2015-07-16 19:49:06 +00:00
|
|
|
# XXX This code is not yet ready to be run in production, and should remain disabled until such
|
|
|
|
# XXX time as this notice is removed.
|
|
|
|
|
2015-06-22 21:37:13 +00:00
|
|
|
import logging
|
|
|
|
|
2015-07-16 21:05:18 +00:00
|
|
|
from flask import Blueprint, make_response, url_for, request
|
2015-06-22 21:37:13 +00:00
|
|
|
from functools import wraps
|
2015-07-16 21:05:18 +00:00
|
|
|
from urlparse import urlparse
|
2015-06-22 21:37:13 +00:00
|
|
|
|
2015-08-12 15:58:04 +00:00
|
|
|
from app import metric_queue
|
2015-06-22 21:37:13 +00:00
|
|
|
from endpoints.decorators import anon_protect, anon_allowed
|
|
|
|
from auth.jwt_auth import process_jwt_auth
|
|
|
|
from auth.auth_context import get_grant_user_context
|
|
|
|
from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission,
|
|
|
|
AdministerRepositoryPermission)
|
|
|
|
from data import model
|
|
|
|
from util.http import abort
|
2015-08-12 15:58:04 +00:00
|
|
|
from util.saas.metricqueue import time_blueprint
|
2015-06-22 21:37:13 +00:00
|
|
|
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
v2_bp = Blueprint('v2', __name__)
|
|
|
|
|
2015-08-12 15:58:04 +00:00
|
|
|
time_blueprint(v2_bp, metric_queue)
|
2015-06-22 21:37:13 +00:00
|
|
|
|
|
|
|
def _require_repo_permission(permission_class, allow_public=False):
|
|
|
|
def wrapper(func):
|
|
|
|
@wraps(func)
|
|
|
|
def wrapped(namespace, repo_name, *args, **kwargs):
|
|
|
|
logger.debug('Checking permission %s for repo: %s/%s', permission_class, namespace, repo_name)
|
|
|
|
permission = permission_class(namespace, repo_name)
|
|
|
|
if (permission.can() or
|
|
|
|
(allow_public and
|
2015-07-16 19:49:06 +00:00
|
|
|
model.repository.repository_is_public(namespace, repo_name))):
|
2015-06-22 21:37:13 +00:00
|
|
|
return func(namespace, repo_name, *args, **kwargs)
|
|
|
|
raise abort(401)
|
|
|
|
return wrapped
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
|
|
|
require_repo_read = _require_repo_permission(ReadRepositoryPermission, True)
|
|
|
|
require_repo_write = _require_repo_permission(ModifyRepositoryPermission)
|
|
|
|
require_repo_admin = _require_repo_permission(AdministerRepositoryPermission)
|
|
|
|
|
|
|
|
|
|
|
|
def get_input_stream(flask_request):
|
|
|
|
if flask_request.headers.get('transfer-encoding') == 'chunked':
|
|
|
|
return flask_request.environ['wsgi.input']
|
|
|
|
return flask_request.stream
|
|
|
|
|
|
|
|
|
|
|
|
@v2_bp.route('/')
|
|
|
|
@process_jwt_auth
|
|
|
|
@anon_allowed
|
|
|
|
def v2_support_enabled():
|
|
|
|
response = make_response('true', 200)
|
|
|
|
|
|
|
|
if get_grant_user_context() is None:
|
|
|
|
response = make_response('true', 401)
|
2015-07-16 21:05:18 +00:00
|
|
|
realm_hostname = urlparse(request.url).netloc
|
|
|
|
realm_auth_path = url_for('v2.generate_registry_jwt')
|
|
|
|
authenticate = 'Bearer realm="{0}{1}",service="quay"'.format(realm_hostname, realm_auth_path)
|
|
|
|
response.headers['WWW-Authenticate'] = authenticate
|
2015-06-22 21:37:13 +00:00
|
|
|
|
|
|
|
response.headers['Docker-Distribution-API-Version'] = 'registry/2.0'
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
|
|
from endpoints.v2 import v2auth
|
|
|
|
from endpoints.v2 import manifest
|
2015-07-06 19:00:07 +00:00
|
|
|
from endpoints.v2 import blob
|