Merge pull request #3137 from quay/joseph.schorr/QUAY-963/repo-name-check

Ensure that we limit the length of repository names

endpoints/api/test/test_repository.py

@@ -96,3 +96,24 @@ def test_list_starred_repos(client):
     repos = {r['namespace'] + '/' + r['name'] for r in response['repositories']}
     assert 'devtable/simple' in repos
     assert 'public/publicrepo' not in repos
+
+
+@pytest.mark.parametrize('repo_name, expected_status', [
+  pytest.param('x' * 255, 201, id='Maximum allowed length'),
+  pytest.param('x' * 256, 400, id='Over allowed length'),
+  pytest.param('a|b', 400, id='Invalid name'),
+])
+def test_create_repository(repo_name, expected_status, client):
+  with client_with_identity('devtable', client) as cl:
+    body = {
+      'namespace': 'devtable',
+      'repository': repo_name,
+      'visibility': 'public',
+      'description': 'foo',
+    }
+
+    result = conduct_api_call(client, RepositoryList, 'post', None, body,
+                              expected_code=expected_status).json
+    if expected_status == 201:
+      assert result['name'] == repo_name
+      assert model.repository.get_repository('devtable', repo_name).name == repo_name

test/registry/protocol_v1.py

@@ -21,7 +21,8 @@ class V1Protocol(RegistryProtocol):
       Failures.UNAUTHENTICATED: 401,
       Failures.UNAUTHORIZED: 403,
       Failures.APP_REPOSITORY: 405,
-      Failures.INVALID_REPOSITORY: 404,
+      Failures.SLASH_REPOSITORY: 404,
+      Failures.INVALID_REPOSITORY: 400,
       Failures.DISALLOWED_LIBRARY_NAMESPACE: 400,
       Failures.NAMESPACE_DISABLED: 400,
     },

test/registry/protocol_v2.py

@@ -28,6 +28,7 @@ class V2Protocol(RegistryProtocol):
       Failures.APP_REPOSITORY: 405,
       Failures.ANONYMOUS_NOT_ALLOWED: 401,
       Failures.INVALID_REPOSITORY: 400,
+      Failures.SLASH_REPOSITORY: 400,
       Failures.NAMESPACE_DISABLED: 400,
     },
     V2ProtocolSteps.MOUNT_BLOB: {

test/registry/protocols.py

@@ -41,6 +41,7 @@ class Failures(Enum):
   UNAUTHORIZED = 'unauthorized'
   INVALID_REGISTRY = 'invalid-registry'
   INVALID_REPOSITORY = 'invalid-repository'
+  SLASH_REPOSITORY = 'slash-repository'
   APP_REPOSITORY = 'app-repository'
   UNKNOWN_TAG = 'unknown-tag'
   ANONYMOUS_NOT_ALLOWED = 'anonymous-not-allowed'

test/registry/registry_tests.py

@@ -362,15 +362,25 @@ def test_image_replication(pusher, basic_images, liveserver_session, app_reloade
       assert r.text == 'OK'
 
 
-def test_push_reponame_with_slashes(pusher, basic_images, liveserver_session, app_reloader):
-  """ Test: Attempt to add a repository name with slashes. This should fail as we do not
-      support it.
+@pytest.mark.parametrize('repo_name, expected_failure', [
+  ('something', None),
+  ('some/slash', Failures.SLASH_REPOSITORY),
+  pytest.param('x' * 255, None, id='Valid long name'),
+  pytest.param('x' * 256, Failures.INVALID_REPOSITORY, id='Name too long'),
+])
+def test_push_reponame(repo_name, expected_failure, pusher, puller, basic_images,
+                       liveserver_session, app_reloader):
+  """ Test: Attempt to add a repository with various names.
   """
   credentials = ('devtable', 'password')
 
-  pusher.push(liveserver_session, 'devtable', 'some/slash', 'latest', basic_images,
+  pusher.push(liveserver_session, 'devtable', repo_name, 'latest', basic_images,
               credentials=credentials,
-              expected_failure=Failures.INVALID_REPOSITORY)
+              expected_failure=expected_failure)
+
+  if expected_failure is None:
+    puller.pull(liveserver_session, 'devtable', repo_name, 'latest', basic_images,
+                credentials=credentials)
 
 
 @pytest.mark.parametrize('tag_name, expected_failure', [

util/names.py

@@ -5,7 +5,7 @@ import anunidecode # Don't listen to pylint's lies. This import is required for
 
 from uuid import uuid4
 
-REPOSITORY_NAME_REGEX = re.compile(r'^[\.a-zA-Z0-9_-]+$')
+REPOSITORY_NAME_REGEX = re.compile(r'^[\.a-zA-Z0-9_-]{1,255}$')
 
 VALID_TAG_PATTERN = r'[\w][\w.-]{0,127}'
 FULL_TAG_PATTERN = r'^[\w][\w.-]{0,127}$'