vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add ability for specific geographic regions to be blocked from pulling images within a namespace

Browse source
This commit is contained in:
Joseph Schorr 2018-12-05 15:19:37 -05:00
parent c71a43a06c
commit c3710a6a5e
20 changed files with 257 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

11
test/registry/protocol_v1.py
View file

@ -15,6 +15,7 @@ class V1ProtocolSteps(Enum):
PUT_TAG = 'put-tag'
PUT_IMAGE_JSON = 'put-image-json'
DELETE_TAG = 'delete-tag'
GET_LAYER = 'get-layer'
class V1Protocol(RegistryProtocol):
@ -45,6 +46,9 @@ class V1Protocol(RegistryProtocol):
Failures.INVALID_IMAGES: 400,
Failures.NAMESPACE_DISABLED: 400,
},
V1ProtocolSteps.GET_LAYER: {
Failures.GEO_BLOCKED: 403,
},
}
def __init__(self, jwk):
@ -118,8 +122,11 @@ class V1Protocol(RegistryProtocol):
self.conduct(session, 'HEAD', image_prefix + 'layer', headers=headers)
# And retrieve the layer data.
result = self.conduct(session, 'GET', image_prefix + 'layer', headers=headers)
assert result.content == images[index].bytes
result = self.conduct(session, 'GET', image_prefix + 'layer', headers=headers,
expected_status=(200, expected_failure, V1ProtocolSteps.GET_LAYER),
options=options)
if result.status_code == 200:
assert result.content == images[index].bytes
return PullResult(manifests=None, image_ids=image_ids)