Add ability for specific geographic regions to be blocked from pulling images within a namespace
This commit is contained in:
Joseph Schorr
parent
c71a43a06c
commit
c3710a6a5e
20 changed files with 257 additions and 37 deletions
|
|
@ -65,6 +65,7 @@ class Failures(Enum):
|
|||
INVALID_BLOB = 'invalid-blob'
|
||||
NAMESPACE_DISABLED = 'namespace-disabled'
|
||||
UNAUTHORIZED_FOR_MOUNT = 'unauthorized-for-mount'
|
||||
GEO_BLOCKED = 'geo-blocked'
|
||||
|
||||
|
||||
class ProtocolOptions(object):
|
||||
|
|
@ -78,6 +79,8 @@ class ProtocolOptions(object):
|
|||
self.accept_mimetypes = None
|
||||
self.mount_blobs = None
|
||||
self.push_by_manifest_digest = False
|
||||
self.request_addr = None
|
||||
self.skip_blob_push_checks = False
|
||||
|
||||
|
||||
@add_metaclass(ABCMeta)
|
||||
|
|
@ -115,12 +118,16 @@ class RegistryProtocol(object):
|
|||
return repo_name
|
||||
|
||||
def conduct(self, session, method, url, expected_status=200, params=None, data=None,
|
||||
json_data=None, headers=None, auth=None):
|
||||
json_data=None, headers=None, auth=None, options=None):
|
||||
if json_data is not None:
|
||||
data = json.dumps(json_data)
|
||||
headers = headers or {}
|
||||
headers['Content-Type'] = 'application/json'
|
||||
|
||||
if options and options.request_addr:
|
||||
headers = headers or {}
|
||||
headers['X-Override-Remote-Addr-For-Testing'] = options.request_addr
|
||||
|
||||
if isinstance(expected_status, tuple):
|
||||
expected_status, expected_failure, protocol_step = expected_status
|
||||
if expected_failure is not None:
|
||||
|
|
|
|||
Reference in a new issue