quay/endpoints/verbs.py

import logging
import json
import hashlib

from flask import redirect, Blueprint, abort, send_file, make_response

from app import app, signer
from auth.auth import process_auth
from auth.permissions import ReadRepositoryPermission
from data import model
from data import database
from endpoints.trackhelper import track_and_log
from storage import Storage

from util.queuefile import QueueFile
from util.queueprocess import QueueProcess
from formats.squashed import SquashedDockerImage
from formats.aci import ACIImage


# pylint: disable=invalid-name
verbs = Blueprint('verbs', __name__)
logger = logging.getLogger(__name__)

def _open_stream(formatter, namespace, repository, tag, synthetic_image_id, image_json,
                 image_id_list):
  store = Storage(app)

  # For performance reasons, we load the full image list here, cache it, then disconnect from
  # the database.
  with database.UseThenDisconnect(app.config):
    image_list = list(model.get_matching_repository_images(namespace, repository, image_id_list))

  image_list.sort(key=lambda image: image_id_list.index(image.docker_image_id))

  def get_next_image():
    for current_image in image_list:
      yield current_image

  def get_next_layer():
    for current_image_entry in image_list:
      current_image_path = store.image_layer_path(current_image_entry.storage.uuid)
      current_image_stream = store.stream_read_file(current_image_entry.storage.locations,
                                                    current_image_path)

      current_image_id = current_image_entry.id
      logger.debug('Returning image layer %s: %s', current_image_id, current_image_path)
      yield current_image_stream

  stream = formatter.build_stream(namespace, repository, tag, synthetic_image_id, image_json,
    get_next_image, get_next_layer)

  return stream.read


def _sign_sythentic_image(verb, linked_storage_uuid, queue_file):
  signature = None
  try:
    signature = signer.detached_sign(queue_file)
  except:
    logger.exception('Exception when signing %s image %s', verb, linked_storage_uuid)
    return

  with database.UseThenDisconnect(app.config):
    try:
      derived = model.get_storage_by_uuid(linked_storage_uuid)
    except model.InvalidImageException:
      return

    signature_entry = model.find_or_create_storage_signature(derived, signer.name)
    signature_entry.signature = signature
    signature_entry.uploading = False
    signature_entry.save()


def _write_synthetic_image_to_storage(verb, linked_storage_uuid, linked_locations, queue_file):
  store = Storage(app)

  def handle_exception(ex):
    logger.debug('Exception when building %s image %s: %s', verb, linked_storage_uuid, ex)

    with database.UseThenDisconnect(app.config):
      model.delete_derived_storage_by_uuid(linked_storage_uuid)

  queue_file.add_exception_handler(handle_exception)

  image_path = store.image_layer_path(linked_storage_uuid)
  store.stream_write(linked_locations, image_path, queue_file)
  queue_file.close()

  if not queue_file.raised_exception:
    with database.UseThenDisconnect(app.config):
      done_uploading = model.get_storage_by_uuid(linked_storage_uuid)
      done_uploading.uploading = False
      done_uploading.save()


# pylint: disable=too-many-locals
def _verify_repo_verb(store, namespace, repository, tag, verb, checker=None):
  permission = ReadRepositoryPermission(namespace, repository)

  # pylint: disable=no-member
  if not permission.can() and not model.repository_is_public(namespace, repository):
    abort(403)

  # Lookup the requested tag.
  try:
    tag_image = model.get_tag_image(namespace, repository, tag)
  except model.DataModelException:
    abort(404)

  # Lookup the tag's image and storage.
  repo_image = model.get_repo_image_extended(namespace, repository, tag_image.docker_image_id)
  if not repo_image:
    abort(404)

  # If there is a data checker, call it first.
  uuid = repo_image.storage.uuid
  image_json = None

  if checker is not None:
    image_json_data = store.get_content(repo_image.storage.locations, store.image_json_path(uuid))
    image_json = json.loads(image_json_data)

    if not checker(image_json):
      logger.debug('Check mismatch on %s/%s:%s, verb %s', namespace, repository, tag, verb)
      abort(404)

  return (repo_image, tag_image, image_json)


# pylint: disable=too-many-locals
def _repo_verb_signature(namespace, repository, tag, verb, checker=None, **kwargs):
  # Verify that the image exists and that we have access to it.
  store = Storage(app)
  result = _verify_repo_verb(store, namespace, repository, tag, verb, checker)
  (repo_image, tag_image, image_json) = result

  # Lookup the derived image storage for the verb.
  derived = model.find_derived_storage(repo_image.storage, verb)
  if derived is None or derived.uploading:
    abort(404)

  # Check if we have a valid signer configured.
  if not signer.name:
    abort(404)

  # Lookup the signature for the verb.
  signature_entry = model.lookup_storage_signature(derived, signer.name)
  if signature_entry is None:
    abort(404)

  # Return the signature.
  return make_response(signature_entry.signature)


# pylint: disable=too-many-locals
def _repo_verb(namespace, repository, tag, verb, formatter, sign=False, checker=None, **kwargs):
  # Verify that the image exists and that we have access to it.
  store = Storage(app)
  result = _verify_repo_verb(store, namespace, repository, tag, verb, checker)
  (repo_image, tag_image, image_json) = result

  # Log the action.
  track_and_log('repo_verb', repo_image.repository, tag=tag, verb=verb, **kwargs)

  # Lookup/create the derived image storage for the verb.
  derived = model.find_or_create_derived_storage(repo_image.storage, verb,
                                                 store.preferred_locations[0])

  if not derived.uploading:
    logger.debug('Derived %s image %s exists in storage', verb, derived.uuid)
    derived_layer_path = store.image_layer_path(derived.uuid)
    download_url = store.get_direct_download_url(derived.locations, derived_layer_path)
    if download_url:
      logger.debug('Redirecting to download URL for derived %s image %s', verb, derived.uuid)
      return redirect(download_url)

    # Close the database handle here for this process before we send the long download.
    database.close_db_filter(None)

    logger.debug('Sending cached derived %s image %s', verb, derived.uuid)
    return send_file(store.stream_read_file(derived.locations, derived_layer_path))

  # Load the ancestry for the image.
  uuid = repo_image.storage.uuid

  logger.debug('Building and returning derived %s image %s', verb, derived.uuid)
  ancestry_data = store.get_content(repo_image.storage.locations, store.image_ancestry_path(uuid))
  full_image_list = json.loads(ancestry_data)

  # Load the image's JSON layer.
  if not image_json:
    image_json_data = store.get_content(repo_image.storage.locations, store.image_json_path(uuid))
    image_json = json.loads(image_json_data)

  # Calculate a synthetic image ID.
  synthetic_image_id = hashlib.sha256(tag_image.docker_image_id + ':' + verb).hexdigest()

  def _cleanup():
    # Close any existing DB connection once the process has exited.
    database.close_db_filter(None)

  # Create a queue process to generate the data. The queue files will read from the process
  # and send the results to the client and storage.
  args = (formatter, namespace, repository, tag, synthetic_image_id, image_json, full_image_list)
  queue_process = QueueProcess(_open_stream,
                  8 * 1024, 10 * 1024 * 1024, # 8K/10M chunk/max
                  args, finished=_cleanup)

  client_queue_file = QueueFile(queue_process.create_queue(), 'client')
  storage_queue_file = QueueFile(queue_process.create_queue(), 'storage')

  # If signing is required, add a QueueFile for signing the image as we stream it out.
  signing_queue_file = None
  if sign and signer.name:
    signing_queue_file = QueueFile(queue_process.create_queue(), 'signing')

  # Start building.
  queue_process.run()

  # Start the storage saving.
  storage_args = (verb, derived.uuid, derived.locations, storage_queue_file)
  QueueProcess.run_process(_write_synthetic_image_to_storage, storage_args, finished=_cleanup)

  if sign and signer.name:
    signing_args = (verb, derived.uuid, signing_queue_file)
    QueueProcess.run_process(_sign_sythentic_image, signing_args, finished=_cleanup)

  # Close the database handle here for this process before we send the long download.
  database.close_db_filter(None)

  # Return the client's data.
  return send_file(client_queue_file)


def os_arch_checker(os, arch):
  def checker(image_json):
    # Verify the architecture and os.
    operating_system = image_json.get('os', 'linux')
    if operating_system != os:
      return False

    architecture = image_json.get('architecture', 'amd64')
    if architecture != arch:
      return False

    return True

  return checker


@verbs.route('/aci/<server>/<namespace>/<repository>/<tag>/sig/<os>/<arch>/', methods=['GET'])
@process_auth
# pylint: disable=unused-argument
def get_aci_signature(server, namespace, repository, tag, os, arch):
  return _repo_verb_signature(namespace, repository, tag, 'aci', checker=os_arch_checker(os, arch),
                              os=os, arch=arch)


@verbs.route('/aci/<server>/<namespace>/<repository>/<tag>/aci/<os>/<arch>/', methods=['GET'])
@process_auth
# pylint: disable=unused-argument
def get_aci_image(server, namespace, repository, tag, os, arch):
  return _repo_verb(namespace, repository, tag, 'aci', ACIImage(),
                    sign=True, checker=os_arch_checker(os, arch), os=os, arch=arch)


@verbs.route('/squash/<namespace>/<repository>/<tag>', methods=['GET'])
@process_auth
def get_squashed_tag(namespace, repository, tag):
  return _repo_verb(namespace, repository, tag, 'squash', SquashedDockerImage())
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00			`import logging`
			`import json`
Change back to using a docker load format 2014-09-19 16:22:54 +00:00			`import hashlib`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`from flask import redirect, Blueprint, abort, send_file, make_response`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`from app import app, signer`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00			`from auth.auth import process_auth`
			`from auth.permissions import ReadRepositoryPermission`
			`from data import model`
Actually store the generated image storage in the database, and allow it to be garbage collected when the parent image storage is collected. 2014-09-18 21:26:40 +00:00			`from data import database`
Move the the track_and_log code into its own module. This breaks a dependency chain between index -> common -> api -> subscribe -> common again. 2014-10-30 16:49:51 +00:00			`from endpoints.trackhelper import track_and_log`
Fix the subprocesses to also use their own storage classes; this fixes a socket error when talking to S3 2014-10-08 20:54:03 +00:00			`from storage import Storage`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00
Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00			`from util.queuefile import QueueFile`
			`from util.queueprocess import QueueProcess`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00			`from formats.squashed import SquashedDockerImage`
			`from formats.aci import ACIImage`

Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00
linter: rm unused imports, shut the linter up 2015-02-02 21:38:58 +00:00			`# pylint: disable=invalid-name`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00			`verbs = Blueprint('verbs', __name__)`
			`logger = logging.getLogger(__name__)`

Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00			`def _open_stream(formatter, namespace, repository, tag, synthetic_image_id, image_json,`
			`image_id_list):`
Fix the subprocesses to also use their own storage classes; this fixes a socket error when talking to S3 2014-10-08 20:54:03 +00:00			`store = Storage(app)`

Change verbs to use short lived database connections 2014-11-06 22:50:48 +00:00			`# For performance reasons, we load the full image list here, cache it, then disconnect from`
			`# the database.`
			`with database.UseThenDisconnect(app.config):`
Make sure to sort the images for the squashed image system 2014-11-13 20:13:44 +00:00			`image_list = list(model.get_matching_repository_images(namespace, repository, image_id_list))`

			`image_list.sort(key=lambda image: image_id_list.index(image.docker_image_id))`
Add perf comments 2014-11-05 17:27:38 +00:00
Change back to using a docker load format 2014-09-19 16:22:54 +00:00			`def get_next_image():`
Change verbs to use short lived database connections 2014-11-06 22:50:48 +00:00			`for current_image in image_list:`
			`yield current_image`
Change back to using a docker load format 2014-09-19 16:22:54 +00:00
Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00			`def get_next_layer():`
Change verbs to use short lived database connections 2014-11-06 22:50:48 +00:00			`for current_image_entry in image_list:`
Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00			`current_image_path = store.image_layer_path(current_image_entry.storage.uuid)`
			`current_image_stream = store.stream_read_file(current_image_entry.storage.locations,`
			`current_image_path)`
Strip whitespace from ALL the things. 2014-11-24 21:07:38 +00:00
Change verbs to use short lived database connections 2014-11-06 22:50:48 +00:00			`current_image_id = current_image_entry.id`
linter: rm unused imports, shut the linter up 2015-02-02 21:38:58 +00:00			`logger.debug('Returning image layer %s: %s', current_image_id, current_image_path)`
Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00			`yield current_image_stream`

Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00			`stream = formatter.build_stream(namespace, repository, tag, synthetic_image_id, image_json,`
Change back to using a docker load format 2014-09-19 16:22:54 +00:00			`get_next_image, get_next_layer)`

Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00			`return stream.read`

Actually store the generated image storage in the database, and allow it to be garbage collected when the parent image storage is collected. 2014-09-18 21:26:40 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`def _sign_sythentic_image(verb, linked_storage_uuid, queue_file):`
			`signature = None`
			`try:`
			`signature = signer.detached_sign(queue_file)`
			`except:`
			`logger.exception('Exception when signing %s image %s', verb, linked_storage_uuid)`
			`return`

			`with database.UseThenDisconnect(app.config):`
			`try:`
			`derived = model.get_storage_by_uuid(linked_storage_uuid)`
			`except model.InvalidImageException:`
			`return`

			`signature_entry = model.find_or_create_storage_signature(derived, signer.name)`
			`signature_entry.signature = signature`
			`signature_entry.uploading = False`
			`signature_entry.save()`


Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00			`def _write_synthetic_image_to_storage(verb, linked_storage_uuid, linked_locations, queue_file):`
Fix the subprocesses to also use their own storage classes; this fixes a socket error when talking to S3 2014-10-08 20:54:03 +00:00			`store = Storage(app)`
Fix bug in dockerloadformat and make sure we handle exceptions properly in the verb call 2014-10-08 17:43:12 +00:00
			`def handle_exception(ex):`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00			`logger.debug('Exception when building %s image %s: %s', verb, linked_storage_uuid, ex)`
Strip whitespace from ALL the things. 2014-11-24 21:07:38 +00:00
Change verbs to use short lived database connections 2014-11-06 22:50:48 +00:00			`with database.UseThenDisconnect(app.config):`
			`model.delete_derived_storage_by_uuid(linked_storage_uuid)`
Fix bug in dockerloadformat and make sure we handle exceptions properly in the verb call 2014-10-08 17:43:12 +00:00
			`queue_file.add_exception_handler(handle_exception)`

Actually store the generated image storage in the database, and allow it to be garbage collected when the parent image storage is collected. 2014-09-18 21:26:40 +00:00			`image_path = store.image_layer_path(linked_storage_uuid)`
			`store.stream_write(linked_locations, image_path, queue_file)`
Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00			`queue_file.close()`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00
Fix bug in dockerloadformat and make sure we handle exceptions properly in the verb call 2014-10-08 17:43:12 +00:00			`if not queue_file.raised_exception:`
Change verbs to use short lived database connections 2014-11-06 22:50:48 +00:00			`with database.UseThenDisconnect(app.config):`
			`done_uploading = model.get_storage_by_uuid(linked_storage_uuid)`
			`done_uploading.uploading = False`
			`done_uploading.save()`
Actually store the generated image storage in the database, and allow it to be garbage collected when the parent image storage is collected. 2014-09-18 21:26:40 +00:00

linter: rm unused imports, shut the linter up 2015-02-02 21:38:58 +00:00			`# pylint: disable=too-many-locals`
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`def _verify_repo_verb(store, namespace, repository, tag, verb, checker=None):`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00			`permission = ReadRepositoryPermission(namespace, repository)`
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00
linter: rm unused imports, shut the linter up 2015-02-02 21:38:58 +00:00			`# pylint: disable=no-member`
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`if not permission.can() and not model.repository_is_public(namespace, repository):`
			`abort(403)`

			`# Lookup the requested tag.`
			`try:`
			`tag_image = model.get_tag_image(namespace, repository, tag)`
			`except model.DataModelException:`
			`abort(404)`

			`# Lookup the tag's image and storage.`
			`repo_image = model.get_repo_image_extended(namespace, repository, tag_image.docker_image_id)`
			`if not repo_image:`
			`abort(404)`

			`# If there is a data checker, call it first.`
			`uuid = repo_image.storage.uuid`
			`image_json = None`

			`if checker is not None:`
			`image_json_data = store.get_content(repo_image.storage.locations, store.image_json_path(uuid))`
			`image_json = json.loads(image_json_data)`

			`if not checker(image_json):`
			`logger.debug('Check mismatch on %s/%s:%s, verb %s', namespace, repository, tag, verb)`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00			`abort(404)`

Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`return (repo_image, tag_image, image_json)`
Actually store the generated image storage in the database, and allow it to be garbage collected when the parent image storage is collected. 2014-09-18 21:26:40 +00:00
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# pylint: disable=too-many-locals`
			`def _repo_verb_signature(namespace, repository, tag, verb, checker=None, **kwargs):`
			`# Verify that the image exists and that we have access to it.`
			`store = Storage(app)`
			`result = _verify_repo_verb(store, namespace, repository, tag, verb, checker)`
			`(repo_image, tag_image, image_json) = result`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Lookup the derived image storage for the verb.`
			`derived = model.find_derived_storage(repo_image.storage, verb)`
			`if derived is None or derived.uploading:`
			`abort(404)`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Check if we have a valid signer configured.`
			`if not signer.name:`
			`abort(404)`
- Add a log entry for repo verb handling and make the container usage calculation take it into account - Move all the repo push/pull/verb logging into a central track_and_log method - Readd images accidentally deleted in the last CL - Make the uncompressed size migration script better handle exceptions 2014-10-29 19:42:44 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Lookup the signature for the verb.`
			`signature_entry = model.lookup_storage_signature(derived, signer.name)`
			`if signature_entry is None:`
			`abort(404)`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Return the signature.`
			`return make_response(signature_entry.signature)`
Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00
Change registry code to disconnect from the DB before long I/O operations 2014-11-06 23:00:52 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# pylint: disable=too-many-locals`
			`def _repo_verb(namespace, repository, tag, verb, formatter, sign=False, checker=None, **kwargs):`
			`# Verify that the image exists and that we have access to it.`
			`store = Storage(app)`
			`result = _verify_repo_verb(store, namespace, repository, tag, verb, checker)`
			`(repo_image, tag_image, image_json) = result`
Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Log the action.`
			`track_and_log('repo_verb', repo_image.repository, tag=tag, verb=verb, **kwargs)`
Actually store the generated image storage in the database, and allow it to be garbage collected when the parent image storage is collected. 2014-09-18 21:26:40 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Lookup/create the derived image storage for the verb.`
			`derived = model.find_or_create_derived_storage(repo_image.storage, verb,`
			`store.preferred_locations[0])`
Change back to using a docker load format 2014-09-19 16:22:54 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`if not derived.uploading:`
			`logger.debug('Derived %s image %s exists in storage', verb, derived.uuid)`
			`derived_layer_path = store.image_layer_path(derived.uuid)`
			`download_url = store.get_direct_download_url(derived.locations, derived_layer_path)`
			`if download_url:`
			`logger.debug('Redirecting to download URL for derived %s image %s', verb, derived.uuid)`
			`return redirect(download_url)`
Change back to using a docker load format 2014-09-19 16:22:54 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Close the database handle here for this process before we send the long download.`
			`database.close_db_filter(None)`
Make sure to disconnect from the database when finished with the processes 2014-10-21 21:40:57 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`logger.debug('Sending cached derived %s image %s', verb, derived.uuid)`
			`return send_file(store.stream_read_file(derived.locations, derived_layer_path))`
Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Load the ancestry for the image.`
			`uuid = repo_image.storage.uuid`
Actually store the generated image storage in the database, and allow it to be garbage collected when the parent image storage is collected. 2014-09-18 21:26:40 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`logger.debug('Building and returning derived %s image %s', verb, derived.uuid)`
			`ancestry_data = store.get_content(repo_image.storage.locations, store.image_ancestry_path(uuid))`
			`full_image_list = json.loads(ancestry_data)`
Have the squashing system write the data (via a double queue system and multiprocessing) to both the client and the stack's storage. On subsequent calls, if the synthetic image exists, it will be returned directly instead of being recomputed 2014-09-17 02:43:19 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Load the image's JSON layer.`
			`if not image_json:`
			`image_json_data = store.get_content(repo_image.storage.locations, store.image_json_path(uuid))`
			`image_json = json.loads(image_json_data)`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Calculate a synthetic image ID.`
			`synthetic_image_id = hashlib.sha256(tag_image.docker_image_id + ':' + verb).hexdigest()`

			`def _cleanup():`
			`# Close any existing DB connection once the process has exited.`
Change verbs to use short lived database connections 2014-11-06 22:50:48 +00:00			`database.close_db_filter(None)`
Add perf comments 2014-11-05 17:27:38 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Create a queue process to generate the data. The queue files will read from the process`
			`# and send the results to the client and storage.`
			`args = (formatter, namespace, repository, tag, synthetic_image_id, image_json, full_image_list)`
			`queue_process = QueueProcess(_open_stream,`
			`8 * 1024, 10 * 1024 * 1024, # 8K/10M chunk/max`
			`args, finished=_cleanup)`
Work in progress. This is currently broken! 2014-09-16 04:18:57 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`client_queue_file = QueueFile(queue_process.create_queue(), 'client')`
			`storage_queue_file = QueueFile(queue_process.create_queue(), 'storage')`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# If signing is required, add a QueueFile for signing the image as we stream it out.`
			`signing_queue_file = None`
			`if sign and signer.name:`
			`signing_queue_file = QueueFile(queue_process.create_queue(), 'signing')`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`# Start building.`
			`queue_process.run()`

			`# Start the storage saving.`
			`storage_args = (verb, derived.uuid, derived.locations, storage_queue_file)`
			`QueueProcess.run_process(_write_synthetic_image_to_storage, storage_args, finished=_cleanup)`

			`if sign and signer.name:`
			`signing_args = (verb, derived.uuid, signing_queue_file)`
			`QueueProcess.run_process(_sign_sythentic_image, signing_args, finished=_cleanup)`

			`# Close the database handle here for this process before we send the long download.`
			`database.close_db_filter(None)`

			`# Return the client's data.`
			`return send_file(client_queue_file)`


			`def os_arch_checker(os, arch):`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00			`def checker(image_json):`
			`# Verify the architecture and os.`
			`operating_system = image_json.get('os', 'linux')`
			`if operating_system != os:`
			`return False`

			`architecture = image_json.get('architecture', 'amd64')`
			`if architecture != arch:`
			`return False`

			`return True`

Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`return checker`


			`@verbs.route('/aci/<server>/<namespace>/<repository>/<tag>/sig/<os>/<arch>/', methods=['GET'])`
			`@process_auth`
			`# pylint: disable=unused-argument`
			`def get_aci_signature(server, namespace, repository, tag, os, arch):`
			`return _repo_verb_signature(namespace, repository, tag, 'aci', checker=os_arch_checker(os, arch),`
			`os=os, arch=arch)`


			`@verbs.route('/aci/<server>/<namespace>/<repository>/<tag>/aci/<os>/<arch>/', methods=['GET'])`
			`@process_auth`
			`# pylint: disable=unused-argument`
			`def get_aci_image(server, namespace, repository, tag, os, arch):`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00			`return _repo_verb(namespace, repository, tag, 'aci', ACIImage(),`
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`sign=True, checker=os_arch_checker(os, arch), os=os, arch=arch)`
Work in progress: Docker -> ACI conversion 2015-01-13 22:46:11 +00:00

			`@verbs.route('/squash/<namespace>/<repository>/<tag>', methods=['GET'])`
			`@process_auth`
			`def get_squashed_tag(namespace, repository, tag):`
			`return _repo_verb(namespace, repository, tag, 'squash', SquashedDockerImage())`