2015-06-22 21:37:13 +00:00
|
|
|
import logging
|
2016-12-15 17:04:57 +00:00
|
|
|
import os.path
|
2015-06-22 21:37:13 +00:00
|
|
|
|
|
|
|
from functools import wraps
|
2015-07-16 21:05:18 +00:00
|
|
|
from urlparse import urlparse
|
2016-07-26 22:41:51 +00:00
|
|
|
from urllib import urlencode
|
2016-03-09 23:09:20 +00:00
|
|
|
|
|
|
|
from flask import Blueprint, make_response, url_for, request, jsonify
|
2015-12-15 21:21:06 +00:00
|
|
|
from semantic_version import Spec
|
2015-10-26 16:14:31 +00:00
|
|
|
|
|
|
|
import features
|
2015-06-22 21:37:13 +00:00
|
|
|
|
2018-03-20 21:03:35 +00:00
|
|
|
from app import app, metric_queue, get_app_url
|
2018-01-05 21:27:03 +00:00
|
|
|
from auth.auth_context import get_authenticated_context
|
2017-06-26 22:16:15 +00:00
|
|
|
from auth.permissions import (
|
|
|
|
ReadRepositoryPermission, ModifyRepositoryPermission, AdministerRepositoryPermission)
|
2016-03-09 23:09:20 +00:00
|
|
|
from auth.registry_jwt_auth import process_registry_jwt_auth, get_auth_headers
|
2018-10-08 14:28:43 +00:00
|
|
|
from data.registry_model import registry_model
|
2017-07-20 15:07:31 +00:00
|
|
|
from endpoints.decorators import anon_protect, anon_allowed, route_show_if
|
2017-03-22 20:31:07 +00:00
|
|
|
from endpoints.v2.errors import V2RegistryException, Unauthorized, Unsupported, NameUnknown
|
2015-06-22 21:37:13 +00:00
|
|
|
from util.http import abort
|
2016-07-01 18:16:15 +00:00
|
|
|
from util.metrics.metricqueue import time_blueprint
|
2016-10-10 20:23:42 +00:00
|
|
|
from util.registry.dockerver import docker_version
|
2016-07-26 22:41:51 +00:00
|
|
|
from util.pagination import encrypt_page_token, decrypt_page_token
|
2015-06-22 21:37:13 +00:00
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
2016-10-10 20:23:42 +00:00
|
|
|
v2_bp = Blueprint('v2', __name__)
|
2015-08-12 15:58:04 +00:00
|
|
|
time_blueprint(v2_bp, metric_queue)
|
2015-06-22 21:37:13 +00:00
|
|
|
|
2016-07-26 22:41:51 +00:00
|
|
|
|
2016-10-17 19:21:11 +00:00
|
|
|
@v2_bp.app_errorhandler(V2RegistryException)
|
|
|
|
def handle_registry_v2_exception(error):
|
2017-06-26 22:16:15 +00:00
|
|
|
response = jsonify({'errors': [error.as_dict()]})
|
2016-10-17 19:21:11 +00:00
|
|
|
|
|
|
|
response.status_code = error.http_status_code
|
|
|
|
if response.status_code == 401:
|
|
|
|
response.headers.extend(get_auth_headers(repository=error.repository, scopes=error.scopes))
|
|
|
|
logger.debug('sending response: %s', response.get_data())
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
2018-06-18 20:11:26 +00:00
|
|
|
_MAX_RESULTS_PER_PAGE = app.config.get('V2_PAGINATION_SIZE', 100)
|
2016-07-26 22:41:51 +00:00
|
|
|
|
|
|
|
|
2018-06-18 20:11:26 +00:00
|
|
|
def paginate(start_id_kwarg_name='start_id', limit_kwarg_name='limit',
|
2016-08-02 00:48:00 +00:00
|
|
|
callback_kwarg_name='pagination_callback'):
|
2016-08-09 19:11:35 +00:00
|
|
|
"""
|
|
|
|
Decorates a handler adding a parsed pagination token and a callback to encode a response token.
|
|
|
|
"""
|
2017-06-26 22:16:15 +00:00
|
|
|
|
2016-07-26 22:41:51 +00:00
|
|
|
def wrapper(func):
|
|
|
|
@wraps(func)
|
|
|
|
def wrapped(*args, **kwargs):
|
|
|
|
try:
|
|
|
|
requested_limit = int(request.args.get('n', _MAX_RESULTS_PER_PAGE))
|
|
|
|
except ValueError:
|
|
|
|
requested_limit = 0
|
|
|
|
|
|
|
|
limit = max(min(requested_limit, _MAX_RESULTS_PER_PAGE), 1)
|
2017-06-02 19:03:50 +00:00
|
|
|
next_page_token = request.args.get('next_page', request.args.get('last', None))
|
2016-07-26 22:41:51 +00:00
|
|
|
|
|
|
|
# Decrypt the next page token, if any.
|
2018-06-18 20:11:26 +00:00
|
|
|
start_id = None
|
2016-07-26 22:41:51 +00:00
|
|
|
page_info = decrypt_page_token(next_page_token)
|
|
|
|
if page_info is not None:
|
2018-06-18 20:11:26 +00:00
|
|
|
start_id = page_info.get('start_id', None)
|
2016-07-26 22:41:51 +00:00
|
|
|
|
2018-06-18 20:11:26 +00:00
|
|
|
def callback(results, response):
|
|
|
|
if len(results) <= limit:
|
2016-07-26 22:41:51 +00:00
|
|
|
return
|
2016-10-03 18:10:39 +00:00
|
|
|
|
2018-06-18 20:11:26 +00:00
|
|
|
next_page_token = encrypt_page_token({'start_id': max([obj.id for obj in results])})
|
2016-12-15 17:04:57 +00:00
|
|
|
|
|
|
|
link_url = os.path.join(get_app_url(), url_for(request.endpoint, **request.view_args))
|
2016-10-17 17:57:05 +00:00
|
|
|
link_param = urlencode({'n': limit, 'next_page': next_page_token})
|
|
|
|
link = '<%s?%s>; rel="next"' % (link_url, link_param)
|
2016-07-26 22:41:51 +00:00
|
|
|
response.headers['Link'] = link
|
|
|
|
|
|
|
|
kwargs[limit_kwarg_name] = limit
|
2018-06-18 20:11:26 +00:00
|
|
|
kwargs[start_id_kwarg_name] = start_id
|
2016-07-26 22:41:51 +00:00
|
|
|
kwargs[callback_kwarg_name] = callback
|
2016-08-16 19:23:00 +00:00
|
|
|
return func(*args, **kwargs)
|
2016-07-26 22:41:51 +00:00
|
|
|
return wrapped
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2016-03-09 23:09:20 +00:00
|
|
|
def _require_repo_permission(permission_class, scopes=None, allow_public=False):
|
2015-06-22 21:37:13 +00:00
|
|
|
def wrapper(func):
|
|
|
|
@wraps(func)
|
2016-03-09 21:20:28 +00:00
|
|
|
def wrapped(namespace_name, repo_name, *args, **kwargs):
|
2017-06-26 22:16:15 +00:00
|
|
|
logger.debug('Checking permission %s for repo: %s/%s', permission_class, namespace_name,
|
|
|
|
repo_name)
|
2017-03-22 20:31:07 +00:00
|
|
|
|
2016-03-09 21:20:28 +00:00
|
|
|
permission = permission_class(namespace_name, repo_name)
|
2017-12-14 18:37:31 +00:00
|
|
|
if permission.can():
|
|
|
|
return func(namespace_name, repo_name, *args, **kwargs)
|
|
|
|
|
|
|
|
repository = namespace_name + '/' + repo_name
|
|
|
|
if allow_public:
|
2018-10-08 14:28:43 +00:00
|
|
|
repository_ref = registry_model.lookup_repository(namespace_name, repo_name)
|
|
|
|
if repository_ref is None or not repository_ref.is_public:
|
2017-12-14 18:37:31 +00:00
|
|
|
raise Unauthorized(repository=repository, scopes=scopes)
|
|
|
|
|
2018-10-08 14:28:43 +00:00
|
|
|
if repository_ref.kind != 'image':
|
|
|
|
msg = 'This repository is for managing %s and not container images.' % repository_ref.kind
|
2017-03-22 20:31:07 +00:00
|
|
|
raise Unsupported(detail=msg)
|
|
|
|
|
2018-10-08 14:28:43 +00:00
|
|
|
if repository_ref.is_public:
|
2019-02-15 20:29:57 +00:00
|
|
|
if not features.ANONYMOUS_ACCESS:
|
|
|
|
raise Unauthorized(repository=repository, scopes=scopes)
|
|
|
|
|
2017-12-14 18:37:31 +00:00
|
|
|
return func(namespace_name, repo_name, *args, **kwargs)
|
2017-06-26 22:16:15 +00:00
|
|
|
|
2017-12-14 18:37:31 +00:00
|
|
|
raise Unauthorized(repository=repository, scopes=scopes)
|
|
|
|
return wrapped
|
2015-06-22 21:37:13 +00:00
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2017-06-26 22:16:15 +00:00
|
|
|
require_repo_read = _require_repo_permission(ReadRepositoryPermission, scopes=['pull'],
|
2016-03-09 23:09:20 +00:00
|
|
|
allow_public=True)
|
2017-06-26 22:16:15 +00:00
|
|
|
require_repo_write = _require_repo_permission(ModifyRepositoryPermission, scopes=['pull', 'push'])
|
|
|
|
require_repo_admin = _require_repo_permission(AdministerRepositoryPermission, scopes=[
|
|
|
|
'pull', 'push'])
|
2015-06-22 21:37:13 +00:00
|
|
|
|
|
|
|
|
|
|
|
def get_input_stream(flask_request):
|
|
|
|
if flask_request.headers.get('transfer-encoding') == 'chunked':
|
|
|
|
return flask_request.environ['wsgi.input']
|
|
|
|
return flask_request.stream
|
|
|
|
|
|
|
|
|
|
|
|
@v2_bp.route('/')
|
2015-10-26 16:14:31 +00:00
|
|
|
@route_show_if(features.ADVERTISE_V2)
|
2016-03-09 23:09:20 +00:00
|
|
|
@process_registry_jwt_auth()
|
2015-06-22 21:37:13 +00:00
|
|
|
@anon_allowed
|
|
|
|
def v2_support_enabled():
|
2015-12-15 21:21:06 +00:00
|
|
|
docker_ver = docker_version(request.user_agent.string)
|
|
|
|
|
|
|
|
# Check if our version is one of the blacklisted versions, if we can't
|
|
|
|
# identify the version (None) we will fail open and assume that it is
|
|
|
|
# newer and therefore should not be blacklisted.
|
|
|
|
if Spec(app.config['BLACKLIST_V2_SPEC']).match(docker_ver) and docker_ver is not None:
|
|
|
|
abort(404)
|
|
|
|
|
2015-06-22 21:37:13 +00:00
|
|
|
response = make_response('true', 200)
|
|
|
|
|
2018-01-05 21:27:03 +00:00
|
|
|
if get_authenticated_context() is None:
|
2015-06-22 21:37:13 +00:00
|
|
|
response = make_response('true', 401)
|
|
|
|
|
2015-12-09 20:07:37 +00:00
|
|
|
response.headers.extend(get_auth_headers())
|
2015-06-22 21:37:13 +00:00
|
|
|
return response
|
|
|
|
|
|
|
|
|
2016-07-26 22:41:51 +00:00
|
|
|
from endpoints.v2 import (
|
|
|
|
blob,
|
|
|
|
catalog,
|
|
|
|
manifest,
|
|
|
|
tag,
|
2017-06-26 22:16:15 +00:00
|
|
|
v2auth,)
|