create interfaces for v1 and v2 data model
This commit is contained in:
Jimmy Zelinskie
parent
b775458d4b
commit
c06d395f96
14 changed files with 1048 additions and 732 deletions
|
|
@ -6,9 +6,8 @@ from functools import wraps
|
|||
|
||||
from flask import request, make_response, jsonify, session
|
||||
|
||||
from data.interfaces import v1
|
||||
from data.interfaces.v1 import PreOCIModel as model
|
||||
from app import authentication, userevents, metric_queue
|
||||
from app import authentication, userevents
|
||||
from auth.auth import process_auth, generate_signed_token
|
||||
from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
|
||||
from auth.permissions import (ModifyRepositoryPermission, UserAdminPermission,
|
||||
|
|
@ -86,17 +85,17 @@ def create_user():
|
|||
success = make_response('"Username or email already exists"', 400)
|
||||
|
||||
if username == '$token':
|
||||
if v1.load_token(password):
|
||||
if model.load_token(password):
|
||||
return success
|
||||
abort(400, 'Invalid access token.', issue='invalid-access-token')
|
||||
|
||||
elif username == '$oauthtoken':
|
||||
if v1.validate_oauth_token(password):
|
||||
if model.validate_oauth_token(password):
|
||||
return success
|
||||
abort(400, 'Invalid oauth access token.', issue='invalid-oauth-access-token')
|
||||
|
||||
elif '+' in username:
|
||||
if v1.verify_robot(username, password):
|
||||
if model.verify_robot(username, password):
|
||||
return success
|
||||
abort(400, 'Invalid robot account or password.', issue='robot-login-failure')
|
||||
|
||||
|
|
@ -147,7 +146,7 @@ def update_user(username):
|
|||
|
||||
if 'password' in update_request:
|
||||
logger.debug('Updating user password')
|
||||
v1.change_user_password(get_authenticated_user(), update_request['password'])
|
||||
model.change_user_password(get_authenticated_user(), update_request['password'])
|
||||
|
||||
return jsonify({
|
||||
'username': get_authenticated_user().username,
|
||||
|
|
@ -167,7 +166,7 @@ def create_repository(namespace_name, repo_name):
|
|||
abort(400, message='Invalid repository name. Repository names cannot contain slashes.')
|
||||
|
||||
logger.debug('Looking up repository %s/%s', namespace_name, repo_name)
|
||||
repo = v1.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
|
||||
logger.debug('Found repository %s/%s', namespace_name, repo_name)
|
||||
if not repo and get_authenticated_user() is None:
|
||||
|
|
@ -195,7 +194,7 @@ def create_repository(namespace_name, repo_name):
|
|||
logger.debug('Creating repository %s/%s with owner: %s', namespace_name, repo_name,
|
||||
get_authenticated_user().username)
|
||||
|
||||
v1.create_repository(namespace_name, repo_name, get_authenticated_user())
|
||||
model.create_repository(namespace_name, repo_name, get_authenticated_user())
|
||||
|
||||
if get_authenticated_user():
|
||||
user_event_data = {
|
||||
|
|
@ -220,7 +219,7 @@ def update_images(namespace_name, repo_name):
|
|||
|
||||
if permission.can():
|
||||
logger.debug('Looking up repository')
|
||||
repo = v1.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if not repo:
|
||||
# Make sure the repo actually exists.
|
||||
abort(404, message='Unknown repository', issue='unknown-repo')
|
||||
|
|
@ -250,10 +249,10 @@ def get_repository_images(namespace_name, repo_name):
|
|||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
# TODO invalidate token?
|
||||
if permission.can() or v1.repository_is_public(namespace_name, repo_name):
|
||||
if permission.can() or model.repository_is_public(namespace_name, repo_name):
|
||||
# We can't rely on permissions to tell us if a repo exists anymore
|
||||
logger.debug('Looking up repository')
|
||||
repo = v1.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if not repo:
|
||||
abort(404, message='Unknown repository', issue='unknown-repo')
|
||||
|
||||
|
|
@ -319,7 +318,7 @@ def _conduct_repo_search(username, query, results):
|
|||
return ReadRepositoryPermission(repo.namespace_name, repo.name).can()
|
||||
|
||||
only_public = username is None
|
||||
matching_repos = v1.get_sorted_matching_repositories(query, only_public, can_read, limit=5)
|
||||
matching_repos = model.get_sorted_matching_repositories(query, only_public, can_read, limit=5)
|
||||
|
||||
for repo in matching_repos:
|
||||
results.append({
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ from auth.permissions import (ReadRepositoryPermission,
|
|||
ModifyRepositoryPermission)
|
||||
from auth.registry_jwt_auth import get_granted_username
|
||||
from data import model, database
|
||||
from data.interfaces import v1
|
||||
from data.interfaces.v1 import PreOCIModel as model
|
||||
from digest import checksums
|
||||
from endpoints.v1 import v1_bp
|
||||
from endpoints.decorators import anon_protect
|
||||
|
|
@ -30,7 +30,7 @@ logger = logging.getLogger(__name__)
|
|||
|
||||
def _finish_image(namespace, repository, image_id):
|
||||
# Checksum is ok, we remove the marker
|
||||
blob_ref = v1.update_image_uploading(namespace, repository, image_id, False)
|
||||
blob_ref = model.update_image_uploading(namespace, repository, image_id, False)
|
||||
|
||||
# Send a job to the work queue to replicate the image layer.
|
||||
queue_storage_replication(namespace, blob_ref)
|
||||
|
|
@ -41,7 +41,7 @@ def require_completion(f):
|
|||
@wraps(f)
|
||||
def wrapper(namespace, repository, *args, **kwargs):
|
||||
image_id = kwargs['image_id']
|
||||
if v1.is_image_uploading(namespace, repository, image_id):
|
||||
if model.is_image_uploading(namespace, repository, image_id):
|
||||
abort(400, 'Image %(image_id)s is being uploaded, retry later',
|
||||
issue='upload-in-progress', image_id=image_id)
|
||||
return f(namespace, repository, *args, **kwargs)
|
||||
|
|
@ -82,9 +82,9 @@ def head_image_layer(namespace, repository, image_id, headers):
|
|||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
|
||||
logger.debug('Checking repo permissions')
|
||||
if permission.can() or model.repository.repository_is_public(namespace, repository):
|
||||
if permission.can() or model.repository_is_public(namespace, repository):
|
||||
logger.debug('Looking up placement locations')
|
||||
locations = v1.placement_locations_docker_v1(namespace, repository, image_id)
|
||||
locations = model.placement_locations_docker_v1(namespace, repository, image_id)
|
||||
if locations is None:
|
||||
logger.debug('Could not find any blob placement locations')
|
||||
abort(404, 'Image %(image_id)s not found', issue='unknown-image',
|
||||
|
|
@ -115,11 +115,9 @@ def get_image_layer(namespace, repository, image_id, headers):
|
|||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
|
||||
logger.debug('Checking repo permissions')
|
||||
if permission.can() or model.repository.repository_is_public(namespace, repository):
|
||||
if permission.can() or model.repository_is_public(namespace, repository):
|
||||
logger.debug('Looking up placement locations and path')
|
||||
locations, path = v1.placement_locations_and_path_docker_v1(namespace,
|
||||
repository,
|
||||
image_id)
|
||||
locations, path = model.placement_locations_and_path_docker_v1(namespace, repository, image_id)
|
||||
if not locations or not path:
|
||||
abort(404, 'Image %(image_id)s not found', issue='unknown-image',
|
||||
image_id=image_id)
|
||||
|
|
@ -154,7 +152,7 @@ def put_image_layer(namespace, repository, image_id):
|
|||
abort(403)
|
||||
|
||||
logger.debug('Retrieving image')
|
||||
if v1.storage_exists(namespace, repository, image_id):
|
||||
if model.storage_exists(namespace, repository, image_id):
|
||||
exact_abort(409, 'Image already exists')
|
||||
|
||||
logger.debug('Storing layer data')
|
||||
|
|
@ -184,7 +182,7 @@ def put_image_layer(namespace, repository, image_id):
|
|||
sr.add_handler(piece_hasher.update)
|
||||
|
||||
# Add a handler which computes the checksum.
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
h, sum_hndlr = checksums.simple_checksum_handler(v1_metadata.compat_json)
|
||||
sr.add_handler(sum_hndlr)
|
||||
|
||||
|
|
@ -193,7 +191,7 @@ def put_image_layer(namespace, repository, image_id):
|
|||
sr.add_handler(content_sum_hndlr)
|
||||
|
||||
# Stream write the data to storage.
|
||||
locations, path = v1.placement_locations_and_path_docker_v1(namespace, repository, image_id)
|
||||
locations, path = model.placement_locations_and_path_docker_v1(namespace, repository, image_id)
|
||||
with database.CloseForLongOperation(app.config):
|
||||
try:
|
||||
store.stream_write(locations, path, sr)
|
||||
|
|
@ -202,11 +200,11 @@ def put_image_layer(namespace, repository, image_id):
|
|||
abort(520, 'Image %(image_id)s could not be written. Please try again.', image_id=image_id)
|
||||
|
||||
# Save the size of the image.
|
||||
v1.update_image_sizes(namespace, repository, image_id, size_info.compressed_size,
|
||||
size_info.uncompressed_size)
|
||||
model.update_image_sizes(namespace, repository, image_id, size_info.compressed_size,
|
||||
size_info.uncompressed_size)
|
||||
|
||||
# Save the BitTorrent pieces.
|
||||
v1.create_bittorrent_pieces(namespace, repository, image_id, piece_hasher.final_piece_hashes())
|
||||
model.create_bittorrent_pieces(namespace, repository, image_id, piece_hasher.final_piece_hashes())
|
||||
|
||||
# Append the computed checksum.
|
||||
csums = []
|
||||
|
|
@ -271,7 +269,7 @@ def put_image_checksum(namespace, repository, image_id):
|
|||
issue='missing-checksum-cookie', image_id=image_id)
|
||||
|
||||
logger.debug('Looking up repo image')
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
if not v1_metadata:
|
||||
abort(404, 'Image not found: %(image_id)s', issue='unknown-image', image_id=image_id)
|
||||
|
||||
|
|
@ -280,7 +278,7 @@ def put_image_checksum(namespace, repository, image_id):
|
|||
abort(404, 'Image not found: %(image_id)s', issue='unknown-image', image_id=image_id)
|
||||
|
||||
logger.debug('Marking image path')
|
||||
if not v1.is_image_uploading(namespace, repository, image_id):
|
||||
if not model.is_image_uploading(namespace, repository, image_id):
|
||||
abort(409, 'Cannot set checksum for image %(image_id)s',
|
||||
issue='image-write-error', image_id=image_id)
|
||||
|
||||
|
|
@ -291,7 +289,7 @@ def put_image_checksum(namespace, repository, image_id):
|
|||
if len(checksum_parts) != 2:
|
||||
abort(400, 'Invalid checksum format')
|
||||
|
||||
v1.store_docker_v1_checksums(namespace, repository, image_id, checksum, content_checksum)
|
||||
model.store_docker_v1_checksums(namespace, repository, image_id, checksum, content_checksum)
|
||||
|
||||
if checksum not in session.get('checksum', []):
|
||||
logger.debug('session checksums: %s', session.get('checksum', []))
|
||||
|
|
@ -315,16 +313,16 @@ def put_image_checksum(namespace, repository, image_id):
|
|||
def get_image_json(namespace, repository, image_id, headers):
|
||||
logger.debug('Checking repo permissions')
|
||||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
if not permission.can() and not model.repository.repository_is_public(namespace, repository):
|
||||
if not permission.can() and not model.repository_is_public(namespace, repository):
|
||||
abort(403)
|
||||
|
||||
logger.debug('Looking up repo image')
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
if v1_metadata is None:
|
||||
flask_abort(404)
|
||||
|
||||
logger.debug('Looking up repo layer size')
|
||||
size = v1.get_image_size(namespace, repository, image_id)
|
||||
size = model.get_image_size(namespace, repository, image_id)
|
||||
if size is not None:
|
||||
# Note: X-Docker-Size is optional and we *can* end up with a NULL image_size,
|
||||
# so handle this case rather than failing.
|
||||
|
|
@ -344,10 +342,10 @@ def get_image_json(namespace, repository, image_id, headers):
|
|||
def get_image_ancestry(namespace, repository, image_id, headers):
|
||||
logger.debug('Checking repo permissions')
|
||||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
if not permission.can() and not model.repository.repository_is_public(namespace, repository):
|
||||
if not permission.can() and not model.repository_is_public(namespace, repository):
|
||||
abort(403)
|
||||
|
||||
ancestry_docker_ids = v1.image_ancestry(namespace, repository, image_id)
|
||||
ancestry_docker_ids = model.image_ancestry(namespace, repository, image_id)
|
||||
if ancestry_docker_ids is None:
|
||||
abort(404, 'Image %(image_id)s not found', issue='unknown-image', image_id=image_id)
|
||||
|
||||
|
|
@ -388,37 +386,39 @@ def put_image_json(namespace, repository, image_id):
|
|||
|
||||
logger.debug('Looking up repo image')
|
||||
|
||||
if not v1.repository_exists(namespace, repository):
|
||||
if not model.repository_exists(namespace, repository):
|
||||
abort(404, 'Repository does not exist: %(namespace)s/%(repository)s', issue='no-repo',
|
||||
namespace=namespace, repository=repository)
|
||||
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
if v1_metadata is None:
|
||||
username = get_authenticated_user() and get_authenticated_user().username
|
||||
if not username:
|
||||
username = get_granted_username()
|
||||
|
||||
logger.debug('Image not found, creating or linking image with initiating user context: %s', username)
|
||||
v1.create_or_link_image(username, namespace, repository, image_id, store.preferred_locations[0])
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
logger.debug('Image not found, creating or linking image with initiating user context: %s',
|
||||
username)
|
||||
location_pref = store.preferred_locations[0]
|
||||
model.create_or_link_image(username, namespace, repository, image_id, location_pref)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
|
||||
# Create a temporary tag to prevent this image from getting garbage collected while the push
|
||||
# is in progress.
|
||||
v1.create_temp_hidden_tag(namespace, repository, image_id,
|
||||
app.config['PUSH_TEMP_TAG_EXPIRATION_SEC'])
|
||||
model.create_temp_hidden_tag(namespace, repository, image_id,
|
||||
app.config['PUSH_TEMP_TAG_EXPIRATION_SEC'])
|
||||
|
||||
parent_id = data.get('parent', None)
|
||||
if parent_id:
|
||||
logger.debug('Looking up parent image')
|
||||
if v1.docker_v1_metadata(namespace, repository, parent_id) is None:
|
||||
if model.docker_v1_metadata(namespace, repository, parent_id) is None:
|
||||
abort(400, 'Image %(image_id)s depends on non existing parent image %(parent_id)s',
|
||||
issue='invalid-request', image_id=image_id, parent_id=parent_id)
|
||||
|
||||
logger.debug('Checking if image already exists')
|
||||
if v1_metadata and not v1.is_image_uploading(namespace, repository, image_id):
|
||||
if v1_metadata and not model.is_image_uploading(namespace, repository, image_id):
|
||||
exact_abort(409, 'Image already exists')
|
||||
|
||||
v1.update_image_uploading(namespace, repository, image_id, True)
|
||||
model.update_image_uploading(namespace, repository, image_id, True)
|
||||
|
||||
# If we reach that point, it means that this is a new image or a retry
|
||||
# on a failed push, save the metadata
|
||||
|
|
@ -426,7 +426,7 @@ def put_image_json(namespace, repository, image_id):
|
|||
command = json.dumps(command_list) if command_list else None
|
||||
|
||||
logger.debug('Setting image metadata')
|
||||
v1.update_docker_v1_metadata(namespace, repository, image_id, data.get('created'),
|
||||
data.get('comment'), command, uploaded_metadata, parent_id)
|
||||
model.update_docker_v1_metadata(namespace, repository, image_id, data.get('created'),
|
||||
data.get('comment'), command, uploaded_metadata, parent_id)
|
||||
|
||||
return make_response('true', 200)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ from auth.auth import process_auth
|
|||
from auth.permissions import (ReadRepositoryPermission,
|
||||
ModifyRepositoryPermission)
|
||||
from data import model
|
||||
from data.interfaces import v1
|
||||
from data.interfaces.v1 import PreOCIModel as model
|
||||
from endpoints.common import parse_repository_name
|
||||
from endpoints.decorators import anon_protect
|
||||
from endpoints.v1 import v1_bp
|
||||
|
|
@ -26,8 +26,8 @@ logger = logging.getLogger(__name__)
|
|||
def get_tags(namespace_name, repo_name):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can() or model.repository.repository_is_public(namespace_name, repo_name):
|
||||
tags = v1.list_tags(namespace_name, repo_name)
|
||||
if permission.can() or model.repository_is_public(namespace_name, repo_name):
|
||||
tags = model.list_tags(namespace_name, repo_name)
|
||||
tag_map = {tag.name: tag.image.docker_image_id for tag in tags}
|
||||
return jsonify(tag_map)
|
||||
|
||||
|
|
@ -41,8 +41,8 @@ def get_tags(namespace_name, repo_name):
|
|||
def get_tag(namespace_name, repo_name, tag):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can() or model.repository.repository_is_public(namespace_name, repo_name):
|
||||
image_id = v1.find_image_id_by_tag(namespace_name, repo_name, tag)
|
||||
if permission.can() or model.repository_is_public(namespace_name, repo_name):
|
||||
image_id = model.find_image_id_by_tag(namespace_name, repo_name, tag)
|
||||
if image_id is None:
|
||||
abort(404)
|
||||
|
||||
|
|
@ -65,7 +65,7 @@ def put_tag(namespace_name, repo_name, tag):
|
|||
abort(400, TAG_ERROR)
|
||||
|
||||
image_id = json.loads(request.data)
|
||||
v1.create_or_update_tag(namespace_name, repo_name, image_id, tag)
|
||||
model.create_or_update_tag(namespace_name, repo_name, image_id, tag)
|
||||
|
||||
# Store the updated tag.
|
||||
if 'pushed_tags' not in session:
|
||||
|
|
@ -86,9 +86,8 @@ def delete_tag(namespace_name, repo_name, tag):
|
|||
permission = ModifyRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can():
|
||||
v1.delete_tag(namespace_name, repo_name, tag)
|
||||
track_and_log('delete_tag', model.repository.get_repository(namespace_name, repo_name),
|
||||
tag=tag)
|
||||
model.delete_tag(namespace_name, repo_name, tag)
|
||||
track_and_log('delete_tag', model.get_repository(namespace_name, repo_name), tag=tag)
|
||||
return make_response('Deleted', 200)
|
||||
|
||||
abort(403)
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ import resumablehashlib
|
|||
from app import storage, app
|
||||
from auth.registry_jwt_auth import process_registry_jwt_auth
|
||||
from data import database
|
||||
from data.interfaces import v2
|
||||
from data.interfaces.v2 import PreOCIModel as model
|
||||
from digest import digest_tools
|
||||
from endpoints.common import parse_repository_name
|
||||
from endpoints.v2 import v2_bp, require_repo_read, require_repo_write, get_input_stream
|
||||
|
|
@ -42,7 +42,7 @@ class _InvalidRangeHeader(Exception):
|
|||
@cache_control(max_age=31436000)
|
||||
def check_blob_exists(namespace_name, repo_name, digest):
|
||||
# Find the blob.
|
||||
blob = v2.get_blob_by_digest(namespace_name, repo_name, digest)
|
||||
blob = model.get_blob_by_digest(namespace_name, repo_name, digest)
|
||||
if blob is None:
|
||||
raise BlobUnknown()
|
||||
|
||||
|
|
@ -69,7 +69,7 @@ def check_blob_exists(namespace_name, repo_name, digest):
|
|||
@cache_control(max_age=31536000)
|
||||
def download_blob(namespace_name, repo_name, digest):
|
||||
# Find the blob.
|
||||
blob = v2.get_blob_by_digest(namespace_name, repo_name, digest)
|
||||
blob = model.get_blob_by_digest(namespace_name, repo_name, digest)
|
||||
if blob is None:
|
||||
raise BlobUnknown()
|
||||
|
||||
|
|
@ -81,7 +81,7 @@ def download_blob(namespace_name, repo_name, digest):
|
|||
headers['Accept-Ranges'] = 'bytes'
|
||||
|
||||
# Find the storage path for the blob.
|
||||
path = v2.get_blob_path(blob)
|
||||
path = model.get_blob_path(blob)
|
||||
|
||||
# Short-circuit by redirecting if the storage supports it.
|
||||
logger.debug('Looking up the direct download URL for path: %s', path)
|
||||
|
|
@ -115,8 +115,8 @@ def start_blob_upload(namespace_name, repo_name):
|
|||
# Begin the blob upload process in the database and storage.
|
||||
location_name = storage.preferred_locations[0]
|
||||
new_upload_uuid, upload_metadata = storage.initiate_chunked_upload(location_name)
|
||||
repository_exists = v2.create_blob_upload(namespace_name, repo_name, new_upload_uuid,
|
||||
location_name, upload_metadata)
|
||||
repository_exists = model.create_blob_upload(namespace_name, repo_name, new_upload_uuid,
|
||||
location_name, upload_metadata)
|
||||
if not repository_exists:
|
||||
raise NameUnknown()
|
||||
|
||||
|
|
@ -135,7 +135,7 @@ def start_blob_upload(namespace_name, repo_name):
|
|||
|
||||
# The user plans to send us the entire body right now.
|
||||
# Find the upload.
|
||||
blob_upload = v2.blob_upload_by_uuid(namespace_name, repo_name, new_upload_uuid)
|
||||
blob_upload = model.blob_upload_by_uuid(namespace_name, repo_name, new_upload_uuid)
|
||||
if blob_upload is None:
|
||||
raise BlobUploadUnknown()
|
||||
|
||||
|
|
@ -146,7 +146,7 @@ def start_blob_upload(namespace_name, repo_name):
|
|||
_abort_range_not_satisfiable(blob_upload.byte_count, new_upload_uuid)
|
||||
|
||||
# Save the upload state to the database.
|
||||
v2.update_blob_upload(updated_blob_upload)
|
||||
model.update_blob_upload(updated_blob_upload)
|
||||
|
||||
# Finalize the upload process in the database and storage.
|
||||
_finish_upload(namespace_name, repo_name, updated_blob_upload, digest)
|
||||
|
|
@ -168,7 +168,7 @@ def start_blob_upload(namespace_name, repo_name):
|
|||
@require_repo_write
|
||||
@anon_protect
|
||||
def fetch_existing_upload(namespace_name, repo_name, upload_uuid):
|
||||
blob_upload = v2.blob_upload_by_uuid(namespace_name, repo_name, upload_uuid)
|
||||
blob_upload = model.blob_upload_by_uuid(namespace_name, repo_name, upload_uuid)
|
||||
if blob_upload is None:
|
||||
raise BlobUploadUnknown()
|
||||
|
||||
|
|
@ -188,7 +188,7 @@ def fetch_existing_upload(namespace_name, repo_name, upload_uuid):
|
|||
@anon_protect
|
||||
def upload_chunk(namespace_name, repo_name, upload_uuid):
|
||||
# Find the upload.
|
||||
blob_upload = v2.blob_upload_by_uuid(namespace_name, repo_name, upload_uuid)
|
||||
blob_upload = model.blob_upload_by_uuid(namespace_name, repo_name, upload_uuid)
|
||||
if blob_upload is None:
|
||||
raise BlobUploadUnknown()
|
||||
|
||||
|
|
@ -199,7 +199,7 @@ def upload_chunk(namespace_name, repo_name, upload_uuid):
|
|||
_abort_range_not_satisfiable(blob_upload.byte_count, upload_uuid)
|
||||
|
||||
# Save the upload state to the database.
|
||||
v2.update_blob_upload(updated_blob_upload)
|
||||
model.update_blob_upload(updated_blob_upload)
|
||||
|
||||
# Write the response to the client.
|
||||
return Response(
|
||||
|
|
@ -224,7 +224,7 @@ def monolithic_upload_or_last_chunk(namespace_name, repo_name, upload_uuid):
|
|||
raise BlobUploadInvalid(detail={'reason': 'Missing digest arg on monolithic upload'})
|
||||
|
||||
# Find the upload.
|
||||
blob_upload = v2.blob_upload_by_uuid(namespace_name, repo_name, upload_uuid)
|
||||
blob_upload = model.blob_upload_by_uuid(namespace_name, repo_name, upload_uuid)
|
||||
if blob_upload is None:
|
||||
raise BlobUploadUnknown()
|
||||
|
||||
|
|
@ -254,13 +254,13 @@ def monolithic_upload_or_last_chunk(namespace_name, repo_name, upload_uuid):
|
|||
@require_repo_write
|
||||
@anon_protect
|
||||
def cancel_upload(namespace_name, repo_name, upload_uuid):
|
||||
blob_upload = v2.blob_upload_by_uuid(namespace_name, repo_name, upload_uuid)
|
||||
blob_upload = model.blob_upload_by_uuid(namespace_name, repo_name, upload_uuid)
|
||||
if blob_upload is None:
|
||||
raise BlobUploadUnknown()
|
||||
|
||||
# We delete the record for the upload first, since if the partial upload in
|
||||
# storage fails to delete, it doesn't break anything.
|
||||
v2.delete_blob_upload(namespace_name, repo_name, upload_uuid)
|
||||
model.delete_blob_upload(namespace_name, repo_name, upload_uuid)
|
||||
storage.cancel_chunked_upload({blob_upload.location_name}, blob_upload.uuid,
|
||||
blob_upload.storage_metadata)
|
||||
|
||||
|
|
@ -471,7 +471,7 @@ def _finalize_blob_database(namespace_name, repo_name, blob_upload, digest, alre
|
|||
database's perspective.
|
||||
"""
|
||||
# Create the blob and temporarily tag it.
|
||||
blob_storage = v2.create_blob_and_temp_tag(
|
||||
blob_storage = model.create_blob_and_temp_tag(
|
||||
namespace_name,
|
||||
repo_name,
|
||||
digest,
|
||||
|
|
@ -482,10 +482,10 @@ def _finalize_blob_database(namespace_name, repo_name, blob_upload, digest, alre
|
|||
# If it doesn't already exist, create the BitTorrent pieces for the blob.
|
||||
if blob_upload.piece_sha_state is not None and not already_existed:
|
||||
piece_bytes = blob_upload.piece_hashes + blob_upload.piece_sha_state.digest()
|
||||
v2.save_bittorrent_pieces(blob_storage, app.config['BITTORRENT_PIECE_SIZE'], piece_bytes)
|
||||
model.save_bittorrent_pieces(blob_storage, app.config['BITTORRENT_PIECE_SIZE'], piece_bytes)
|
||||
|
||||
# Delete the blob upload.
|
||||
v2.delete_blob_upload(namespace_name, repo_name, blob_upload.uuid)
|
||||
model.delete_blob_upload(namespace_name, repo_name, blob_upload.uuid)
|
||||
|
||||
|
||||
def _finish_upload(namespace_name, repo_name, blob_upload, digest):
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ from flask import jsonify
|
|||
from auth.registry_jwt_auth import process_registry_jwt_auth, get_granted_entity
|
||||
from endpoints.decorators import anon_protect
|
||||
from endpoints.v2 import v2_bp, paginate
|
||||
from data.interfaces import v2
|
||||
from data.interfaces.v2 import PreOCIModel as model
|
||||
|
||||
@v2_bp.route('/_catalog', methods=['GET'])
|
||||
@process_registry_jwt_auth()
|
||||
|
|
@ -15,7 +15,7 @@ def catalog_search(limit, offset, pagination_callback):
|
|||
if entity:
|
||||
username = entity.user.username
|
||||
|
||||
visible_repositories = v2.get_visible_repositories(username, limit+1, offset)
|
||||
visible_repositories = model.get_visible_repositories(username, limit+1, offset)
|
||||
response = jsonify({
|
||||
'repositories': ['%s/%s' % (repo.namespace_name, repo.name)
|
||||
for repo in visible_repositories][0:limit],
|
||||
|
|
|
|||
|
|
@ -8,8 +8,7 @@ import features
|
|||
|
||||
from app import docker_v2_signing_key, app, metric_queue
|
||||
from auth.registry_jwt_auth import process_registry_jwt_auth
|
||||
from data import model
|
||||
from data.interfaces import v2
|
||||
from data.interfaces.v2 import PreOCIModel as model
|
||||
from digest import digest_tools
|
||||
from endpoints.common import parse_repository_name
|
||||
from endpoints.decorators import anon_protect
|
||||
|
|
@ -24,6 +23,7 @@ from image.docker.schema2 import DOCKER_SCHEMA2_CONTENT_TYPES
|
|||
from util.registry.replication import queue_storage_replication
|
||||
from util.names import VALID_TAG_PATTERN
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
|
|
@ -37,9 +37,9 @@ MANIFEST_TAGNAME_ROUTE = BASE_MANIFEST_ROUTE.format(VALID_TAG_PATTERN)
|
|||
@require_repo_read
|
||||
@anon_protect
|
||||
def fetch_manifest_by_tagname(namespace_name, repo_name, manifest_ref):
|
||||
manifest = v2.get_manifest_by_tag(namespace_name, repo_name, manifest_ref)
|
||||
manifest = model.get_manifest_by_tag(namespace_name, repo_name, manifest_ref)
|
||||
if manifest is None:
|
||||
has_tag = v2.has_active_tag(namespace_name, repo_name, manifest_ref)
|
||||
has_tag = model.has_active_tag(namespace_name, repo_name, manifest_ref)
|
||||
if not has_tag:
|
||||
raise ManifestUnknown()
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ def fetch_manifest_by_tagname(namespace_name, repo_name, manifest_ref):
|
|||
if manifest is None:
|
||||
raise ManifestUnknown()
|
||||
|
||||
repo = v2.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if repo is not None:
|
||||
track_and_log('pull_repo', repo, analytics_name='pull_repo_100x', analytics_sample=0.01)
|
||||
metric_queue.repository_pull.Inc(labelvalues=[namespace_name, repo_name, 'v2'])
|
||||
|
|
@ -65,12 +65,12 @@ def fetch_manifest_by_tagname(namespace_name, repo_name, manifest_ref):
|
|||
@require_repo_read
|
||||
@anon_protect
|
||||
def fetch_manifest_by_digest(namespace_name, repo_name, manifest_ref):
|
||||
manifest = v2.get_manifest_by_digest(namespace_name, repo_name, manifest_ref)
|
||||
manifest = model.get_manifest_by_digest(namespace_name, repo_name, manifest_ref)
|
||||
if manifest is None:
|
||||
# Without a tag name to reference, we can't make an attempt to generate the manifest
|
||||
raise ManifestUnknown()
|
||||
|
||||
repo = v2.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if repo is not None:
|
||||
track_and_log('pull_repo', repo)
|
||||
metric_queue.repository_pull.Inc(labelvalues=[namespace_name, repo_name, 'v2'])
|
||||
|
|
@ -137,7 +137,7 @@ def _write_manifest(namespace_name, repo_name, manifest):
|
|||
raise NameInvalid()
|
||||
|
||||
# Ensure that the repository exists.
|
||||
repo = v2.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if repo is None:
|
||||
raise NameInvalid()
|
||||
|
||||
|
|
@ -145,7 +145,7 @@ def _write_manifest(namespace_name, repo_name, manifest):
|
|||
raise ManifestInvalid(detail={'message': 'manifest does not reference any layers'})
|
||||
|
||||
# Ensure all the blobs in the manifest exist.
|
||||
storage_map = v2.lookup_blobs_by_digest(namespace_name, repo_name, manifest.checksums)
|
||||
storage_map = model.lookup_blobs_by_digest(namespace_name, repo_name, manifest.checksums)
|
||||
for layer in manifest.layers:
|
||||
digest_str = str(layer.digest)
|
||||
if digest_str not in storage_map:
|
||||
|
|
@ -154,13 +154,13 @@ def _write_manifest(namespace_name, repo_name, manifest):
|
|||
# Lookup all the images and their parent images (if any) inside the manifest.
|
||||
# This will let us know which v1 images we need to synthesize and which ones are invalid.
|
||||
all_image_ids = list(manifest.parent_image_ids | manifest.image_ids)
|
||||
images_map = v2.get_docker_v1_metadata_by_image_id(namespace_name, repo_name, all_image_ids)
|
||||
images_map = model.get_docker_v1_metadata_by_image_id(namespace_name, repo_name, all_image_ids)
|
||||
|
||||
# Rewrite any v1 image IDs that do not match the checksum in the database.
|
||||
try:
|
||||
rewritten_images = list(manifest.rewrite_invalid_image_ids(images_map))
|
||||
for rewritten_image in rewritten_images:
|
||||
v1_metadata = v2.synthesize_v1_image(
|
||||
model.synthesize_v1_image(
|
||||
repo,
|
||||
storage_map[rewritten_image.content_checksum],
|
||||
rewritten_image.image_id,
|
||||
|
|
@ -175,8 +175,8 @@ def _write_manifest(namespace_name, repo_name, manifest):
|
|||
|
||||
# Store the manifest pointing to the tag.
|
||||
leaf_layer_id = rewritten_images[-1].image_id
|
||||
v2.save_manifest(namespace_name, repo_name, manifest.tag, leaf_layer_id, manifest.digest,
|
||||
manifest.bytes)
|
||||
model.save_manifest(namespace_name, repo_name, manifest.tag, leaf_layer_id, manifest.digest,
|
||||
manifest.bytes)
|
||||
|
||||
# Queue all blob manifests for replication.
|
||||
# TODO(jschorr): Find a way to optimize this insertion.
|
||||
|
|
@ -213,7 +213,7 @@ def delete_manifest_by_digest(namespace_name, repo_name, manifest_ref):
|
|||
Note: there is no equivalent method for deleting by tag name because it is
|
||||
forbidden by the spec.
|
||||
"""
|
||||
tags = v2.delete_manifest_by_digest(namespace_name, repo_name, manifest_ref)
|
||||
tags = model.delete_manifest_by_digest(namespace_name, repo_name, manifest_ref)
|
||||
if not tags:
|
||||
raise ManifestUnknown()
|
||||
|
||||
|
|
@ -225,9 +225,9 @@ def delete_manifest_by_digest(namespace_name, repo_name, manifest_ref):
|
|||
|
||||
def _generate_and_store_manifest(namespace_name, repo_name, tag_name):
|
||||
# Find the v1 metadata for this image and its parents.
|
||||
v1_metadata = v2.get_docker_v1_metadata_by_tag(namespace_name, repo_name, tag_name)
|
||||
parents_v1_metadata = v2.get_parents_docker_v1_metadata(namespace_name, repo_name,
|
||||
v1_metadata.image_id)
|
||||
v1_metadata = model.get_docker_v1_metadata_by_tag(namespace_name, repo_name, tag_name)
|
||||
parents_v1_metadata = model.get_parents_docker_v1_metadata(namespace_name, repo_name,
|
||||
v1_metadata.image_id)
|
||||
|
||||
# If the manifest is being generated under the library namespace, then we make its namespace
|
||||
# empty.
|
||||
|
|
@ -248,6 +248,6 @@ def _generate_and_store_manifest(namespace_name, repo_name, tag_name):
|
|||
manifest = builder.build(docker_v2_signing_key)
|
||||
|
||||
# Write the manifest to the DB.
|
||||
v2.create_manifest_and_update_tag(namespace_name, repo_name, tag_name, manifest.digest,
|
||||
manifest.bytes)
|
||||
model.create_manifest_and_update_tag(namespace_name, repo_name, tag_name, manifest.digest,
|
||||
manifest.bytes)
|
||||
return manifest
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ from endpoints.common import parse_repository_name
|
|||
from endpoints.v2 import v2_bp, require_repo_read, paginate
|
||||
from endpoints.v2.errors import NameUnknown
|
||||
from endpoints.decorators import anon_protect
|
||||
from data.interfaces import v2
|
||||
from data.interfaces.v2 import PreOCIModel as model
|
||||
|
||||
@v2_bp.route('/<repopath:repository>/tags/list', methods=['GET'])
|
||||
@parse_repository_name()
|
||||
|
|
@ -14,11 +14,11 @@ from data.interfaces import v2
|
|||
@anon_protect
|
||||
@paginate()
|
||||
def list_all_tags(namespace_name, repo_name, limit, offset, pagination_callback):
|
||||
repo = v2.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if repo is None:
|
||||
raise NameUnknown()
|
||||
|
||||
tags = v2.repository_tags(namespace_name, repo_name, limit, offset)
|
||||
tags = model.repository_tags(namespace_name, repo_name, limit, offset)
|
||||
response = jsonify({
|
||||
'name': '{0}/{1}'.format(namespace_name, repo_name),
|
||||
'tags': [tag.name for tag in tags],
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermissi
|
|||
CreateRepositoryPermission)
|
||||
from endpoints.v2 import v2_bp
|
||||
from endpoints.decorators import anon_protect
|
||||
from data.interfaces import v2
|
||||
from data.interfaces.v2 import PreOCIModel as model
|
||||
from util.cache import no_cache
|
||||
from util.names import parse_namespace_repository, REPOSITORY_NAME_REGEX
|
||||
from util.security.registry_jwt import generate_bearer_token, build_context_and_subject
|
||||
|
|
@ -96,7 +96,7 @@ def generate_registry_jwt():
|
|||
if user is not None or token is not None:
|
||||
# Lookup the repository. If it exists, make sure the entity has modify
|
||||
# permission. Otherwise, make sure the entity has create permission.
|
||||
repo = v2.get_repository(namespace, reponame)
|
||||
repo = model.get_repository(namespace, reponame)
|
||||
if repo:
|
||||
if ModifyRepositoryPermission(namespace, reponame).can():
|
||||
final_actions.append('push')
|
||||
|
|
@ -105,7 +105,7 @@ def generate_registry_jwt():
|
|||
else:
|
||||
if CreateRepositoryPermission(namespace).can() and user is not None:
|
||||
logger.debug('Creating repository: %s/%s', namespace, reponame)
|
||||
v2.create_repository(namespace, reponame, user)
|
||||
model.create_repository(namespace, reponame, user)
|
||||
final_actions.append('push')
|
||||
else:
|
||||
logger.debug('No permission to create repository %s/%s', namespace, reponame)
|
||||
|
|
@ -113,7 +113,7 @@ def generate_registry_jwt():
|
|||
if 'pull' in actions:
|
||||
# Grant pull if the user can read the repo or it is public.
|
||||
if (ReadRepositoryPermission(namespace, reponame).can() or
|
||||
v2.repository_is_public(namespace, reponame)):
|
||||
model.repository_is_public(namespace, reponame)):
|
||||
final_actions.append('pull')
|
||||
else:
|
||||
logger.debug('No permission to pull repository %s/%s', namespace, reponame)
|
||||
|
|
|
|||
Reference in a new issue