2016-09-06 14:46:37 -04:00
|
|
|
package client
|
|
|
|
|
|
|
|
import (
|
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
2017-09-13 15:49:04 -04:00
|
|
|
"strings"
|
2016-09-06 14:46:37 -04:00
|
|
|
|
|
|
|
"golang.org/x/net/context"
|
|
|
|
|
2017-01-25 19:54:18 -05:00
|
|
|
"github.com/docker/distribution/reference"
|
2016-09-06 14:46:37 -04:00
|
|
|
"github.com/docker/docker/api/types"
|
|
|
|
)
|
|
|
|
|
|
|
|
// ImagePull requests the docker host to pull an image from a remote registry.
|
|
|
|
// It executes the privileged function if the operation is unauthorized
|
|
|
|
// and it tries one more time.
|
|
|
|
// It's up to the caller to handle the io.ReadCloser and close it properly.
|
|
|
|
//
|
|
|
|
// FIXME(vdemeester): there is currently used in a few way in docker/docker
|
|
|
|
// - if not in trusted content, ref is used to pass the whole reference, and tag is empty
|
|
|
|
// - if in trusted content, ref is used to pass the reference name, and tag for the digest
|
2017-01-25 19:54:18 -05:00
|
|
|
func (cli *Client) ImagePull(ctx context.Context, refStr string, options types.ImagePullOptions) (io.ReadCloser, error) {
|
|
|
|
ref, err := reference.ParseNormalizedNamed(refStr)
|
2016-09-06 14:46:37 -04:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
query := url.Values{}
|
2017-01-25 19:54:18 -05:00
|
|
|
query.Set("fromImage", reference.FamiliarName(ref))
|
|
|
|
if !options.All {
|
|
|
|
query.Set("tag", getAPITagFromNamedRef(ref))
|
2016-09-06 14:46:37 -04:00
|
|
|
}
|
2017-09-13 15:49:04 -04:00
|
|
|
if options.Platform != "" {
|
|
|
|
query.Set("platform", strings.ToLower(options.Platform))
|
2017-08-08 15:43:48 -04:00
|
|
|
}
|
|
|
|
|
2017-09-13 15:49:04 -04:00
|
|
|
resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth)
|
2016-09-06 14:46:37 -04:00
|
|
|
if resp.statusCode == http.StatusUnauthorized && options.PrivilegeFunc != nil {
|
|
|
|
newAuthHeader, privilegeErr := options.PrivilegeFunc()
|
|
|
|
if privilegeErr != nil {
|
|
|
|
return nil, privilegeErr
|
|
|
|
}
|
2017-09-13 15:49:04 -04:00
|
|
|
resp, err = cli.tryImageCreate(ctx, query, newAuthHeader)
|
2016-09-06 14:46:37 -04:00
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return resp.body, nil
|
|
|
|
}
|
2017-01-25 19:54:18 -05:00
|
|
|
|
|
|
|
// getAPITagFromNamedRef returns a tag from the specified reference.
|
|
|
|
// This function is necessary as long as the docker "server" api expects
|
|
|
|
// digests to be sent as tags and makes a distinction between the name
|
|
|
|
// and tag/digest part of a reference.
|
|
|
|
func getAPITagFromNamedRef(ref reference.Named) string {
|
|
|
|
if digested, ok := ref.(reference.Digested); ok {
|
|
|
|
return digested.Digest().String()
|
|
|
|
}
|
|
|
|
ref = reference.TagNameOnly(ref)
|
|
|
|
if tagged, ok := ref.(reference.Tagged); ok {
|
|
|
|
return tagged.Tag()
|
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|