Commit graph

342 commits

Author SHA1 Message Date
Stephen J Day
3f7f956f80 More consistent return from ErrorCode.Error()
To bring ErrorCode into liine with Go conventions, ErrorCode.Error() now
returns the "nice" value of the error code. This ensures error message assembly
works similar to commonly used Go conventions when directly using ErrorCode as
an error.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-20 17:36:24 -07:00
Stephen Day
e4b93d1e6d Merge pull request #893 from aaronlehmann/functional-opts
Functional options for NewRegistryWithDriver
2015-08-19 14:41:08 -07:00
Aaron Lehmann
5bef618ace Add a unit test which verifies the ResponseWriter endpoints see implements CloseNotifier
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-19 11:37:53 -07:00
Aaron Lehmann
dbbcf5fe42 Functional options for NewRegistryWithDriver
Clean up calling convention for NewRegistryWithDriver to use functional
arguments.

This is a first step towards the refactor described in #215. I plan to
add additional options in the process of moving configurable items from
the App structure to the registry structure.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-19 11:06:30 -07:00
Aaron Lehmann
0e7462f1dd Fix CloseNotifier handling and avoid "the ResponseWriter does not implement CloseNotifier" warnings in logs
A change in #763 to address review comments caused problems. Originally,
instrumentedResponseWriter implemented the CloseNotifier interface, and
would panic if it was wrapping something that did not implement that
interface. This was split into a separate instrumentedResponseWriterCN
type that implements CloseNotifier, so there's a fallback if
instrumentedResponseWriter ever needs to wrap something that does not
implement this interface.

instrumentedResponseWriter's Value method would end up upcasting either
type back to instrumentedResponseWriter, which does not implement the
interface. In effect, instrumentedResponseWriterCN was never visible to
the handler.

This fixes the problem by implementing a wrapper Value method for
instrumentedResponseWriterCN.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-18 17:28:51 -07:00
Aaron Lehmann
98d9b5f589 Fix tests after #846
Change checkResponse to only expect the configured
X-Content-Type-Options header if it doesn't receive a 405 error, which
means the handler isn't registered for that method.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-18 13:33:26 -07:00
Richard Scothern
f169359798 Merge pull request #846 from aaronlehmann/http-header-configuration
Add a section to the config file for HTTP headers to add to responses
2015-08-18 12:53:05 -07:00
Stephen J Day
641cdf3ba6 Remove pathMapper object
The use of the pathMapper is no longer needed the way we have organized the
code base. The extra level of indirection has proved unnecessary and confusing
so we've opted to clean it up. In the future, we may require more flexibility,
but now it is simply not required.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-17 18:51:05 -07:00
Richard Scothern
44c7fb9e6e Merge pull request #864 from stevvooe/use-correct-manifest-link
registry/storage: use correct manifest link
2015-08-12 15:13:45 -07:00
Stephen J Day
06a098c632 Maintain manifest link compatibility
Unfortunately, the 2.1 releease has written manfiest links into the wrong
directory. This doesn't affect new 2.1 deployments but fixing this to be 2.0
backwards compatible has broken 2.1.0 compatibility. To ensure we have
compatibility between 2.0, 2.1.0 and future releases, we now check one of
several locations to identify a manifest link.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-12 13:11:13 -07:00
Stephen J Day
d00586de9f Use correct path for manifest revision path
Unfortunately, the refactor used the incorrect path for manifest links within a
repository. While this didn't stop the registry from working, it did break
compatibility with 2.0 deployments for manifest fetches.

Tests were added to ensure these are locked down to the appropriate paths.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-12 13:10:15 -07:00
Aaron Lehmann
9c3bed6b88 Add a section to the config file for HTTP headers to add to responses
The example configuration files add X-Content-Type-Options: nosniff.

Add coverage in existing registry/handlers unit tests.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-11 16:41:38 -07:00
Richard Scothern
776a4ffbe8 Change some incorrect error types in proxy stores from API errors to
distribution errors.  Fill in missing checks for mutations on a registry pull-through
cache.  Add unit tests and update documentation.

Also, give v2.ErrorCodeUnsupported an HTTP status code, previously it was
defaulting to 500, now its 405 Method Not Allowed.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-11 14:16:24 -07:00
Stephen J Day
f141480d98 Move common error codes to errcode package
Several error codes are generally useful but tied to the v2 specification
definitions. This change moves these error code definitions into the common
package for use by the health package, which is not tied to the v2 API.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:58 -07:00
Stephen J Day
6ba799b69e Provide simple storage driver health check
To ensure the ensure the web application is properly operating, we've added a
periodic health check for the storage driver. If the health check fails three
times in a row, the registry will serve 503 response status for any request
until the condition is resolved. The condition is reported in the response body
and via the /debug/health endpoint.

To ensure that all drivers will properly operate with this health check, a
function has been added to the driver testsuite.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:52 -07:00
Vincent Giersch
6c39af6708 fix(rados): Create OMAP for root directory
When using the RADOS driver, the hierarchy of the files is stored
in OMAPs, but the root OMAP was not created and a call to List("/")
was returning an error instead of returned the first level files
stored. This patches creates an OMAP for "/" and excludes the listed
directory from the list of files returned.

Signed-off-by: Vincent Giersch <vincent@giersch.fr>
2015-08-10 23:46:33 +02:00
Aaron Lehmann
10f602b158 Don't panic when a http.ResponseWriter does not implement CloseNotifier
Instead, provide a variant of instrumentedResponseWriter that does not
implement CloseNotifier, and use that when necessary. In
copyFullPayload, log instead of panicing when we encounter something
that doesn't implement CloseNotifier.

This is more complicated than I'd like, but it's necessary because
instrumentedResponseWriter must not embed CloseNotifier unless there's
really a CloseNotifier to embed.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-06 15:50:54 -07:00
Stephen Day
a0c63372fa Merge pull request #779 from RichardScothern/pull-through-cache
Add pull through cache ability to the Registry.
2015-08-04 17:04:56 -07:00
Richard Scothern
94935f39bc Add pull through cache functionality to the Registry which can be configured
with a new `proxy` section in the configuration file.

Create a new registry type which delegates storage to a proxyBlobStore
and proxyManifestStore.  These stores will pull through data if not present
locally.  proxyBlobStore takes care not to write duplicate data to disk.

Add a scheduler to cleanup expired content. The scheduler runs as a background
goroutine.  When a blob or manifest is pulled through from the remote registry,
an entry is added to the scheduler with a TTL.  When the TTL expires the
scheduler calls a pre-specified function to remove the fetched resource.

Add token authentication to the registry middleware.  Get a token at startup
and preload the credential store with the username and password supplied in the
config file.

Allow resumable digest functionality to be disabled at runtime and disable
it when the registry is a pull through cache.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-04 16:09:55 -07:00
Stephen Day
ef1c72b978 Merge pull request #805 from RichardScothern/811
Spelling corrections
2015-08-04 14:50:32 -07:00
Aaron Lehmann
3a414deddb Merge pull request #514 from denverdino/master
Storage Driver for Aliyun OSS
2015-08-04 12:01:02 -07:00
Richard Scothern
db12c889e1 Merge pull request #763 from aaronlehmann/close-notifier
Use CloseNotifier to supress spurious HTTP 400 errors on early disconnect
2015-08-03 13:57:32 -07:00
Doug Davis
633eec0f91 Fix vet issue
registry/storage/blob_test.go:149: arg d for printf verb %s of wrong type: github.com/docker/distribution.Descriptor

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-08-03 12:24:34 -07:00
Richard Scothern
fb9662ad5a Add blob delete entry to api description and regenerate api.md
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-03 11:59:19 -07:00
Aaron Lehmann
609efa79e4 Set the response code to 499 when a client disconnects during an upload
The response code isn't actually sent to the client, because the
connection has already closed by this point. But it causes the status
code to appear as 499 in the logs instead of 0.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 17:39:30 -07:00
Aaron Lehmann
9c58954a6e Factor CloseNotifier use into a new function
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 17:30:26 -07:00
Aaron Lehmann
6cb5670ba5 Use CloseNotifier to supress spurious HTTP 400 errors on early disconnect
When a client disconnects without completing a HTTP request, we were
attempting to process the partial request, which usually leads to a 400
error. These errors can pollute the logs and make it more difficult to
track down real bugs.

This change uses CloseNotifier to detect disconnects. In combination
with checking Content-Length, we can detect a disconnect before sending
the full payload, and avoid logging a 400 error.

This logic is only applied to PUT, POST, and PATCH endpoints, as these
are the places where disconnects during a request are most likely to
happen.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 17:30:26 -07:00
Richard Scothern
bffa20d6bb Spelling corrections
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-07-31 16:43:11 -07:00
tgic
72c794a810 remove unused code and fix todo format
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:56 +08:00
tgic
e53d99a837 fix goimports
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:56 +08:00
tgic
0058b08eeb add include_oss build tag
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:56 +08:00
Li Yi
708ad28114 Update the comment for the consistency model
Change-Id: Iee49afeda1c11d6af8c0f26c96d8ccc328c22757
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:55 +08:00
Li Yi
539c7f5311 Update the comments for consistence model
Change-Id: I161522ee51f247fb17e42844b3699bd9031e34e8
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:55 +08:00
tgic
8e5c901a26 fix testcase TestReadStreamWithOffset incompatible with oss
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:55 +08:00
tgic
2a8535626f fix oss: got 403 in TestContinueStreamAppendLarge
Signed-off-by: tgic <farmer1992@gmail.com>
2015-07-31 13:22:55 +08:00
Li Yi
813543d6e3 Update the OSS test case for latest code change
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:55 +08:00
tgic
3a240de22e check access key and secret before run 2015-07-31 13:22:55 +08:00
tgic
3d30cb38f6 add endpoint support 2015-07-31 13:22:54 +08:00
Li Yi
c3b42db014 Add the secure access with HTTPS
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:54 +08:00
Li Yi
b8a276f2db Fix the warning of golint
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:54 +08:00
Li Yi
9e4975d8ff Support OSS driver
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:54 +08:00
Stephen Day
2b74c46795 Merge pull request #791 from stevvooe/add-double-domain-image-name
Add image name tests around hostnames
2015-07-30 14:35:27 -07:00
Stephen Day
ad1b7d8f35 Merge pull request #740 from stevvooe/disable-storage-redirects
Allow disabling of storage driver redirects
2015-07-30 14:28:31 -07:00
Stephen J Day
bb5466245c Add image name tests around hostnames
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-30 14:26:21 -07:00
Stephen Day
9038e48c3b Merge pull request #609 from RichardScothern/single-log-line
Log a single line when a response completes.
2015-07-29 17:52:13 -07:00
Richard Scothern
54f7e5d54b When a request completes ensure only one log line is printed which
includes the http response.

When debugging non-successful registry requests this will place
the error details and http status fields in the same log line
giving easier visibility to what error occured in the request.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-07-29 16:52:47 -07:00
Aaron Lehmann
70d9a9d543 Automatically generate a HTTP secret if none is provided
Log a warning if the registry generates its own secret.

Update configuration doc, and remove the default secret from the
development config file.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-29 14:28:56 -07:00
Aaron Lehmann
73702a8707 Fix for api_test.go
This passed in the #744 before merge, but apparently the test changed
since the PR was created in ways that led to a new failures.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-28 10:59:11 -07:00
Derek McGowan
0355c3026c Merge pull request #744 from aaronlehmann/manifest-put-response-code
Manifest PUT should return 201 Created
2015-07-28 10:42:54 -07:00
Stephen J Day
9f9a7f230b Allow disabling of starage driver redirects
Storage drivers can implement a method called URLFor which can return a direct
url for a given path. The functionality allows the registry to direct clients
to download content directly from the backend storage. This is commonly used
with s3 and cloudfront. Under certain conditions, such as when the registry is
not local to the backend, these redirects can hurt performance and waste
incoming bandwidth on pulls. This feature addition allows one to disable this
feature, if required.

Signed-off-by: Stephen J Day <stephen.day@docker.com>

Conflicts:
	configuration/configuration.go
	registry/handlers/app.go
	registry/storage/catalog_test.go
	registry/storage/manifeststore_test.go
	registry/storage/registry.go
2015-07-24 16:59:35 -07:00