Documentation
¶
Overview ¶
Package server wraps repository and blob store objects of docker/distribution upstream. Most significantly, the wrappers cause manifests to be stored in OpenShift's etcd store instead of registry's storage. Registry's middleware API is utilized to register the object factories.
Module with quotaRestrictedBlobStore defines a wrapper for upstream blob store that does an image quota and limits check before committing image layer to a registry. Master server contains admission check that will refuse the manifest if the image exceeds whatever quota or limit set. But the check occurs too late (after the layers are written). This addition allows us to refuse the layers and thus keep the storage clean.
*Note*: Here, we take into account just a single layer, not the image as a whole because the layers are uploaded before the manifest. This leads to a situation where several layers can be written until a big enough layer will be received that exceeds the limit.
Index ¶
- Variables
- func NewApp(ctx context.Context, registryClient client.RegistryClient, ...) http.Handler
- func NewSignatureDispatcher(isImageClient client.ImageStreamImagesNamespacer) func(*handlers.Context, *http.Request) http.Handler
- func NewTokenHandler(ctx context.Context, client client.RegistryClient) http.Handler
- func RegisterMetricHandler(app *handlers.App)
- func RegisterSignatureHandler(app *handlers.App, isImageClient client.ImageStreamImagesNamespacer)
- func RememberLayersOfImage(ctx context.Context, cache cache.RepositoryDigest, image *imageapiv1.Image, ...)
- func RememberLayersOfImageStream(ctx context.Context, cache cache.RepositoryDigest, ...)
- func WithUserInfoLogger(ctx context.Context, username, userid string) context.Context
- type AccessController
- type App
- func (app *App) Auth(options map[string]interface{}) (registryauth.AccessController, error)
- func (app *App) BlobStatter() distribution.BlobStatter
- func (app *App) CacheProvider(ctx context.Context, options map[string]interface{}) (registrycache.BlobDescriptorCacheProvider, error)
- func (app *App) Registry(nm distribution.Namespace, options map[string]interface{}) (distribution.Namespace, error)
- func (app *App) Repository(ctx context.Context, repo distribution.Repository, crossmount bool) (distribution.Repository, distribution.BlobDescriptorServiceFactory, error)
- func (app *App) Storage(driver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error)
- type BlobGetterService
- type RepositoryEnumerator
Constants ¶
This section is empty.
Variables ¶
var ( // Challenging errors ErrTokenRequired = errors.New("authorization header required") ErrTokenInvalid = errors.New("failed to decode credentials") ErrOpenShiftAccessDenied = errors.New("access denied") // Non-challenging errors ErrNamespaceRequired = errors.New("repository namespace required") ErrUnsupportedAction = errors.New("unsupported action") ErrUnsupportedResource = errors.New("unsupported resource") )
Errors used and exported by this package.
var ( ErrorCodeSignatureInvalid = errcode.Register(errGroup, errcode.ErrorDescriptor{ Value: "SIGNATURE_INVALID", Message: "invalid image signature", HTTPStatusCode: http.StatusBadRequest, }) ErrorCodeSignatureAlreadyExists = errcode.Register(errGroup, errcode.ErrorDescriptor{ Value: "SIGNATURE_EXISTS", Message: "image signature already exists", HTTPStatusCode: http.StatusConflict, }) )
Functions ¶
func NewApp ¶
func NewApp(ctx context.Context, registryClient client.RegistryClient, dockerConfig *configuration.Configuration, extraConfig *registryconfig.Configuration, writeLimiter maxconnections.Limiter) http.Handler
NewApp configures the registry application and returns http.Handler for it. The program will be terminated if an error happens.
func NewSignatureDispatcher ¶
func NewSignatureDispatcher(isImageClient client.ImageStreamImagesNamespacer) func(*handlers.Context, *http.Request) http.Handler
NewSignatureDispatcher provides a function that handles the GET and PUT requests for signature endpoint.
func NewTokenHandler ¶
NewTokenHandler returns a handler that implements the docker token protocol
func RegisterMetricHandler ¶
func RegisterSignatureHandler ¶
func RegisterSignatureHandler(app *handlers.App, isImageClient client.ImageStreamImagesNamespacer)
RegisterSignatureHandler registers the Docker image signature extension to Docker registry.
func RememberLayersOfImage ¶
func RememberLayersOfImage(ctx context.Context, cache cache.RepositoryDigest, image *imageapiv1.Image, cacheName string)
RememberLayersOfImage caches the layer digests of given image.
func RememberLayersOfImageStream ¶
func RememberLayersOfImageStream(ctx context.Context, cache cache.RepositoryDigest, layers *imageapiv1.ImageStreamLayers, cacheName string)
RememberLayersOfImageStream caches the layer digests of given image stream.
Types ¶
type AccessController ¶
type AccessController struct {
// contains filtered or unexported fields
}
func (*AccessController) Authorized ¶
func (ac *AccessController) Authorized(ctx context.Context, accessRecords ...registryauth.Access) (context.Context, error)
Authorized handles checking whether the given request is authorized for actions on resources allowed by openshift. Sources of access records:
origin/pkg/cmd/dockerregistry/dockerregistry.go#Execute docker/distribution/registry/handlers/app.go#appendAccessRecords
type App ¶
type App struct {
// contains filtered or unexported fields
}
App is a global registry application object. Shared resources can be placed on this object that will be accessible from all requests.
func (*App) Auth ¶
func (app *App) Auth(options map[string]interface{}) (registryauth.AccessController, error)
func (*App) BlobStatter ¶
func (app *App) BlobStatter() distribution.BlobStatter
func (*App) CacheProvider ¶
func (app *App) CacheProvider(ctx context.Context, options map[string]interface{}) (registrycache.BlobDescriptorCacheProvider, error)
func (*App) Registry ¶
func (app *App) Registry(nm distribution.Namespace, options map[string]interface{}) (distribution.Namespace, error)
func (*App) Repository ¶
func (app *App) Repository(ctx context.Context, repo distribution.Repository, crossmount bool) (distribution.Repository, distribution.BlobDescriptorServiceFactory, error)
Repository returns a new repository middleware.
func (*App) Storage ¶
func (app *App) Storage(driver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error)
type BlobGetterService ¶
type BlobGetterService interface {
distribution.BlobStatter
distribution.BlobProvider
distribution.BlobServer
}
BlobGetterService combines the operations to access and read blobs.
func NewBlobGetterService ¶
func NewBlobGetterService( imageStream imagestream.ImageStream, secretsGetter secretsGetter, cache cache.RepositoryDigest, m metrics.Pullthrough, ) BlobGetterService
NewBlobGetterService returns a getter for remote blobs. Its cache will be shared among different middleware wrappers, which is a must at least for stat calls made on manifest's dependencies during its verification.
type RepositoryEnumerator ¶
type RepositoryEnumerator interface {
// EnumerateRepositories fills the given repos slice with image stream names. The slice's length
// determines the maximum number of repositories returned. The repositories are lexicographically sorted.
// The last argument allows for pagination. It is the offset in the catalog. Returned is a number of
// repositories filled. If there are no more repositories to return, io.EOF is returned.
EnumerateRepositories(ctx context.Context, repos []string, last string) (n int, err error)
}
RepositoryEnumerator allows to enumerate repositories known to the registry.
func NewCachingRepositoryEnumerator ¶
func NewCachingRepositoryEnumerator(client client.RegistryClient, cache *cache.LRUExpireCache) RepositoryEnumerator
NewCachingRepositoryEnumerator returns a new caching repository enumerator.
Source Files
¶
- admin.go
- app.go
- auth.go
- blobdescriptorservice.go
- catalog.go
- context.go
- manifestservice.go
- metrichandler.go
- pendingerrors.go
- projectcache.go
- pullthroughblobstore.go
- pullthroughmanifestservice.go
- quotarestrictedblobstore.go
- registry.go
- remoteblobgetter.go
- repository.go
- signaturedispatcher.go
- signaturehandler.go
- tagservice.go
- token.go
- util.go
Directories
¶
| Path | Synopsis |
|---|---|
|
Package api describes routes and urls that extends the Registry JSON HTTP API.
|
Package api describes routes and urls that extends the Registry JSON HTTP API. |
|
Package audit log the beginning and end of each API request to different logger.
|
Package audit log the beginning and end of each API request to different logger. |
|
Package auth provides functions for token authentication specification
|
Package auth provides functions for token authentication specification |
|
Package cache provides facilities to speed up access to the storage backend.
|
Package cache provides facilities to speed up access to the storage backend. |
|
Package client provides functions to make requests to external APIs.
|
Package client provides functions to make requests to external APIs. |
|
Package manifesthandler defines a common set of operations on all versions of manifest schema.
|
Package manifesthandler defines a common set of operations on all versions of manifest schema. |
|
Package metrics provides functions to collect runtime registry statistics and expose the registered metrics via HTTP.
|
Package metrics provides functions to collect runtime registry statistics and expose the registered metrics via HTTP. |
|
Package prune contains functions that allow you to manipulate data on the storage.
|
Package prune contains functions that allow you to manipulate data on the storage. |
|
Package supermiddleware provides helpers to run the Docker registry with middlewares without having to register them globally.
|
Package supermiddleware provides helpers to run the Docker registry with middlewares without having to register them globally. |