Commit graph

1947 commits

Author SHA1 Message Date
Derek McGowan
3943c4165c Make Named,Tagged, and Digested implement Reference
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-09 16:14:08 -07:00
Derek McGowan
6bd5b8c24e Update regexp to support repeated dash and double underscore
In order to support valid hostnames as name components, supporting repeated dash was added.
Additionally double underscore is now allowed as a separator to loosen the restriction for previously supported names.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-09 16:14:08 -07:00
Derek McGowan
bcda04d6cd Add field type for serialization
Since reference itself may be represented by multiple types which implement the reference inteface, serialization can lead to ambiguous type which cannot be deserialized.
Field wraps the reference object to ensure that the correct type is always deserialized, requiring an extra unwrap of the reference after deserialization.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-09 16:05:49 -07:00
Derek McGowan
31a448a628 Update to provide small and clear interfaces
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-09 16:05:49 -07:00
Tibor Vass
f8c09b6a7d Add a new reference package abstracting repositories, tags and digests
There seems to be a need for a type that represents a way of pointing
to an image, irrespective of the implementation.

This patch defines a Reference interface and provides 3 implementations:
- TagReference: when only a tag is provided
- DigestReference: when a digest (according to the digest package) is
  provided, can include optional tag as well

Validation of references are purely syntactic.

There is also a strong type for tags, analogous to digests, as well
as a strong type for Repository from which clients can access the
hostname alone, or the repository name without the hostname, or both
together via the String() method.

For Repository, the files names.go and names_test.go were moved from
the v2 package.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-10-09 16:05:34 -07:00
Brian Bland
90fe4b9256 Fixes documentation for swift driver "container" parameter
No longer claims that an additional segments container is used

Signed-off-by: Brian Bland <brian.bland@docker.com>
2015-10-08 16:51:57 -07:00
Derek McGowan
1d266b00e1 Merge pull request #1079 from mattmoor/allow-hostname-parts
Allow hostname components in component names.
2015-10-08 16:49:42 -07:00
Richard Scothern
515b9596e7 Fix a race condition in pull through cache population by removing the functionality
of readers joining current downloads.  Concurrent requests for the same blob
will not block, but only the first instance will be comitted locally.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-10-08 16:12:29 -07:00
Matt Moore
74c32a0a51 Allow hostname components in component names.
Fixes https://github.com/docker/distribution/issues/1062

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
2015-10-08 11:29:54 -07:00
Richard Scothern
4946d0d035 Merge pull request #1072 from compnski/patch-1
Update configuration.md
2015-10-08 10:12:21 -07:00
Jason Freidman
1c1917fd5a Update configuration.md
It seems that enabling proxy stops my instance from accepting local pushes, but I can't find mention of that in the docs.

Signed-off-by: Jason Freidman <jason@periscope.io>
2015-10-07 20:02:58 -07:00
Richard Scothern
a0007130cf Merge pull request #1076 from harche/patch-2
fixing registry version command example
2015-10-07 10:09:15 -07:00
harche
4ff7656ba1 Typo in command to check registry version
Signed-off-by: Harshal <p.harshal@gmail.com>
2015-10-07 16:38:42 +05:30
Richard Scothern
89bedf1e7f Merge pull request #1048 from docker/docs-secure-default
Correct the default setting of s3's "secure" parameter in configuration.md
2015-10-01 10:26:38 -07:00
Richard Scothern
61a4a1362c Merge pull request #950 from jackpgriffin/master
Skip creating swift container if already exists
2015-10-01 10:15:54 -07:00
Aaron Lehmann
7f83bfd8af Correct the default setting of s3's "secure" parameter in configuration.md
This defaults to true in the code, but the doc claimed it defaults to
false.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-30 18:41:06 -07:00
Aaron Lehmann
0a6988195e Add http.host parameter
This allows the administrator to specify an externally-reachable URL for
the registry. It takes precedence over the X-Forwarded-Proto and
X-Forwarded-Host headers, and the hostname in the request.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-30 15:12:01 -07:00
Derek McGowan
618ffe118b Merge pull request #1005 from xiekeyang/spec
add description to manifest spec
2015-09-30 11:47:16 -07:00
Richard Scothern
e760fb2dc6 Merge pull request #988 from tt/fix-incorrect-default
Fix incorrect default
2015-09-30 10:40:11 -07:00
Josh Hawn
0f670bdc91 [api spec] Update authN and authZ errors
Associate HTTP 401s with Authentication errors rather than Authorization
errors. Changes the meaning of the UNAUTHORIZED error to be authentication
specific.

Defines DENIED error code to be associated with authorization
errors which result in HTTP 403 responses.

Add 'No Such Repository' errors to more endpoints.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-09-30 09:12:31 -07:00
Stephen Day
497133f567 Merge pull request #1045 from tt/remove-duplicate-dependency-definition
Remove duplicate dependency definition
2015-09-30 13:19:35 +02:00
Stephen Day
7f2ffe0ad1 Merge pull request #1036 from dmcgowan/digest-set-update
Add remove and list functions to digest set
2015-09-30 13:17:41 +02:00
Stephen Day
ca2156d558 Merge pull request #1024 from aaronlehmann/avoid-testing-import
Avoid importing "testing" in externally-facing code
2015-09-30 13:14:42 +02:00
Troels Thomsen
6a3496d9a5 Remove duplicate dependency definition
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-30 10:48:28 +02:00
Troels Thomsen
5fc0c2f0b7 Use revision of saved package
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-30 10:48:21 +02:00
xiekeyang
da8ef7585d add description to manifest spec
This PR add some description to manifest spec.
It clarifies the relationship between `fsLayers` and `history` fields.

Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-09-30 10:16:46 +08:00
Richard Scothern
64660c68f2 Merge pull request #1042 from tt/upgrade-amazon-library
Upgrade Amazon library
2015-09-29 17:50:41 -07:00
Troels Thomsen
cca9f74eec Upgrade Amazon library to revision aa6e716d710a0c7941cb2075cfbb9661f16d21f1
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-30 00:29:17 +02:00
Aaron Lehmann
6acb3a0d7e Avoid importing "testing" in externally-facing code
The "testing" package adds some flags in its init function, so utilities
that import distribution code may print a page of extra testing flags in
their help output.

This commit solves the issue by moving an import of "testing" in the
registry/storage/cache package to a new
registry/storage/cache/cachecheck package, which is only imported by
tests.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-29 10:06:39 -07:00
Derek McGowan
dc6c54489c Add remove and list functions to digest set
Add mutex protection around set access

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-09-29 10:04:15 -07:00
Aaron Lehmann
14a4b4d9d6 Merge pull request #1001 from RichardScothern/fix-atrocity
Don't return nil, nil from functions
2015-09-28 13:34:11 -07:00
Troels Thomsen
cfe50c9ef4 Fix incorrect default
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-28 10:08:17 +02:00
Richard Scothern
d03c56129c Merge pull request #991 from mattmoor/expires_in_proposal
Fixes #684
2015-09-25 15:23:28 -07:00
Richard Scothern
07b05a72bb Merge pull request #999 from nakedible-p/patch-1
Remove initial access check from S3 driver
2015-09-25 15:23:03 -07:00
Richard Scothern
794975e9e6 Merge pull request #1014 from shyr/patch-3
Minor grammar fix : duplicated coordinators.
2015-09-23 10:04:33 -07:00
Sungho Moon
7bf66b6855 Minor grammar fix : duplicated coordinators.
Signed-off-by: Sungho Moon <sungho.moon@navercorp.com>
2015-09-23 11:40:13 +09:00
Aaron Lehmann
a601f92336 Add an "enabled" parameter under "readonly", and make it as if the mutable handlers don't exist when read-only mode is enabled
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:49:26 -07:00
Aaron Lehmann
c9bb330b71 Add a read-only mode as a configuration option
Add "readonly" under the storage/maintenance section. When this is set
to true, uploads and deletions will return 503 Service Unavailable
errors.

Document the parameter and add some unit testing.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:47:48 -07:00
Nuutti Kotivuori
26d8344872 Remove initial access check from S3 driver
In the S3 storage driver there is currently an initial access permission check by listing the bucket. If this check fails, registry will panic and exit.

However, this check is broken in two ways. First of all it strips the final slash from the root directory path, meaning that any access permissions which limit access to a single directory will fail, because S3 treats the path as strict prefix match. Secondly it fails to strip any leading slash that might be present, unlike the other access places, which means that the path used is different as a leading slash is allowed and significant in a filename in S3.

Since there is also a periodic health check which correctly checks access permissions and shows the error more cleanly, the best solution seems to be to just remove this initial access check.

Signed-off-by: Nuutti Kotivuori <nuutti.kotivuori@poplatek.fi>
2015-09-19 12:47:12 +03:00
Richard Scothern
f36ab5a834 Don't return a nil array and a nil error if the Tags endpoint cannot be found
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-18 16:19:41 -07:00
Richard Scothern
924913b4c3 Avoid returning nil, nil when fetching a manifest by tag by introducing a new
error ErrManifestNotModified which can be checked by clients.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-18 16:19:37 -07:00
Matt Moore
ca7c845dc0 Fixes #684
Split the discussion of v2 authentication into two parts:
1) A specification of the handshake between the client, registry and
authentication service.
2) A description of how `docker/distribution` implements this using JWT.

This should make it clearer that `#2` is an implementation detail, and
that clients should regard tokens as opaque entities that only the
registry and authentication service should understand.

Signed-off-by: Matt Moore <mattmoor@google.com>
2015-09-18 15:26:32 -07:00
Richard Scothern
f8109a78f9 Merge pull request #997 from xiekeyang/typo
typo
2015-09-18 12:03:58 -07:00
xiekeyang
78c760f898 typo
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-09-18 17:27:01 +08:00
Aaron Lehmann
f651c5d68e Merge pull request #981 from LouisKottmann/master
Add exemple proxy mistake whith nginx sitting behind an ELB
2015-09-17 14:35:12 -07:00
Louis Kottmann
4075e2bb3d Add exemple proxy mistake whith nginx sitting behind an ELB
closes #970

Signed-off-by: Louis Kottmann <louis.kottmann@gmail.com>
2015-09-17 12:46:12 +02:00
Richard Scothern
4271c60d98 Merge pull request #973 from jlhawn/update_token_spec
[docs/spec/auth] Clarify the Token auth workflow
2015-09-16 10:41:08 -07:00
Stephen Day
ece8e132bf Merge pull request #974 from stevvooe/context-cleanup
context: WithVersion and context package cleanup
2015-09-14 19:24:33 -07:00
Stephen J Day
530afa5234 Add WithVersion to context and other cleanup
By adding WithVersion to the context package, we can simplify context setup in
the application. This avoids some odd bugs where instantiation order can lead
to missing instance.id or version from log messages.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-09-14 17:14:31 -07:00
Josh Hawn
fb481ef843 [docs/spec/auth] Clarify the Token auth workflow
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-09-14 15:57:16 -07:00