server

package
v4.2.19+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2019 License: Apache-2.0 Imports: 54 Imported by: 1

Documentation

Overview

Package server wraps repository and blob store objects of docker/distribution upstream. Most significantly, the wrappers cause manifests to be stored in OpenShift's etcd store instead of registry's storage. Registry's middleware API is utilized to register the object factories.

Module with quotaRestrictedBlobStore defines a wrapper for upstream blob store that does an image quota and limits check before committing image layer to a registry. Master server contains admission check that will refuse the manifest if the image exceeds whatever quota or limit set. But the check occurs too late (after the layers are written). This addition allows us to refuse the layers and thus keep the storage clean.

*Note*: Here, we take into account just a single layer, not the image as a whole because the layers are uploaded before the manifest. This leads to a situation where several layers can be written until a big enough layer will be received that exceeds the limit.

Index

Constants

This section is empty.

Variables

View Source
var (
	// Challenging errors
	ErrTokenRequired         = errors.New("authorization header required")
	ErrTokenInvalid          = errors.New("failed to decode credentials")
	ErrOpenShiftAccessDenied = errors.New("access denied")

	// Non-challenging errors
	ErrNamespaceRequired   = errors.New("repository namespace required")
	ErrUnsupportedAction   = errors.New("unsupported action")
	ErrUnsupportedResource = errors.New("unsupported resource")
)

Errors used and exported by this package.

View Source
var (
	ErrorCodeSignatureInvalid = errcode.Register(errGroup, errcode.ErrorDescriptor{
		Value:          "SIGNATURE_INVALID",
		Message:        "invalid image signature",
		HTTPStatusCode: http.StatusBadRequest,
	})

	ErrorCodeSignatureAlreadyExists = errcode.Register(errGroup, errcode.ErrorDescriptor{
		Value:          "SIGNATURE_EXISTS",
		Message:        "image signature already exists",
		HTTPStatusCode: http.StatusConflict,
	})
)

Functions

func NewApp

func NewApp(ctx context.Context, registryClient client.RegistryClient, dockerConfig *configuration.Configuration, extraConfig *registryconfig.Configuration, writeLimiter maxconnections.Limiter) http.Handler

NewApp configures the registry application and returns http.Handler for it. The program will be terminated if an error happens.

func NewSignatureDispatcher

func NewSignatureDispatcher(isImageClient client.ImageStreamImagesNamespacer) func(*handlers.Context, *http.Request) http.Handler

NewSignatureDispatcher provides a function that handles the GET and PUT requests for signature endpoint.

func NewTokenHandler

func NewTokenHandler(ctx context.Context, client client.RegistryClient) http.Handler

NewTokenHandler returns a handler that implements the docker token protocol

func RegisterMetricHandler

func RegisterMetricHandler(app *handlers.App)

func RegisterSignatureHandler

func RegisterSignatureHandler(app *handlers.App, isImageClient client.ImageStreamImagesNamespacer)

RegisterSignatureHandler registers the Docker image signature extension to Docker registry.

func RememberLayersOfImage

func RememberLayersOfImage(ctx context.Context, cache cache.RepositoryDigest, image *imageapiv1.Image, cacheName string)

RememberLayersOfImage caches the layer digests of given image.

func RememberLayersOfImageStream

func RememberLayersOfImageStream(ctx context.Context, cache cache.RepositoryDigest, layers *imageapiv1.ImageStreamLayers, cacheName string)

RememberLayersOfImageStream caches the layer digests of given image stream.

func WithUserInfoLogger

func WithUserInfoLogger(ctx context.Context, username, userid string) context.Context

WithUserInfoLogger creates a new context with provided user infomation.

Types

type AccessController

type AccessController struct {
	// contains filtered or unexported fields
}

func (*AccessController) Authorized

func (ac *AccessController) Authorized(ctx context.Context, accessRecords ...registryauth.Access) (context.Context, error)

Authorized handles checking whether the given request is authorized for actions on resources allowed by openshift. Sources of access records:

origin/pkg/cmd/dockerregistry/dockerregistry.go#Execute
docker/distribution/registry/handlers/app.go#appendAccessRecords

type App

type App struct {
	// contains filtered or unexported fields
}

App is a global registry application object. Shared resources can be placed on this object that will be accessible from all requests.

func (*App) Auth

func (app *App) Auth(options map[string]interface{}) (registryauth.AccessController, error)

func (*App) BlobStatter

func (app *App) BlobStatter() distribution.BlobStatter

func (*App) CacheProvider

func (app *App) CacheProvider(ctx context.Context, options map[string]interface{}) (registrycache.BlobDescriptorCacheProvider, error)

func (*App) Registry

func (app *App) Registry(nm distribution.Namespace, options map[string]interface{}) (distribution.Namespace, error)

func (*App) Repository

Repository returns a new repository middleware.

func (*App) Storage

func (app *App) Storage(driver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error)

type BlobGetterService

BlobGetterService combines the operations to access and read blobs.

func NewBlobGetterService

func NewBlobGetterService(
	imageStream imagestream.ImageStream,
	secretsGetter secretsGetter,
	cache cache.RepositoryDigest,
	m metrics.Pullthrough,
) BlobGetterService

NewBlobGetterService returns a getter for remote blobs. Its cache will be shared among different middleware wrappers, which is a must at least for stat calls made on manifest's dependencies during its verification.

type RepositoryEnumerator

type RepositoryEnumerator interface {
	// EnumerateRepositories fills the given repos slice with image stream names. The slice's length
	// determines the maximum number of repositories returned. The repositories are lexicographically sorted.
	// The last argument allows for pagination. It is the offset in the catalog. Returned is a number of
	// repositories filled. If there are no more repositories to return, io.EOF is returned.
	EnumerateRepositories(ctx context.Context, repos []string, last string) (n int, err error)
}

RepositoryEnumerator allows to enumerate repositories known to the registry.

func NewCachingRepositoryEnumerator

func NewCachingRepositoryEnumerator(client client.RegistryClient, cache *cache.LRUExpireCache) RepositoryEnumerator

NewCachingRepositoryEnumerator returns a new caching repository enumerator.

Directories

Path Synopsis
Package api describes routes and urls that extends the Registry JSON HTTP API.
Package api describes routes and urls that extends the Registry JSON HTTP API.
Package audit log the beginning and end of each API request to different logger.
Package audit log the beginning and end of each API request to different logger.
Package auth provides functions for token authentication specification
Package auth provides functions for token authentication specification
Package cache provides facilities to speed up access to the storage backend.
Package cache provides facilities to speed up access to the storage backend.
Package client provides functions to make requests to external APIs.
Package client provides functions to make requests to external APIs.
Package manifesthandler defines a common set of operations on all versions of manifest schema.
Package manifesthandler defines a common set of operations on all versions of manifest schema.
Package metrics provides functions to collect runtime registry statistics and expose the registered metrics via HTTP.
Package metrics provides functions to collect runtime registry statistics and expose the registered metrics via HTTP.
Package prune contains functions that allow you to manipulate data on the storage.
Package prune contains functions that allow you to manipulate data on the storage.
Package supermiddleware provides helpers to run the Docker registry with middlewares without having to register them globally.
Package supermiddleware provides helpers to run the Docker registry with middlewares without having to register them globally.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL