Add a feature flag for disabling unauthenticated access to the registry in its entirety.

endpoints/verbs.py

@@ -10,6 +10,7 @@ from auth.permissions import ReadRepositoryPermission
 from data import model
 from data import database
 from endpoints.trackhelper import track_and_log
+from endpoints.decorators import anon_protect
 from storage import Storage
 
 from util.queuefile import QueueFile
@@ -256,6 +257,7 @@ def os_arch_checker(os, arch):
   return checker
 
 
+@anon_protect
 @verbs.route('/aci/<server>/<namespace>/<repository>/<tag>/sig/<os>/<arch>/', methods=['GET'])
 @verbs.route('/aci/<server>/<namespace>/<repository>/<tag>/aci.asc/<os>/<arch>/', methods=['GET'])
 @process_auth
@@ -264,6 +266,7 @@ def get_aci_signature(server, namespace, repository, tag, os, arch):
                               os=os, arch=arch)
 
 
+@anon_protect
 @verbs.route('/aci/<server>/<namespace>/<repository>/<tag>/aci/<os>/<arch>/', methods=['GET'])
 @process_auth
 def get_aci_image(server, namespace, repository, tag, os, arch):
@@ -271,6 +274,7 @@ def get_aci_image(server, namespace, repository, tag, os, arch):
                     sign=True, checker=os_arch_checker(os, arch), os=os, arch=arch)
 
 
+@anon_protect
 @verbs.route('/squash/<namespace>/<repository>/<tag>', methods=['GET'])
 @process_auth
 def get_squashed_tag(namespace, repository, tag):