create interfaces for v1 and v2 data model
This commit is contained in:
Jimmy Zelinskie
parent
b775458d4b
commit
c06d395f96
14 changed files with 1048 additions and 732 deletions
|
|
@ -6,9 +6,8 @@ from functools import wraps
|
|||
|
||||
from flask import request, make_response, jsonify, session
|
||||
|
||||
from data.interfaces import v1
|
||||
from data.interfaces.v1 import PreOCIModel as model
|
||||
from app import authentication, userevents, metric_queue
|
||||
from app import authentication, userevents
|
||||
from auth.auth import process_auth, generate_signed_token
|
||||
from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
|
||||
from auth.permissions import (ModifyRepositoryPermission, UserAdminPermission,
|
||||
|
|
@ -86,17 +85,17 @@ def create_user():
|
|||
success = make_response('"Username or email already exists"', 400)
|
||||
|
||||
if username == '$token':
|
||||
if v1.load_token(password):
|
||||
if model.load_token(password):
|
||||
return success
|
||||
abort(400, 'Invalid access token.', issue='invalid-access-token')
|
||||
|
||||
elif username == '$oauthtoken':
|
||||
if v1.validate_oauth_token(password):
|
||||
if model.validate_oauth_token(password):
|
||||
return success
|
||||
abort(400, 'Invalid oauth access token.', issue='invalid-oauth-access-token')
|
||||
|
||||
elif '+' in username:
|
||||
if v1.verify_robot(username, password):
|
||||
if model.verify_robot(username, password):
|
||||
return success
|
||||
abort(400, 'Invalid robot account or password.', issue='robot-login-failure')
|
||||
|
||||
|
|
@ -147,7 +146,7 @@ def update_user(username):
|
|||
|
||||
if 'password' in update_request:
|
||||
logger.debug('Updating user password')
|
||||
v1.change_user_password(get_authenticated_user(), update_request['password'])
|
||||
model.change_user_password(get_authenticated_user(), update_request['password'])
|
||||
|
||||
return jsonify({
|
||||
'username': get_authenticated_user().username,
|
||||
|
|
@ -167,7 +166,7 @@ def create_repository(namespace_name, repo_name):
|
|||
abort(400, message='Invalid repository name. Repository names cannot contain slashes.')
|
||||
|
||||
logger.debug('Looking up repository %s/%s', namespace_name, repo_name)
|
||||
repo = v1.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
|
||||
logger.debug('Found repository %s/%s', namespace_name, repo_name)
|
||||
if not repo and get_authenticated_user() is None:
|
||||
|
|
@ -195,7 +194,7 @@ def create_repository(namespace_name, repo_name):
|
|||
logger.debug('Creating repository %s/%s with owner: %s', namespace_name, repo_name,
|
||||
get_authenticated_user().username)
|
||||
|
||||
v1.create_repository(namespace_name, repo_name, get_authenticated_user())
|
||||
model.create_repository(namespace_name, repo_name, get_authenticated_user())
|
||||
|
||||
if get_authenticated_user():
|
||||
user_event_data = {
|
||||
|
|
@ -220,7 +219,7 @@ def update_images(namespace_name, repo_name):
|
|||
|
||||
if permission.can():
|
||||
logger.debug('Looking up repository')
|
||||
repo = v1.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if not repo:
|
||||
# Make sure the repo actually exists.
|
||||
abort(404, message='Unknown repository', issue='unknown-repo')
|
||||
|
|
@ -250,10 +249,10 @@ def get_repository_images(namespace_name, repo_name):
|
|||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
# TODO invalidate token?
|
||||
if permission.can() or v1.repository_is_public(namespace_name, repo_name):
|
||||
if permission.can() or model.repository_is_public(namespace_name, repo_name):
|
||||
# We can't rely on permissions to tell us if a repo exists anymore
|
||||
logger.debug('Looking up repository')
|
||||
repo = v1.get_repository(namespace_name, repo_name)
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if not repo:
|
||||
abort(404, message='Unknown repository', issue='unknown-repo')
|
||||
|
||||
|
|
@ -319,7 +318,7 @@ def _conduct_repo_search(username, query, results):
|
|||
return ReadRepositoryPermission(repo.namespace_name, repo.name).can()
|
||||
|
||||
only_public = username is None
|
||||
matching_repos = v1.get_sorted_matching_repositories(query, only_public, can_read, limit=5)
|
||||
matching_repos = model.get_sorted_matching_repositories(query, only_public, can_read, limit=5)
|
||||
|
||||
for repo in matching_repos:
|
||||
results.append({
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ from auth.permissions import (ReadRepositoryPermission,
|
|||
ModifyRepositoryPermission)
|
||||
from auth.registry_jwt_auth import get_granted_username
|
||||
from data import model, database
|
||||
from data.interfaces import v1
|
||||
from data.interfaces.v1 import PreOCIModel as model
|
||||
from digest import checksums
|
||||
from endpoints.v1 import v1_bp
|
||||
from endpoints.decorators import anon_protect
|
||||
|
|
@ -30,7 +30,7 @@ logger = logging.getLogger(__name__)
|
|||
|
||||
def _finish_image(namespace, repository, image_id):
|
||||
# Checksum is ok, we remove the marker
|
||||
blob_ref = v1.update_image_uploading(namespace, repository, image_id, False)
|
||||
blob_ref = model.update_image_uploading(namespace, repository, image_id, False)
|
||||
|
||||
# Send a job to the work queue to replicate the image layer.
|
||||
queue_storage_replication(namespace, blob_ref)
|
||||
|
|
@ -41,7 +41,7 @@ def require_completion(f):
|
|||
@wraps(f)
|
||||
def wrapper(namespace, repository, *args, **kwargs):
|
||||
image_id = kwargs['image_id']
|
||||
if v1.is_image_uploading(namespace, repository, image_id):
|
||||
if model.is_image_uploading(namespace, repository, image_id):
|
||||
abort(400, 'Image %(image_id)s is being uploaded, retry later',
|
||||
issue='upload-in-progress', image_id=image_id)
|
||||
return f(namespace, repository, *args, **kwargs)
|
||||
|
|
@ -82,9 +82,9 @@ def head_image_layer(namespace, repository, image_id, headers):
|
|||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
|
||||
logger.debug('Checking repo permissions')
|
||||
if permission.can() or model.repository.repository_is_public(namespace, repository):
|
||||
if permission.can() or model.repository_is_public(namespace, repository):
|
||||
logger.debug('Looking up placement locations')
|
||||
locations = v1.placement_locations_docker_v1(namespace, repository, image_id)
|
||||
locations = model.placement_locations_docker_v1(namespace, repository, image_id)
|
||||
if locations is None:
|
||||
logger.debug('Could not find any blob placement locations')
|
||||
abort(404, 'Image %(image_id)s not found', issue='unknown-image',
|
||||
|
|
@ -115,11 +115,9 @@ def get_image_layer(namespace, repository, image_id, headers):
|
|||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
|
||||
logger.debug('Checking repo permissions')
|
||||
if permission.can() or model.repository.repository_is_public(namespace, repository):
|
||||
if permission.can() or model.repository_is_public(namespace, repository):
|
||||
logger.debug('Looking up placement locations and path')
|
||||
locations, path = v1.placement_locations_and_path_docker_v1(namespace,
|
||||
repository,
|
||||
image_id)
|
||||
locations, path = model.placement_locations_and_path_docker_v1(namespace, repository, image_id)
|
||||
if not locations or not path:
|
||||
abort(404, 'Image %(image_id)s not found', issue='unknown-image',
|
||||
image_id=image_id)
|
||||
|
|
@ -154,7 +152,7 @@ def put_image_layer(namespace, repository, image_id):
|
|||
abort(403)
|
||||
|
||||
logger.debug('Retrieving image')
|
||||
if v1.storage_exists(namespace, repository, image_id):
|
||||
if model.storage_exists(namespace, repository, image_id):
|
||||
exact_abort(409, 'Image already exists')
|
||||
|
||||
logger.debug('Storing layer data')
|
||||
|
|
@ -184,7 +182,7 @@ def put_image_layer(namespace, repository, image_id):
|
|||
sr.add_handler(piece_hasher.update)
|
||||
|
||||
# Add a handler which computes the checksum.
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
h, sum_hndlr = checksums.simple_checksum_handler(v1_metadata.compat_json)
|
||||
sr.add_handler(sum_hndlr)
|
||||
|
||||
|
|
@ -193,7 +191,7 @@ def put_image_layer(namespace, repository, image_id):
|
|||
sr.add_handler(content_sum_hndlr)
|
||||
|
||||
# Stream write the data to storage.
|
||||
locations, path = v1.placement_locations_and_path_docker_v1(namespace, repository, image_id)
|
||||
locations, path = model.placement_locations_and_path_docker_v1(namespace, repository, image_id)
|
||||
with database.CloseForLongOperation(app.config):
|
||||
try:
|
||||
store.stream_write(locations, path, sr)
|
||||
|
|
@ -202,11 +200,11 @@ def put_image_layer(namespace, repository, image_id):
|
|||
abort(520, 'Image %(image_id)s could not be written. Please try again.', image_id=image_id)
|
||||
|
||||
# Save the size of the image.
|
||||
v1.update_image_sizes(namespace, repository, image_id, size_info.compressed_size,
|
||||
size_info.uncompressed_size)
|
||||
model.update_image_sizes(namespace, repository, image_id, size_info.compressed_size,
|
||||
size_info.uncompressed_size)
|
||||
|
||||
# Save the BitTorrent pieces.
|
||||
v1.create_bittorrent_pieces(namespace, repository, image_id, piece_hasher.final_piece_hashes())
|
||||
model.create_bittorrent_pieces(namespace, repository, image_id, piece_hasher.final_piece_hashes())
|
||||
|
||||
# Append the computed checksum.
|
||||
csums = []
|
||||
|
|
@ -271,7 +269,7 @@ def put_image_checksum(namespace, repository, image_id):
|
|||
issue='missing-checksum-cookie', image_id=image_id)
|
||||
|
||||
logger.debug('Looking up repo image')
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
if not v1_metadata:
|
||||
abort(404, 'Image not found: %(image_id)s', issue='unknown-image', image_id=image_id)
|
||||
|
||||
|
|
@ -280,7 +278,7 @@ def put_image_checksum(namespace, repository, image_id):
|
|||
abort(404, 'Image not found: %(image_id)s', issue='unknown-image', image_id=image_id)
|
||||
|
||||
logger.debug('Marking image path')
|
||||
if not v1.is_image_uploading(namespace, repository, image_id):
|
||||
if not model.is_image_uploading(namespace, repository, image_id):
|
||||
abort(409, 'Cannot set checksum for image %(image_id)s',
|
||||
issue='image-write-error', image_id=image_id)
|
||||
|
||||
|
|
@ -291,7 +289,7 @@ def put_image_checksum(namespace, repository, image_id):
|
|||
if len(checksum_parts) != 2:
|
||||
abort(400, 'Invalid checksum format')
|
||||
|
||||
v1.store_docker_v1_checksums(namespace, repository, image_id, checksum, content_checksum)
|
||||
model.store_docker_v1_checksums(namespace, repository, image_id, checksum, content_checksum)
|
||||
|
||||
if checksum not in session.get('checksum', []):
|
||||
logger.debug('session checksums: %s', session.get('checksum', []))
|
||||
|
|
@ -315,16 +313,16 @@ def put_image_checksum(namespace, repository, image_id):
|
|||
def get_image_json(namespace, repository, image_id, headers):
|
||||
logger.debug('Checking repo permissions')
|
||||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
if not permission.can() and not model.repository.repository_is_public(namespace, repository):
|
||||
if not permission.can() and not model.repository_is_public(namespace, repository):
|
||||
abort(403)
|
||||
|
||||
logger.debug('Looking up repo image')
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
if v1_metadata is None:
|
||||
flask_abort(404)
|
||||
|
||||
logger.debug('Looking up repo layer size')
|
||||
size = v1.get_image_size(namespace, repository, image_id)
|
||||
size = model.get_image_size(namespace, repository, image_id)
|
||||
if size is not None:
|
||||
# Note: X-Docker-Size is optional and we *can* end up with a NULL image_size,
|
||||
# so handle this case rather than failing.
|
||||
|
|
@ -344,10 +342,10 @@ def get_image_json(namespace, repository, image_id, headers):
|
|||
def get_image_ancestry(namespace, repository, image_id, headers):
|
||||
logger.debug('Checking repo permissions')
|
||||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
if not permission.can() and not model.repository.repository_is_public(namespace, repository):
|
||||
if not permission.can() and not model.repository_is_public(namespace, repository):
|
||||
abort(403)
|
||||
|
||||
ancestry_docker_ids = v1.image_ancestry(namespace, repository, image_id)
|
||||
ancestry_docker_ids = model.image_ancestry(namespace, repository, image_id)
|
||||
if ancestry_docker_ids is None:
|
||||
abort(404, 'Image %(image_id)s not found', issue='unknown-image', image_id=image_id)
|
||||
|
||||
|
|
@ -388,37 +386,39 @@ def put_image_json(namespace, repository, image_id):
|
|||
|
||||
logger.debug('Looking up repo image')
|
||||
|
||||
if not v1.repository_exists(namespace, repository):
|
||||
if not model.repository_exists(namespace, repository):
|
||||
abort(404, 'Repository does not exist: %(namespace)s/%(repository)s', issue='no-repo',
|
||||
namespace=namespace, repository=repository)
|
||||
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
if v1_metadata is None:
|
||||
username = get_authenticated_user() and get_authenticated_user().username
|
||||
if not username:
|
||||
username = get_granted_username()
|
||||
|
||||
logger.debug('Image not found, creating or linking image with initiating user context: %s', username)
|
||||
v1.create_or_link_image(username, namespace, repository, image_id, store.preferred_locations[0])
|
||||
v1_metadata = v1.docker_v1_metadata(namespace, repository, image_id)
|
||||
logger.debug('Image not found, creating or linking image with initiating user context: %s',
|
||||
username)
|
||||
location_pref = store.preferred_locations[0]
|
||||
model.create_or_link_image(username, namespace, repository, image_id, location_pref)
|
||||
v1_metadata = model.docker_v1_metadata(namespace, repository, image_id)
|
||||
|
||||
# Create a temporary tag to prevent this image from getting garbage collected while the push
|
||||
# is in progress.
|
||||
v1.create_temp_hidden_tag(namespace, repository, image_id,
|
||||
app.config['PUSH_TEMP_TAG_EXPIRATION_SEC'])
|
||||
model.create_temp_hidden_tag(namespace, repository, image_id,
|
||||
app.config['PUSH_TEMP_TAG_EXPIRATION_SEC'])
|
||||
|
||||
parent_id = data.get('parent', None)
|
||||
if parent_id:
|
||||
logger.debug('Looking up parent image')
|
||||
if v1.docker_v1_metadata(namespace, repository, parent_id) is None:
|
||||
if model.docker_v1_metadata(namespace, repository, parent_id) is None:
|
||||
abort(400, 'Image %(image_id)s depends on non existing parent image %(parent_id)s',
|
||||
issue='invalid-request', image_id=image_id, parent_id=parent_id)
|
||||
|
||||
logger.debug('Checking if image already exists')
|
||||
if v1_metadata and not v1.is_image_uploading(namespace, repository, image_id):
|
||||
if v1_metadata and not model.is_image_uploading(namespace, repository, image_id):
|
||||
exact_abort(409, 'Image already exists')
|
||||
|
||||
v1.update_image_uploading(namespace, repository, image_id, True)
|
||||
model.update_image_uploading(namespace, repository, image_id, True)
|
||||
|
||||
# If we reach that point, it means that this is a new image or a retry
|
||||
# on a failed push, save the metadata
|
||||
|
|
@ -426,7 +426,7 @@ def put_image_json(namespace, repository, image_id):
|
|||
command = json.dumps(command_list) if command_list else None
|
||||
|
||||
logger.debug('Setting image metadata')
|
||||
v1.update_docker_v1_metadata(namespace, repository, image_id, data.get('created'),
|
||||
data.get('comment'), command, uploaded_metadata, parent_id)
|
||||
model.update_docker_v1_metadata(namespace, repository, image_id, data.get('created'),
|
||||
data.get('comment'), command, uploaded_metadata, parent_id)
|
||||
|
||||
return make_response('true', 200)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ from auth.auth import process_auth
|
|||
from auth.permissions import (ReadRepositoryPermission,
|
||||
ModifyRepositoryPermission)
|
||||
from data import model
|
||||
from data.interfaces import v1
|
||||
from data.interfaces.v1 import PreOCIModel as model
|
||||
from endpoints.common import parse_repository_name
|
||||
from endpoints.decorators import anon_protect
|
||||
from endpoints.v1 import v1_bp
|
||||
|
|
@ -26,8 +26,8 @@ logger = logging.getLogger(__name__)
|
|||
def get_tags(namespace_name, repo_name):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can() or model.repository.repository_is_public(namespace_name, repo_name):
|
||||
tags = v1.list_tags(namespace_name, repo_name)
|
||||
if permission.can() or model.repository_is_public(namespace_name, repo_name):
|
||||
tags = model.list_tags(namespace_name, repo_name)
|
||||
tag_map = {tag.name: tag.image.docker_image_id for tag in tags}
|
||||
return jsonify(tag_map)
|
||||
|
||||
|
|
@ -41,8 +41,8 @@ def get_tags(namespace_name, repo_name):
|
|||
def get_tag(namespace_name, repo_name, tag):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can() or model.repository.repository_is_public(namespace_name, repo_name):
|
||||
image_id = v1.find_image_id_by_tag(namespace_name, repo_name, tag)
|
||||
if permission.can() or model.repository_is_public(namespace_name, repo_name):
|
||||
image_id = model.find_image_id_by_tag(namespace_name, repo_name, tag)
|
||||
if image_id is None:
|
||||
abort(404)
|
||||
|
||||
|
|
@ -65,7 +65,7 @@ def put_tag(namespace_name, repo_name, tag):
|
|||
abort(400, TAG_ERROR)
|
||||
|
||||
image_id = json.loads(request.data)
|
||||
v1.create_or_update_tag(namespace_name, repo_name, image_id, tag)
|
||||
model.create_or_update_tag(namespace_name, repo_name, image_id, tag)
|
||||
|
||||
# Store the updated tag.
|
||||
if 'pushed_tags' not in session:
|
||||
|
|
@ -86,9 +86,8 @@ def delete_tag(namespace_name, repo_name, tag):
|
|||
permission = ModifyRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can():
|
||||
v1.delete_tag(namespace_name, repo_name, tag)
|
||||
track_and_log('delete_tag', model.repository.get_repository(namespace_name, repo_name),
|
||||
tag=tag)
|
||||
model.delete_tag(namespace_name, repo_name, tag)
|
||||
track_and_log('delete_tag', model.get_repository(namespace_name, repo_name), tag=tag)
|
||||
return make_response('Deleted', 200)
|
||||
|
||||
abort(403)
|
||||
|
|
|
|||
Reference in a new issue