docker

package
v1.3.3-k3s1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 20, 2020 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source
const LegacyConfigMediaType = "application/octet-stream"

LegacyConfigMediaType should be replaced by OCI image spec.

More detail: docker/distribution#1622

Variables

View Source
var (
	// ErrNoToken is returned if a request is successful but the body does not
	// contain an authorization token.
	ErrNoToken = errors.New("authorization server did not include a token in the response")

	// ErrInvalidAuthorization is used when credentials are passed to a server but
	// those credentials are rejected.
	ErrInvalidAuthorization = errors.New("authorization failed")

	// MaxManifestSize represents the largest size accepted from a registry
	// during resolution. Larger manifests may be accepted using a
	// resolution method other than the registry.
	//
	// NOTE: The max supported layers by some runtimes is 128 and individual
	// layers will not contribute more than 256 bytes, making a
	// reasonable limit for a large image manifests of 32K bytes.
	// 4M bytes represents a much larger upper bound for images which may
	// contain large annotations or be non-images. A proper manifest
	// design puts large metadata in subobjects, as is consistent the
	// intent of the manifest design.
	MaxManifestSize int64 = 4 * 1048 * 1048
)

Functions

func AppendDistributionSourceLabel added in v1.3.0

func AppendDistributionSourceLabel(manager content.Manager, ref string) (images.HandlerFunc, error)

AppendDistributionSourceLabel updates the label of blob with distribution source.

func ConvertManifest added in v1.2.3

func ConvertManifest(ctx context.Context, store content.Store, desc ocispec.Descriptor) (ocispec.Descriptor, error)

ConvertManifest changes application/octet-stream to schema2 config media type if need.

NOTE: 1. original manifest will be deleted by next gc round. 2. don't cover manifest list.

func DefaultHost added in v1.2.0

func DefaultHost(ns string) (string, error)

DefaultHost is the default host function.

func MatchAllHosts added in v1.3.0

func MatchAllHosts(string) (bool, error)

MatchAllHosts is a host match function which is always true.

func MatchLocalhost added in v1.3.0

func MatchLocalhost(host string) (bool, error)

MatchLocalhost is a host match function which returns true for localhost.

func NewResolver

func NewResolver(options ResolverOptions) remotes.Resolver

NewResolver returns a new resolver to a Docker registry

func WithScope added in v1.3.0

func WithScope(ctx context.Context, scope string) context.Context

WithScope appends a custom registry auth scope to the context.

Types

type Authorizer added in v1.2.0

type Authorizer interface {
	// Authorize sets the appropriate `Authorization` header on the given
	// request.
	//
	// If no authorization is found for the request, the request remains
	// unmodified. It may also add an `Authorization` header as
	//  "bearer <some bearer token>"
	//  "basic <base64 encoded credentials>"
	Authorize(context.Context, *http.Request) error

	// AddResponses adds a 401 response for the authorizer to consider when
	// authorizing requests. The last response should be unauthorized and
	// the previous requests are used to consider redirects and retries
	// that may have led to the 401.
	//
	// If response is not handled, returns `ErrNotImplemented`
	AddResponses(context.Context, []*http.Response) error
}

Authorizer is used to authorize HTTP requests based on 401 HTTP responses. An Authorizer is responsible for caching tokens or credentials used by requests.

func NewAuthorizer added in v1.2.0

func NewAuthorizer(client *http.Client, f func(string) (string, string, error)) Authorizer

NewAuthorizer creates a Docker authorizer using the provided function to get credentials for the token server or basic auth. Deprecated: Use NewDockerAuthorizer

func NewDockerAuthorizer added in v1.3.0

func NewDockerAuthorizer(opts ...AuthorizerOpt) Authorizer

NewDockerAuthorizer creates an authorizer using Docker's registry authentication spec. See https://docs.docker.com/registry/spec/auth/

type AuthorizerOpt added in v1.3.0

type AuthorizerOpt func(*authorizerConfig)

AuthorizerOpt configures an authorizer

func WithAuthClient added in v1.3.0

func WithAuthClient(client *http.Client) AuthorizerOpt

WithAuthClient provides the HTTP client for the authorizer

func WithAuthCreds added in v1.3.0

func WithAuthCreds(creds func(string) (string, string, error)) AuthorizerOpt

WithAuthCreds provides a credential function to the authorizer

func WithAuthHeader added in v1.3.0

func WithAuthHeader(hdr http.Header) AuthorizerOpt

WithAuthHeader provides HTTP headers for authorization

type HostCapabilities added in v1.3.0

type HostCapabilities uint8

HostCapabilities represent the capabilities of the registry host. This also represents the set of operations for which the registry host may be trusted to perform.

For example pushing is a capability which should only be performed on an upstream source, not a mirror. Resolving (the process of converting a name into a digest) must be considered a trusted operation and only done by a host which is trusted (or more preferably by secure process which can prove the provenance of the mapping). A public mirror should never be trusted to do a resolve action.

| Registry Type | Pull | Resolve | Push | |------------------|------|---------|------| | Public Registry | yes | yes | yes | | Private Registry | yes | yes | yes | | Public Mirror | yes | no | no | | Private Mirror | yes | yes | no |

const (
	// HostCapabilityPull represents the capability to fetch manifests
	// and blobs by digest
	HostCapabilityPull HostCapabilities = 1 << iota

	// HostCapabilityResolve represents the capability to fetch manifests
	// by name
	HostCapabilityResolve

	// HostCapabilityPush represents the capability to push blobs and
	// manifests
	HostCapabilityPush
)

func (HostCapabilities) Has added in v1.3.0

type RegistryHost added in v1.3.0

type RegistryHost struct {
	Client       *http.Client
	Authorizer   Authorizer
	Host         string
	Scheme       string
	Path         string
	Capabilities HostCapabilities
}

RegistryHost represents a complete configuration for a registry host, representing the capabilities, authorizations, connection configuration, and location.

type RegistryHosts added in v1.3.0

type RegistryHosts func(string) ([]RegistryHost, error)

RegistryHosts fetches the registry hosts for a given namespace, provided by the host component of an distribution image reference.

func ConfigureDefaultRegistries added in v1.3.0

func ConfigureDefaultRegistries(ropts ...RegistryOpt) RegistryHosts

ConfigureDefaultRegistries is used to create a default configuration for registries. For more advanced configurations or per-domain setups, the RegistryHosts interface should be used directly. NOTE: This function will always return a non-empty value or error

func Registries added in v1.3.0

func Registries(registries ...RegistryHosts) RegistryHosts

Registries joins multiple registry configuration functions, using the same order as provided within the arguments. When an empty registry configuration is returned with a nil error, the next function will be called. NOTE: This function will not join configurations, as soon as a non-empty configuration is returned from a configuration function, it will be returned to the caller.

type RegistryOpt added in v1.3.0

type RegistryOpt func(*registryOpts)

RegistryOpt defines a registry default option

func WithAuthorizer added in v1.3.0

func WithAuthorizer(a Authorizer) RegistryOpt

WithAuthorizer configures the default authorizer for a registry

func WithClient added in v1.3.0

func WithClient(c *http.Client) RegistryOpt

WithClient configures the default http client for a registry

func WithHostTranslator added in v1.3.0

func WithHostTranslator(h func(string) (string, error)) RegistryOpt

WithHostTranslator defines the default translator to use for registry hosts

func WithPlainHTTP added in v1.3.0

func WithPlainHTTP(f func(string) (bool, error)) RegistryOpt

WithPlainHTTP configures registries to use plaintext http scheme for the provided host match function.

type ResolverOptions

type ResolverOptions struct {
	// Hosts returns registry host configurations for a namespace.
	Hosts RegistryHosts

	// Headers are the HTTP request header fields sent by the resolver
	Headers http.Header

	// Tracker is used to track uploads to the registry. This is used
	// since the registry does not have upload tracking and the existing
	// mechanism for getting blob upload status is expensive.
	Tracker StatusTracker

	// Authorizer is used to authorize registry requests
	// Deprecated: use Hosts
	Authorizer Authorizer

	// Credentials provides username and secret given a host.
	// If username is empty but a secret is given, that secret
	// is interpreted as a long lived token.
	// Deprecated: use Hosts
	Credentials func(string) (string, string, error)

	// Host provides the hostname given a namespace.
	// Deprecated: use Hosts
	Host func(string) (string, error)

	// PlainHTTP specifies to use plain http and not https
	// Deprecated: use Hosts
	PlainHTTP bool

	// Client is the http client to used when making registry requests
	// Deprecated: use Hosts
	Client *http.Client
}

ResolverOptions are used to configured a new Docker register resolver

type Status

type Status struct {
	content.Status

	// UploadUUID is used by the Docker registry to reference blob uploads
	UploadUUID string
}

Status of a content operation

type StatusTracker

type StatusTracker interface {
	GetStatus(string) (Status, error)
	SetStatus(string, Status)
}

StatusTracker to track status of operations

func NewInMemoryTracker

func NewInMemoryTracker() StatusTracker

NewInMemoryTracker returns a StatusTracker that tracks content status in-memory

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL