2018-02-05 21:05:59 +00:00
|
|
|
package distribution // import "github.com/docker/docker/distribution"
|
2015-11-18 22:18:44 +00:00
|
|
|
|
|
|
|
import (
|
2018-04-19 22:30:59 +00:00
|
|
|
"context"
|
2015-11-04 05:03:12 +00:00
|
|
|
"fmt"
|
2015-11-18 22:18:44 +00:00
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"time"
|
|
|
|
|
2023-08-30 16:31:46 +00:00
|
|
|
"github.com/distribution/reference"
|
2015-11-18 22:18:44 +00:00
|
|
|
"github.com/docker/distribution"
|
2016-12-16 19:19:05 +00:00
|
|
|
"github.com/docker/distribution/manifest/schema2"
|
2015-11-18 22:18:44 +00:00
|
|
|
"github.com/docker/distribution/registry/client"
|
|
|
|
"github.com/docker/distribution/registry/client/auth"
|
|
|
|
"github.com/docker/distribution/registry/client/transport"
|
2022-03-03 09:31:31 +00:00
|
|
|
registrytypes "github.com/docker/docker/api/types/registry"
|
2016-01-04 18:36:01 +00:00
|
|
|
"github.com/docker/docker/dockerversion"
|
2015-11-18 22:18:44 +00:00
|
|
|
"github.com/docker/docker/registry"
|
2018-06-28 00:58:54 +00:00
|
|
|
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
2015-11-18 22:18:44 +00:00
|
|
|
)
|
|
|
|
|
2022-02-27 19:33:52 +00:00
|
|
|
var (
|
2022-12-02 00:26:06 +00:00
|
|
|
// supportedMediaTypes represents acceptable media-type(-prefixes)
|
|
|
|
// we use this list to prevent obscure errors when trying to pull
|
|
|
|
// OCI artifacts.
|
|
|
|
supportedMediaTypes = []string{
|
|
|
|
// valid prefixes
|
|
|
|
"application/vnd.oci.image",
|
|
|
|
"application/vnd.docker",
|
|
|
|
|
|
|
|
// these types may occur on old images, and are copied from
|
|
|
|
// defaultImageTypes below.
|
|
|
|
"application/octet-stream",
|
|
|
|
"application/json",
|
|
|
|
"text/html",
|
|
|
|
"",
|
|
|
|
}
|
|
|
|
|
2022-02-27 19:33:52 +00:00
|
|
|
// defaultImageTypes represents the schema2 config types for images
|
|
|
|
defaultImageTypes = []string{
|
|
|
|
schema2.MediaTypeImageConfig,
|
|
|
|
ocispec.MediaTypeImageConfig,
|
|
|
|
// Handle unexpected values from https://github.com/docker/distribution/issues/1621
|
|
|
|
// (see also https://github.com/docker/docker/issues/22378,
|
|
|
|
// https://github.com/docker/docker/issues/30083)
|
|
|
|
"application/octet-stream",
|
|
|
|
"application/json",
|
|
|
|
"text/html",
|
|
|
|
// Treat defaulted values as images, newer types cannot be implied
|
|
|
|
"",
|
|
|
|
}
|
2016-12-16 19:19:05 +00:00
|
|
|
|
2022-02-27 19:33:52 +00:00
|
|
|
// pluginTypes represents the schema2 config types for plugins
|
|
|
|
pluginTypes = []string{
|
|
|
|
schema2.MediaTypePluginConfig,
|
|
|
|
}
|
2016-12-16 19:19:05 +00:00
|
|
|
|
2022-02-27 19:33:52 +00:00
|
|
|
mediaTypeClasses map[string]string
|
|
|
|
)
|
2016-12-16 19:19:05 +00:00
|
|
|
|
|
|
|
func init() {
|
2022-02-27 19:33:52 +00:00
|
|
|
// initialize media type classes with all know types for images and plugins.
|
2016-12-16 19:19:05 +00:00
|
|
|
mediaTypeClasses = map[string]string{}
|
2022-02-27 19:33:52 +00:00
|
|
|
for _, t := range defaultImageTypes {
|
2016-12-16 19:19:05 +00:00
|
|
|
mediaTypeClasses[t] = "image"
|
|
|
|
}
|
2022-02-27 19:33:52 +00:00
|
|
|
for _, t := range pluginTypes {
|
2016-12-16 19:19:05 +00:00
|
|
|
mediaTypeClasses[t] = "plugin"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-02-27 21:11:13 +00:00
|
|
|
// newRepository returns a repository (v2 only). It creates an HTTP transport
|
2015-11-18 22:18:44 +00:00
|
|
|
// providing timeout settings and authentication support, and also verifies the
|
|
|
|
// remote API version.
|
2022-02-27 21:11:13 +00:00
|
|
|
func newRepository(
|
2019-09-18 11:53:39 +00:00
|
|
|
ctx context.Context, repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint,
|
2022-03-03 09:31:31 +00:00
|
|
|
metaHeaders http.Header, authConfig *registrytypes.AuthConfig, actions ...string,
|
2023-09-08 13:44:58 +00:00
|
|
|
) (distribution.Repository, error) {
|
2017-01-26 00:54:18 +00:00
|
|
|
repoName := repoInfo.Name.Name()
|
2015-11-18 22:18:44 +00:00
|
|
|
// If endpoint does not support CanonicalName, use the RemoteName instead
|
|
|
|
if endpoint.TrimHostname {
|
2017-01-26 00:54:18 +00:00
|
|
|
repoName = reference.Path(repoInfo.Name)
|
2015-11-18 22:18:44 +00:00
|
|
|
}
|
|
|
|
|
2016-04-25 11:54:48 +00:00
|
|
|
direct := &net.Dialer{
|
|
|
|
Timeout: 30 * time.Second,
|
|
|
|
KeepAlive: 30 * time.Second,
|
|
|
|
}
|
|
|
|
|
2015-11-18 22:18:44 +00:00
|
|
|
// TODO(dmcgowan): Call close idle connections when complete, use keep alive
|
|
|
|
base := &http.Transport{
|
2016-04-25 11:54:48 +00:00
|
|
|
Proxy: http.ProxyFromEnvironment,
|
2019-09-18 11:53:39 +00:00
|
|
|
DialContext: direct.DialContext,
|
2015-11-18 22:18:44 +00:00
|
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
|
|
TLSClientConfig: endpoint.TLSConfig,
|
|
|
|
// TODO(dmcgowan): Call close idle connections when complete and use keep alive
|
|
|
|
DisableKeepAlives: true,
|
|
|
|
}
|
|
|
|
|
2017-10-25 12:39:51 +00:00
|
|
|
modifiers := registry.Headers(dockerversion.DockerUserAgent(ctx), metaHeaders)
|
2015-11-18 22:18:44 +00:00
|
|
|
authTransport := transport.NewTransport(base, modifiers...)
|
2016-02-11 23:45:29 +00:00
|
|
|
|
2019-06-18 01:42:24 +00:00
|
|
|
challengeManager, err := registry.PingV2Registry(endpoint.URL, authTransport)
|
2016-03-01 07:07:41 +00:00
|
|
|
if err != nil {
|
|
|
|
transportOK := false
|
|
|
|
if responseErr, ok := err.(registry.PingResponseError); ok {
|
|
|
|
transportOK = true
|
|
|
|
err = responseErr.Err
|
2015-11-18 22:18:44 +00:00
|
|
|
}
|
2019-06-18 01:42:24 +00:00
|
|
|
return nil, fallbackError{
|
2016-02-11 23:45:29 +00:00
|
|
|
err: err,
|
2016-03-01 07:07:41 +00:00
|
|
|
transportOK: transportOK,
|
2016-02-11 23:45:29 +00:00
|
|
|
}
|
2015-11-18 22:18:44 +00:00
|
|
|
}
|
|
|
|
|
2015-11-04 05:03:12 +00:00
|
|
|
if authConfig.RegistryToken != "" {
|
2023-09-08 13:44:58 +00:00
|
|
|
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, &passThruTokenHandler{token: authConfig.RegistryToken}))
|
2015-11-04 05:03:12 +00:00
|
|
|
} else {
|
2016-07-13 20:30:24 +00:00
|
|
|
creds := registry.NewStaticCredentialStore(authConfig)
|
2023-09-08 13:44:58 +00:00
|
|
|
tokenHandler := auth.NewTokenHandlerWithOptions(auth.TokenHandlerOptions{
|
2016-02-23 23:18:04 +00:00
|
|
|
Transport: authTransport,
|
|
|
|
Credentials: creds,
|
2023-09-08 13:44:58 +00:00
|
|
|
Scopes: []auth.Scope{auth.RepositoryScope{
|
|
|
|
Repository: repoName,
|
|
|
|
Actions: actions,
|
|
|
|
Class: repoInfo.Class,
|
|
|
|
}},
|
|
|
|
ClientID: registry.AuthClientID,
|
|
|
|
})
|
2015-11-04 05:03:12 +00:00
|
|
|
basicHandler := auth.NewBasicHandler(creds)
|
|
|
|
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
|
|
|
|
}
|
2015-11-18 22:18:44 +00:00
|
|
|
tr := transport.NewTransport(base, modifiers...)
|
|
|
|
|
2017-01-26 00:54:18 +00:00
|
|
|
repoNameRef, err := reference.WithName(repoName)
|
2016-01-26 19:20:14 +00:00
|
|
|
if err != nil {
|
2019-06-18 01:42:24 +00:00
|
|
|
return nil, fallbackError{
|
2016-02-11 23:45:29 +00:00
|
|
|
err: err,
|
|
|
|
transportOK: true,
|
|
|
|
}
|
2016-01-26 19:20:14 +00:00
|
|
|
}
|
|
|
|
|
2023-09-08 13:44:58 +00:00
|
|
|
repo, err := client.NewRepository(repoNameRef, endpoint.URL.String(), tr)
|
2016-02-11 23:45:29 +00:00
|
|
|
if err != nil {
|
2023-09-08 13:44:58 +00:00
|
|
|
return nil, fallbackError{
|
2016-02-11 23:45:29 +00:00
|
|
|
err: err,
|
|
|
|
transportOK: true,
|
|
|
|
}
|
|
|
|
}
|
2023-09-08 13:44:58 +00:00
|
|
|
|
|
|
|
return repo, nil
|
2015-11-18 22:18:44 +00:00
|
|
|
}
|
|
|
|
|
2023-09-08 13:44:58 +00:00
|
|
|
type passThruTokenHandler struct {
|
2015-11-04 05:03:12 +00:00
|
|
|
token string
|
|
|
|
}
|
|
|
|
|
2023-09-08 13:44:58 +00:00
|
|
|
func (th *passThruTokenHandler) Scheme() string {
|
2015-11-04 05:03:12 +00:00
|
|
|
return "bearer"
|
|
|
|
}
|
|
|
|
|
2023-09-08 13:44:58 +00:00
|
|
|
func (th *passThruTokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
|
2015-11-04 05:03:12 +00:00
|
|
|
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", th.token))
|
|
|
|
return nil
|
|
|
|
}
|