Add ability for specific geographic regions to be blocked from pulling images within a namespace

endpoints/appr/registry.py

@@ -18,7 +18,7 @@ from endpoints.appr import appr_bp, require_app_repo_read, require_app_repo_writ
 from endpoints.appr.cnr_backend import Blob, Channel, Package, User
 from endpoints.appr.decorators import disallow_for_image_repository
 from endpoints.appr.models_cnr import model
-from endpoints.decorators import anon_allowed, anon_protect
+from endpoints.decorators import anon_allowed, anon_protect, check_region_blacklisted
 from util.names import REPOSITORY_NAME_REGEX, TAG_REGEX
 
 logger = logging.getLogger(__name__)
@@ -71,6 +71,7 @@ def login():
   strict_slashes=False,)
 @process_auth
 @require_app_repo_read
+@check_region_blacklisted(namespace_name_kwarg='namespace')
 @anon_protect
 def blobs(namespace, package_name, digest):
   reponame = repo_name(namespace, package_name)
@@ -114,6 +115,7 @@ def delete_package(namespace, package_name, release, media_type):
   methods=['GET'], strict_slashes=False)
 @process_auth
 @require_app_repo_read
+@check_region_blacklisted(namespace_name_kwarg='namespace')
 @anon_protect
 def show_package(namespace, package_name, release, media_type):
   reponame = repo_name(namespace, package_name)
@@ -152,6 +154,7 @@ def show_package_release_manifests(namespace, package_name, release):
   strict_slashes=False,)
 @process_auth
 @require_app_repo_read
+@check_region_blacklisted(namespace_name_kwarg='namespace')
 @anon_protect
 def pull(namespace, package_name, release, media_type):
   logger.debug('Pull of release %s of app repository %s/%s', release, namespace, package_name)