, there
should be no fallback, even if there are errors pulling those tags.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-23 15:21:43 -08:00
Aaron Lehmann
71ddfd40ef When a manifest is not found, allow fallback to v1
PR #18590 caused compatibility issues with registries such as gcr.io
which support both the v1 and v2 protocols, but do not provide the same
set of images over both protocols. After #18590, pulls from these
registries would never use the v1 protocol, because of the
Docker-Distribution-Api-Version header indicating that v2 was supported.

Fix the problem by making an exception for the case where a manifest is
not found. This should allow fallback to v1 in case that image is
exposed over the v1 protocol but not the v2 protocol.

This avoids the overly aggressive fallback behavior before #18590 which
would allow protocol fallback after almost any error, but restores
interoperability with mixed v1/v2 registry setups.

Fixes #18832

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-21 18:19:38 -08:00
Aaron Lehmann
5717c8243d Do not fall back to the V1 protocol when we know we are talking to a V2 registry
If we detect a Docker-Distribution-Api-Version header indicating that
the registry speaks the V2 protocol, no fallback to V1 should take
place.

The same applies if a V2 registry operation succeeds while attempting a
push or pull.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-16 15:02:03 -08:00
Tonis Tiigi
46683f6192 Update Named reference with validation of conversions
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Tonis Tiigi
9b8f1a0895 Add own reference package wrapper
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
David Calavera
35d767115c Merge pull request #18681 from dnephin/move_cliconfig_test
Move the TestEncodeAuth test to the correct package
2015-12-15 12:42:38 -08:00
Daniel Nephin
14d27ab761 Move the TestEncodeAuth test to the correct package.
Also make EncodeAuth and DecodeAuth private because they're only used by cliconfig.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-15 13:36:52 -05:00
Daniel Nephin
0a56a1cbd2 Move registry.SearchResult types to api/types/registry.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-15 11:44:20 -05:00
Vincent Demeester
239cb0f4e9 Merge pull request #18644 from calavera/remove_timeout_func_dependency_from_api_lib
Remove timeout shared function.
2015-12-14 23:05:29 +01:00
David Calavera
55fad57ac8 Remove timeout shared function.
Handle timeouts when it's necessary based on a Timeout interface.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-14 14:24:21 -05:00
Daniel Nephin
aead731d54 Move IndexInfo and ServiceConfig types to api/types/registry/registry.go
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-14 11:28:02 -05:00
Daniel Nephin
6fc54d049b Move AuthConfig to api/types
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-14 11:22:01 -05:00
Vincent Demeester
4a3b23718b Merge pull request #18618 from dnephin/refactor_resolve_auth_config
Refactor ResolveAuthConfig to remove the builder dependency on cli code
2015-12-14 15:23:36 +01:00
Justas Brazauskas
11e8c03c18 Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2015-12-13 18:04:12 +02:00
Daniel Nephin
f7bb65ca8b Refactor ResolveAuthConfig to remove the builder dependency on cli code.
registry.ResolveAuthConfig() only needs the AuthConfigs from the ConfigFile, so
this change passed just the AuthConfigs.

Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-11 19:31:24 -08:00
Aaron Lehmann
00cca12e77 Improved push and pull with upload manager and download manager
This commit adds a transfer manager which deduplicates and schedules
transfers, and also an upload manager and download manager that build on
top of the transfer manager to provide high-level interfaces for uploads
and downloads. The push and pull code is modified to use these building
blocks.

Some benefits of the changes:

- Simplification of push/pull code
- Pushes can upload layers concurrently
- Failed downloads and uploads are retried after backoff delays
- Cancellation is supported, but individual transfers will only be
  cancelled if all pushes or pulls using them are cancelled.
- The distribution code is decoupled from Docker Engine packages and API
  conventions (i.e. streamformatter), which will make it easier to split
  out.

This commit also includes unit tests for the new distribution/xfer
package. The tests cover 87.8% of the statements in the package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-09 19:13:35 -08:00
Aaron Lehmann
03778bd1d2 Add missing bounds in ContinueOnError
ContinueOnError assumes that something of type errcode.Errors contains
at least one error. This is generally true, but might not be true if the
remote registry returns an empty error body or invalid JSON. Add the
bounds check, and in the case where it fails, allow fallbacks to v1.

Fixes #18481

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-08 09:54:20 -08:00
Tibor Vass
3e88c525eb Merge pull request #18105 from mishak87/registry-improvements
Registry tiny code improvements
2015-12-07 13:35:02 +01:00
mqliang
b7d246effb rename req to resp
Signed-off-by: mqliang <mqliang.zju@gmail.com>
2015-12-02 20:38:54 +08:00
Michal Gebauer
73a209107e Check if CertsDir is not empty
Signed-off-by: Michal Gebauer <mishak@mishak.net>
2015-11-25 18:12:19 +01:00
mqliang
6bb27bcfda move defer statement for readability
Signed-off-by: mqliang <mqliang.zju@gmail.com>
2015-11-25 22:33:15 +08:00
Tonis Tiigi
7efcb7496c Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
Alexander Morozov
dde006ba6b registry/registry.go: simplify logical expression
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-17 16:12:11 -08:00
Alexander Morozov
fc2531f15c Merge pull request #17617 from askb/17168_pull_error_fix
Fix for #17168 issue
2015-11-17 16:10:44 -08:00
David Calavera
3eeebe7be3 Make NormalizeLocalName to not reach the network to normalize names.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-17 03:31:32 -05:00
Anil Belur
1820704288 Fix for #17168 misleading pull error
This fix avoids overwritting the previous error messages, ensures the client gets the correct error messages and not just the most recent message during the pull request.
For this `var lastErr` replaced with a slice which acts as a temp place holder for the list of returned error messages for every attempt.
The slice is later joined and returned to the caller function after searching for the image with diffirent versions(v2,v1,v0).

Updated the code with check for no space left on device error occurance and prevent the
daemon on falling back to v1,v0.

Incorporated the comments from @calavera, @RichardScothern, @cpuguy83

Signed-off-by: Anil Belur <askb23@gmail.com>
2015-11-14 16:24:45 +05:30
Vincent Demeester
9516a01c56 dockerversion placeholder for library import
- Add a *version* file placeholder.
- Update autogen and builds to use it and an autogen build flag

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-09 19:32:46 +01:00
Jess Frazelle
0d91f2899e Merge pull request #17614 from LK4D4/fix_golint
Update linting tools to latest versions
2015-11-03 15:32:12 -08:00
Aaron Lehmann
afd61ce8f2 Vendor updated version of docker/distribution
This updates the vendored docker/distribution to the current master
branch.

Note the following changes:

- The manifest package was split into manifest/schema1. Most references
  to the manifest package in the engine needed to be updated to use
  schema1 instead.

- Validation functions in api/v2 were replaced by the
  distribution/reference package. The engine code has been updated to
  use the reference package for validation where necessary. A future PR
  will change the engine to use the types defined in
  distribution/reference more comprehensively.

- The reference package explicitly allows double _ characters in
  repository names. registry_test.go was updated for this.

- TestPullFailsWithAlteredManifest was corrupting the manifest JSON, now
  that the schema1 package unmarshals the correct payload. The test is
  being changed to modify the JSON without affecting its length, which
  allows the pull to succeed to the point where digest validation
  happens.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-02 12:40:18 -08:00
Alexander Morozov
94913b8f7f Fix go vet warnings
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-02 08:28:34 -08:00
Brian Goff
24de26a805 Revert "dockerversion placeholder for library-import"
This reverts commit c2d5c29437.

Commit caused issues on systems with case-insensitive filesystems.
Revert for now

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-10-27 21:23:53 -04:00
Vincent Demeester
c2d5c29437 dockerversion placeholder for library-import
- Move autogen/dockerversion to version
- Update autogen and "builds" to use this package and a build flag

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-10-27 20:36:07 +01:00
Derek McGowan
ed69ef01ee Update distribution package
Pick up name regexp change in distribution to allow matching of hostnames as a valid component of a repository.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-08 17:16:43 -07:00
Jessica Frazelle
0b543b4767 change flag name to better follow the other flags that start with disable;
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-10-07 10:16:37 -07:00
Vincent Demeester
60edb40c29 Merge pull request #16509 from HuKeping/search-problem
Fix docker search problem
2015-10-04 18:21:32 +02:00
Hu Keping
82965f6c84 Fix docker search problem
Search terms shouldn't be restricted to only full valid repository
names. It should be perfectly valid to search using a part of a name,
even if it ends with a period, dash or underscore.

Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-10-04 23:23:43 +08:00
Richard Scothern
ebaa771c3b Prevent push and pull to v1 registries by filtering the available endpoints.
Add a daemon flag to control this behaviour.  Add a warning message when pulling
an image from a v1 registry.  The default order of pull is slightly altered
with this changset.

Previously it was:
https v2, https v1, http v2, http v1

now it is:
https v2, http v2, https v1, http v1

Prevent login to v1 registries by explicitly setting the version before ping to
prevent fallback to v1.

Add unit tests for v2 only mode.  Create a mock server that can register
handlers for various endpoints.  Assert no v1 endpoints are hit with legacy
registries disabled for the following commands:  pull, push, build, run and
login.  Assert the opposite when legacy registries are not disabled.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-25 15:59:42 -07:00