2015-02-12 13:23:22 -05:00
|
|
|
package graph
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/Sirupsen/logrus"
|
|
|
|
"github.com/docker/distribution"
|
|
|
|
"github.com/docker/distribution/digest"
|
|
|
|
"github.com/docker/distribution/manifest"
|
|
|
|
"github.com/docker/distribution/registry/client"
|
|
|
|
"github.com/docker/distribution/registry/client/auth"
|
|
|
|
"github.com/docker/distribution/registry/client/transport"
|
|
|
|
"github.com/docker/docker/cliconfig"
|
|
|
|
"github.com/docker/docker/registry"
|
|
|
|
"golang.org/x/net/context"
|
2015-10-19 23:53:44 -04:00
|
|
|
"strings"
|
2015-02-12 13:23:22 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
type dumbCredentialStore struct {
|
|
|
|
auth *cliconfig.AuthConfig
|
|
|
|
}
|
|
|
|
|
|
|
|
func (dcs dumbCredentialStore) Basic(*url.URL) (string, string) {
|
|
|
|
return dcs.auth.Username, dcs.auth.Password
|
|
|
|
}
|
|
|
|
|
2015-07-29 19:45:47 -04:00
|
|
|
// NewV2Repository returns a repository (v2 only). It creates a HTTP transport
|
|
|
|
// providing timeout settings and authentication support, and also verifies the
|
|
|
|
// remote API version.
|
2015-08-27 07:03:00 -04:00
|
|
|
func NewV2Repository(repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *cliconfig.AuthConfig, actions ...string) (distribution.Repository, error) {
|
2015-02-12 13:23:22 -05:00
|
|
|
ctx := context.Background()
|
|
|
|
|
|
|
|
repoName := repoInfo.CanonicalName
|
|
|
|
// If endpoint does not support CanonicalName, use the RemoteName instead
|
|
|
|
if endpoint.TrimHostname {
|
|
|
|
repoName = repoInfo.RemoteName
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO(dmcgowan): Call close idle connections when complete, use keep alive
|
|
|
|
base := &http.Transport{
|
|
|
|
Proxy: http.ProxyFromEnvironment,
|
|
|
|
Dial: (&net.Dialer{
|
|
|
|
Timeout: 30 * time.Second,
|
|
|
|
KeepAlive: 30 * time.Second,
|
|
|
|
DualStack: true,
|
|
|
|
}).Dial,
|
|
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
|
|
TLSClientConfig: endpoint.TLSConfig,
|
|
|
|
// TODO(dmcgowan): Call close idle connections when complete and use keep alive
|
|
|
|
DisableKeepAlives: true,
|
|
|
|
}
|
|
|
|
|
|
|
|
modifiers := registry.DockerHeaders(metaHeaders)
|
|
|
|
authTransport := transport.NewTransport(base, modifiers...)
|
|
|
|
pingClient := &http.Client{
|
|
|
|
Transport: authTransport,
|
2015-10-16 18:34:35 -04:00
|
|
|
Timeout: 15 * time.Second,
|
2015-02-12 13:23:22 -05:00
|
|
|
}
|
2015-10-19 23:53:44 -04:00
|
|
|
endpointStr := strings.TrimRight(endpoint.URL, "/") + "/v2/"
|
2015-02-12 13:23:22 -05:00
|
|
|
req, err := http.NewRequest("GET", endpointStr, nil)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
resp, err := pingClient.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
versions := auth.APIVersions(resp, endpoint.VersionHeader)
|
|
|
|
if endpoint.VersionHeader != "" && len(endpoint.Versions) > 0 {
|
|
|
|
var foundVersion bool
|
|
|
|
for _, version := range endpoint.Versions {
|
|
|
|
for _, pingVersion := range versions {
|
|
|
|
if version == pingVersion {
|
|
|
|
foundVersion = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !foundVersion {
|
|
|
|
return nil, errors.New("endpoint does not support v2 API")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
challengeManager := auth.NewSimpleChallengeManager()
|
|
|
|
if err := challengeManager.AddResponse(resp); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
creds := dumbCredentialStore{auth: authConfig}
|
2015-08-27 07:03:00 -04:00
|
|
|
tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...)
|
2015-02-12 13:23:22 -05:00
|
|
|
basicHandler := auth.NewBasicHandler(creds)
|
|
|
|
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
|
|
|
|
tr := transport.NewTransport(base, modifiers...)
|
|
|
|
|
|
|
|
return client.NewRepository(ctx, repoName, endpoint.URL, tr)
|
|
|
|
}
|
|
|
|
|
2015-07-15 16:42:45 -04:00
|
|
|
func digestFromManifest(m *manifest.SignedManifest, localName string) (digest.Digest, int, error) {
|
2015-02-12 13:23:22 -05:00
|
|
|
payload, err := m.Payload()
|
|
|
|
if err != nil {
|
2015-09-15 17:38:42 -04:00
|
|
|
// If this failed, the signatures section was corrupted
|
|
|
|
// or missing. Treat the entire manifest as the payload.
|
|
|
|
payload = m.Raw
|
2015-02-12 13:23:22 -05:00
|
|
|
}
|
|
|
|
manifestDigest, err := digest.FromBytes(payload)
|
|
|
|
if err != nil {
|
|
|
|
logrus.Infof("Could not compute manifest digest for %s:%s : %v", localName, m.Tag, err)
|
|
|
|
}
|
2015-07-15 16:42:45 -04:00
|
|
|
return manifestDigest, len(payload), nil
|
2015-02-12 13:23:22 -05:00
|
|
|
}
|