Add ability for specific geographic regions to be blocked from pulling images within a namespace

endpoints/v1/registry.py

@@ -18,7 +18,7 @@ from data.registry_model.manifestbuilder import lookup_manifest_builder
 from digest import checksums
 from endpoints.v1 import v1_bp
 from endpoints.v1.index import ensure_namespace_enabled
-from endpoints.decorators import anon_protect
+from endpoints.decorators import anon_protect, check_region_blacklisted
 from util.http import abort, exact_abort
 from util.registry.replication import queue_storage_replication
 
@@ -109,6 +109,7 @@ def head_image_layer(namespace, repository, image_id, headers):
 @ensure_namespace_enabled
 @require_completion
 @set_cache_headers
+@check_region_blacklisted()
 @anon_protect
 def get_image_layer(namespace, repository, image_id, headers):
   permission = ReadRepositoryPermission(namespace, repository)