Address remaining usage of the old data interface

2018-10-08 15:28:43 +01:00 · 2018-10-08 15:28:43 +01:00 · cbf0edb164
commit cbf0edb164
parent 3a8a913ad3
3 changed files with 31 additions and 21 deletions
--- a/data/registry_model/datatypes.py
+++ b/data/registry_model/datatypes.py
@ -47,6 +47,15 @@ class RepositoryReference(datatype('Repository', [])):
    return model.repository.is_repository_public(self._repository_obj)
  @property
  def trust_enabled(self):
    """ Returns whether trust is enabled in this repository. """
    repository = self._repository_obj
    if repository is None:
      return None
    return repository.trust_enabled
  @property
  def id(self):
    """ Returns the database ID of the repository. """
--- a/endpoints/v2/init.py
+++ b/endpoints/v2/init.py
@ -15,9 +15,9 @@ from auth.auth_context import get_authenticated_context
 from auth.permissions import (
  ReadRepositoryPermission, ModifyRepositoryPermission, AdministerRepositoryPermission)
 from auth.registry_jwt_auth import process_registry_jwt_auth, get_auth_headers
 from data.registry_model import registry_model
 from endpoints.decorators import anon_protect, anon_allowed, route_show_if
 from endpoints.v2.errors import V2RegistryException, Unauthorized, Unsupported, NameUnknown
 from endpoints.v2.models_pre_oci import data_model as model
 from util.http import abort
 from util.metrics.metricqueue import time_blueprint
 from util.registry.dockerver import docker_version
@ -98,15 +98,15 @@ def _require_repo_permission(permission_class, scopes=None, allow_public=False):
      repository = namespace_name + '/' + repo_name
      if allow_public:
-        repo = model.get_repository(namespace_name, repo_name)
+        repository_ref = registry_model.lookup_repository(namespace_name, repo_name)
-        if repo is None or not repo.is_public:
+        if repository_ref is None or not repository_ref.is_public:
          raise Unauthorized(repository=repository, scopes=scopes)
-        if repo.kind != 'image':
+        if repository_ref.kind != 'image':
-          msg = 'This repository is for managing %s resources and not container images.' % repo.kind
+          msg = 'This repository is for managing %s and not container images.' % repository_ref.kind
          raise Unsupported(detail=msg)
-        if repo.is_public:
+        if repository_ref.is_public:
          return func(namespace_name, repo_name, *args, **kwargs)
      raise Unauthorized(repository=repository, scopes=scopes)
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@ -11,11 +11,12 @@ from auth.auth_context import get_authenticated_context, get_authenticated_user
 from auth.decorators import process_basic_auth
 from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
                              CreateRepositoryPermission, AdministerRepositoryPermission)
 from data import model
 from data.registry_model import registry_model
 from endpoints.decorators import anon_protect
 from endpoints.v2 import v2_bp
 from endpoints.v2.errors import (InvalidLogin, NameInvalid, InvalidRequest, Unsupported,
                                 Unauthorized, NamespaceDisabled)
 from endpoints.v2.models_pre_oci import data_model as model
 from util.cache import no_cache
 from util.names import parse_namespace_repository, REPOSITORY_NAME_REGEX
 from util.security.registry_jwt import (generate_bearer_token, build_context_and_subject,
@ -117,11 +118,11 @@ def _get_scope_regex():
  return re.compile(scope_regex_string)
-def _get_tuf_root(repo, namespace, reponame):
+def _get_tuf_root(repository_ref, namespace, reponame):
-  if not features.SIGNING or repo is None or not repo.trust_enabled:
+  if not features.SIGNING or repository_ref is None or not repository_ref.trust_enabled:
    return DISABLED_TUF_ROOT
-  # Users with write access to a repo will see signer-rooted TUF metadata
+  # Users with write access to a repository will see signer-rooted TUF metadata
  if ModifyRepositoryPermission(namespace, reponame).can():
    return SIGNER_TUF_ROOT
  return QUAY_TUF_ROOT
@ -162,18 +163,18 @@ def _authorize_or_downscope_request(scope_param, has_valid_auth_context):
    raise NameInvalid(message='Invalid repository name: %s' % namespace_and_repo)
  # Ensure the namespace is enabled.
-  if not model.is_namespace_enabled(namespace):
+  if not registry_model.is_namespace_enabled(namespace):
    msg = 'Namespace %s has been disabled. Please contact a system administrator.' % namespace
    raise NamespaceDisabled(message=msg)
  final_actions = []
-  repo = model.get_repository(namespace, reponame)
+  repository_ref = registry_model.lookup_repository(namespace, reponame)
-  repo_is_public = repo is not None and repo.is_public
+  repo_is_public = repository_ref is not None and repository_ref.is_public
  invalid_repo_message = ''
-  if repo is not None and repo.kind != 'image':
+  if repository_ref is not None and repository_ref.kind != 'image':
    invalid_repo_message = ((
-      'This repository is for managing %s resources ' + 'and not container images.') % repo.kind)
+      'This repository is for managing %s ' + 'and not container images.') % repository_ref.kind)
  if 'push' in actions:
    # Check if there is a valid user or token, as otherwise the repository cannot be
@ -181,9 +182,9 @@ def _authorize_or_downscope_request(scope_param, has_valid_auth_context):
    if has_valid_auth_context:
      # Lookup the repository. If it exists, make sure the entity has modify
      # permission. Otherwise, make sure the entity has create permission.
-      if repo:
+      if repository_ref:
        if ModifyRepositoryPermission(namespace, reponame).can():
-          if repo.kind != 'image':
+          if repository_ref.kind != 'image':
            raise Unsupported(message=invalid_repo_message)
          final_actions.append('push')
@ -193,7 +194,7 @@ def _authorize_or_downscope_request(scope_param, has_valid_auth_context):
        user = get_authenticated_user()
        if CreateRepositoryPermission(namespace).can() and user is not None:
          logger.debug('Creating repository: %s/%s', namespace, reponame)
-          model.create_repository(namespace, reponame, user)
+          model.repository.create_repository(namespace, reponame, user)
          final_actions.append('push')
        else:
          logger.debug('No permission to create repository %s/%s', namespace, reponame)
@ -201,7 +202,7 @@ def _authorize_or_downscope_request(scope_param, has_valid_auth_context):
  if 'pull' in actions:
    # Grant pull if the user can read the repo or it is public.
    if ReadRepositoryPermission(namespace, reponame).can() or repo_is_public:
-      if repo is not None and repo.kind != 'image':
+      if repository_ref is not None and repository_ref.kind != 'image':
        raise Unsupported(message=invalid_repo_message)
      final_actions.append('pull')
@ -211,7 +212,7 @@ def _authorize_or_downscope_request(scope_param, has_valid_auth_context):
  if '*' in actions:
    # Grant * user is admin
    if AdministerRepositoryPermission(namespace, reponame).can():
-      if repo is not None and repo.kind != 'image':
+      if repository_ref is not None and repository_ref.kind != 'image':
        raise Unsupported(message=invalid_repo_message)
      final_actions.append('*')
@ -220,4 +221,4 @@ def _authorize_or_downscope_request(scope_param, has_valid_auth_context):
  return scopeResult(actions=final_actions, namespace=namespace, repository=reponame,
                     registry_and_repo=registry_and_repo,
-                     tuf_root=_get_tuf_root(repo, namespace, reponame))
+                     tuf_root=_get_tuf_root(repository_ref, namespace, reponame))