quay/endpoints/v1/tag.py

import logging
import json

from flask import abort, request, jsonify, make_response, session

from app import storage
from auth.decorators import process_auth
from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission)
from data.registry_model import registry_model
from data.registry_model.manifestbuilder import lookup_manifest_builder
from endpoints.decorators import anon_protect, parse_repository_name
from endpoints.v1 import v1_bp
from util.audit import track_and_log
from util.names import TAG_ERROR, TAG_REGEX

logger = logging.getLogger(__name__)


@v1_bp.route('/repositories/<repopath:repository>/tags', methods=['GET'])
@process_auth
@anon_protect
@parse_repository_name()
def get_tags(namespace_name, repo_name):
  permission = ReadRepositoryPermission(namespace_name, repo_name)
  repository_ref = registry_model.lookup_repository(namespace_name, repo_name, kind_filter='image')
  if permission.can() or (repository_ref is not None and repository_ref.is_public):
    if repository_ref is None:
      abort(404)

    tag_map = registry_model.get_legacy_tags_map(repository_ref, storage)
    return jsonify(tag_map)

  abort(403)


@v1_bp.route('/repositories/<repopath:repository>/tags/<tag>', methods=['GET'])
@process_auth
@anon_protect
@parse_repository_name()
def get_tag(namespace_name, repo_name, tag):
  permission = ReadRepositoryPermission(namespace_name, repo_name)
  repository_ref = registry_model.lookup_repository(namespace_name, repo_name, kind_filter='image')
  if permission.can() or (repository_ref is not None and repository_ref.is_public):
    if repository_ref is None:
      abort(404)

    image_id = registry_model.get_tag_legacy_image_id(repository_ref, tag, storage)
    if image_id is None:
      abort(404)

    resp = make_response('"%s"' % image_id)
    resp.headers['Content-Type'] = 'application/json'
    return resp

  abort(403)


@v1_bp.route('/repositories/<repopath:repository>/tags/<tag>', methods=['PUT'])
@process_auth
@anon_protect
@parse_repository_name()
def put_tag(namespace_name, repo_name, tag):
  permission = ModifyRepositoryPermission(namespace_name, repo_name)
  repository_ref = registry_model.lookup_repository(namespace_name, repo_name, kind_filter='image')

  if permission.can() and repository_ref is not None:
    if not TAG_REGEX.match(tag):
      abort(400, TAG_ERROR)

    image_id = json.loads(request.data)

    # Check for the image ID first in a builder (for an in-progress push).
    builder = lookup_manifest_builder(repository_ref, session.get('manifest_builder'), storage)
    if builder is not None:
      layer = builder.lookup_layer(image_id)
      if layer is not None:
        commited_tag = builder.commit_tag_and_manifest(tag, layer)
        if commited_tag is None:
          abort(400)

        return make_response('Created', 200)

    # Check if there is an existing image we should use (for PUT calls outside of a normal push
    # operation).
    legacy_image = registry_model.get_legacy_image(repository_ref, image_id)
    if legacy_image is None:
      abort(400)

    if registry_model.retarget_tag(repository_ref, tag, legacy_image, storage) is None:
      abort(400)

    return make_response('Created', 200)

  abort(403)


@v1_bp.route('/repositories/<repopath:repository>/tags/<tag>', methods=['DELETE'])
@process_auth
@anon_protect
@parse_repository_name()
def delete_tag(namespace_name, repo_name, tag):
  permission = ModifyRepositoryPermission(namespace_name, repo_name)
  repository_ref = registry_model.lookup_repository(namespace_name, repo_name, kind_filter='image')

  if permission.can() and repository_ref is not None:
    if not registry_model.delete_tag(repository_ref, tag):
      abort(404)

    track_and_log('delete_tag', repository_ref, tag=tag)
    return make_response('Deleted', 200)

  abort(403)
Add the registry code. 2013-09-25 21:50:03 +00:00			`import logging`
Update to support running on elasticbeanstalk. 2013-09-30 20:14:48 +00:00			`import json`
Add the registry code. 2013-09-25 21:50:03 +00:00
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`from flask import abort, request, jsonify, make_response, session`
Add the registry code. 2013-09-25 21:50:03 +00:00
Add support for creating schema 2 manifests and manifest lists via the OCI model 2018-11-12 21:27:49 +00:00			`from app import storage`
Move auth decorators into a decorators module The non-decorators will be broken out in the followup change 2017-03-16 20:50:09 +00:00			`from auth.decorators import process_auth`
endpoints.v2: yapf format 2017-06-29 17:24:00 +00:00			`from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission)`
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`from data.registry_model import registry_model`
			`from data.registry_model.manifestbuilder import lookup_manifest_builder`
Move parse_repository_name into decorators 2017-07-20 15:31:22 +00:00			`from endpoints.decorators import anon_protect, parse_repository_name`
Start of a v2 API. 2015-06-22 21:37:13 +00:00			`from endpoints.v1 import v1_bp`
add audit logging to app registry endpoints 2017-05-11 17:33:18 +00:00			`from util.audit import track_and_log`
			`from util.names import TAG_ERROR, TAG_REGEX`
Add the registry code. 2013-09-25 21:50:03 +00:00
			`logger = logging.getLogger(__name__)`


Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. This support is placed behind a feature flag. 2016-01-21 20:40:51 +00:00			`@v1_bp.route('/repositories/<repopath:repository>/tags', methods=['GET'])`
Add the registry code. 2013-09-25 21:50:03 +00:00			`@process_auth`
Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 21:52:44 +00:00			`@anon_protect`
use kwargs for parse_repository_name 2016-03-09 21:20:28 +00:00			`@parse_repository_name()`
			`def get_tags(namespace_name, repo_name):`
			`permission = ReadRepositoryPermission(namespace_name, repo_name)`
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`repository_ref = registry_model.lookup_repository(namespace_name, repo_name, kind_filter='image')`
			`if permission.can() or (repository_ref is not None and repository_ref.is_public):`
			`if repository_ref is None:`
			`abort(404)`
Add the registry code. 2013-09-25 21:50:03 +00:00
Fix support for pulling manifest lists via Docker V1 protocol where applicable 2018-11-14 12:05:06 +00:00			`tag_map = registry_model.get_legacy_tags_map(repository_ref, storage)`
Add the registry code. 2013-09-25 21:50:03 +00:00			`return jsonify(tag_map)`

			`abort(403)`


Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. This support is placed behind a feature flag. 2016-01-21 20:40:51 +00:00			`@v1_bp.route('/repositories/<repopath:repository>/tags/<tag>', methods=['GET'])`
Add the registry code. 2013-09-25 21:50:03 +00:00			`@process_auth`
Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 21:52:44 +00:00			`@anon_protect`
use kwargs for parse_repository_name 2016-03-09 21:20:28 +00:00			`@parse_repository_name()`
			`def get_tag(namespace_name, repo_name, tag):`
			`permission = ReadRepositoryPermission(namespace_name, repo_name)`
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`repository_ref = registry_model.lookup_repository(namespace_name, repo_name, kind_filter='image')`
			`if permission.can() or (repository_ref is not None and repository_ref.is_public):`
			`if repository_ref is None:`
			`abort(404)`
Add the registry code. 2013-09-25 21:50:03 +00:00
Fix an NPE when trying to pull a manifest without a legacy image via V1 2019-01-10 18:36:05 +00:00			`image_id = registry_model.get_tag_legacy_image_id(repository_ref, tag, storage)`
			`if image_id is None:`
New tests and small fixes while comparing against the V2 spec Fixes #391 2015-09-29 19:02:03 +00:00			`abort(404)`

Fix an NPE when trying to pull a manifest without a legacy image via V1 2019-01-10 18:36:05 +00:00			`resp = make_response('"%s"' % image_id)`
Fix the curl usage to get a single tag. 2013-11-12 01:00:01 +00:00			`resp.headers['Content-Type'] = 'application/json'`
			`return resp`
Add the registry code. 2013-09-25 21:50:03 +00:00
			`abort(403)`


Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. This support is placed behind a feature flag. 2016-01-21 20:40:51 +00:00			`@v1_bp.route('/repositories/<repopath:repository>/tags/<tag>', methods=['PUT'])`
Add the registry code. 2013-09-25 21:50:03 +00:00			`@process_auth`
Add a test to verify that all important blueprints have all their methods decorated This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access 2015-06-02 19:56:44 +00:00			`@anon_protect`
use kwargs for parse_repository_name 2016-03-09 21:20:28 +00:00			`@parse_repository_name()`
			`def put_tag(namespace_name, repo_name, tag):`
			`permission = ModifyRepositoryPermission(namespace_name, repo_name)`
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`repository_ref = registry_model.lookup_repository(namespace_name, repo_name, kind_filter='image')`
Add the registry code. 2013-09-25 21:50:03 +00:00
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`if permission.can() and repository_ref is not None:`
Update tag validation Fixes #536 2015-10-05 20:36:33 +00:00			`if not TAG_REGEX.match(tag):`
			`abort(400, TAG_ERROR)`

finish v1 registry refactor 2016-07-12 17:48:44 +00:00			`image_id = json.loads(request.data)`
Add the registry code. 2013-09-25 21:50:03 +00:00
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`# Check for the image ID first in a builder (for an in-progress push).`
Add support for creating schema 2 manifests and manifest lists via the OCI model 2018-11-12 21:27:49 +00:00			`builder = lookup_manifest_builder(repository_ref, session.get('manifest_builder'), storage)`
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`if builder is not None:`
			`layer = builder.lookup_layer(image_id)`
			`if layer is not None:`
			`commited_tag = builder.commit_tag_and_manifest(tag, layer)`
			`if commited_tag is None:`
			`abort(400)`
Fix the updated_tags information by storing it in the session 2014-10-22 18:14:56 +00:00
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`return make_response('Created', 200)`

			`# Check if there is an existing image we should use (for PUT calls outside of a normal push`
			`# operation).`
			`legacy_image = registry_model.get_legacy_image(repository_ref, image_id)`
			`if legacy_image is None:`
			`abort(400)`

Add support for creating schema 2 manifests and manifest lists via the OCI model 2018-11-12 21:27:49 +00:00			`if registry_model.retarget_tag(repository_ref, tag, legacy_image, storage) is None:`
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`abort(400)`
Fix the updated_tags information by storing it in the session 2014-10-22 18:14:56 +00:00
Add the registry code. 2013-09-25 21:50:03 +00:00			`return make_response('Created', 200)`

			`abort(403)`


Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. This support is placed behind a feature flag. 2016-01-21 20:40:51 +00:00			`@v1_bp.route('/repositories/<repopath:repository>/tags/<tag>', methods=['DELETE'])`
Add the registry code. 2013-09-25 21:50:03 +00:00			`@process_auth`
Add a test to verify that all important blueprints have all their methods decorated This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access 2015-06-02 19:56:44 +00:00			`@anon_protect`
use kwargs for parse_repository_name 2016-03-09 21:20:28 +00:00			`@parse_repository_name()`
			`def delete_tag(namespace_name, repo_name, tag):`
			`permission = ModifyRepositoryPermission(namespace_name, repo_name)`
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`repository_ref = registry_model.lookup_repository(namespace_name, repo_name, kind_filter='image')`
Add the registry code. 2013-09-25 21:50:03 +00:00
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`if permission.can() and repository_ref is not None:`
			`if not registry_model.delete_tag(repository_ref, tag):`
			`abort(404)`
endpoints.v1: only work on docker repositories 2017-03-22 18:30:33 +00:00
Change V1 to use the manifest builder and new registry data model 2018-09-24 22:57:27 +00:00			`track_and_log('delete_tag', repository_ref, tag=tag)`
Switch the delete tag response code to match the registry spect. 2014-02-06 22:33:50 +00:00			`return make_response('Deleted', 200)`
Add the registry code. 2013-09-25 21:50:03 +00:00
			`abort(403)`