forked from TrueCloudLab/distribution
Merge pull request #3908 from thaJeztah/2.8_backport_bump_go1.19.9
[release/2.8 backport] update to go1.19.9
This commit is contained in:
commit
4a35c451a0
20 changed files with 162 additions and 155 deletions
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
|
@ -25,7 +25,7 @@ jobs:
|
||||||
- name: Set up Go
|
- name: Set up Go
|
||||||
uses: actions/setup-go@v2
|
uses: actions/setup-go@v2
|
||||||
with:
|
with:
|
||||||
go-version: 1.18.8
|
go-version: 1.19.9
|
||||||
|
|
||||||
- name: Dependencies
|
- name: Dependencies
|
||||||
run: |
|
run: |
|
||||||
|
|
|
@ -18,3 +18,10 @@ run:
|
||||||
deadline: 2m
|
deadline: 2m
|
||||||
skip-dirs:
|
skip-dirs:
|
||||||
- vendor
|
- vendor
|
||||||
|
|
||||||
|
issues:
|
||||||
|
exclude-rules:
|
||||||
|
# io/ioutil is deprecated, but won't be removed until Go v2. It's safe to ignore for the release/2.8 branch.
|
||||||
|
- text: "SA1019: \"io/ioutil\" has been deprecated since Go 1.16"
|
||||||
|
linters:
|
||||||
|
- staticcheck
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# syntax=docker/dockerfile:1
|
# syntax=docker/dockerfile:1
|
||||||
|
|
||||||
ARG GO_VERSION=1.18.8
|
ARG GO_VERSION=1.19.9
|
||||||
ARG ALPINE_VERSION=3.16
|
ARG ALPINE_VERSION=3.16
|
||||||
ARG XX_VERSION=1.2.1
|
ARG XX_VERSION=1.2.1
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
// For example, to generate a new API specification, one would execute the
|
// For example, to generate a new API specification, one would execute the
|
||||||
// following command from the repo root:
|
// following command from the repo root:
|
||||||
//
|
//
|
||||||
// $ registry-api-descriptor-template docs/spec/api.md.tmpl > docs/spec/api.md
|
// $ registry-api-descriptor-template docs/spec/api.md.tmpl > docs/spec/api.md
|
||||||
//
|
//
|
||||||
// The templates are passed in the api/v2.APIDescriptor object. Please see the
|
// The templates are passed in the api/v2.APIDescriptor object. Please see the
|
||||||
// package documentation for fields available on that object. The template
|
// package documentation for fields available on that object. The template
|
||||||
|
|
|
@ -584,7 +584,7 @@ type Events struct {
|
||||||
IncludeReferences bool `yaml:"includereferences"` // include reference data in manifest events
|
IncludeReferences bool `yaml:"includereferences"` // include reference data in manifest events
|
||||||
}
|
}
|
||||||
|
|
||||||
//Ignore configures mediaTypes and actions of the event, that it won't be propagated
|
// Ignore configures mediaTypes and actions of the event, that it won't be propagated
|
||||||
type Ignore struct {
|
type Ignore struct {
|
||||||
MediaTypes []string `yaml:"mediatypes"` // target media types to ignore
|
MediaTypes []string `yaml:"mediatypes"` // target media types to ignore
|
||||||
Actions []string `yaml:"actions"` // ignore action types
|
Actions []string `yaml:"actions"` // ignore action types
|
||||||
|
|
|
@ -4,68 +4,68 @@
|
||||||
//
|
//
|
||||||
// The easiest way to get started is to get the background context:
|
// The easiest way to get started is to get the background context:
|
||||||
//
|
//
|
||||||
// ctx := context.Background()
|
// ctx := context.Background()
|
||||||
//
|
//
|
||||||
// The returned context should be passed around your application and be the
|
// The returned context should be passed around your application and be the
|
||||||
// root of all other context instances. If the application has a version, this
|
// root of all other context instances. If the application has a version, this
|
||||||
// line should be called before anything else:
|
// line should be called before anything else:
|
||||||
//
|
//
|
||||||
// ctx := context.WithVersion(context.Background(), version)
|
// ctx := context.WithVersion(context.Background(), version)
|
||||||
//
|
//
|
||||||
// The above will store the version in the context and will be available to
|
// The above will store the version in the context and will be available to
|
||||||
// the logger.
|
// the logger.
|
||||||
//
|
//
|
||||||
// Logging
|
// # Logging
|
||||||
//
|
//
|
||||||
// The most useful aspect of this package is GetLogger. This function takes
|
// The most useful aspect of this package is GetLogger. This function takes
|
||||||
// any context.Context interface and returns the current logger from the
|
// any context.Context interface and returns the current logger from the
|
||||||
// context. Canonical usage looks like this:
|
// context. Canonical usage looks like this:
|
||||||
//
|
//
|
||||||
// GetLogger(ctx).Infof("something interesting happened")
|
// GetLogger(ctx).Infof("something interesting happened")
|
||||||
//
|
//
|
||||||
// GetLogger also takes optional key arguments. The keys will be looked up in
|
// GetLogger also takes optional key arguments. The keys will be looked up in
|
||||||
// the context and reported with the logger. The following example would
|
// the context and reported with the logger. The following example would
|
||||||
// return a logger that prints the version with each log message:
|
// return a logger that prints the version with each log message:
|
||||||
//
|
//
|
||||||
// ctx := context.Context(context.Background(), "version", version)
|
// ctx := context.Context(context.Background(), "version", version)
|
||||||
// GetLogger(ctx, "version").Infof("this log message has a version field")
|
// GetLogger(ctx, "version").Infof("this log message has a version field")
|
||||||
//
|
//
|
||||||
// The above would print out a log message like this:
|
// The above would print out a log message like this:
|
||||||
//
|
//
|
||||||
// INFO[0000] this log message has a version field version=v2.0.0-alpha.2.m
|
// INFO[0000] this log message has a version field version=v2.0.0-alpha.2.m
|
||||||
//
|
//
|
||||||
// When used with WithLogger, we gain the ability to decorate the context with
|
// When used with WithLogger, we gain the ability to decorate the context with
|
||||||
// loggers that have information from disparate parts of the call stack.
|
// loggers that have information from disparate parts of the call stack.
|
||||||
// Following from the version example, we can build a new context with the
|
// Following from the version example, we can build a new context with the
|
||||||
// configured logger such that we always print the version field:
|
// configured logger such that we always print the version field:
|
||||||
//
|
//
|
||||||
// ctx = WithLogger(ctx, GetLogger(ctx, "version"))
|
// ctx = WithLogger(ctx, GetLogger(ctx, "version"))
|
||||||
//
|
//
|
||||||
// Since the logger has been pushed to the context, we can now get the version
|
// Since the logger has been pushed to the context, we can now get the version
|
||||||
// field for free with our log messages. Future calls to GetLogger on the new
|
// field for free with our log messages. Future calls to GetLogger on the new
|
||||||
// context will have the version field:
|
// context will have the version field:
|
||||||
//
|
//
|
||||||
// GetLogger(ctx).Infof("this log message has a version field")
|
// GetLogger(ctx).Infof("this log message has a version field")
|
||||||
//
|
//
|
||||||
// This becomes more powerful when we start stacking loggers. Let's say we
|
// This becomes more powerful when we start stacking loggers. Let's say we
|
||||||
// have the version logger from above but also want a request id. Using the
|
// have the version logger from above but also want a request id. Using the
|
||||||
// context above, in our request scoped function, we place another logger in
|
// context above, in our request scoped function, we place another logger in
|
||||||
// the context:
|
// the context:
|
||||||
//
|
//
|
||||||
// ctx = context.WithValue(ctx, "http.request.id", "unique id") // called when building request context
|
// ctx = context.WithValue(ctx, "http.request.id", "unique id") // called when building request context
|
||||||
// ctx = WithLogger(ctx, GetLogger(ctx, "http.request.id"))
|
// ctx = WithLogger(ctx, GetLogger(ctx, "http.request.id"))
|
||||||
//
|
//
|
||||||
// When GetLogger is called on the new context, "http.request.id" will be
|
// When GetLogger is called on the new context, "http.request.id" will be
|
||||||
// included as a logger field, along with the original "version" field:
|
// included as a logger field, along with the original "version" field:
|
||||||
//
|
//
|
||||||
// INFO[0000] this log message has a version field http.request.id=unique id version=v2.0.0-alpha.2.m
|
// INFO[0000] this log message has a version field http.request.id=unique id version=v2.0.0-alpha.2.m
|
||||||
//
|
//
|
||||||
// Note that this only affects the new context, the previous context, with the
|
// Note that this only affects the new context, the previous context, with the
|
||||||
// version field, can be used independently. Put another way, the new logger,
|
// version field, can be used independently. Put another way, the new logger,
|
||||||
// added to the request context, is unique to that context and can have
|
// added to the request context, is unique to that context and can have
|
||||||
// request scoped variables.
|
// request scoped variables.
|
||||||
//
|
//
|
||||||
// HTTP Requests
|
// # HTTP Requests
|
||||||
//
|
//
|
||||||
// This package also contains several methods for working with http requests.
|
// This package also contains several methods for working with http requests.
|
||||||
// The concepts are very similar to those described above. We simply place the
|
// The concepts are very similar to those described above. We simply place the
|
||||||
|
@ -73,13 +73,13 @@
|
||||||
// available. GetRequestLogger can then be called to get request specific
|
// available. GetRequestLogger can then be called to get request specific
|
||||||
// variables in a log line:
|
// variables in a log line:
|
||||||
//
|
//
|
||||||
// ctx = WithRequest(ctx, req)
|
// ctx = WithRequest(ctx, req)
|
||||||
// GetRequestLogger(ctx).Infof("request variables")
|
// GetRequestLogger(ctx).Infof("request variables")
|
||||||
//
|
//
|
||||||
// Like above, if we want to include the request data in all log messages in
|
// Like above, if we want to include the request data in all log messages in
|
||||||
// the context, we push the logger to a new context and use that one:
|
// the context, we push the logger to a new context and use that one:
|
||||||
//
|
//
|
||||||
// ctx = WithLogger(ctx, GetRequestLogger(ctx))
|
// ctx = WithLogger(ctx, GetRequestLogger(ctx))
|
||||||
//
|
//
|
||||||
// The concept is fairly powerful and ensures that calls throughout the stack
|
// The concept is fairly powerful and ensures that calls throughout the stack
|
||||||
// can be traced in log messages. Using the fields like "http.request.id", one
|
// can be traced in log messages. Using the fields like "http.request.id", one
|
||||||
|
|
|
@ -24,16 +24,16 @@ import (
|
||||||
//
|
//
|
||||||
// Here is an example of the usage:
|
// Here is an example of the usage:
|
||||||
//
|
//
|
||||||
// func timedOperation(ctx Context) {
|
// func timedOperation(ctx Context) {
|
||||||
// ctx, done := WithTrace(ctx)
|
// ctx, done := WithTrace(ctx)
|
||||||
// defer done("this will be the log message")
|
// defer done("this will be the log message")
|
||||||
// // ... function body ...
|
// // ... function body ...
|
||||||
// }
|
// }
|
||||||
//
|
//
|
||||||
// If the function ran for roughly 1s, such a usage would emit a log message
|
// If the function ran for roughly 1s, such a usage would emit a log message
|
||||||
// as follows:
|
// as follows:
|
||||||
//
|
//
|
||||||
// INFO[0001] this will be the log message trace.duration=1.004575763s trace.func=github.com/docker/distribution/context.traceOperation trace.id=<id> ...
|
// INFO[0001] this will be the log message trace.duration=1.004575763s trace.func=github.com/docker/distribution/context.traceOperation trace.id=<id> ...
|
||||||
//
|
//
|
||||||
// Notice that the function name is automatically resolved, along with the
|
// Notice that the function name is automatically resolved, along with the
|
||||||
// package and a trace id is emitted that can be linked with parent ids.
|
// package and a trace id is emitted that can be linked with parent ids.
|
||||||
|
|
|
@ -13,29 +13,29 @@
|
||||||
// particularly useful for checks that verify upstream connectivity or
|
// particularly useful for checks that verify upstream connectivity or
|
||||||
// database status, since they might take a long time to return/timeout.
|
// database status, since they might take a long time to return/timeout.
|
||||||
//
|
//
|
||||||
// Installing
|
// # Installing
|
||||||
//
|
//
|
||||||
// To install health, just import it in your application:
|
// To install health, just import it in your application:
|
||||||
//
|
//
|
||||||
// import "github.com/docker/distribution/health"
|
// import "github.com/docker/distribution/health"
|
||||||
//
|
//
|
||||||
// You can also (optionally) import "health/api" that will add two convenience
|
// You can also (optionally) import "health/api" that will add two convenience
|
||||||
// endpoints: "/debug/health/down" and "/debug/health/up". These endpoints add
|
// endpoints: "/debug/health/down" and "/debug/health/up". These endpoints add
|
||||||
// "manual" checks that allow the service to quickly be brought in/out of
|
// "manual" checks that allow the service to quickly be brought in/out of
|
||||||
// rotation.
|
// rotation.
|
||||||
//
|
//
|
||||||
// import _ "github.com/docker/distribution/health/api"
|
// import _ "github.com/docker/distribution/health/api"
|
||||||
//
|
//
|
||||||
// # curl localhost:5001/debug/health
|
// # curl localhost:5001/debug/health
|
||||||
// {}
|
// {}
|
||||||
// # curl -X POST localhost:5001/debug/health/down
|
// # curl -X POST localhost:5001/debug/health/down
|
||||||
// # curl localhost:5001/debug/health
|
// # curl localhost:5001/debug/health
|
||||||
// {"manual_http_status":"Manual Check"}
|
// {"manual_http_status":"Manual Check"}
|
||||||
//
|
//
|
||||||
// After importing these packages to your main application, you can start
|
// After importing these packages to your main application, you can start
|
||||||
// registering checks.
|
// registering checks.
|
||||||
//
|
//
|
||||||
// Registering Checks
|
// # Registering Checks
|
||||||
//
|
//
|
||||||
// The recommended way of registering checks is using a periodic Check.
|
// The recommended way of registering checks is using a periodic Check.
|
||||||
// PeriodicChecks run on a certain schedule and asynchronously update the
|
// PeriodicChecks run on a certain schedule and asynchronously update the
|
||||||
|
@ -45,22 +45,22 @@
|
||||||
// A trivial example of a check that runs every 5 seconds and shuts down our
|
// A trivial example of a check that runs every 5 seconds and shuts down our
|
||||||
// server if the current minute is even, could be added as follows:
|
// server if the current minute is even, could be added as follows:
|
||||||
//
|
//
|
||||||
// func currentMinuteEvenCheck() error {
|
// func currentMinuteEvenCheck() error {
|
||||||
// m := time.Now().Minute()
|
// m := time.Now().Minute()
|
||||||
// if m%2 == 0 {
|
// if m%2 == 0 {
|
||||||
// return errors.New("Current minute is even!")
|
// return errors.New("Current minute is even!")
|
||||||
// }
|
// }
|
||||||
// return nil
|
// return nil
|
||||||
// }
|
// }
|
||||||
//
|
//
|
||||||
// health.RegisterPeriodicFunc("minute_even", currentMinuteEvenCheck, time.Second*5)
|
// health.RegisterPeriodicFunc("minute_even", currentMinuteEvenCheck, time.Second*5)
|
||||||
//
|
//
|
||||||
// Alternatively, you can also make use of "RegisterPeriodicThresholdFunc" to
|
// Alternatively, you can also make use of "RegisterPeriodicThresholdFunc" to
|
||||||
// implement the exact same check, but add a threshold of failures after which
|
// implement the exact same check, but add a threshold of failures after which
|
||||||
// the check will be unhealthy. This is particularly useful for flaky Checks,
|
// the check will be unhealthy. This is particularly useful for flaky Checks,
|
||||||
// ensuring some stability of the service when handling them.
|
// ensuring some stability of the service when handling them.
|
||||||
//
|
//
|
||||||
// health.RegisterPeriodicThresholdFunc("minute_even", currentMinuteEvenCheck, time.Second*5, 4)
|
// health.RegisterPeriodicThresholdFunc("minute_even", currentMinuteEvenCheck, time.Second*5, 4)
|
||||||
//
|
//
|
||||||
// The lowest-level way to interact with the health package is calling
|
// The lowest-level way to interact with the health package is calling
|
||||||
// "Register" directly. Register allows you to pass in an arbitrary string and
|
// "Register" directly. Register allows you to pass in an arbitrary string and
|
||||||
|
@ -72,7 +72,7 @@
|
||||||
// Assuming you wish to register a method called "currentMinuteEvenCheck()
|
// Assuming you wish to register a method called "currentMinuteEvenCheck()
|
||||||
// error" you could do that by doing:
|
// error" you could do that by doing:
|
||||||
//
|
//
|
||||||
// health.Register("even_minute", health.CheckFunc(currentMinuteEvenCheck))
|
// health.Register("even_minute", health.CheckFunc(currentMinuteEvenCheck))
|
||||||
//
|
//
|
||||||
// CheckFunc is a convenience type that implements Checker.
|
// CheckFunc is a convenience type that implements Checker.
|
||||||
//
|
//
|
||||||
|
@ -80,11 +80,11 @@
|
||||||
// and the convenience method RegisterFunc. An example that makes the status
|
// and the convenience method RegisterFunc. An example that makes the status
|
||||||
// endpoint always return an error:
|
// endpoint always return an error:
|
||||||
//
|
//
|
||||||
// health.RegisterFunc("my_check", func() error {
|
// health.RegisterFunc("my_check", func() error {
|
||||||
// return Errors.new("This is an error!")
|
// return Errors.new("This is an error!")
|
||||||
// }))
|
// }))
|
||||||
//
|
//
|
||||||
// Examples
|
// # Examples
|
||||||
//
|
//
|
||||||
// You could also use the health checker mechanism to ensure your application
|
// You could also use the health checker mechanism to ensure your application
|
||||||
// only comes up if certain conditions are met, or to allow the developer to
|
// only comes up if certain conditions are met, or to allow the developer to
|
||||||
|
@ -92,35 +92,35 @@
|
||||||
// database connectivity and immediately takes the server out of rotation on
|
// database connectivity and immediately takes the server out of rotation on
|
||||||
// err:
|
// err:
|
||||||
//
|
//
|
||||||
// updater = health.NewStatusUpdater()
|
// updater = health.NewStatusUpdater()
|
||||||
// health.RegisterFunc("database_check", func() error {
|
// health.RegisterFunc("database_check", func() error {
|
||||||
// return updater.Check()
|
// return updater.Check()
|
||||||
// }))
|
// }))
|
||||||
//
|
//
|
||||||
// conn, err := Connect(...) // database call here
|
// conn, err := Connect(...) // database call here
|
||||||
// if err != nil {
|
// if err != nil {
|
||||||
// updater.Update(errors.New("Error connecting to the database: " + err.Error()))
|
// updater.Update(errors.New("Error connecting to the database: " + err.Error()))
|
||||||
// }
|
// }
|
||||||
//
|
//
|
||||||
// You can also use the predefined Checkers that come included with the health
|
// You can also use the predefined Checkers that come included with the health
|
||||||
// package. First, import the checks:
|
// package. First, import the checks:
|
||||||
//
|
//
|
||||||
// import "github.com/docker/distribution/health/checks
|
// import "github.com/docker/distribution/health/checks
|
||||||
//
|
//
|
||||||
// After that you can make use of any of the provided checks. An example of
|
// After that you can make use of any of the provided checks. An example of
|
||||||
// using a `FileChecker` to take the application out of rotation if a certain
|
// using a `FileChecker` to take the application out of rotation if a certain
|
||||||
// file exists can be done as follows:
|
// file exists can be done as follows:
|
||||||
//
|
//
|
||||||
// health.Register("fileChecker", health.PeriodicChecker(checks.FileChecker("/tmp/disable"), time.Second*5))
|
// health.Register("fileChecker", health.PeriodicChecker(checks.FileChecker("/tmp/disable"), time.Second*5))
|
||||||
//
|
//
|
||||||
// After registering the check, it is trivial to take an application out of
|
// After registering the check, it is trivial to take an application out of
|
||||||
// rotation from the console:
|
// rotation from the console:
|
||||||
//
|
//
|
||||||
// # curl localhost:5001/debug/health
|
// # curl localhost:5001/debug/health
|
||||||
// {}
|
// {}
|
||||||
// # touch /tmp/disable
|
// # touch /tmp/disable
|
||||||
// # curl localhost:5001/debug/health
|
// # curl localhost:5001/debug/health
|
||||||
// {"fileChecker":"file exists"}
|
// {"fileChecker":"file exists"}
|
||||||
//
|
//
|
||||||
// FileChecker only accepts absolute or relative file path. It does not work
|
// FileChecker only accepts absolute or relative file path. It does not work
|
||||||
// properly with tilde(~). You should make sure that the application has
|
// properly with tilde(~). You should make sure that the application has
|
||||||
|
@ -132,5 +132,5 @@
|
||||||
// "HTTPChecker", but ensure that you only mark the test unhealthy if there
|
// "HTTPChecker", but ensure that you only mark the test unhealthy if there
|
||||||
// are a minimum of two failures in a row:
|
// are a minimum of two failures in a row:
|
||||||
//
|
//
|
||||||
// health.Register("httpChecker", health.PeriodicThresholdChecker(checks.HTTPChecker("https://www.google.pt"), time.Second*5, 2))
|
// health.Register("httpChecker", health.PeriodicThresholdChecker(checks.HTTPChecker("https://www.google.pt"), time.Second*5, 2))
|
||||||
package health
|
package health
|
||||||
|
|
|
@ -3,13 +3,13 @@
|
||||||
//
|
//
|
||||||
// Grammar
|
// Grammar
|
||||||
//
|
//
|
||||||
// reference := name [ ":" tag ] [ "@" digest ]
|
// reference := name [ ":" tag ] [ "@" digest ]
|
||||||
// name := [domain '/'] path-component ['/' path-component]*
|
// name := [domain '/'] path-component ['/' path-component]*
|
||||||
// domain := domain-component ['.' domain-component]* [':' port-number]
|
// domain := domain-component ['.' domain-component]* [':' port-number]
|
||||||
// domain-component := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
|
// domain-component := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
|
||||||
// port-number := /[0-9]+/
|
// port-number := /[0-9]+/
|
||||||
// path-component := alpha-numeric [separator alpha-numeric]*
|
// path-component := alpha-numeric [separator alpha-numeric]*
|
||||||
// alpha-numeric := /[a-z0-9]+/
|
// alpha-numeric := /[a-z0-9]+/
|
||||||
// separator := /[_.]|__|[-]*/
|
// separator := /[_.]|__|[-]*/
|
||||||
//
|
//
|
||||||
// tag := /[\w][\w.-]{0,127}/
|
// tag := /[\w][\w.-]{0,127}/
|
||||||
|
|
|
@ -8,28 +8,27 @@
|
||||||
// An implementation registers its access controller by name with a constructor
|
// An implementation registers its access controller by name with a constructor
|
||||||
// which accepts an options map for configuring the access controller.
|
// which accepts an options map for configuring the access controller.
|
||||||
//
|
//
|
||||||
// options := map[string]interface{}{"sillySecret": "whysosilly?"}
|
// options := map[string]interface{}{"sillySecret": "whysosilly?"}
|
||||||
// accessController, _ := auth.GetAccessController("silly", options)
|
// accessController, _ := auth.GetAccessController("silly", options)
|
||||||
//
|
//
|
||||||
// This `accessController` can then be used in a request handler like so:
|
// This `accessController` can then be used in a request handler like so:
|
||||||
//
|
//
|
||||||
// func updateOrder(w http.ResponseWriter, r *http.Request) {
|
// func updateOrder(w http.ResponseWriter, r *http.Request) {
|
||||||
// orderNumber := r.FormValue("orderNumber")
|
// orderNumber := r.FormValue("orderNumber")
|
||||||
// resource := auth.Resource{Type: "customerOrder", Name: orderNumber}
|
// resource := auth.Resource{Type: "customerOrder", Name: orderNumber}
|
||||||
// access := auth.Access{Resource: resource, Action: "update"}
|
// access := auth.Access{Resource: resource, Action: "update"}
|
||||||
//
|
//
|
||||||
// if ctx, err := accessController.Authorized(ctx, access); err != nil {
|
// if ctx, err := accessController.Authorized(ctx, access); err != nil {
|
||||||
// if challenge, ok := err.(auth.Challenge) {
|
// if challenge, ok := err.(auth.Challenge) {
|
||||||
// // Let the challenge write the response.
|
// // Let the challenge write the response.
|
||||||
// challenge.SetHeaders(r, w)
|
// challenge.SetHeaders(r, w)
|
||||||
// w.WriteHeader(http.StatusUnauthorized)
|
// w.WriteHeader(http.StatusUnauthorized)
|
||||||
// return
|
// return
|
||||||
// } else {
|
// } else {
|
||||||
// // Some other error.
|
// // Some other error.
|
||||||
// }
|
|
||||||
// }
|
// }
|
||||||
// }
|
// }
|
||||||
//
|
// }
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|
|
@ -185,13 +185,15 @@ func (t *Token) Verify(verifyOpts VerifyOptions) error {
|
||||||
|
|
||||||
// VerifySigningKey attempts to get the key which was used to sign this token.
|
// VerifySigningKey attempts to get the key which was used to sign this token.
|
||||||
// The token header should contain either of these 3 fields:
|
// The token header should contain either of these 3 fields:
|
||||||
// `x5c` - The x509 certificate chain for the signing key. Needs to be
|
//
|
||||||
// verified.
|
// `x5c` - The x509 certificate chain for the signing key. Needs to be
|
||||||
// `jwk` - The JSON Web Key representation of the signing key.
|
// verified.
|
||||||
// May contain its own `x5c` field which needs to be verified.
|
// `jwk` - The JSON Web Key representation of the signing key.
|
||||||
// `kid` - The unique identifier for the key. This library interprets it
|
// May contain its own `x5c` field which needs to be verified.
|
||||||
// as a libtrust fingerprint. The key itself can be looked up in
|
// `kid` - The unique identifier for the key. This library interprets it
|
||||||
// the trustedKeys field of the given verify options.
|
// as a libtrust fingerprint. The key itself can be looked up in
|
||||||
|
// the trustedKeys field of the given verify options.
|
||||||
|
//
|
||||||
// Each of these methods are tried in that order of preference until the
|
// Each of these methods are tried in that order of preference until the
|
||||||
// signing key is found or an error is returned.
|
// signing key is found or an error is returned.
|
||||||
func (t *Token) VerifySigningKey(verifyOpts VerifyOptions) (signingKey libtrust.PublicKey, err error) {
|
func (t *Token) VerifySigningKey(verifyOpts VerifyOptions) (signingKey libtrust.PublicKey, err error) {
|
||||||
|
|
|
@ -307,10 +307,10 @@ func writeTempRootCerts(rootKeys []libtrust.PrivateKey) (filename string, err er
|
||||||
// TestAccessController tests complete integration of the token auth package.
|
// TestAccessController tests complete integration of the token auth package.
|
||||||
// It starts by mocking the options for a token auth accessController which
|
// It starts by mocking the options for a token auth accessController which
|
||||||
// it creates. It then tries a few mock requests:
|
// it creates. It then tries a few mock requests:
|
||||||
// - don't supply a token; should error with challenge
|
// - don't supply a token; should error with challenge
|
||||||
// - supply an invalid token; should error with challenge
|
// - supply an invalid token; should error with challenge
|
||||||
// - supply a token with insufficient access; should error with challenge
|
// - supply a token with insufficient access; should error with challenge
|
||||||
// - supply a valid token; should not error
|
// - supply a valid token; should not error
|
||||||
func TestAccessController(t *testing.T) {
|
func TestAccessController(t *testing.T) {
|
||||||
// Make 2 keys; only the first is to be a trusted root key.
|
// Make 2 keys; only the first is to be a trusted root key.
|
||||||
rootKeys, err := makeRootKeys(2)
|
rootKeys, err := makeRootKeys(2)
|
||||||
|
|
|
@ -6,14 +6,14 @@
|
||||||
// struct such that calls are proxied through this implementation. First,
|
// struct such that calls are proxied through this implementation. First,
|
||||||
// declare the internal driver, as follows:
|
// declare the internal driver, as follows:
|
||||||
//
|
//
|
||||||
// type driver struct { ... internal ...}
|
// type driver struct { ... internal ...}
|
||||||
//
|
//
|
||||||
// The resulting type should implement StorageDriver such that it can be the
|
// The resulting type should implement StorageDriver such that it can be the
|
||||||
// target of a Base struct. The exported type can then be declared as follows:
|
// target of a Base struct. The exported type can then be declared as follows:
|
||||||
//
|
//
|
||||||
// type Driver struct {
|
// type Driver struct {
|
||||||
// Base
|
// Base
|
||||||
// }
|
// }
|
||||||
//
|
//
|
||||||
// Because Driver embeds Base, it effectively implements Base. If the driver
|
// Because Driver embeds Base, it effectively implements Base. If the driver
|
||||||
// needs to intercept a call, before going to base, Driver should implement
|
// needs to intercept a call, before going to base, Driver should implement
|
||||||
|
@ -23,15 +23,15 @@
|
||||||
// To further shield the embed from other packages, it is recommended to
|
// To further shield the embed from other packages, it is recommended to
|
||||||
// employ a private embed struct:
|
// employ a private embed struct:
|
||||||
//
|
//
|
||||||
// type baseEmbed struct {
|
// type baseEmbed struct {
|
||||||
// base.Base
|
// base.Base
|
||||||
// }
|
// }
|
||||||
//
|
//
|
||||||
// Then, declare driver to embed baseEmbed, rather than Base directly:
|
// Then, declare driver to embed baseEmbed, rather than Base directly:
|
||||||
//
|
//
|
||||||
// type Driver struct {
|
// type Driver struct {
|
||||||
// baseEmbed
|
// baseEmbed
|
||||||
// }
|
// }
|
||||||
//
|
//
|
||||||
// The type now implements StorageDriver, proxying through Base, without
|
// The type now implements StorageDriver, proxying through Base, without
|
||||||
// exporting an unnecessary field.
|
// exporting an unnecessary field.
|
||||||
|
|
|
@ -145,7 +145,7 @@ func (r *regulator) Stat(ctx context.Context, path string) (storagedriver.FileIn
|
||||||
}
|
}
|
||||||
|
|
||||||
// List returns a list of the objects that are direct descendants of the
|
// List returns a list of the objects that are direct descendants of the
|
||||||
//given path.
|
// given path.
|
||||||
func (r *regulator) List(ctx context.Context, path string) ([]string, error) {
|
func (r *regulator) List(ctx context.Context, path string) ([]string, error) {
|
||||||
r.enter()
|
r.enter()
|
||||||
defer r.exit()
|
defer r.exit()
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
// Package middleware - cloudfront wrapper for storage libs
|
// Package middleware - cloudfront wrapper for storage libs
|
||||||
// N.B. currently only works with S3, not arbitrary sites
|
// N.B. currently only works with S3, not arbitrary sites
|
||||||
//
|
|
||||||
package middleware
|
package middleware
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
@ -38,7 +37,9 @@ var _ storagedriver.StorageDriver = &cloudFrontStorageMiddleware{}
|
||||||
|
|
||||||
// Optional options: ipFilteredBy, awsregion
|
// Optional options: ipFilteredBy, awsregion
|
||||||
// ipfilteredby: valid value "none|aws|awsregion". "none", do not filter any IP, default value. "aws", only aws IP goes
|
// ipfilteredby: valid value "none|aws|awsregion". "none", do not filter any IP, default value. "aws", only aws IP goes
|
||||||
// to S3 directly. "awsregion", only regions listed in awsregion options goes to S3 directly
|
//
|
||||||
|
// to S3 directly. "awsregion", only regions listed in awsregion options goes to S3 directly
|
||||||
|
//
|
||||||
// awsregion: a comma separated string of AWS regions.
|
// awsregion: a comma separated string of AWS regions.
|
||||||
func newCloudFrontStorageMiddleware(storageDriver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error) {
|
func newCloudFrontStorageMiddleware(storageDriver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error) {
|
||||||
// parse baseurl
|
// parse baseurl
|
||||||
|
|
|
@ -82,7 +82,7 @@ var validRegions = map[string]struct{}{}
|
||||||
// validObjectACLs contains known s3 object Acls
|
// validObjectACLs contains known s3 object Acls
|
||||||
var validObjectACLs = map[string]struct{}{}
|
var validObjectACLs = map[string]struct{}{}
|
||||||
|
|
||||||
//DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
|
// DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
|
||||||
type DriverParameters struct {
|
type DriverParameters struct {
|
||||||
AccessKey string
|
AccessKey string
|
||||||
SecretKey string
|
SecretKey string
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
v1 "github.com/opencontainers/image-spec/specs-go/v1"
|
v1 "github.com/opencontainers/image-spec/specs-go/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
//ocischemaManifestHandler is a ManifestHandler that covers ocischema manifests.
|
// ocischemaManifestHandler is a ManifestHandler that covers ocischema manifests.
|
||||||
type ocischemaManifestHandler struct {
|
type ocischemaManifestHandler struct {
|
||||||
repository distribution.Repository
|
repository distribution.Repository
|
||||||
blobStore distribution.BlobStore
|
blobStore distribution.BlobStore
|
||||||
|
|
|
@ -23,25 +23,25 @@ const (
|
||||||
//
|
//
|
||||||
// The path layout in the storage backend is roughly as follows:
|
// The path layout in the storage backend is roughly as follows:
|
||||||
//
|
//
|
||||||
// <root>/v2
|
// <root>/v2
|
||||||
// -> repositories/
|
// -> repositories/
|
||||||
// -><name>/
|
// -><name>/
|
||||||
// -> _manifests/
|
// -> _manifests/
|
||||||
// revisions
|
// revisions
|
||||||
// -> <manifest digest path>
|
// -> <manifest digest path>
|
||||||
// -> link
|
// -> link
|
||||||
// tags/<tag>
|
// tags/<tag>
|
||||||
// -> current/link
|
// -> current/link
|
||||||
// -> index
|
// -> index
|
||||||
// -> <algorithm>/<hex digest>/link
|
// -> <algorithm>/<hex digest>/link
|
||||||
// -> _layers/
|
// -> _layers/
|
||||||
// <layer links to blob store>
|
// <layer links to blob store>
|
||||||
// -> _uploads/<id>
|
// -> _uploads/<id>
|
||||||
// data
|
// data
|
||||||
// startedat
|
// startedat
|
||||||
// hashstates/<algorithm>/<offset>
|
// hashstates/<algorithm>/<offset>
|
||||||
// -> blob/<algorithm>
|
// -> blob/<algorithm>
|
||||||
// <split directory content addressable storage>
|
// <split directory content addressable storage>
|
||||||
//
|
//
|
||||||
// The storage backend layout is broken up into a content-addressable blob
|
// The storage backend layout is broken up into a content-addressable blob
|
||||||
// store and repositories. The content-addressable blob store holds most data
|
// store and repositories. The content-addressable blob store holds most data
|
||||||
|
@ -71,35 +71,35 @@ const (
|
||||||
//
|
//
|
||||||
// Manifests:
|
// Manifests:
|
||||||
//
|
//
|
||||||
// manifestRevisionsPathSpec: <root>/v2/repositories/<name>/_manifests/revisions/
|
// manifestRevisionsPathSpec: <root>/v2/repositories/<name>/_manifests/revisions/
|
||||||
// manifestRevisionPathSpec: <root>/v2/repositories/<name>/_manifests/revisions/<algorithm>/<hex digest>/
|
// manifestRevisionPathSpec: <root>/v2/repositories/<name>/_manifests/revisions/<algorithm>/<hex digest>/
|
||||||
// manifestRevisionLinkPathSpec: <root>/v2/repositories/<name>/_manifests/revisions/<algorithm>/<hex digest>/link
|
// manifestRevisionLinkPathSpec: <root>/v2/repositories/<name>/_manifests/revisions/<algorithm>/<hex digest>/link
|
||||||
//
|
//
|
||||||
// Tags:
|
// Tags:
|
||||||
//
|
//
|
||||||
// manifestTagsPathSpec: <root>/v2/repositories/<name>/_manifests/tags/
|
// manifestTagsPathSpec: <root>/v2/repositories/<name>/_manifests/tags/
|
||||||
// manifestTagPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/
|
// manifestTagPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/
|
||||||
// manifestTagCurrentPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/current/link
|
// manifestTagCurrentPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/current/link
|
||||||
// manifestTagIndexPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/
|
// manifestTagIndexPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/
|
||||||
// manifestTagIndexEntryPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/<algorithm>/<hex digest>/
|
// manifestTagIndexEntryPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/<algorithm>/<hex digest>/
|
||||||
// manifestTagIndexEntryLinkPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/<algorithm>/<hex digest>/link
|
// manifestTagIndexEntryLinkPathSpec: <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/<algorithm>/<hex digest>/link
|
||||||
//
|
//
|
||||||
// Blobs:
|
// Blobs:
|
||||||
//
|
//
|
||||||
// layerLinkPathSpec: <root>/v2/repositories/<name>/_layers/<algorithm>/<hex digest>/link
|
// layerLinkPathSpec: <root>/v2/repositories/<name>/_layers/<algorithm>/<hex digest>/link
|
||||||
//
|
//
|
||||||
// Uploads:
|
// Uploads:
|
||||||
//
|
//
|
||||||
// uploadDataPathSpec: <root>/v2/repositories/<name>/_uploads/<id>/data
|
// uploadDataPathSpec: <root>/v2/repositories/<name>/_uploads/<id>/data
|
||||||
// uploadStartedAtPathSpec: <root>/v2/repositories/<name>/_uploads/<id>/startedat
|
// uploadStartedAtPathSpec: <root>/v2/repositories/<name>/_uploads/<id>/startedat
|
||||||
// uploadHashStatePathSpec: <root>/v2/repositories/<name>/_uploads/<id>/hashstates/<algorithm>/<offset>
|
// uploadHashStatePathSpec: <root>/v2/repositories/<name>/_uploads/<id>/hashstates/<algorithm>/<offset>
|
||||||
//
|
//
|
||||||
// Blob Store:
|
// Blob Store:
|
||||||
//
|
//
|
||||||
// blobsPathSpec: <root>/v2/blobs/
|
// blobsPathSpec: <root>/v2/blobs/
|
||||||
// blobPathSpec: <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>
|
// blobPathSpec: <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>
|
||||||
// blobDataPathSpec: <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>/data
|
// blobDataPathSpec: <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>/data
|
||||||
// blobMediaTypePathSpec: <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>/data
|
// blobMediaTypePathSpec: <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>/data
|
||||||
//
|
//
|
||||||
// For more information on the semantic meaning of each path and their
|
// For more information on the semantic meaning of each path and their
|
||||||
// contents, please see the path spec documentation.
|
// contents, please see the path spec documentation.
|
||||||
|
@ -339,11 +339,11 @@ func (manifestTagIndexEntryLinkPathSpec) pathSpec() {}
|
||||||
// blob id. The blob link will contain a content addressable blob id reference
|
// blob id. The blob link will contain a content addressable blob id reference
|
||||||
// into the blob store. The format of the contents is as follows:
|
// into the blob store. The format of the contents is as follows:
|
||||||
//
|
//
|
||||||
// <algorithm>:<hex digest of layer data>
|
// <algorithm>:<hex digest of layer data>
|
||||||
//
|
//
|
||||||
// The following example of the file contents is more illustrative:
|
// The following example of the file contents is more illustrative:
|
||||||
//
|
//
|
||||||
// sha256:96443a84ce518ac22acb2e985eda402b58ac19ce6f91980bde63726a79d80b36
|
// sha256:96443a84ce518ac22acb2e985eda402b58ac19ce6f91980bde63726a79d80b36
|
||||||
//
|
//
|
||||||
// This indicates that there is a blob with the id/digest, calculated via
|
// This indicates that there is a blob with the id/digest, calculated via
|
||||||
// sha256 that can be fetched from the blob store.
|
// sha256 that can be fetched from the blob store.
|
||||||
|
@ -429,13 +429,12 @@ func (repositoriesRootPathSpec) pathSpec() {}
|
||||||
// digestPathComponents provides a consistent path breakdown for a given
|
// digestPathComponents provides a consistent path breakdown for a given
|
||||||
// digest. For a generic digest, it will be as follows:
|
// digest. For a generic digest, it will be as follows:
|
||||||
//
|
//
|
||||||
// <algorithm>/<hex digest>
|
// <algorithm>/<hex digest>
|
||||||
//
|
//
|
||||||
// If multilevel is true, the first two bytes of the digest will separate
|
// If multilevel is true, the first two bytes of the digest will separate
|
||||||
// groups of digest folder. It will be as follows:
|
// groups of digest folder. It will be as follows:
|
||||||
//
|
//
|
||||||
// <algorithm>/<first two bytes of digest>/<full digest>
|
// <algorithm>/<first two bytes of digest>/<full digest>
|
||||||
//
|
|
||||||
func digestPathComponents(dgst digest.Digest, multilevel bool) ([]string, error) {
|
func digestPathComponents(dgst digest.Digest, multilevel bool) ([]string, error) {
|
||||||
if err := dgst.Validate(); err != nil {
|
if err := dgst.Validate(); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -18,7 +18,7 @@ var (
|
||||||
errInvalidURL = errors.New("invalid URL on layer")
|
errInvalidURL = errors.New("invalid URL on layer")
|
||||||
)
|
)
|
||||||
|
|
||||||
//schema2ManifestHandler is a ManifestHandler that covers schema2 manifests.
|
// schema2ManifestHandler is a ManifestHandler that covers schema2 manifests.
|
||||||
type schema2ManifestHandler struct {
|
type schema2ManifestHandler struct {
|
||||||
repository distribution.Repository
|
repository distribution.Repository
|
||||||
blobStore distribution.BlobStore
|
blobStore distribution.BlobStore
|
||||||
|
|
|
@ -9,13 +9,12 @@ import (
|
||||||
// FprintVersion outputs the version string to the writer, in the following
|
// FprintVersion outputs the version string to the writer, in the following
|
||||||
// format, followed by a newline:
|
// format, followed by a newline:
|
||||||
//
|
//
|
||||||
// <cmd> <project> <version>
|
// <cmd> <project> <version>
|
||||||
//
|
//
|
||||||
// For example, a binary "registry" built from github.com/docker/distribution
|
// For example, a binary "registry" built from github.com/docker/distribution
|
||||||
// with version "v2.0" would print the following:
|
// with version "v2.0" would print the following:
|
||||||
//
|
//
|
||||||
// registry github.com/docker/distribution v2.0
|
// registry github.com/docker/distribution v2.0
|
||||||
//
|
|
||||||
func FprintVersion(w io.Writer) {
|
func FprintVersion(w io.Writer) {
|
||||||
fmt.Fprintln(w, os.Args[0], Package, Version)
|
fmt.Fprintln(w, os.Args[0], Package, Version)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue