2015-11-18 17:18:44 -05:00
|
|
|
package distribution
|
|
|
|
|
|
|
|
import (
|
2015-11-04 00:03:12 -05:00
|
|
|
"fmt"
|
2015-11-18 17:18:44 -05:00
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/docker/distribution"
|
2016-01-26 14:20:14 -05:00
|
|
|
distreference "github.com/docker/distribution/reference"
|
2015-11-18 17:18:44 -05:00
|
|
|
"github.com/docker/distribution/registry/client"
|
|
|
|
"github.com/docker/distribution/registry/client/auth"
|
|
|
|
"github.com/docker/distribution/registry/client/transport"
|
2016-01-04 13:36:01 -05:00
|
|
|
"github.com/docker/docker/dockerversion"
|
2015-11-18 17:18:44 -05:00
|
|
|
"github.com/docker/docker/registry"
|
2016-01-04 19:05:26 -05:00
|
|
|
"github.com/docker/engine-api/types"
|
2015-11-18 17:18:44 -05:00
|
|
|
"golang.org/x/net/context"
|
|
|
|
)
|
|
|
|
|
|
|
|
type dumbCredentialStore struct {
|
2015-12-11 23:11:42 -05:00
|
|
|
auth *types.AuthConfig
|
2015-11-18 17:18:44 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func (dcs dumbCredentialStore) Basic(*url.URL) (string, string) {
|
|
|
|
return dcs.auth.Username, dcs.auth.Password
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewV2Repository returns a repository (v2 only). It creates a HTTP transport
|
|
|
|
// providing timeout settings and authentication support, and also verifies the
|
|
|
|
// remote API version.
|
2015-12-04 16:42:33 -05:00
|
|
|
func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *types.AuthConfig, actions ...string) (repo distribution.Repository, foundVersion bool, err error) {
|
2015-12-11 14:00:13 -05:00
|
|
|
repoName := repoInfo.FullName()
|
2015-11-18 17:18:44 -05:00
|
|
|
// If endpoint does not support CanonicalName, use the RemoteName instead
|
|
|
|
if endpoint.TrimHostname {
|
2015-12-11 14:00:13 -05:00
|
|
|
repoName = repoInfo.RemoteName()
|
2015-11-18 17:18:44 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// TODO(dmcgowan): Call close idle connections when complete, use keep alive
|
|
|
|
base := &http.Transport{
|
|
|
|
Proxy: http.ProxyFromEnvironment,
|
2016-02-03 12:55:16 -05:00
|
|
|
Dial: (&net.Dialer{
|
|
|
|
Timeout: 30 * time.Second,
|
|
|
|
KeepAlive: 30 * time.Second,
|
|
|
|
DualStack: true,
|
|
|
|
}).Dial,
|
2015-11-18 17:18:44 -05:00
|
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
|
|
TLSClientConfig: endpoint.TLSConfig,
|
|
|
|
// TODO(dmcgowan): Call close idle connections when complete and use keep alive
|
|
|
|
DisableKeepAlives: true,
|
|
|
|
}
|
|
|
|
|
2016-01-04 13:36:01 -05:00
|
|
|
modifiers := registry.DockerHeaders(dockerversion.DockerUserAgent(), metaHeaders)
|
2015-11-18 17:18:44 -05:00
|
|
|
authTransport := transport.NewTransport(base, modifiers...)
|
2016-02-11 18:45:29 -05:00
|
|
|
|
2016-03-01 02:07:41 -05:00
|
|
|
challengeManager, foundVersion, err := registry.PingV2Registry(endpoint, authTransport)
|
|
|
|
if err != nil {
|
|
|
|
transportOK := false
|
|
|
|
if responseErr, ok := err.(registry.PingResponseError); ok {
|
|
|
|
transportOK = true
|
|
|
|
err = responseErr.Err
|
2015-11-18 17:18:44 -05:00
|
|
|
}
|
2016-02-11 18:45:29 -05:00
|
|
|
return nil, foundVersion, fallbackError{
|
|
|
|
err: err,
|
|
|
|
confirmedV2: foundVersion,
|
2016-03-01 02:07:41 -05:00
|
|
|
transportOK: transportOK,
|
2016-02-11 18:45:29 -05:00
|
|
|
}
|
2015-11-18 17:18:44 -05:00
|
|
|
}
|
|
|
|
|
2015-11-04 00:03:12 -05:00
|
|
|
if authConfig.RegistryToken != "" {
|
|
|
|
passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
|
|
|
|
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
|
|
|
|
} else {
|
|
|
|
creds := dumbCredentialStore{auth: authConfig}
|
2015-12-11 14:00:13 -05:00
|
|
|
tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...)
|
2015-11-04 00:03:12 -05:00
|
|
|
basicHandler := auth.NewBasicHandler(creds)
|
|
|
|
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
|
|
|
|
}
|
2015-11-18 17:18:44 -05:00
|
|
|
tr := transport.NewTransport(base, modifiers...)
|
|
|
|
|
2016-01-26 14:20:14 -05:00
|
|
|
repoNameRef, err := distreference.ParseNamed(repoName)
|
|
|
|
if err != nil {
|
2016-02-11 18:45:29 -05:00
|
|
|
return nil, foundVersion, fallbackError{
|
|
|
|
err: err,
|
|
|
|
confirmedV2: foundVersion,
|
|
|
|
transportOK: true,
|
|
|
|
}
|
2016-01-26 14:20:14 -05:00
|
|
|
}
|
|
|
|
|
2016-02-17 19:53:25 -05:00
|
|
|
repo, err = client.NewRepository(ctx, repoNameRef, endpoint.URL.String(), tr)
|
2016-02-11 18:45:29 -05:00
|
|
|
if err != nil {
|
|
|
|
err = fallbackError{
|
|
|
|
err: err,
|
|
|
|
confirmedV2: foundVersion,
|
|
|
|
transportOK: true,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return
|
2015-11-18 17:18:44 -05:00
|
|
|
}
|
|
|
|
|
2015-11-04 00:03:12 -05:00
|
|
|
type existingTokenHandler struct {
|
|
|
|
token string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (th *existingTokenHandler) Scheme() string {
|
|
|
|
return "bearer"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
|
|
|
|
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", th.token))
|
|
|
|
return nil
|
|
|
|
}
|