Commit graph

2204 commits

Author SHA1 Message Date
Derek McGowan
4df7c18266 Merge pull request #1951 from nwt/downgrade-token-auth-jwt-logging
Downgrade token auth JWT logging from error to info
2016-09-07 11:52:47 -07:00
Noah Treuhaft
91f268e5a5 Downgrade token auth JWT logging from error to info
The token auth package logs JWT validation and verification failures at
the `error` level.  But from the server's perspective, these aren't
errors.  They're the expected response to bad input.  Logging them at
the `info` level better reflects that distinction.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-09-07 10:45:06 -07:00
Derek McGowan
ed0b3aebb3 Merge pull request #1935 from vieux/update+plugin+media
update plugin MediaType
2016-09-06 09:51:20 -07:00
Derek McGowan
cbdca10ab0 Merge pull request #1949 from mikebrow/building-link
fixes link to building.md
2016-09-06 09:42:15 -07:00
Mike Brown
d1383450e9 fixes link to building.md
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-09-06 11:16:03 -05:00
Victor Vieux
de9aa8466f upate plugin MediaType
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-09-06 03:34:24 -07:00
Stephen J Day
668b0a5f40
handlers: provide better log message on mismatched secret
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-09-02 15:24:35 -07:00
Serge Dubrouski
a1a2757fb0 manifestServiceListener.Get to pass down options parameter
Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com>
2016-09-01 18:50:56 -06:00
Richard Scothern
49c1a62cb2 Merge pull request #1940 from dmcgowan/lets-encrypt-port-note
Add note about required let's encrypt port
2016-09-01 16:13:18 -07:00
Derek McGowan
279c02a3ce
Add note about required let's encrypt port
Let's Encrypt uses tls-sni to validate the certificate
on the standard https port 443. If the registry is
outwardly listening on a different port Let's Encrypt
will not issue a certificate.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-09-01 15:11:44 -07:00
Stan Hu
462bb55c3f Fix missing auth headers with PATCH HTTP request when pushing to default port
If a user specifies `mydomain.com:443` in the `Host` configuration, the
PATCH request for the layer upload will fail because the challenge does not
appear to be in the map. To fix this, we normalize the map keys to always
use the Host:Port combination.

Closes https://github.com/docker/docker/issues/18469

Signed-off-by: Stan Hu <stanhu@gmail.com>
2016-09-01 14:46:31 -07:00
Fabio Berchtold
7dcac52f18 Add v2 signature signing to S3 storage driver (#1800)
* Add v2 signature signing to S3 storage driver

Closes #1796
Closes #1606

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>

* use Logrus for debug logging

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>

* use 'date' instead of 'x-amz-date' in request header

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>

* only allow v4 signature signing against AWS S3

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>
2016-09-01 13:52:40 -07:00
Jason Heiss
d04481e388 Check PEM block type when reading token cert file
closes #1909

Signed-off-by: Jason Heiss <jheiss@twosigma.com>
2016-09-01 16:48:55 -04:00
Richard Scothern
49da29ee46 Merge pull request #1925 from dmcgowan/reenable-race-detector
Re-enable race detector in circleci
2016-09-01 13:36:12 -07:00
Derek McGowan
41f383fb9a Merge pull request #1928 from ghostplant/master
Dynamically Parsing the Latest HTPassword File
2016-08-30 10:29:35 -07:00
Aaron Lehmann
2f16e6e7b3 Merge pull request #1932 from stevvooe/manifest-urls-fix
spec/manifest: clarify relationship between urls and foreign layers
2016-08-29 18:45:16 -07:00
Stephen J Day
6bcdb38b92
spec/manifest: clarify relationship between urls and foreign layers
Previously, the specificiation incorrectly bound the fates of `urls` and
foreign layers. These are complementary but unrelated features, in that
the `urls` field may be populated for layers that aren't foreign. The
type of the layer only dictates the push behavior of the layer, rather
than involving where it came from.

For example, one may pull a foreign layer from a registry, but they may
not push it back to another registry. Conversely, a layer that has no
restrictions on push/pull behavior may be fetched via `urls` entries.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-08-29 18:34:55 -07:00
Derek McGowan
205e606a4c Update proxy scheduler test to account for race
Running with the race detector may cause some parts
of the code to run slower causing a race in the scheduler
ordering.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-29 14:27:32 -07:00
Derek McGowan
6cd63c8bc0 Disable registry handlers race tests
Registry handlers tests currently takes up too
many resources for the race test to handle on circle ci.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-29 13:41:53 -07:00
Derek McGowan
b3e276ff93 Add hash map locking to proxy tests
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-29 13:39:24 -07:00
Derek McGowan
a50ce1ab93 Add locking to repository access in memory cache
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-26 18:10:42 -07:00
Derek McGowan
dabdc5e52b Fix access race in proxy scheduler
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-26 17:40:21 -07:00
Derek McGowan
b1b100cf01 Merge pull request #1923 from spacexnice/master
fix simpleAuthChallge concurrent problem
2016-08-26 17:31:09 -07:00
Derek McGowan
798b7331ca Add shutdown to test environment
Ensures test http server is fully closed before moving on with test.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-26 16:23:07 -07:00
Derek McGowan
38ee36eee4 Disable upload purging during test
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-26 16:23:07 -07:00
a-palchikov
82609180a1 tag service: properly handle error responses on HEAD requests by (#1918)
* tag service: properly handle error responses on HEAD requests by
re-issuing requests as GET for proper error details.

Fixes #1911.

Signed-off-by: dmitri <deemok@gmail.com>

* Simplify handling of failing HEAD requests in TagService and
make a GET request for cases:
  - if the server does not handle HEAD
  - if the response was an error to get error details

Signed-off-by: dmitri <deemok@gmail.com>

* Add a missing http.Response.Body.Close call for the GET request.

Signed-off-by: dmitri <deemok@gmail.com>
2016-08-26 14:35:04 -07:00
cuiwei13
169ff1d098 Dynamically Parsing the Latest HTPassword File
To parse the latest account list dynamically instead of restarting the distribution service frequently.

Signed-off-by: CUI Wei <ghostplant@qq.com>
2016-08-27 04:28:33 +08:00
spacexnice
68243306fb correct onerror behavior
Signed-off-by: spacexnice <yaoyao.xyy@alibaba-inc.com>
2016-08-26 09:41:54 +08:00
spacexnice
22cf89c02b gofmt -s do code format
Signed-off-by: spacexnice <yaoyao.xyy@alibaba-inc.com>
2016-08-25 07:34:36 +08:00
Matthew Green
dea554fc7c Swift driver now bulk deletes in chunks specified by the server (#1915)
Swift driver now bulk deletes in chunks specified by the server

Signed-off-by: Matthew Green <matthew.green@uk.ibm.com>
2016-08-24 10:09:25 -07:00
spacexnice
ca2b78dc0a adjust for loop
Signed-off-by: spacexnice <yaoyao.xyy@alibaba-inc.com>
2016-08-24 09:31:27 +08:00
Derek McGowan
6f43d2d4f0 Re-enable race detector in circle ci
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-23 17:31:40 -07:00
Richard Scothern
c24e10f70a Merge pull request #1924 from bowlofeggs/docs-comma_fix
Fix an erroneous comma in documentation JSON.
2016-08-23 15:26:26 -07:00
Randy Barlow
63b2e74b46
Fix an erroneous comma in documentation JSON.
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
2016-08-23 13:39:24 -04:00
spacexnice
44b8157572 fix simpleAuthChallge concurrent problem
Signed-off-by: spacexnice <yaoyao.xyy@alibaba-inc.com>
2016-08-23 22:09:18 +08:00
Richard Scothern
4107cdb633 Merge pull request #1919 from SvenDowideit/add-jenkinsfile
Add docs checking Jenkinsfile
2016-08-22 11:07:35 -07:00
Sven Dowideit
98f81b154f Add docs checking Jenkinsfile
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2016-08-22 12:19:30 +10:00
Richard Scothern
fd4dd8dd16 Merge pull request #1912 from bbodenmiller/patch-1
improve command formatting
2016-08-19 11:35:14 -07:00
Ben Bodenmiller
1f248a80a6 improve command formatting
Signed-off-by: Ben Bodenmiller <bbodenmiller@hotmail.com>
2016-08-19 02:33:02 -07:00
Richard Scothern
010e063270 Merge pull request #1906 from nwt/s3-multipart-copy
Use multipart upload API in S3 Move method
2016-08-17 15:22:32 -07:00
Derek McGowan
77b9d2997a Merge pull request #1901 from anusha-ragunathan/add-plugin-mediatype
Add plugin mediatype to distribution manifest.
2016-08-16 13:53:36 -07:00
Richard Scothern
c4297ef9da Merge pull request #1839 from adamvduke/adamvduke/allow-http2-registry-clients
Allow registry clients to connect via http2
2016-08-16 11:48:06 -07:00
Noah Treuhaft
63468ef4a8 Use multipart upload API in S3 Move method
This change to the S3 Move method uses S3's multipart upload API to copy
objects whose size exceeds a threshold.  Parts are copied concurrently.
The level of concurrency, part size, and threshold are all configurable
with reasonable defaults.

Using the multipart upload API has two benefits.

* The S3 Move method can now handle objects over 5 GB, fixing #886.

* Moving most objects, and espectially large ones, is faster.  For
  example, moving a 1 GB object averaged 30 seconds but now averages 10.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-08-16 10:53:24 -07:00
Richard Scothern
c810308d1b Merge pull request #1902 from majewsky/swift/support-tenant-domain-parameter
[swift] support different user-domain and tenant-domain
2016-08-15 10:45:12 -07:00
Stefan Majewsky
a7c6bfd59f [swift] support different user-domain and tenant-domain
This is already supported by ncw/swift, so we just need to pass the
parameters from the storage driver.

Signed-off-by: Stefan Majewsky <stefan.majewsky@sap.com>
2016-08-15 11:21:42 +02:00
Adam Duke
ac009c86f1 Allow registry clients to connect via http2
Http2 will be enabled by default and can be disabled with a configuration option.

Signed-off-by: Adam Duke <adam.v.duke@gmail.com>
2016-08-13 22:07:42 -04:00
Anusha Ragunathan
c202010f8a Add plugin mediatype to distribution manifest.
This is required for github.com/docker/docker/pull/25582

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-08-11 19:11:11 -07:00
Richard Scothern
c9fd26e9ef Merge pull request #1895 from hinshun/improve-enumerate
Improve catalog enumerate runtime by an order of magnitude
2016-08-11 10:53:36 -07:00
Richard Scothern
baca174469 Merge pull request #1892 from stevvooe/use-math-rand-reader
testutil, storage: use math/rand.Read where possible
2016-08-11 10:04:36 -07:00
Stephen J Day
040db51795
testutil, storage: use math/rand.Read where possible
Use the much faster math/rand.Read function where cryptographic
guarantees are not required. The unit test suite should speed up a
little bit but we've already optimized around this, so it may not
matter.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-08-10 14:26:12 -07:00