This changeset integrates the AccessController into the main registry app. This
includes support for configuration and a test implementation, called "silly"
auth. Auth is only enabled if the configuration is present but takes measure to
ensure that configuration errors don't allow the appserver to start with open
access.
The pre-commit hook will automatically gofmt code in place, warning you
about any changes. It will also fail to commit if either golint or go
vet fails.
This change ports the client use the URLBuilder to create urls. Without this,
it produces broken urls for certain use cases. The client has also been updated
to no longer use the size argument to complete blob uploads. Much of this work
has been done after testing with the staging registry instance.
During client implementation, it was found that requiring the size argument
made client implementation more complex. The original benefit of the size
argument was to provide an additional check alongside of tarsum to validate
incoming data. For the purposes of the registry, it has been determined that
tarsum should be enough to validate incoming content.
At this time, the size check is optional but we may consider removing it
completely.
URL values may be required to complete an upload in a single POST request,
which may include digest and size. This is not implemented in the server side,
yet, but is part of the HTTP API specification.
Routes and errors are now all referenced from a single v2 package. This
packages exports are acceptable for use in the server side as well as
integration into docker core.
To provide a single package with v2 API definitions, the locked down portions
of the API have been merged into a single package. References to exported items
will appear as v2.XXX, indicating their origin. The definitions in this package
will soon be locked down for change, acceppting only additions that will not
change protocol behavior.
The URLBuilder is now exported with documentation for its behavior. Its a light
wrapper around gorilla mux that avoids one having to remember exact arguments
take by each route.
This simply moves the registry app to be using the urls package and its
exported route names. This supports locking down exported route definitions for
use in client packages.
To lock down V2 api routing, we are moving it to a separate package, with an
exported router creation function and route names. Updates will follow to
prepare the package for export.
Requires all paths in the inmemory and filesystem drivers to begin with
a slash, and then contain only valid path components (2+ alphanumeric
characters with optional period, hyphen, and underscore separators)
delimited by slashes.
Also updates the storage driver test suites to construct paths of this
format, and causes the suite to abort if files are not cleaned up after
the test run.
This implements a base endpoint that will respond with a 200 OK and an empty
json response. Such an endpoint can be used as to ping the v2 service or as an
endpoint to check authorization status.