kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/distribution/registry.go

163 lines
5 KiB
Go
Raw Normal View History

Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:05:59 -05:00
package distribution // import "github.com/docker/docker/distribution"
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
import (
Switch from x/net/context -> context Since Go 1.7, context is a standard package. Since Go 1.9, everything that is provided by "x/net/context" is a couple of type aliases to types in "context". Many vendored packages still use x/net/context, so vendor entry remains for now. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-04-19 18:30:59 -04:00
"context"
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" | jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-11-04 00:03:12 -05:00
"fmt"
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
"net"
"net/http"
"time"
"github.com/docker/distribution"
Abstract distribution interfaces from image specific types Move configurations into a single file. Abstract download manager in pull config. Add supports for schema2 only and schema2 type checking. Add interface for providing push layers. Abstract image store to generically handle configurations. Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-16 14:19:05 -05:00
"github.com/docker/distribution/manifest/schema2"
Use distribution reference Remove forked reference package. Use normalized named values everywhere and familiar functions to convert back to familiar strings for UX and storage compatibility. Enforce that the source repository in the distribution metadata is always a normalized string, ignore invalid values which are not. Update distribution tests to use normalized values. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-01-25 19:54:18 -05:00
"github.com/docker/distribution/reference"
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
"github.com/docker/distribution/registry/client"
"github.com/docker/distribution/registry/client/auth"
"github.com/docker/distribution/registry/client/transport"
Add engine-api types to docker This moves the types for the `engine-api` repo to the existing types package. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-06 14:18:12 -04:00
"github.com/docker/docker/api/types"
Remove the use of dockerversion from the registry package Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-01-04 13:36:01 -05:00
"github.com/docker/docker/dockerversion"
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
"github.com/docker/docker/registry"
Respect ALL_PROXY during registry operations Use sockets.DialerFromEnvironment, as is done in other places, to transparently support SOCKS proxy config from ALL_PROXY environment variable. Requires the *engine* have the ALL_PROXY env var set, which doesn't seem ideal. Maybe it should be a CLI option somehow? Only tested with push and a v2 registry so far. I'm happy to look further into testing more broadly, but I wanted to get feedback on the general idea first. Signed-off-by: Brett Higgins <brhiggins@arbor.net>
2016-04-25 07:54:48 -04:00
"github.com/docker/go-connections/sockets"
Register OCI image media types OCI types are backwards compatible with Docker manifest types, however the media types must be registered. Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-06-27 20:58:54 -04:00
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
)
Abstract distribution interfaces from image specific types Move configurations into a single file. Abstract download manager in pull config. Add supports for schema2 only and schema2 type checking. Add interface for providing push layers. Abstract image store to generically handle configurations. Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-16 14:19:05 -05:00
// ImageTypes represents the schema2 config types for images
var ImageTypes = []string{
schema2.MediaTypeImageConfig,
Register OCI image media types OCI types are backwards compatible with Docker manifest types, however the media types must be registered. Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-06-27 20:58:54 -04:00
ocispec.MediaTypeImageConfig,
Abstract distribution interfaces from image specific types Move configurations into a single file. Abstract download manager in pull config. Add supports for schema2 only and schema2 type checking. Add interface for providing push layers. Abstract image store to generically handle configurations. Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-16 14:19:05 -05:00
// Handle unexpected values from https://github.com/docker/distribution/issues/1621
distribution: Add text/html and application/json as image mediatypes As noted by #30083, the new strict checking of mediatypes misses some cases where earlier bugs caused nonstandard mediatypes to be stored in manifests. Two of the known cases are text/html and application/json, which were returned by certain registries and stored by earlier versions of Docker. Add special cases for text/html and application/json. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-01-18 21:19:12 -05:00
// (see also https://github.com/docker/docker/issues/22378,
// https://github.com/docker/docker/issues/30083)
Abstract distribution interfaces from image specific types Move configurations into a single file. Abstract download manager in pull config. Add supports for schema2 only and schema2 type checking. Add interface for providing push layers. Abstract image store to generically handle configurations. Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-16 14:19:05 -05:00
"application/octet-stream",
distribution: Add text/html and application/json as image mediatypes As noted by #30083, the new strict checking of mediatypes misses some cases where earlier bugs caused nonstandard mediatypes to be stored in manifests. Two of the known cases are text/html and application/json, which were returned by certain registries and stored by earlier versions of Docker. Add special cases for text/html and application/json. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-01-18 21:19:12 -05:00
"application/json",
"text/html",
Abstract distribution interfaces from image specific types Move configurations into a single file. Abstract download manager in pull config. Add supports for schema2 only and schema2 type checking. Add interface for providing push layers. Abstract image store to generically handle configurations. Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-16 14:19:05 -05:00
// Treat defaulted values as images, newer types cannot be implied
"",
}
// PluginTypes represents the schema2 config types for plugins
var PluginTypes = []string{
schema2.MediaTypePluginConfig,
}
var mediaTypeClasses map[string]string
func init() {
// initialize media type classes with all know types for
// plugin
mediaTypeClasses = map[string]string{}
for _, t := range ImageTypes {
mediaTypeClasses[t] = "image"
}
for _, t := range PluginTypes {
mediaTypeClasses[t] = "plugin"
}
}
fix typos Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-05-07 21:36:10 -04:00
// NewV2Repository returns a repository (v2 only). It creates an HTTP transport
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
// providing timeout settings and authentication support, and also verifies the
// remote API version.
Do not fall back to the V1 protocol when we know we are talking to a V2 registry If we detect a Docker-Distribution-Api-Version header indicating that the registry speaks the V2 protocol, no fallback to V1 should take place. The same applies if a V2 registry operation succeeds while attempting a push or pull. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-04 16:42:33 -05:00
func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *types.AuthConfig, actions ...string) (repo distribution.Repository, foundVersion bool, err error) {
Use distribution reference Remove forked reference package. Use normalized named values everywhere and familiar functions to convert back to familiar strings for UX and storage compatibility. Enforce that the source repository in the distribution metadata is always a normalized string, ignore invalid values which are not. Update distribution tests to use normalized values. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-01-25 19:54:18 -05:00
repoName := repoInfo.Name.Name()
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
// If endpoint does not support CanonicalName, use the RemoteName instead
if endpoint.TrimHostname {
Use distribution reference Remove forked reference package. Use normalized named values everywhere and familiar functions to convert back to familiar strings for UX and storage compatibility. Enforce that the source repository in the distribution metadata is always a normalized string, ignore invalid values which are not. Update distribution tests to use normalized values. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-01-25 19:54:18 -05:00
repoName = reference.Path(repoInfo.Name)
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
}
Respect ALL_PROXY during registry operations Use sockets.DialerFromEnvironment, as is done in other places, to transparently support SOCKS proxy config from ALL_PROXY environment variable. Requires the *engine* have the ALL_PROXY env var set, which doesn't seem ideal. Maybe it should be a CLI option somehow? Only tested with push and a v2 registry so far. I'm happy to look further into testing more broadly, but I wanted to get feedback on the general idea first. Signed-off-by: Brett Higgins <brhiggins@arbor.net>
2016-04-25 07:54:48 -04:00
direct := &net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
DualStack: true,
}
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
// TODO(dmcgowan): Call close idle connections when complete, use keep alive
base := &http.Transport{
Respect ALL_PROXY during registry operations Use sockets.DialerFromEnvironment, as is done in other places, to transparently support SOCKS proxy config from ALL_PROXY environment variable. Requires the *engine* have the ALL_PROXY env var set, which doesn't seem ideal. Maybe it should be a CLI option somehow? Only tested with push and a v2 registry so far. I'm happy to look further into testing more broadly, but I wanted to get feedback on the general idea first. Signed-off-by: Brett Higgins <brhiggins@arbor.net>
2016-04-25 07:54:48 -04:00
Proxy: http.ProxyFromEnvironment,
Dial: direct.Dial,
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: endpoint.TLSConfig,
// TODO(dmcgowan): Call close idle connections when complete and use keep alive
DisableKeepAlives: true,
}
Respect ALL_PROXY during registry operations Use sockets.DialerFromEnvironment, as is done in other places, to transparently support SOCKS proxy config from ALL_PROXY environment variable. Requires the *engine* have the ALL_PROXY env var set, which doesn't seem ideal. Maybe it should be a CLI option somehow? Only tested with push and a v2 registry so far. I'm happy to look further into testing more broadly, but I wanted to get feedback on the general idea first. Signed-off-by: Brett Higgins <brhiggins@arbor.net>
2016-04-25 07:54:48 -04:00
proxyDialer, err := sockets.DialerFromEnvironment(direct)
if err == nil {
base.Dial = proxyDialer.Dial
}
Remove Docker from some functions Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-10-25 08:39:51 -04:00
modifiers := registry.Headers(dockerversion.DockerUserAgent(ctx), metaHeaders)
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
authTransport := transport.NewTransport(base, modifiers...)
Smarter push/pull TLS fallback With the --insecure-registry daemon option (or talking to a registry on a local IP), the daemon will first try TLS, and then try plaintext if something goes wrong with the push or pull. It doesn't make sense to try plaintext if a HTTP request went through while using TLS. This commit changes the logic to keep track of host/port combinations where a TLS attempt managed to do at least one HTTP request (whether the response code indicated success or not). If the host/port responded to a HTTP using TLS, we won't try to make plaintext HTTP requests to it. This will result in better error messages, which sometimes ended up showing the result of the plaintext attempt, like this: Error response from daemon: Get http://myregistrydomain.com:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02" Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-11 18:45:29 -05:00
Allow v1 search to use v2 auth with identity token Updates the v1 search endpoint to also support v2 auth when an identity token is given. Only search v1 endpoint is supported since there is not v2 search currently defined to replace it. Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-07-13 16:30:24 -04:00
challengeManager, foundVersion, err := registry.PingV2Registry(endpoint.URL, authTransport)
Login update and endpoint refactor Further differentiate the APIEndpoint used with V2 with the endpoint type which is only used for v1 registry interactions Rename Endpoint to V1Endpoint and remove version ambiguity Use distribution token handler for login Signed-off-by: Derek McGowan <derek@mcgstyle.net> Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-01 02:07:41 -05:00
if err != nil {
transportOK := false
if responseErr, ok := err.(registry.PingResponseError); ok {
transportOK = true
err = responseErr.Err
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
}
Smarter push/pull TLS fallback With the --insecure-registry daemon option (or talking to a registry on a local IP), the daemon will first try TLS, and then try plaintext if something goes wrong with the push or pull. It doesn't make sense to try plaintext if a HTTP request went through while using TLS. This commit changes the logic to keep track of host/port combinations where a TLS attempt managed to do at least one HTTP request (whether the response code indicated success or not). If the host/port responded to a HTTP using TLS, we won't try to make plaintext HTTP requests to it. This will result in better error messages, which sometimes ended up showing the result of the plaintext attempt, like this: Error response from daemon: Get http://myregistrydomain.com:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02" Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-11 18:45:29 -05:00
return nil, foundVersion, fallbackError{
err: err,
confirmedV2: foundVersion,
Login update and endpoint refactor Further differentiate the APIEndpoint used with V2 with the endpoint type which is only used for v1 registry interactions Rename Endpoint to V1Endpoint and remove version ambiguity Use distribution token handler for login Signed-off-by: Derek McGowan <derek@mcgstyle.net> Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-01 02:07:41 -05:00
transportOK: transportOK,
Smarter push/pull TLS fallback With the --insecure-registry daemon option (or talking to a registry on a local IP), the daemon will first try TLS, and then try plaintext if something goes wrong with the push or pull. It doesn't make sense to try plaintext if a HTTP request went through while using TLS. This commit changes the logic to keep track of host/port combinations where a TLS attempt managed to do at least one HTTP request (whether the response code indicated success or not). If the host/port responded to a HTTP using TLS, we won't try to make plaintext HTTP requests to it. This will result in better error messages, which sometimes ended up showing the result of the plaintext attempt, like this: Error response from daemon: Get http://myregistrydomain.com:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02" Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-11 18:45:29 -05:00
}
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
}
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" | jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-11-04 00:03:12 -05:00
if authConfig.RegistryToken != "" {
passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
} else {
Add class to repository scope Expose registry error translation for plugin distribution Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-15 18:06:48 -05:00
scope := auth.RepositoryScope{
Repository: repoName,
Actions: actions,
Implement content addressability for plugins Move plugins to shared distribution stack with images. Create immutable plugin config that matches schema2 requirements. Ensure data being pushed is same as pulled/created. Store distribution artifacts in a blobstore. Run init layer setup for every plugin start. Fix breakouts from unsafe file accesses. Add support for `docker plugin install --alias` Uses normalized references for default names to avoid collisions when using default hosts/tags. Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-12 18:05:53 -05:00
Class: repoInfo.Class,
Add class to repository scope Expose registry error translation for plugin distribution Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-15 18:06:48 -05:00
}
Allow v1 search to use v2 auth with identity token Updates the v1 search endpoint to also support v2 auth when an identity token is given. Only search v1 endpoint is supported since there is not v2 search currently defined to replace it. Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-07-13 16:30:24 -04:00
creds := registry.NewStaticCredentialStore(authConfig)
Add support for identity token with token handler Use token handler options for initialization. Update auth endpoint to set identity token in response. Update credential store to match distribution interface changes. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-23 18:18:04 -05:00
tokenHandlerOptions := auth.TokenHandlerOptions{
Transport: authTransport,
Credentials: creds,
Add class to repository scope Expose registry error translation for plugin distribution Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-15 18:06:48 -05:00
Scopes: []auth.Scope{scope},
ClientID: registry.AuthClientID,
Add support for identity token with token handler Use token handler options for initialization. Update auth endpoint to set identity token in response. Update credential store to match distribution interface changes. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-23 18:18:04 -05:00
}
tokenHandler := auth.NewTokenHandlerWithOptions(tokenHandlerOptions)
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" | jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-11-04 00:03:12 -05:00
basicHandler := auth.NewBasicHandler(creds)
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
}
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
tr := transport.NewTransport(base, modifiers...)
Use distribution reference Remove forked reference package. Use normalized named values everywhere and familiar functions to convert back to familiar strings for UX and storage compatibility. Enforce that the source repository in the distribution metadata is always a normalized string, ignore invalid values which are not. Update distribution tests to use normalized values. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-01-25 19:54:18 -05:00
repoNameRef, err := reference.WithName(repoName)
Vendor updated distribution for resumable downloads Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-26 14:20:14 -05:00
if err != nil {
Smarter push/pull TLS fallback With the --insecure-registry daemon option (or talking to a registry on a local IP), the daemon will first try TLS, and then try plaintext if something goes wrong with the push or pull. It doesn't make sense to try plaintext if a HTTP request went through while using TLS. This commit changes the logic to keep track of host/port combinations where a TLS attempt managed to do at least one HTTP request (whether the response code indicated success or not). If the host/port responded to a HTTP using TLS, we won't try to make plaintext HTTP requests to it. This will result in better error messages, which sometimes ended up showing the result of the plaintext attempt, like this: Error response from daemon: Get http://myregistrydomain.com:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02" Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-11 18:45:29 -05:00
return nil, foundVersion, fallbackError{
err: err,
confirmedV2: foundVersion,
transportOK: true,
}
Vendor updated distribution for resumable downloads Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-26 14:20:14 -05:00
}
Bump docker/distribution to 83389a148052d74ac602f5f1d62f86ff2f3c4aa5 vendored distribution is quite old, and current distribution contains an API break, which means it's not possible to vendor a bugfixed distribution and a docker/docker at the same time. Signed-off-by: Mike Lundy <mike@fluffypenguin.org>
2018-04-19 20:00:56 -04:00
repo, err = client.NewRepository(repoNameRef, endpoint.URL.String(), tr)
Smarter push/pull TLS fallback With the --insecure-registry daemon option (or talking to a registry on a local IP), the daemon will first try TLS, and then try plaintext if something goes wrong with the push or pull. It doesn't make sense to try plaintext if a HTTP request went through while using TLS. This commit changes the logic to keep track of host/port combinations where a TLS attempt managed to do at least one HTTP request (whether the response code indicated success or not). If the host/port responded to a HTTP using TLS, we won't try to make plaintext HTTP requests to it. This will result in better error messages, which sometimes ended up showing the result of the plaintext attempt, like this: Error response from daemon: Get http://myregistrydomain.com:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02" Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-11 18:45:29 -05:00
if err != nil {
err = fallbackError{
err: err,
confirmedV2: foundVersion,
transportOK: true,
}
}
return
Add distribution package Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-18 17:18:44 -05:00
}
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" | jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-11-04 00:03:12 -05:00
type existingTokenHandler struct {
token string
}
func (th *existingTokenHandler) Scheme() string {
return "bearer"
}
func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", th.token))
return nil
}
Add deprecation message for schema1 This will add a warning log in the daemon, and will send the message to be displayed by the CLI. Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-14 21:56:28 -04:00
func schema1DeprecationMessage(ref reference.Named) string {
return fmt.Sprintf("[DEPRECATION NOTICE] registry v2 schema1 support will be removed in an upcoming release. Please contact admins of the %s registry NOW to avoid future disruption.", reference.Domain(ref))
}
Copy permalink