Commit graph

2181 commits

Author SHA1 Message Date
Richard Scothern
252cc27ab1 Merge pull request #1988 from nwt/fix-s3-delete
Fix S3 Delete method's notion of subpaths
2016-10-11 11:14:29 -07:00
Richard Scothern
8261bd94f0 Merge pull request #1993 from dmcgowan/cleanup-makefile
Cleanup makefile
2016-10-11 10:46:09 -07:00
Derek McGowan
d9dc966209
Cleanup makefile
Use find instead of wildcard to get go files since wildcard does not
do recursive lookups via `**`, missing most go files.
Do lazy evaluations of variables which are not needed immediately.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-10-10 17:30:47 -07:00
Richard Scothern
1921dde3f1 Merge pull request #1942 from sergeyfd/auth-proxy
Support for custom authentication URL in proxying registry
2016-10-10 10:40:51 -07:00
Richard Scothern
c5b2ad51c1 Merge pull request #1991 from HuKeping/fix-unit2
Fix unit test
2016-10-10 10:38:56 -07:00
HuKeping
b984f91b32 Fix unit test
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-10-10 11:37:30 +08:00
Noah Treuhaft
76226c61a9 Fix S3 Delete method's notion of subpaths
Deleting "/a" was deleting "/a/b" but also "/ab".

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-10-06 11:21:55 -07:00
Richard Scothern
b89a594355 Merge pull request #1987 from dmcgowan/fix-lint
Update to fix lint errors
2016-10-06 10:06:54 -07:00
Derek McGowan
d35d94dcec
Update to fix lint errors
Context should use type values instead of strings.
Updated direct calls to WithValue, but still other uses of string keys.
Update Acl to ACL in s3 driver.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-10-05 17:47:12 -07:00
Richard Scothern
99cb7c0946 Merge pull request #1973 from dmcgowan/clarify-oauth-docs
Add note about implementation of oauth2
2016-09-26 16:28:29 -07:00
Derek McGowan
f193270c89
Add note about implementation of oauth2
Reading the oauth2 token documentation is misleading as it makes
no mention of it being a newer feature which may not be supported
by the token server. Add a note mentioning if it is not supported
to refer to the token documentation for getting a token.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-09-26 15:39:00 -07:00
Richard Scothern
431cfa3179 Merge pull request #1966 from nwt/fix-redis-tests
Fix connection pool exhaustion in Redis tests
2016-09-19 16:27:56 -07:00
Richard Scothern
8cb75f692f Merge pull request #1868 from stanhu/fix-missing-credentials-with-default-port
Fix missing auth headers with PATCH HTTP request when pushing to default port
2016-09-19 15:55:12 -07:00
Noah Treuhaft
cafeae4ecd Fix connection pool exhaustion in Redis tests
The Redis tests were failing with a "connection pool exhausted" error
from Redigo. Closing the connection used for FLUSHDB fixes the problem.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-09-19 15:30:32 -07:00
Stan Hu
6d952c92cf Rename CanonicalAddr -> canonicalAddr
Update comment for hasPort

Signed-off-by: Stan Hu <stanhu@gmail.com>
2016-09-19 14:16:02 -07:00
Richard Scothern
cfad4321c1 Merge pull request #1957 from nwt/notification-filtering
Add notification filtering by target media type
2016-09-19 10:41:03 -07:00
Noah Treuhaft
ad6bb66faf Add notification filtering by target media type
The Hub registry generates a large volume of notifications, many of
which are uninteresting based on target media type.  Discarding them
within the notification endpoint consumes considerable resources that
could be saved by discarding them within the registry.  To that end,
this change adds registry configuration options to restrict the
notifications sent to an endpoint based on target media type.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-09-16 12:01:03 -07:00
Richard Scothern
b6e0cfbdaa Merge pull request #1959 from nwt/disable-access-logging
Add configuration option to disable access logging
2016-09-15 09:45:56 -07:00
Noah Treuhaft
4034ff65f0 Add configuration option to disable access logging
Access logging is great.  Access logging you can turn off is even
better.  This change adds a configuration option for that.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-09-14 14:33:30 -07:00
Richard Scothern
835b04c004 Merge pull request #1958 from spacexnice/master
remoteURL parameter error cause  challenge cache not working which eventually lead to client manifest request timeout
2016-09-14 12:33:18 -07:00
Serge Dubrouski
81c5870c86 Support for custom authentication URL in proxying registry
Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com>
2016-09-13 17:07:20 -06:00
Derek McGowan
17fb0bb6b3 Merge pull request #1934 from jheiss/token_ssl_pem_type
Check PEM block type when reading token cert file
2016-09-13 09:45:06 -07:00
spacexnice
3c4b551a7c remoteURL parameter error cause challenge cache not working,critical area consume to much time, which eventually lead to client manifest request timeout(90s) in massive(which i test 80 concurrent) concurrent manifest request situation.
Signed-off-by: spacexnice <yaoyao.xyy@alibaba-inc.com>
2016-09-13 09:58:12 +08:00
Richard Scothern
cb744efe8b Merge pull request #1943 from sergeyfd/listener
manifestServiceListener.Get to pass down options parameter
2016-09-12 11:15:44 -07:00
Richard Scothern
405b53c019 Merge pull request #1900 from thaJeztah/improve-invalid-reference-errormessage
Improve "invalid reference" error message
2016-09-12 10:06:21 -07:00
Sebastiaan van Stijn
744ae974a5
Improve "invalid reference" error message
Use the same error message as is used in
docker/reference/reference.go to provide
slightly more information about the error.

This change tests if the reference passes
after lowercasing its characters, to determine
if the reference was invalid due to
it containing uppercase characters.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-09-12 15:13:14 +02:00
Stephen Day
5e8d18f615 Merge pull request #1945 from stevvooe/better-report-on-invalid-secret
handlers: provide better log message on mismatched secret
2016-09-07 12:55:48 -07:00
Derek McGowan
4df7c18266 Merge pull request #1951 from nwt/downgrade-token-auth-jwt-logging
Downgrade token auth JWT logging from error to info
2016-09-07 11:52:47 -07:00
Noah Treuhaft
91f268e5a5 Downgrade token auth JWT logging from error to info
The token auth package logs JWT validation and verification failures at
the `error` level.  But from the server's perspective, these aren't
errors.  They're the expected response to bad input.  Logging them at
the `info` level better reflects that distinction.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-09-07 10:45:06 -07:00
Derek McGowan
ed0b3aebb3 Merge pull request #1935 from vieux/update+plugin+media
update plugin MediaType
2016-09-06 09:51:20 -07:00
Derek McGowan
cbdca10ab0 Merge pull request #1949 from mikebrow/building-link
fixes link to building.md
2016-09-06 09:42:15 -07:00
Mike Brown
d1383450e9 fixes link to building.md
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-09-06 11:16:03 -05:00
Victor Vieux
de9aa8466f upate plugin MediaType
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-09-06 03:34:24 -07:00
Stephen J Day
668b0a5f40
handlers: provide better log message on mismatched secret
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-09-02 15:24:35 -07:00
Serge Dubrouski
a1a2757fb0 manifestServiceListener.Get to pass down options parameter
Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com>
2016-09-01 18:50:56 -06:00
Richard Scothern
49c1a62cb2 Merge pull request #1940 from dmcgowan/lets-encrypt-port-note
Add note about required let's encrypt port
2016-09-01 16:13:18 -07:00
Derek McGowan
279c02a3ce
Add note about required let's encrypt port
Let's Encrypt uses tls-sni to validate the certificate
on the standard https port 443. If the registry is
outwardly listening on a different port Let's Encrypt
will not issue a certificate.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-09-01 15:11:44 -07:00
Stan Hu
462bb55c3f Fix missing auth headers with PATCH HTTP request when pushing to default port
If a user specifies `mydomain.com:443` in the `Host` configuration, the
PATCH request for the layer upload will fail because the challenge does not
appear to be in the map. To fix this, we normalize the map keys to always
use the Host:Port combination.

Closes https://github.com/docker/docker/issues/18469

Signed-off-by: Stan Hu <stanhu@gmail.com>
2016-09-01 14:46:31 -07:00
Fabio Berchtold
7dcac52f18 Add v2 signature signing to S3 storage driver (#1800)
* Add v2 signature signing to S3 storage driver

Closes #1796
Closes #1606

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>

* use Logrus for debug logging

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>

* use 'date' instead of 'x-amz-date' in request header

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>

* only allow v4 signature signing against AWS S3

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>
2016-09-01 13:52:40 -07:00
Jason Heiss
d04481e388 Check PEM block type when reading token cert file
closes #1909

Signed-off-by: Jason Heiss <jheiss@twosigma.com>
2016-09-01 16:48:55 -04:00
Richard Scothern
49da29ee46 Merge pull request #1925 from dmcgowan/reenable-race-detector
Re-enable race detector in circleci
2016-09-01 13:36:12 -07:00
Derek McGowan
41f383fb9a Merge pull request #1928 from ghostplant/master
Dynamically Parsing the Latest HTPassword File
2016-08-30 10:29:35 -07:00
Aaron Lehmann
2f16e6e7b3 Merge pull request #1932 from stevvooe/manifest-urls-fix
spec/manifest: clarify relationship between urls and foreign layers
2016-08-29 18:45:16 -07:00
Stephen J Day
6bcdb38b92
spec/manifest: clarify relationship between urls and foreign layers
Previously, the specificiation incorrectly bound the fates of `urls` and
foreign layers. These are complementary but unrelated features, in that
the `urls` field may be populated for layers that aren't foreign. The
type of the layer only dictates the push behavior of the layer, rather
than involving where it came from.

For example, one may pull a foreign layer from a registry, but they may
not push it back to another registry. Conversely, a layer that has no
restrictions on push/pull behavior may be fetched via `urls` entries.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-08-29 18:34:55 -07:00
Derek McGowan
205e606a4c Update proxy scheduler test to account for race
Running with the race detector may cause some parts
of the code to run slower causing a race in the scheduler
ordering.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-29 14:27:32 -07:00
Derek McGowan
6cd63c8bc0 Disable registry handlers race tests
Registry handlers tests currently takes up too
many resources for the race test to handle on circle ci.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-29 13:41:53 -07:00
Derek McGowan
b3e276ff93 Add hash map locking to proxy tests
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-29 13:39:24 -07:00
Derek McGowan
a50ce1ab93 Add locking to repository access in memory cache
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-26 18:10:42 -07:00
Derek McGowan
dabdc5e52b Fix access race in proxy scheduler
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-08-26 17:40:21 -07:00
Derek McGowan
b1b100cf01 Merge pull request #1923 from spacexnice/master
fix simpleAuthChallge concurrent problem
2016-08-26 17:31:09 -07:00