Commit graph

2374 commits

Author SHA1 Message Date
Marcus Martins
db1bf93098
Add leeway to JWT nbf and exp checking
Adds a constant leeway (60 seconds) to the nbf and exp claim check to
account for clock skew between the registry servers and the
authentication server that generated the JWT.

The leeway of 60 seconds is a bit arbitrary but based on the RFC
recommendation and hub.docker.com logs/metrics where we don't see
drifts of more than a second on our servers running ntpd.

I didn't attempt to make the leeway configurable as it would add extra
complexity to the PR and I am not sure how Distribution prefer to
handle runtime flags like that.

Also, I am simplifying the exp and nbf check for readability as the
previous `NOT (A AND B)` with cmp operators was not very friendly.

Ref:
https://tools.ietf.org/html/rfc7519#section-4.1.5

Signed-off-by: Marcus Martins <marcus@docker.com>
2016-07-18 17:47:30 -07:00
Richard Scothern
aa3de8fd4f Merge pull request #1847 from RichardScothern/go-1.7
Fix vet errors with go 1.7
2016-07-18 14:01:47 -07:00
Richard Scothern
fcea6145f5 Fix vet errors with go 1.7
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-07-18 13:41:19 -07:00
Derek McGowan
f8083b7ff3 Merge pull request #1836 from hinshun/catalog-walk-return-error
Fix storage drivers dropping non EOF errors when listing repositories
2016-07-15 14:29:50 -07:00
Derek McGowan
b1ab3bfde5 Merge pull request #1838 from dmcgowan/search-v2-auth-test
Search v2 auth test
2016-07-15 14:27:56 -07:00
Derek McGowan
42a7e6e171 Merge pull request #1837 from RichardScothern/catalog-test
Use registry APIs to generate catalog test environment
2016-07-15 14:23:22 -07:00
Edgar Lee
a82f661ef0 Use typecast over reflect for error type checking
Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-07-14 15:03:18 -07:00
Edgar Lee
3bfd03cbe6 Refactor errVal named parameter for catalog repositories to err
Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-07-14 13:28:08 -07:00
Edgar Lee
aeb9a29499 Handle new errors returned from catalog repository listing
Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-07-14 13:24:16 -07:00
Richard Scothern
b126d6643e Use distribution APIs to generate catalog test environment
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-07-14 09:58:19 -07:00
Derek McGowan
fc07e0380e Add v1 search with v2 token auth test
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-07-13 17:03:14 -07:00
Edgar Lee
5a0b35ca10 Fix storage drivers dropping non EOF errors when listing repositories
This fixes errors other than io.EOF from being dropped when a storage driver
lists repositories. For example, filesystem driver may point to a missing
directory and errors, which then gets subsequently dropped.

Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-07-13 16:41:51 -07:00
Derek McGowan
37b5e3e81b Merge pull request #1833 from aaronlehmann/document-toomanyrequests
Document TOOMANYREQUESTS error code
2016-07-13 10:41:01 -07:00
Richard Scothern
07f32ac183 Merge pull request #1830 from dmcgowan/allow-v2-auth-on-v1-search
Add support for using v2 ping challenges for v1
2016-07-12 17:28:54 -07:00
Derek McGowan
145abeea7b Add support for using v2 ping challenges for v1
Allows using v2 for v1 endpoints.
The primary use case being for search which does not have a v2 specification.
Added a user scope for allowing v2 search

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-07-12 17:15:56 -07:00
Derek McGowan
022416c502 Add support for registry type in scope
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-07-12 17:13:43 -07:00
Richard Scothern
c3c5277007 Merge pull request #1834 from dmcgowan/aws-vendor-update
Vendor update for aws sdk
2016-07-12 15:26:16 -07:00
Derek McGowan
acae5dcfff Vendor update for aws sdk
Updated to latest version of go aws sdk.
Use vendored sub pakages within aws sdk.
Adds missing vendor packages for letsencrypt

Fixes #1832

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-07-12 12:47:37 -07:00
Aaron Lehmann
b0099004e2 Document TOOMANYREQUESTS error code
Add entries with this error code in registry/api/v2/descriptors.go.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-07-12 12:18:54 -06:00
Richard Scothern
2052f29be6 Merge pull request #1827 from docker/ec2-creds
Allow EC2 IAM roles to be used when authorizing region endpoints
2016-07-11 13:05:41 -07:00
Richard Scothern
b7d43c862f Merge pull request #1826 from jchorl/cas
Add transport field to notifications endpoint config
2016-07-11 13:03:29 -07:00
Derek McGowan
9d84a6a18e Merge pull request #1828 from nwt/foreign-layer-url-validation
Properly validate multi-URL foreign layers
2016-07-11 13:01:04 -07:00
Noah Treuhaft
042bc06175 Properly validate multi-URL foreign layers
The existing code effectively ignored errors from all but the last of a
foreign layer's URLs.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-07-11 12:13:42 -07:00
Josh Chorlton
a62f212544 Add transport field to EndpointConfig struct
The EndpointConfig struct in the notifications package has some config
fields for a notification endpoint. This commit adds the ability to pass
in an *http.Transport to use when notifying that endpoint of an event.
This is especially useful for endpoints that use self-signed CAs.

Signed-off-by: Josh Chorlton <josh.chorlton@docker.com>
2016-07-11 11:52:23 -07:00
Richard Scothern
3da5f9088d Allow EC2 IAM roles to be used when authorizing region endpoints
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-07-11 10:54:57 -07:00
Stefan Majewsky
1f03d4e77d [Swift] add simple heuristic to detect incomplete DLOs during read ops
This is similar to waitForSegmentsToShowUp which is called during
Close/Commit. Intuitively, you wouldn't expect missing segments to be a
problem during read operations, since the previous Close/Commit
confirmed that all segments are there.

But due to the distributed nature of Swift, the read request could be
hitting a different storage node of the Swift cluster, where the
segments are still missing.

Load tests on my team's staging Swift cluster have shown this to occur
about once every 100-200 layer uploads when the Swift proxies are under
high load. The retry logic, borrowed from waitForSegmentsToShowUp, fixes
this temporary inconsistency.

Signed-off-by: Stefan Majewsky <stefan.majewsky@sap.com>
2016-07-08 13:47:41 +02:00
Michal Minář
3f1434525b Export storage.CreateOptions in top-level package
Let the options for `BlobStore.Create()` be modified in middleware
wrappers.

Signed-off-by: Michal Minar <miminar@redhat.com>
2016-07-06 16:40:46 +02:00
Derek McGowan
4e17ab5d31 Merge pull request #1817 from cezarsa/master
Avoid formatting errors with %#v
2016-07-01 10:59:50 -07:00
Cezar Sa Espinola
e015cbadd6
registry: avoid formatting errors with %#v
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
2016-07-01 11:30:58 -03:00
Derek McGowan
b49f8ed894 Merge pull request #1812 from RichardScothern/media-type
Override media type returned from Stat for existing manifests.
2016-06-29 15:28:34 -07:00
Richard Scothern
beb5d00474 Override media type returned from Stat for existing manifests.
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-06-29 14:53:14 -07:00
Derek McGowan
c24b072e7d Merge pull request #1808 from BrianBland/clientAllTagsFollowsLinks
Changes the client Tags All() method to follow links
2016-06-29 12:02:48 -07:00
Brian Bland
a1f9f71e67 Changes the client Tags All() method to follow links
This returns all tags even when the registry forces pagination.

Signed-off-by: Brian Bland <brian.t.bland@gmail.com>
2016-06-28 15:49:14 -07:00
Richard Scothern
1f1d042f55 Merge pull request #1807 from docker/jchorl-master
fixed s3 Delete bug due to read-after-delete inconsistency
2016-06-28 15:09:35 -07:00
Josh Chorlton
2d0a5ecc0e fixed s3 Delete bug due to read-after-delete inconsistency
Signed-off-by: Josh Chorlton <josh.chorlton@docker.com>
2016-06-28 14:22:15 -07:00
Richard Scothern
5f7f871d8f Merge pull request #1805 from SvenDowideit/difuse-non-link
Stop hugo from making the example URL into a link
2016-06-27 10:41:36 -07:00
Sven Dowideit
a1c1349eac Stop hugo from making the example URL into a link
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2016-06-27 10:15:26 +10:00
Stephen Day
ffbe9b7c63 Merge pull request #1798 from SvenDowideit/replace-google-docs-png-with-local-image
Replace google docs image link with one in this repo
2016-06-22 13:25:24 -07:00
Derek McGowan
e3b4445b83 Merge pull request #1799 from liubin/fix-typos
fix typos
2016-06-22 07:06:04 -07:00
Sven Dowideit
82bdab7d48 Replace google docs image link with one in this repo
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2016-06-22 13:08:56 +00:00
bin liu
913e12c8ff fix typos
Signed-off-by: bin liu <liubin0329@gmail.com>
2016-06-22 12:40:21 +08:00
Richard Scothern
edd7cb5249 Merge pull request #1739 from cezarsa/master
[Swift] Expose EndpointType parameter in driver
2016-06-15 10:33:48 -07:00
Sven Dowideit
e472758825 Merge pull request #1788 from SvenDowideit/move-build-doc
Move the building.md doc to the top of the git repo
2016-06-15 10:57:13 +10:00
Sven Dowideit
51be30beb1 Move the building.md doc to the top of the git repo
Closes #1776

Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2016-06-15 20:26:16 +10:00
Charles Smith
879dc2fa38 Merge pull request #1791 from londoncalling/fix-broken-links-PR-23492
fixed broken link due to topic re-org in PR#23492
2016-06-14 14:20:35 -07:00
Victoria Bialas
c0987a9e1b fixed broken link due to topic re-org in PR#23492
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2016-06-14 13:56:17 -07:00
Richard Scothern
f4296d55fc Merge pull request #1787 from RichardScothern/nr
Re-add support for non-resumable digests
2016-06-14 10:37:47 -07:00
Richard Scothern
ccfa25cf00 If resumable digest support is disabled, detct this when closing the blobwriter
and allow the close to continue.  Also update the name of the function.

Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-06-13 17:35:06 -07:00
Richard Scothern
1fc752c718 Merge pull request #1706 from aibaars/registry-size-close
Blobwriter: call BlobWriter.Size after BlobWriter.Close
2016-06-13 16:29:35 -07:00
Richard Scothern
337ceb2b40 Merge pull request #1786 from RichardScothern/admin
Prepare for the release.
2016-06-13 16:09:09 -07:00