Convert V2's manifest endpoints to use the new data model interface
This commit is contained in:
Joseph Schorr
parent
a172de4fdc
commit
6b5064aba4
10 changed files with 197 additions and 200 deletions
|
|
@ -6,26 +6,22 @@ from flask import request, url_for, Response
|
|||
|
||||
import features
|
||||
|
||||
from app import docker_v2_signing_key, app, metric_queue
|
||||
from app import app, metric_queue
|
||||
from auth.registry_jwt_auth import process_registry_jwt_auth
|
||||
from digest import digest_tools
|
||||
from data.registry_model import registry_model
|
||||
from endpoints.decorators import anon_protect, parse_repository_name
|
||||
from endpoints.v2 import v2_bp, require_repo_read, require_repo_write
|
||||
from endpoints.v2.models_interface import Label
|
||||
from endpoints.v2.models_pre_oci import data_model as model
|
||||
from endpoints.v2.errors import (BlobUnknown, ManifestInvalid, ManifestUnknown, TagInvalid,
|
||||
NameInvalid, TagExpired)
|
||||
from endpoints.v2.labelhandlers import handle_label
|
||||
from endpoints.v2.errors import (ManifestInvalid, ManifestUnknown, TagInvalid,
|
||||
NameInvalid, TagExpired, NameUnknown)
|
||||
from image.docker import ManifestException
|
||||
from image.docker.schema1 import (DOCKER_SCHEMA1_MANIFEST_CONTENT_TYPE,
|
||||
DockerSchema1Manifest, DockerSchema1ManifestBuilder)
|
||||
from image.docker.schema1 import DOCKER_SCHEMA1_MANIFEST_CONTENT_TYPE, DockerSchema1Manifest
|
||||
from image.docker.schema2 import DOCKER_SCHEMA2_CONTENT_TYPES, OCI_CONTENT_TYPES
|
||||
from notifications import spawn_notification
|
||||
from util.audit import track_and_log
|
||||
from util.names import VALID_TAG_PATTERN
|
||||
from util.registry.replication import queue_replication_batch
|
||||
from util.validation import is_json
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
|
@ -40,45 +36,37 @@ MANIFEST_TAGNAME_ROUTE = BASE_MANIFEST_ROUTE.format(VALID_TAG_PATTERN)
|
|||
@require_repo_read
|
||||
@anon_protect
|
||||
def fetch_manifest_by_tagname(namespace_name, repo_name, manifest_ref):
|
||||
manifest = model.get_manifest_by_tag(namespace_name, repo_name, manifest_ref)
|
||||
repository_ref = registry_model.lookup_repository(namespace_name, repo_name)
|
||||
if repository_ref is None:
|
||||
raise NameUnknown()
|
||||
|
||||
tag = registry_model.get_repo_tag(repository_ref, manifest_ref)
|
||||
if tag is None:
|
||||
if registry_model.has_expired_tag(repository_ref, manifest_ref):
|
||||
logger.debug('Found expired tag %s for repository %s/%s', manifest_ref, namespace_name,
|
||||
repo_name)
|
||||
msg = 'Tag %s was deleted or has expired. To pull, revive via time machine' % manifest_ref
|
||||
raise TagExpired(msg)
|
||||
|
||||
raise ManifestUnknown()
|
||||
|
||||
manifest = registry_model.get_manifest_for_tag(tag, backfill_if_necessary=True)
|
||||
if manifest is None:
|
||||
has_tag = model.has_active_tag(namespace_name, repo_name, manifest_ref)
|
||||
if not has_tag:
|
||||
has_expired_tag = model.has_tag(namespace_name, repo_name, manifest_ref)
|
||||
if has_expired_tag:
|
||||
logger.debug('Found expired tag %s for repository %s/%s', manifest_ref, namespace_name,
|
||||
repo_name)
|
||||
msg = 'Tag %s was deleted or has expired. To pull, revive via time machine' % manifest_ref
|
||||
raise TagExpired(msg)
|
||||
else:
|
||||
raise ManifestUnknown()
|
||||
# Something went wrong.
|
||||
raise ManifestInvalid()
|
||||
|
||||
repo_ref = registry_model.lookup_repository(namespace_name, repo_name)
|
||||
if repo_ref is None:
|
||||
raise ManifestUnknown()
|
||||
|
||||
tag = registry_model.get_repo_tag(repo_ref, manifest_ref, include_legacy_image=True)
|
||||
if tag is None:
|
||||
raise ManifestUnknown()
|
||||
|
||||
if not registry_model.backfill_manifest_for_tag(tag):
|
||||
raise ManifestUnknown()
|
||||
|
||||
manifest = model.get_manifest_by_tag(namespace_name, repo_name, manifest_ref)
|
||||
if manifest is None:
|
||||
raise ManifestUnknown()
|
||||
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if repo is not None:
|
||||
track_and_log('pull_repo', repo, analytics_name='pull_repo_100x', analytics_sample=0.01,
|
||||
tag=manifest_ref)
|
||||
metric_queue.repository_pull.Inc(labelvalues=[namespace_name, repo_name, 'v2', True])
|
||||
track_and_log('pull_repo', repository_ref, analytics_name='pull_repo_100x', analytics_sample=0.01,
|
||||
tag=manifest_ref)
|
||||
metric_queue.repository_pull.Inc(labelvalues=[namespace_name, repo_name, 'v2', True])
|
||||
|
||||
return Response(
|
||||
manifest.json,
|
||||
manifest.manifest_bytes,
|
||||
status=200,
|
||||
headers={'Content-Type': manifest.media_type,
|
||||
'Docker-Content-Digest': manifest.digest},)
|
||||
headers={
|
||||
'Content-Type': manifest.media_type,
|
||||
'Docker-Content-Digest': manifest.digest,
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
@v2_bp.route(MANIFEST_DIGEST_ROUTE, methods=['GET'])
|
||||
|
|
@ -87,19 +75,21 @@ def fetch_manifest_by_tagname(namespace_name, repo_name, manifest_ref):
|
|||
@require_repo_read
|
||||
@anon_protect
|
||||
def fetch_manifest_by_digest(namespace_name, repo_name, manifest_ref):
|
||||
manifest = model.get_manifest_by_digest(namespace_name, repo_name, manifest_ref)
|
||||
repository_ref = registry_model.lookup_repository(namespace_name, repo_name)
|
||||
if repository_ref is None:
|
||||
raise NameUnknown()
|
||||
|
||||
manifest = registry_model.lookup_manifest_by_digest(repository_ref, manifest_ref)
|
||||
if manifest is None:
|
||||
# Without a tag name to reference, we can't make an attempt to generate the manifest
|
||||
raise ManifestUnknown()
|
||||
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if repo is not None:
|
||||
track_and_log('pull_repo', repo, manifest_digest=manifest_ref)
|
||||
metric_queue.repository_pull.Inc(labelvalues=[namespace_name, repo_name, 'v2', True])
|
||||
track_and_log('pull_repo', repository_ref, manifest_digest=manifest_ref)
|
||||
metric_queue.repository_pull.Inc(labelvalues=[namespace_name, repo_name, 'v2', True])
|
||||
|
||||
return Response(manifest.json, status=200, headers={
|
||||
return Response(manifest.manifest_bytes, status=200, headers={
|
||||
'Content-Type': manifest.media_type,
|
||||
'Docker-Content-Digest': manifest.digest})
|
||||
'Docker-Content-Digest': manifest.digest,
|
||||
})
|
||||
|
||||
|
||||
def _reject_manifest2_schema2(func):
|
||||
|
|
@ -158,99 +148,6 @@ def write_manifest_by_digest(namespace_name, repo_name, manifest_ref):
|
|||
return _write_manifest_and_log(namespace_name, repo_name, manifest)
|
||||
|
||||
|
||||
def _write_manifest(namespace_name, repo_name, manifest):
|
||||
if (manifest.namespace == '' and features.LIBRARY_SUPPORT and
|
||||
namespace_name == app.config['LIBRARY_NAMESPACE']):
|
||||
pass
|
||||
elif manifest.namespace != namespace_name:
|
||||
raise NameInvalid()
|
||||
|
||||
if manifest.repo_name != repo_name:
|
||||
raise NameInvalid()
|
||||
|
||||
# Ensure that the repository exists.
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if repo is None:
|
||||
raise NameInvalid()
|
||||
|
||||
if not manifest.layers:
|
||||
raise ManifestInvalid(detail={'message': 'manifest does not reference any layers'})
|
||||
|
||||
# Ensure all the blobs in the manifest exist.
|
||||
blob_map = model.lookup_blobs_by_digest(repo, manifest.checksums)
|
||||
for layer in manifest.layers:
|
||||
digest_str = str(layer.digest)
|
||||
if digest_str not in blob_map:
|
||||
raise BlobUnknown(detail={'digest': digest_str})
|
||||
|
||||
# Lookup all the images and their parent images (if any) inside the manifest.
|
||||
# This will let us know which v1 images we need to synthesize and which ones are invalid.
|
||||
all_image_ids = list(manifest.parent_image_ids | manifest.image_ids)
|
||||
images_map = model.get_docker_v1_metadata_by_image_id(repo, all_image_ids)
|
||||
|
||||
# Rewrite any v1 image IDs that do not match the checksum in the database.
|
||||
try:
|
||||
# TODO: make this batch and read the parent image from the previous iteration, rather than
|
||||
# reloading it.
|
||||
rewritten_images = list(manifest.rewrite_invalid_image_ids(images_map))
|
||||
for rewritten_image in rewritten_images:
|
||||
if not rewritten_image.image_id in images_map:
|
||||
model.synthesize_v1_image(
|
||||
repo,
|
||||
blob_map[rewritten_image.content_checksum],
|
||||
rewritten_image.image_id,
|
||||
rewritten_image.created,
|
||||
rewritten_image.comment,
|
||||
rewritten_image.command,
|
||||
rewritten_image.compat_json,
|
||||
rewritten_image.parent_image_id,
|
||||
)
|
||||
except ManifestException as me:
|
||||
logger.exception("exception when rewriting v1 metadata")
|
||||
raise ManifestInvalid(detail={'message': 'failed synthesizing v1 metadata: %s' % me.message})
|
||||
|
||||
# Store the manifest pointing to the tag.
|
||||
leaf_layer_id = rewritten_images[-1].image_id
|
||||
newly_created = model.save_manifest(repo, manifest.tag, manifest, leaf_layer_id, blob_map)
|
||||
if newly_created:
|
||||
# TODO: make this batch
|
||||
labels = []
|
||||
for key, value in manifest.layers[-1].v1_metadata.labels.iteritems():
|
||||
media_type = 'application/json' if is_json(value) else 'text/plain'
|
||||
labels.append(Label(key=key, value=value, source_type='manifest', media_type=media_type))
|
||||
handle_label(key, value, namespace_name, repo_name, manifest.digest)
|
||||
|
||||
model.create_manifest_labels(namespace_name, repo_name, manifest.digest, labels)
|
||||
|
||||
return repo, blob_map
|
||||
|
||||
|
||||
def _write_manifest_and_log(namespace_name, repo_name, manifest):
|
||||
repo, blob_map = _write_manifest(namespace_name, repo_name, manifest)
|
||||
|
||||
# Queue all blob manifests for replication.
|
||||
if features.STORAGE_REPLICATION:
|
||||
with queue_replication_batch(namespace_name) as queue_storage_replication:
|
||||
for layer in manifest.layers:
|
||||
digest_str = str(layer.digest)
|
||||
queue_storage_replication(blob_map[digest_str])
|
||||
|
||||
track_and_log('push_repo', repo, tag=manifest.tag)
|
||||
spawn_notification(repo, 'repo_push', {'updated_tags': [manifest.tag]})
|
||||
metric_queue.repository_push.Inc(labelvalues=[namespace_name, repo_name, 'v2', True])
|
||||
|
||||
return Response(
|
||||
'OK',
|
||||
status=202,
|
||||
headers={
|
||||
'Docker-Content-Digest': manifest.digest,
|
||||
'Location':
|
||||
url_for('v2.fetch_manifest_by_digest', repository='%s/%s' % (namespace_name, repo_name),
|
||||
manifest_ref=manifest.digest),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
@v2_bp.route(MANIFEST_DIGEST_ROUTE, methods=['DELETE'])
|
||||
@parse_repository_name()
|
||||
@process_registry_jwt_auth(scopes=['pull', 'push'])
|
||||
|
|
@ -263,11 +160,75 @@ def delete_manifest_by_digest(namespace_name, repo_name, manifest_ref):
|
|||
Note: there is no equivalent method for deleting by tag name because it is
|
||||
forbidden by the spec.
|
||||
"""
|
||||
tags = model.delete_manifest_by_digest(namespace_name, repo_name, manifest_ref)
|
||||
repository_ref = registry_model.lookup_repository(namespace_name, repo_name)
|
||||
if repository_ref is None:
|
||||
raise NameUnknown()
|
||||
|
||||
manifest = registry_model.lookup_manifest_by_digest(repository_ref, manifest_ref)
|
||||
if manifest is None:
|
||||
raise ManifestUnknown()
|
||||
|
||||
tags = registry_model.delete_tags_for_manifest(manifest)
|
||||
if not tags:
|
||||
raise ManifestUnknown()
|
||||
|
||||
for tag in tags:
|
||||
track_and_log('delete_tag', tag.repository, tag=tag.name, digest=manifest_ref)
|
||||
track_and_log('delete_tag', repository_ref, tag=tag.name, digest=manifest_ref)
|
||||
|
||||
return Response(status=202)
|
||||
|
||||
|
||||
def _write_manifest_and_log(namespace_name, repo_name, manifest_impl):
|
||||
repository_ref, manifest, tag = _write_manifest(namespace_name, repo_name, manifest_impl)
|
||||
|
||||
# Queue all blob manifests for replication.
|
||||
if features.STORAGE_REPLICATION:
|
||||
layers = registry_model.list_manifest_layers(manifest)
|
||||
if layers is None:
|
||||
raise ManifestInvalid()
|
||||
|
||||
with queue_replication_batch(namespace_name) as queue_storage_replication:
|
||||
for layer in layers:
|
||||
queue_storage_replication(layer.blob)
|
||||
|
||||
track_and_log('push_repo', repository_ref, tag=manifest_impl.tag)
|
||||
spawn_notification(repository_ref, 'repo_push', {'updated_tags': [manifest_impl.tag]})
|
||||
metric_queue.repository_push.Inc(labelvalues=[namespace_name, repo_name, 'v2', True])
|
||||
|
||||
return Response(
|
||||
'OK',
|
||||
status=202,
|
||||
headers={
|
||||
'Docker-Content-Digest': manifest.digest,
|
||||
'Location':
|
||||
url_for('v2.fetch_manifest_by_digest',
|
||||
repository='%s/%s' % (namespace_name, repo_name),
|
||||
manifest_ref=manifest.digest),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def _write_manifest(namespace_name, repo_name, manifest_impl):
|
||||
if (manifest_impl.namespace == '' and features.LIBRARY_SUPPORT and
|
||||
namespace_name == app.config['LIBRARY_NAMESPACE']):
|
||||
pass
|
||||
elif manifest_impl.namespace != namespace_name:
|
||||
raise NameInvalid()
|
||||
|
||||
if manifest_impl.repo_name != repo_name:
|
||||
raise NameInvalid()
|
||||
|
||||
if not manifest_impl.layers:
|
||||
raise ManifestInvalid(detail={'message': 'manifest does not reference any layers'})
|
||||
|
||||
# Ensure that the repository exists.
|
||||
repository_ref = registry_model.lookup_repository(namespace_name, repo_name)
|
||||
if repository_ref is None:
|
||||
raise NameUnknown()
|
||||
|
||||
manifest, tag = registry_model.create_manifest_and_retarget_tag(repository_ref, manifest_impl,
|
||||
manifest_impl.tag)
|
||||
if manifest is None:
|
||||
raise ManifestInvalid()
|
||||
|
||||
return repository_ref, manifest, tag
|
||||
|
|
|
|||
Reference in a new issue