Change V1 to use the manifest builder and new registry data model
This commit is contained in:
Joseph Schorr
parent
65d5be23c7
commit
4520f9e842
12 changed files with 291 additions and 689 deletions
|
|
@ -14,9 +14,11 @@ from auth.permissions import (
|
|||
ModifyRepositoryPermission, UserAdminPermission, ReadRepositoryPermission,
|
||||
CreateRepositoryPermission, repository_read_grant, repository_write_grant)
|
||||
from auth.signedgrant import generate_signed_token
|
||||
from data import model
|
||||
from data.registry_model import registry_model
|
||||
from data.registry_model.manifestbuilder import create_manifest_builder, lookup_manifest_builder
|
||||
from endpoints.decorators import anon_protect, anon_allowed, parse_repository_name
|
||||
from endpoints.v1 import v1_bp
|
||||
from endpoints.v1.models_pre_oci import pre_oci_model as model
|
||||
from notifications import spawn_notification
|
||||
from util.audit import track_and_log
|
||||
from util.http import abort
|
||||
|
|
@ -33,7 +35,9 @@ class GrantType(object):
|
|||
def ensure_namespace_enabled(f):
|
||||
@wraps(f)
|
||||
def wrapper(namespace_name, repo_name, *args, **kwargs):
|
||||
if not model.is_namespace_enabled(namespace_name):
|
||||
namespace = model.user.get_namespace_user(namespace_name)
|
||||
is_namespace_enabled = namespace is not None and namespace.enabled
|
||||
if not is_namespace_enabled:
|
||||
abort(400, message='Namespace is disabled. Please contact your system administrator.')
|
||||
|
||||
return f(namespace_name, repo_name, *args, **kwargs)
|
||||
|
|
@ -148,11 +152,13 @@ def update_user(username):
|
|||
|
||||
if 'password' in update_request:
|
||||
logger.debug('Updating user password')
|
||||
model.change_user_password(get_authenticated_user(), update_request['password'])
|
||||
model.user.change_password(get_authenticated_user(), update_request['password'])
|
||||
|
||||
return jsonify({
|
||||
'username': get_authenticated_user().username,
|
||||
'email': get_authenticated_user().email})
|
||||
'email': get_authenticated_user().email,
|
||||
})
|
||||
|
||||
abort(403)
|
||||
|
||||
|
||||
|
|
@ -168,25 +174,22 @@ def create_repository(namespace_name, repo_name):
|
|||
abort(400, message='Invalid repository name. Repository names cannot contain slashes.')
|
||||
|
||||
logger.debug('Looking up repository %s/%s', namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
|
||||
logger.debug('Found repository %s/%s', namespace_name, repo_name)
|
||||
if not repo and get_authenticated_user() is None:
|
||||
repository_ref = registry_model.lookup_repository(namespace_name, repo_name)
|
||||
if repository_ref is None and get_authenticated_user() is None:
|
||||
logger.debug('Attempt to create repository %s/%s without user auth', namespace_name, repo_name)
|
||||
abort(401,
|
||||
message='Cannot create a repository as a guest. Please login via "docker login" first.',
|
||||
issue='no-login')
|
||||
|
||||
elif repo:
|
||||
elif repository_ref:
|
||||
modify_perm = ModifyRepositoryPermission(namespace_name, repo_name)
|
||||
if not modify_perm.can():
|
||||
abort(403,
|
||||
message='You do not have permission to modify repository %(namespace)s/%(repository)s',
|
||||
issue='no-repo-write-permission', namespace=namespace_name, repository=repo_name)
|
||||
elif repo.kind != 'image':
|
||||
msg = 'This repository is for managing %s resources and not container images.' % repo.kind
|
||||
elif repository_ref.kind != 'image':
|
||||
msg = ('This repository is for managing %s resources and not container images.' %
|
||||
repository_ref.kind)
|
||||
abort(405, message=msg, namespace=namespace_name)
|
||||
|
||||
else:
|
||||
create_perm = CreateRepositoryPermission(namespace_name)
|
||||
if not create_perm.can():
|
||||
|
|
@ -199,17 +202,27 @@ def create_repository(namespace_name, repo_name):
|
|||
logger.debug('Creating repository %s/%s with owner: %s', namespace_name, repo_name,
|
||||
get_authenticated_user().username)
|
||||
|
||||
model.create_repository(namespace_name, repo_name, get_authenticated_user())
|
||||
repository_ref = model.repository.create_repository(namespace_name, repo_name,
|
||||
get_authenticated_user())
|
||||
|
||||
if get_authenticated_user():
|
||||
user_event_data = {
|
||||
'action': 'push_start',
|
||||
'repository': repo_name,
|
||||
'namespace': namespace_name,}
|
||||
'namespace': namespace_name,
|
||||
}
|
||||
|
||||
event = userevents.get_event(get_authenticated_user().username)
|
||||
event.publish_event_data('docker-cli', user_event_data)
|
||||
|
||||
# Start a new builder for the repository and save its ID in the session.
|
||||
assert repository_ref
|
||||
builder = create_manifest_builder(repository_ref)
|
||||
logger.debug('Started repo push with manifest builder %s', builder)
|
||||
if builder is None:
|
||||
abort(404, message='Unknown repository', issue='unknown-repo')
|
||||
|
||||
session['manifest_builder'] = builder.builder_id
|
||||
return make_response('Created', 201)
|
||||
|
||||
|
||||
|
|
@ -224,24 +237,26 @@ def update_images(namespace_name, repo_name):
|
|||
|
||||
if permission.can():
|
||||
logger.debug('Looking up repository')
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if not repo:
|
||||
repository_ref = registry_model.lookup_repository(namespace_name, repo_name,
|
||||
kind_filter='image')
|
||||
if repository_ref is None:
|
||||
# Make sure the repo actually exists.
|
||||
abort(404, message='Unknown repository', issue='unknown-repo')
|
||||
elif repo.kind != 'image':
|
||||
msg = 'This repository is for managing %s resources and not container images.' % repo.kind
|
||||
abort(405, message=msg, namespace=namespace_name)
|
||||
|
||||
builder = lookup_manifest_builder(repository_ref, session.get('manifest_builder'))
|
||||
if builder is None:
|
||||
abort(400)
|
||||
|
||||
# Generate a job for each notification that has been added to this repo
|
||||
logger.debug('Adding notifications for repository')
|
||||
|
||||
updated_tags = session.get('pushed_tags', {})
|
||||
event_data = {
|
||||
'updated_tags': updated_tags.keys(),
|
||||
'updated_tags': [tag.name for tag in builder.committed_tags],
|
||||
}
|
||||
|
||||
track_and_log('push_repo', repo)
|
||||
spawn_notification(repo, 'repo_push', event_data)
|
||||
builder.done()
|
||||
|
||||
track_and_log('push_repo', repository_ref)
|
||||
spawn_notification(repository_ref, 'repo_push', event_data)
|
||||
metric_queue.repository_push.Inc(labelvalues=[namespace_name, repo_name, 'v1', True])
|
||||
return make_response('Updated', 204)
|
||||
|
||||
|
|
@ -255,24 +270,22 @@ def update_images(namespace_name, repo_name):
|
|||
@generate_headers(scope=GrantType.READ_REPOSITORY)
|
||||
@anon_protect
|
||||
def get_repository_images(namespace_name, repo_name):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
repository_ref = registry_model.lookup_repository(namespace_name, repo_name,
|
||||
kind_filter='image')
|
||||
|
||||
# TODO invalidate token?
|
||||
if permission.can() or model.repository_is_public(namespace_name, repo_name):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
if permission.can() or (repository_ref and repository_ref.is_public):
|
||||
# We can't rely on permissions to tell us if a repo exists anymore
|
||||
logger.debug('Looking up repository')
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if not repo:
|
||||
if repository_ref is None:
|
||||
abort(404, message='Unknown repository', issue='unknown-repo')
|
||||
elif repo.kind != 'image':
|
||||
msg = 'This repository is for managing %s resources and not container images.' % repo.kind
|
||||
abort(405, message=msg, namespace=namespace_name)
|
||||
|
||||
logger.debug('Building repository image response')
|
||||
resp = make_response(json.dumps([]), 200)
|
||||
resp.mimetype = 'application/json'
|
||||
|
||||
track_and_log('pull_repo', repo, analytics_name='pull_repo_100x', analytics_sample=0.01)
|
||||
track_and_log('pull_repo', repository_ref,
|
||||
analytics_name='pull_repo_100x',
|
||||
analytics_sample=0.01)
|
||||
metric_queue.repository_pull.Inc(labelvalues=[namespace_name, repo_name, 'v1', True])
|
||||
return resp
|
||||
|
||||
|
|
@ -332,18 +345,21 @@ def _conduct_repo_search(username, query, limit=25, page=1):
|
|||
offset = (page - 1) * limit
|
||||
|
||||
if query:
|
||||
matching_repos = model.get_sorted_matching_repositories(query, username, limit=limit + 1,
|
||||
offset=offset)
|
||||
matching_repos = model.repository.get_filtered_matching_repositories(query,
|
||||
filter_username=username,
|
||||
offset=offset,
|
||||
limit=limit + 1)
|
||||
else:
|
||||
matching_repos = []
|
||||
|
||||
results = []
|
||||
for repo in matching_repos[0:limit]:
|
||||
results.append({
|
||||
'name': repo.namespace_name + '/' + repo.name,
|
||||
'name': repo.namespace_user.username + '/' + repo.name,
|
||||
'description': repo.description,
|
||||
'is_public': repo.is_public,
|
||||
'href': '/repository/' + repo.namespace_name + '/' + repo.name})
|
||||
'is_public': model.repository.is_repository_public(repo),
|
||||
'href': '/repository/' + repo.namespace_user.username + '/' + repo.name
|
||||
})
|
||||
|
||||
# Defined: https://docs.docker.com/v1.6/reference/api/registry_api/
|
||||
return {
|
||||
|
|
@ -352,4 +368,5 @@ def _conduct_repo_search(username, query, limit=25, page=1):
|
|||
'num_pages': page + 1 if len(matching_repos) > limit else page,
|
||||
'page': page,
|
||||
'page_size': limit,
|
||||
'results': results,}
|
||||
'results': results,
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue