Add ability for specific geographic regions to be blocked from pulling images within a namespace
This commit is contained in:
Joseph Schorr
parent
c71a43a06c
commit
c3710a6a5e
20 changed files with 257 additions and 37 deletions
|
|
@ -13,11 +13,11 @@ from data.registry_model.blobuploader import (create_blob_upload, retrieve_blob_
|
|||
BlobUploadException, BlobTooLargeException,
|
||||
BlobRangeMismatchException)
|
||||
from digest import digest_tools
|
||||
from endpoints.decorators import anon_protect, parse_repository_name
|
||||
from endpoints.decorators import anon_protect, parse_repository_name, check_region_blacklisted
|
||||
from endpoints.v2 import v2_bp, require_repo_read, require_repo_write, get_input_stream
|
||||
from endpoints.v2.errors import (
|
||||
BlobUnknown, BlobUploadInvalid, BlobUploadUnknown, Unsupported, NameUnknown, LayerTooLarge,
|
||||
InvalidRequest)
|
||||
InvalidRequest, BlobDownloadGeoBlocked)
|
||||
from util.cache import cache_control
|
||||
from util.names import parse_namespace_repository
|
||||
|
||||
|
|
@ -65,6 +65,7 @@ def check_blob_exists(namespace_name, repo_name, digest):
|
|||
@process_registry_jwt_auth(scopes=['pull'])
|
||||
@require_repo_read
|
||||
@anon_protect
|
||||
@check_region_blacklisted(BlobDownloadGeoBlocked)
|
||||
@cache_control(max_age=31536000)
|
||||
def download_blob(namespace_name, repo_name, digest):
|
||||
# Find the blob.
|
||||
|
|
|
|||
Reference in a new issue