import logging import json import hashlib from flask import (make_response, request, session, Response, redirect, Blueprint, abort, send_file, make_response) from app import storage as store, app from auth.auth import process_auth from auth.permissions import ReadRepositoryPermission from data import model from endpoints.registry import set_cache_headers from util.queuefile import QueueFile from util.queueprocess import QueueProcess from util.gzipwrap import GzipWrap from util.streamlayerformat import StreamLayerMerger from werkzeug.wsgi import wrap_file verbs = Blueprint('verbs', __name__) logger = logging.getLogger(__name__) def _open_stream(namespace, repository, image_list): def get_next_layer(): for current_image_id in image_list: current_image_entry = model.get_repo_image(namespace, repository, current_image_id) current_image_path = store.image_layer_path(current_image_entry.storage.uuid) current_image_stream = store.stream_read_file(current_image_entry.storage.locations, current_image_path) logger.debug('Returning image layer %s: %s' % (current_image_id, current_image_path)) yield current_image_stream stream = GzipWrap(StreamLayerMerger(get_next_layer).get_generator()) return stream.read def _write_synthetic_image_to_storage(namespace, repository, locations, synthetic_image_id, queue_file): # TODO: make sure this synthetic image expires! image_path = store.image_layer_path(synthetic_image_id) store.stream_write(locations, image_path, queue_file) queue_file.close() @verbs.route('////squash', methods=['GET']) @process_auth @set_cache_headers def get_squashed_tag(namespace, repository, tag, headers): permission = ReadRepositoryPermission(namespace, repository) if permission.can() or model.repository_is_public(namespace, repository): # Lookup the requested tag. tag_image = model.get_tag_image(namespace, repository, tag) if not tag_image: abort(404) # Lookup the tag's image and storage. repo_image = model.get_repo_image(namespace, repository, tag_image.docker_image_id) if not repo_image: abort(404) # Calculate a synthetic image ID by hashing the *image storage ID* with our # secret. This is done to prevent the ID being guessable/overwritable by # external pushes. unhashed = str(repo_image.storage.id) + ':' + app.config['SECRET_KEY'] synthetic_image_id = hashlib.sha256(unhashed).hexdigest() # Check to see if the synthetic image ID exists in storage. If so, we just return a 302. logger.debug('Looking up synthetic image %s', synthetic_image_id) locations = repo_image.storage.locations saved_image_path = store.image_layer_path(synthetic_image_id) if store.exists(locations, saved_image_path): logger.debug('Synthetic image %s exists in storage', synthetic_image_id) download_url = store.get_direct_download_url(locations, saved_image_path) if download_url: logger.debug('Redirecting to download URL for synthetic image %s', synthetic_image_id) return redirect(download_url, code=302) logger.debug('Sending cached synthetic image %s', synthetic_image_id) return send_file(store.stream_read_file(locations, saved_image_path)) # Load the ancestry for the image. logger.debug('Building and returning synthetic image %s', synthetic_image_id) uuid = repo_image.storage.uuid ancestry_data = store.get_content(repo_image.storage.locations, store.image_ancestry_path(uuid)) full_image_list = json.loads(ancestry_data) # Create a queue process to generate the data. The queue files will read from the process # and send the results to the client and storage. args = (namespace, repository, full_image_list) queue_process = QueueProcess(_open_stream, 8 * 1024, 10 * 1024 * 1024, args) # 8K/10M chunk/max client_queue_file = QueueFile(queue_process.create_queue(), 'client') storage_queue_file = QueueFile(queue_process.create_queue(), 'storage') # Start building. queue_process.run() # Start the storage saving. storage_args = (namespace, repository, locations, synthetic_image_id, storage_queue_file) QueueProcess.run_process(_write_synthetic_image_to_storage, storage_args) # Return the client's data. return send_file(client_queue_file) abort(403)