This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/endpoints/v2/__init__.py

103 lines
3.2 KiB
Python
Raw Normal View History

2015-06-22 21:37:13 +00:00
import logging
from flask import Blueprint, make_response, url_for, request, jsonify
2015-06-22 21:37:13 +00:00
from functools import wraps
from urlparse import urlparse
from semantic_version import Spec
import features
2015-06-22 21:37:13 +00:00
from app import metric_queue
2015-06-22 21:37:13 +00:00
from endpoints.decorators import anon_protect, anon_allowed
from endpoints.v2.errors import V2RegistryException, Unauthorized
from auth.auth_context import get_grant_context
2015-06-22 21:37:13 +00:00
from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission,
AdministerRepositoryPermission)
from data import model
from app import app
2015-06-22 21:37:13 +00:00
from util.http import abort
from util.saas.metricqueue import time_blueprint
from util.registry.dockerver import docker_version
from auth.registry_jwt_auth import process_registry_jwt_auth, get_auth_headers
2015-06-22 21:37:13 +00:00
logger = logging.getLogger(__name__)
v2_bp = Blueprint('v2', __name__)
time_blueprint(v2_bp, metric_queue)
2015-06-22 21:37:13 +00:00
@v2_bp.app_errorhandler(V2RegistryException)
def handle_registry_v2_exception(error):
response = jsonify({
'errors': [error.as_dict()]
})
response.status_code = error.http_status_code
logger.debug('sending response: %s', response.get_data())
return response
2015-06-22 21:37:13 +00:00
def _require_repo_permission(permission_class, allow_public=False):
def wrapper(func):
@wraps(func)
def wrapped(namespace, repo_name, *args, **kwargs):
logger.debug('Checking permission %s for repo: %s/%s', permission_class, namespace, repo_name)
permission = permission_class(namespace, repo_name)
if (permission.can() or
(allow_public and
model.repository.repository_is_public(namespace, repo_name))):
2015-06-22 21:37:13 +00:00
return func(namespace, repo_name, *args, **kwargs)
raise Unauthorized()
2015-06-22 21:37:13 +00:00
return wrapped
return wrapper
require_repo_read = _require_repo_permission(ReadRepositoryPermission, True)
require_repo_write = _require_repo_permission(ModifyRepositoryPermission)
require_repo_admin = _require_repo_permission(AdministerRepositoryPermission)
def get_input_stream(flask_request):
if flask_request.headers.get('transfer-encoding') == 'chunked':
return flask_request.environ['wsgi.input']
return flask_request.stream
# TODO remove when v2 is deployed everywhere
def route_show_if(value):
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if not value:
abort(404)
return f(*args, **kwargs)
return decorated_function
return decorator
2015-06-22 21:37:13 +00:00
@v2_bp.route('/')
@route_show_if(features.ADVERTISE_V2)
@process_registry_jwt_auth
2015-06-22 21:37:13 +00:00
@anon_allowed
def v2_support_enabled():
docker_ver = docker_version(request.user_agent.string)
# Check if our version is one of the blacklisted versions, if we can't
# identify the version (None) we will fail open and assume that it is
# newer and therefore should not be blacklisted.
if Spec(app.config['BLACKLIST_V2_SPEC']).match(docker_ver) and docker_ver is not None:
abort(404)
2015-06-22 21:37:13 +00:00
response = make_response('true', 200)
if get_grant_context() is None:
2015-06-22 21:37:13 +00:00
response = make_response('true', 401)
response.headers.extend(get_auth_headers())
2015-06-22 21:37:13 +00:00
return response
from endpoints.v2 import v2auth
from endpoints.v2 import manifest
from endpoints.v2 import blob
from endpoints.v2 import tag
from endpoints.v2 import catalog