Commit graph

1100 commits

Author SHA1 Message Date
Stephen J Day
ffd3662982 Harden basic auth implementation
After consideration, the basic authentication implementation has been
simplified to only support bcrypt entries in an htpasswd file. This greatly
increases the security of the implementation by reducing the possibility of
timing attacks and other problems trying to detect the password hash type.

Also, the htpasswd file is only parsed at startup, ensuring that the file can
be edited and not effect ongoing requests. Newly added passwords take effect on
restart. Subsequently, password hash entries are now stored in a map.

Test cases have been modified accordingly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-10 19:38:56 -07:00
Stephen J Day
ffe56ebe41 Refactor Basic Authentication package
This change refactors the basic authentication implementation to better follow
Go coding standards. Many types are no longer exported. The parser is now a
separate function from the authentication code. The standard functions
(*http.Request).BasicAuth/SetBasicAuth are now used where appropriate.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
abd142855a Unexported function to comply with golint
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
e4c3ab4377 Removed dashes from comments, unexported htpasswd struct
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
d4f2260e04 Added dependency to golang.org/x/crypto/bcrypt
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
04f6a4811d Fixed golint, gofmt warning advice.
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
c50dfb7dae Added support for bcrypt, plaintext; extension points for other htpasswd hash methods.
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
c4849bb99a Aligned formatting with gofmt
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
0ecaa7f40a Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
BadZen
8a204f59e7 Implementation of a basic authentication scheme using standard .htpasswd files
Signed-off-by: BadZen <dave.trombley@gmail.com>
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:37 -07:00
Olivier Gambier
7363323321 Merge pull request #612 from HuKeping/addtest-httpchecker
Test: add test for HTTPChecker
2015-06-10 17:08:55 -07:00
Jeff Nickoloff
bf305c1b91 Adding a volume for the default 'registry-dev' location.
Signed-off-by: Jeff Nickoloff <jeff@allingeek.com>
2015-06-10 10:25:41 -07:00
Antonio Mercado
b450b42c25 Removing Nginx Authorization header unset because it breaks with a user defined index endpoint
Signed-off-by: Antonio Mercado <amercado@thinknode.com>
2015-06-10 09:44:43 -04:00
Olivier Gambier
b230183b0f Merge pull request #553 from dmp42/docs-rework
Docs rework
2015-06-09 14:48:39 -07:00
Hu Keping
5d5caa0e9a Test: add test for HTTPChecker
Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-06-10 01:39:34 +08:00
Matt Robenolt
b684b77a0c Return valid json from StatusHandler
Signed-off-by: Matt Robenolt <matt@ydekproductions.com>
2015-06-08 23:31:03 -07:00
Stephen Day
f63313de1f Merge pull request #599 from stevvooe/clarify-deletion-by-digest-constraint
Clarify digest in API specification
2015-06-08 19:04:53 -07:00
Stephen J Day
7e6b4e8c52 Add description of digests to API specification
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-08 19:04:13 -07:00
Olivier Gambier
25bd3fc777 Link to compose
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:06 -07:00
Olivier Gambier
b8d785c79e Use bcrypt
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:06 -07:00
Olivier Gambier
81e8657d7b Fix here doc conf generation
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:05 -07:00
Olivier Gambier
8c1784c838 Keeping in synch
- commenting out both the "JSON" and "token" specs, unless someone thinks they should be here
- added help, glossary, introduction and authentication documents

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:05 -07:00
Olivier Gambier
96d79eb30e Adding authentication
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:05 -07:00
Olivier Gambier
74873aed14 Removing internal information
Removed content has been ported to the wiki

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:05 -07:00
Olivier Gambier
c1c638d01f Minor keyword add
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:52 -07:00
Olivier Gambier
c405f3717a Minor fixes
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:52 -07:00
Olivier Gambier
56ff32c683 Revising glossary
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:52 -07:00
Olivier Gambier
10ba376a99 Minor cleanup in the index
- adding glossary
- removing empty "advanced"
- commenting out building and architecture for now
- minor text enhancements

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
c3b3802503 Small fixes
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
b7b8e64f1d Moved instructions up
Make it more obvious that environment variables is the way to go.

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
26d87ed1a5 No reason to detail here
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
431e829fa5 Simplified index
Simplified index again, to make access to information more obvious and more direct.
Added a TLDR for people in a hurry.

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
d9dfe54308 Separated "help"
Help page is separate now.
Removed the bulk of it from various pages.

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
4eb8d907b9 Separate introduction
Use cases, generalities, image naming overview.
Removed most of it from index, and some of it from other random pages.

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
2fb5c97a97 Deployment rewrote
Strong focus on simplification.
Entirely removed custom build instructions.
Providing sane, one-liner defaults.
Verified, easy-to-use TLS instructions.
Removed hybrid instructions.
Removed authentication with nginx instructions (either wait for native support, or move it to advanced topics).

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Stephen Day
89e0955d4c Merge pull request #607 from vbatts/vbatts-v2_spec_blurb
spec/manifest: clarify the v2-s1 is provisional
2015-06-08 14:04:41 -07:00
Vincent Batts
0165b85861 spec/manifest: clarify the v2-s1 is provisional
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-06-08 16:48:48 -04:00
xiekeyang
aa73c53690 Panic: Add Handler
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-06-06 02:38:52 +00:00
Olivier Gambier
e03780c785 Merge pull request #598 from stevvooe/update-tarsum-package
Update tarsum package
2015-06-05 17:57:37 -07:00
Stephen Day
7da35f1d94 Merge pull request #601 from ahmetalpbalkan/docs-1
docs: Update azure docs in configuration.md
2015-06-05 17:55:03 -07:00
Olivier Gambier
8faf69470f Merge pull request #596 from stevvooe/repo-name-validation
Add more repository name validation test cases
2015-06-05 17:46:25 -07:00
Ahmet Alp Balkan
89f183639a docs: Update azure docs in configuration.md
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-06-05 17:25:17 -07:00
Derek McGowan
19ec4e2c7a Add docker developer flow
Integrate flags better with the development flow a Docker developer.
Add a shell function to make invocation of tests easy.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-06-05 13:19:55 -07:00
Derek McGowan
a438494b49 Replace docker-compose installation instructions
Use Docker Compose installation guide from official documentation

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-06-05 13:19:55 -07:00
Derek McGowan
b39e6395fd Update docker image
Use dmcgowan/docker-integration until can push to distribution namespace

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-06-05 13:19:55 -07:00
Derek McGowan
4ebd6b7e1d Add support for docker volume
Added an environment variable which can be used to pass in the docker volume for the container. This allows caching the pulled images between runs, preventing unnecessary image pulls.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-06-05 13:19:55 -07:00
Derek McGowan
de638db71e Add bats script to replace test_docker.sh
Remove Makefile in favor of run.sh script or manual instructions.
Update readme to reflect instructions for running integration tests.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-06-05 13:19:50 -07:00
Stephen Day
bd535a882d Merge pull request #595 from HuKeping/addtest
Test: add test for health/check
2015-06-05 10:34:16 -07:00
Hu Keping
5680d7b8b7 Test: add test for health/check
Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-06-05 18:02:34 +08:00
Stephen J Day
c54adb667f Clarify that manifests can only be deleted by digest
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-04 18:59:08 -07:00