Update push and pull to registry 2.1 specification

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
This commit is contained in:
Derek McGowan 2014-12-16 16:57:37 -08:00
parent ee1e1abb15
commit 751a1a8dd0
2 changed files with 151 additions and 200 deletions

View file

@ -37,6 +37,59 @@ type ConfigFile struct {
rootPath string rootPath string
} }
type RequestAuthorization struct {
Token string
Username string
Password string
}
func NewRequestAuthorization(authConfig *AuthConfig, registryEndpoint *Endpoint, resource, scope string, actions []string) (*RequestAuthorization, error) {
var auth RequestAuthorization
client := &http.Client{
Transport: &http.Transport{
DisableKeepAlives: true,
Proxy: http.ProxyFromEnvironment,
},
CheckRedirect: AddRequiredHeadersToRedirectedRequests,
}
factory := HTTPRequestFactory(nil)
for _, challenge := range registryEndpoint.AuthChallenges {
log.Debugf("Using %q auth challenge with params %s for %s", challenge.Scheme, challenge.Parameters, authConfig.Username)
switch strings.ToLower(challenge.Scheme) {
case "basic":
auth.Username = authConfig.Username
auth.Password = authConfig.Password
case "bearer":
params := map[string]string{}
for k, v := range challenge.Parameters {
params[k] = v
}
params["scope"] = fmt.Sprintf("%s:%s:%s", resource, scope, strings.Join(actions, ","))
token, err := getToken(authConfig.Username, authConfig.Password, params, registryEndpoint, client, factory)
if err != nil {
return nil, err
}
auth.Token = token
default:
log.Infof("Unsupported auth scheme: %q", challenge.Scheme)
}
}
return &auth, nil
}
func (auth *RequestAuthorization) Authorize(req *http.Request) {
if auth.Token != "" {
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", auth.Token))
} else if auth.Username != "" && auth.Password != "" {
req.SetBasicAuth(auth.Username, auth.Password)
}
}
// create a base64 encoded auth string to store in config // create a base64 encoded auth string to store in config
func encodeAuth(authConfig *AuthConfig) string { func encodeAuth(authConfig *AuthConfig) string {
authStr := authConfig.Username + ":" + authConfig.Password authStr := authConfig.Username + ":" + authConfig.Password

View file

@ -9,100 +9,34 @@ import (
"strconv" "strconv"
log "github.com/Sirupsen/logrus" log "github.com/Sirupsen/logrus"
"github.com/docker/docker/registry/v2"
"github.com/docker/docker/utils" "github.com/docker/docker/utils"
"github.com/gorilla/mux"
) )
func newV2RegistryRouter() *mux.Router { var registryURLBuilder *v2.URLBuilder
router := mux.NewRouter()
v2Router := router.PathPrefix("/v2/").Subrouter() func init() {
// Version Info
v2Router.Path("/version").Name("version")
// Image Manifests
v2Router.Path("/manifest/{imagename:[a-z0-9-._/]+}/{tagname:[a-zA-Z0-9-._]+}").Name("manifests")
// List Image Tags
v2Router.Path("/tags/{imagename:[a-z0-9-._/]+}").Name("tags")
// Download a blob
v2Router.Path("/blob/{imagename:[a-z0-9-._/]+}/{sumtype:[a-z0-9._+-]+}/{sum:[a-fA-F0-9]{4,}}").Name("downloadBlob")
// Upload a blob
v2Router.Path("/blob/{imagename:[a-z0-9-._/]+}/{sumtype:[a-z0-9._+-]+}").Name("uploadBlob")
// Mounting a blob in an image
v2Router.Path("/blob/{imagename:[a-z0-9-._/]+}/{sumtype:[a-z0-9._+-]+}/{sum:[a-fA-F0-9]{4,}}").Name("mountBlob")
return router
}
// APIVersion2 /v2/
var v2HTTPRoutes = newV2RegistryRouter()
func getV2URL(e *Endpoint, routeName string, vars map[string]string) (*url.URL, error) {
route := v2HTTPRoutes.Get(routeName)
if route == nil {
return nil, fmt.Errorf("unknown regisry v2 route name: %q", routeName)
}
varReplace := make([]string, 0, len(vars)*2)
for key, val := range vars {
varReplace = append(varReplace, key, val)
}
routePath, err := route.URLPath(varReplace...)
if err != nil {
return nil, fmt.Errorf("unable to make registry route %q with vars %v: %s", routeName, vars, err)
}
u, err := url.Parse(REGISTRYSERVER) u, err := url.Parse(REGISTRYSERVER)
if err != nil { if err != nil {
return nil, fmt.Errorf("invalid registry url: %s", err) panic(fmt.Errorf("invalid registry url: %s", err))
}
registryURLBuilder = v2.NewURLBuilder(u)
} }
return &url.URL{ func getV2Builder(e *Endpoint) *v2.URLBuilder {
Scheme: u.Scheme, return registryURLBuilder
Host: u.Host,
Path: routePath.Path,
}, nil
} }
// V2 Provenance POC // GetV2Authorization gets the authorization needed to the given image
// If readonly access is requested, then only the authorization may
func (r *Session) GetV2Version(token []string) (*RegistryInfo, error) { // only be used for Get operations.
routeURL, err := getV2URL(r.indexEndpoint, "version", nil) func (r *Session) GetV2Authorization(imageName string, readOnly bool) (*RequestAuthorization, error) {
if err != nil { scopes := []string{"pull"}
return nil, err if !readOnly {
scopes = append(scopes, "push")
} }
method := "GET" return NewRequestAuthorization(r.GetAuthConfig(true), r.indexEndpoint, "repository", imageName, scopes)
log.Debugf("[registry] Calling %q %s", method, routeURL.String())
req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil)
if err != nil {
return nil, err
}
setTokenAuth(req, token)
res, _, err := r.doRequest(req)
if err != nil {
return nil, err
}
defer res.Body.Close()
if res.StatusCode != 200 {
return nil, utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d fetching Version", res.StatusCode), res)
}
decoder := json.NewDecoder(res.Body)
versionInfo := new(RegistryInfo)
err = decoder.Decode(versionInfo)
if err != nil {
return nil, fmt.Errorf("unable to decode GetV2Version JSON response: %s", err)
}
return versionInfo, nil
} }
// //
@ -112,25 +46,20 @@ func (r *Session) GetV2Version(token []string) (*RegistryInfo, error) {
// 1.c) if anything else, err // 1.c) if anything else, err
// 2) PUT the created/signed manifest // 2) PUT the created/signed manifest
// //
func (r *Session) GetV2ImageManifest(imageName, tagName string, token []string) ([]byte, error) { func (r *Session) GetV2ImageManifest(imageName, tagName string, auth *RequestAuthorization) ([]byte, error) {
vars := map[string]string{ routeURL, err := getV2Builder(r.indexEndpoint).BuildManifestURL(imageName, tagName)
"imagename": imageName,
"tagname": tagName,
}
routeURL, err := getV2URL(r.indexEndpoint, "manifests", vars)
if err != nil { if err != nil {
return nil, err return nil, err
} }
method := "GET" method := "GET"
log.Debugf("[registry] Calling %q %s", method, routeURL.String()) log.Debugf("[registry] Calling %q %s", method, routeURL)
req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil) req, err := r.reqFactory.NewRequest(method, routeURL, nil)
if err != nil { if err != nil {
return nil, err return nil, err
} }
setTokenAuth(req, token) auth.Authorize(req)
res, _, err := r.doRequest(req) res, _, err := r.doRequest(req)
if err != nil { if err != nil {
return nil, err return nil, err
@ -155,26 +84,20 @@ func (r *Session) GetV2ImageManifest(imageName, tagName string, token []string)
// - Succeeded to mount for this image scope // - Succeeded to mount for this image scope
// - Failed with no error (So continue to Push the Blob) // - Failed with no error (So continue to Push the Blob)
// - Failed with error // - Failed with error
func (r *Session) PostV2ImageMountBlob(imageName, sumType, sum string, token []string) (bool, error) { func (r *Session) PostV2ImageMountBlob(imageName, sumType, sum string, auth *RequestAuthorization) (bool, error) {
vars := map[string]string{ routeURL, err := getV2Builder(r.indexEndpoint).BuildBlobURL(imageName, sumType+":"+sum)
"imagename": imageName,
"sumtype": sumType,
"sum": sum,
}
routeURL, err := getV2URL(r.indexEndpoint, "mountBlob", vars)
if err != nil { if err != nil {
return false, err return false, err
} }
method := "POST" method := "HEAD"
log.Debugf("[registry] Calling %q %s", method, routeURL.String()) log.Debugf("[registry] Calling %q %s", method, routeURL)
req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil) req, err := r.reqFactory.NewRequest(method, routeURL, nil)
if err != nil { if err != nil {
return false, err return false, err
} }
setTokenAuth(req, token) auth.Authorize(req)
res, _, err := r.doRequest(req) res, _, err := r.doRequest(req)
if err != nil { if err != nil {
return false, err return false, err
@ -191,25 +114,19 @@ func (r *Session) PostV2ImageMountBlob(imageName, sumType, sum string, token []s
return false, fmt.Errorf("Failed to mount %q - %s:%s : %d", imageName, sumType, sum, res.StatusCode) return false, fmt.Errorf("Failed to mount %q - %s:%s : %d", imageName, sumType, sum, res.StatusCode)
} }
func (r *Session) GetV2ImageBlob(imageName, sumType, sum string, blobWrtr io.Writer, token []string) error { func (r *Session) GetV2ImageBlob(imageName, sumType, sum string, blobWrtr io.Writer, auth *RequestAuthorization) error {
vars := map[string]string{ routeURL, err := getV2Builder(r.indexEndpoint).BuildBlobURL(imageName, sumType+":"+sum)
"imagename": imageName,
"sumtype": sumType,
"sum": sum,
}
routeURL, err := getV2URL(r.indexEndpoint, "downloadBlob", vars)
if err != nil { if err != nil {
return err return err
} }
method := "GET" method := "GET"
log.Debugf("[registry] Calling %q %s", method, routeURL.String()) log.Debugf("[registry] Calling %q %s", method, routeURL)
req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil) req, err := r.reqFactory.NewRequest(method, routeURL, nil)
if err != nil { if err != nil {
return err return err
} }
setTokenAuth(req, token) auth.Authorize(req)
res, _, err := r.doRequest(req) res, _, err := r.doRequest(req)
if err != nil { if err != nil {
return err return err
@ -226,25 +143,19 @@ func (r *Session) GetV2ImageBlob(imageName, sumType, sum string, blobWrtr io.Wri
return err return err
} }
func (r *Session) GetV2ImageBlobReader(imageName, sumType, sum string, token []string) (io.ReadCloser, int64, error) { func (r *Session) GetV2ImageBlobReader(imageName, sumType, sum string, auth *RequestAuthorization) (io.ReadCloser, int64, error) {
vars := map[string]string{ routeURL, err := getV2Builder(r.indexEndpoint).BuildBlobURL(imageName, sumType+":"+sum)
"imagename": imageName,
"sumtype": sumType,
"sum": sum,
}
routeURL, err := getV2URL(r.indexEndpoint, "downloadBlob", vars)
if err != nil { if err != nil {
return nil, 0, err return nil, 0, err
} }
method := "GET" method := "GET"
log.Debugf("[registry] Calling %q %s", method, routeURL.String()) log.Debugf("[registry] Calling %q %s", method, routeURL)
req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil) req, err := r.reqFactory.NewRequest(method, routeURL, nil)
if err != nil { if err != nil {
return nil, 0, err return nil, 0, err
} }
setTokenAuth(req, token) auth.Authorize(req)
res, _, err := r.doRequest(req) res, _, err := r.doRequest(req)
if err != nil { if err != nil {
return nil, 0, err return nil, 0, err
@ -267,85 +178,76 @@ func (r *Session) GetV2ImageBlobReader(imageName, sumType, sum string, token []s
// Push the image to the server for storage. // Push the image to the server for storage.
// 'layer' is an uncompressed reader of the blob to be pushed. // 'layer' is an uncompressed reader of the blob to be pushed.
// The server will generate it's own checksum calculation. // The server will generate it's own checksum calculation.
func (r *Session) PutV2ImageBlob(imageName, sumType, sumStr string, blobRdr io.Reader, token []string) (serverChecksum string, err error) { func (r *Session) PutV2ImageBlob(imageName, sumType, sumStr string, blobRdr io.Reader, auth *RequestAuthorization) error {
vars := map[string]string{ routeURL, err := getV2Builder(r.indexEndpoint).BuildBlobUploadURL(imageName)
"imagename": imageName, if err != nil {
"sumtype": sumType, return err
} }
routeURL, err := getV2URL(r.indexEndpoint, "uploadBlob", vars) log.Debugf("[registry] Calling %q %s", "POST", routeURL)
req, err := r.reqFactory.NewRequest("POST", routeURL, nil)
if err != nil { if err != nil {
return "", err return err
} }
method := "PUT" auth.Authorize(req)
log.Debugf("[registry] Calling %q %s", method, routeURL.String())
req, err := r.reqFactory.NewRequest(method, routeURL.String(), blobRdr)
if err != nil {
return "", err
}
setTokenAuth(req, token)
req.Header.Set("X-Tarsum", sumStr)
res, _, err := r.doRequest(req) res, _, err := r.doRequest(req)
if err != nil { if err != nil {
return "", err return err
}
location := res.Header.Get("Location")
method := "PUT"
log.Debugf("[registry] Calling %q %s", method, location)
req, err = r.reqFactory.NewRequest(method, location, blobRdr)
if err != nil {
return err
}
queryParams := url.Values{}
queryParams.Add("digest", sumType+":"+sumStr)
req.URL.RawQuery = queryParams.Encode()
auth.Authorize(req)
res, _, err = r.doRequest(req)
if err != nil {
return err
} }
defer res.Body.Close() defer res.Body.Close()
if res.StatusCode != 201 {
if res.StatusCode == 401 {
return "", errLoginRequired
}
return "", utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to push %s blob", res.StatusCode, imageName), res)
}
type sumReturn struct {
Checksum string `json:"checksum"`
}
decoder := json.NewDecoder(res.Body)
var sumInfo sumReturn
err = decoder.Decode(&sumInfo)
if err != nil {
return "", fmt.Errorf("unable to decode PutV2ImageBlob JSON response: %s", err)
}
if sumInfo.Checksum != sumStr {
return "", fmt.Errorf("failed checksum comparison. serverChecksum: %q, localChecksum: %q", sumInfo.Checksum, sumStr)
}
// XXX this is a json struct from the registry, with its checksum
return sumInfo.Checksum, nil
}
// Finally Push the (signed) manifest of the blobs we've just pushed
func (r *Session) PutV2ImageManifest(imageName, tagName string, manifestRdr io.Reader, token []string) error {
vars := map[string]string{
"imagename": imageName,
"tagname": tagName,
}
routeURL, err := getV2URL(r.indexEndpoint, "manifests", vars)
if err != nil {
return err
}
method := "PUT"
log.Debugf("[registry] Calling %q %s", method, routeURL.String())
req, err := r.reqFactory.NewRequest(method, routeURL.String(), manifestRdr)
if err != nil {
return err
}
setTokenAuth(req, token)
res, _, err := r.doRequest(req)
if err != nil {
return err
}
res.Body.Close()
if res.StatusCode != 201 { if res.StatusCode != 201 {
if res.StatusCode == 401 { if res.StatusCode == 401 {
return errLoginRequired return errLoginRequired
} }
return utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to push %s blob", res.StatusCode, imageName), res)
}
return nil
}
// Finally Push the (signed) manifest of the blobs we've just pushed
func (r *Session) PutV2ImageManifest(imageName, tagName string, manifestRdr io.Reader, auth *RequestAuthorization) error {
routeURL, err := getV2Builder(r.indexEndpoint).BuildManifestURL(imageName, tagName)
if err != nil {
return err
}
method := "PUT"
log.Debugf("[registry] Calling %q %s", method, routeURL)
req, err := r.reqFactory.NewRequest(method, routeURL, manifestRdr)
if err != nil {
return err
}
auth.Authorize(req)
res, _, err := r.doRequest(req)
if err != nil {
return err
}
b, _ := ioutil.ReadAll(res.Body)
res.Body.Close()
if res.StatusCode != 200 {
if res.StatusCode == 401 {
return errLoginRequired
}
log.Debugf("Unexpected response from server: %q %#v", b, res.Header)
return utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to push %s:%s manifest", res.StatusCode, imageName, tagName), res) return utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to push %s:%s manifest", res.StatusCode, imageName, tagName), res)
} }
@ -353,24 +255,20 @@ func (r *Session) PutV2ImageManifest(imageName, tagName string, manifestRdr io.R
} }
// Given a repository name, returns a json array of string tags // Given a repository name, returns a json array of string tags
func (r *Session) GetV2RemoteTags(imageName string, token []string) ([]string, error) { func (r *Session) GetV2RemoteTags(imageName string, auth *RequestAuthorization) ([]string, error) {
vars := map[string]string{ routeURL, err := getV2Builder(r.indexEndpoint).BuildTagsURL(imageName)
"imagename": imageName,
}
routeURL, err := getV2URL(r.indexEndpoint, "tags", vars)
if err != nil { if err != nil {
return nil, err return nil, err
} }
method := "GET" method := "GET"
log.Debugf("[registry] Calling %q %s", method, routeURL.String()) log.Debugf("[registry] Calling %q %s", method, routeURL)
req, err := r.reqFactory.NewRequest(method, routeURL.String(), nil) req, err := r.reqFactory.NewRequest(method, routeURL, nil)
if err != nil { if err != nil {
return nil, err return nil, err
} }
setTokenAuth(req, token) auth.Authorize(req)
res, _, err := r.doRequest(req) res, _, err := r.doRequest(req)
if err != nil { if err != nil {
return nil, err return nil, err