Commit Graph

1828 Commits

Author SHA1 Message Date
Josh Hawn
0f670bdc91 [api spec] Update authN and authZ errors
Associate HTTP 401s with Authentication errors rather than Authorization
errors. Changes the meaning of the UNAUTHORIZED error to be authentication
specific.

Defines DENIED error code to be associated with authorization
errors which result in HTTP 403 responses.

Add 'No Such Repository' errors to more endpoints.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-09-30 09:12:31 -07:00
Stephen Day
497133f567 Merge pull request #1045 from tt/remove-duplicate-dependency-definition
Remove duplicate dependency definition
2015-09-30 13:19:35 +02:00
Stephen Day
7f2ffe0ad1 Merge pull request #1036 from dmcgowan/digest-set-update
Add remove and list functions to digest set
2015-09-30 13:17:41 +02:00
Stephen Day
ca2156d558 Merge pull request #1024 from aaronlehmann/avoid-testing-import
Avoid importing "testing" in externally-facing code
2015-09-30 13:14:42 +02:00
Troels Thomsen
6a3496d9a5 Remove duplicate dependency definition
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-30 10:48:28 +02:00
Troels Thomsen
5fc0c2f0b7 Use revision of saved package
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-30 10:48:21 +02:00
xiekeyang
da8ef7585d add description to manifest spec
This PR add some description to manifest spec.
It clarifies the relationship between `fsLayers` and `history` fields.

Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-09-30 10:16:46 +08:00
Richard Scothern
64660c68f2 Merge pull request #1042 from tt/upgrade-amazon-library
Upgrade Amazon library
2015-09-29 17:50:41 -07:00
Troels Thomsen
cca9f74eec Upgrade Amazon library to revision aa6e716d710a0c7941cb2075cfbb9661f16d21f1
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-30 00:29:17 +02:00
Aaron Lehmann
6acb3a0d7e Avoid importing "testing" in externally-facing code
The "testing" package adds some flags in its init function, so utilities
that import distribution code may print a page of extra testing flags in
their help output.

This commit solves the issue by moving an import of "testing" in the
registry/storage/cache package to a new
registry/storage/cache/cachecheck package, which is only imported by
tests.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-29 10:06:39 -07:00
Derek McGowan
dc6c54489c Add remove and list functions to digest set
Add mutex protection around set access

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-09-29 10:04:15 -07:00
Aaron Lehmann
14a4b4d9d6 Merge pull request #1001 from RichardScothern/fix-atrocity
Don't return nil, nil from functions
2015-09-28 13:34:11 -07:00
Troels Thomsen
cfe50c9ef4 Fix incorrect default
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-28 10:08:17 +02:00
Richard Scothern
d03c56129c Merge pull request #991 from mattmoor/expires_in_proposal
Fixes #684
2015-09-25 15:23:28 -07:00
Richard Scothern
07b05a72bb Merge pull request #999 from nakedible-p/patch-1
Remove initial access check from S3 driver
2015-09-25 15:23:03 -07:00
Richard Scothern
794975e9e6 Merge pull request #1014 from shyr/patch-3
Minor grammar fix : duplicated coordinators.
2015-09-23 10:04:33 -07:00
Sungho Moon
7bf66b6855 Minor grammar fix : duplicated coordinators.
Signed-off-by: Sungho Moon <sungho.moon@navercorp.com>
2015-09-23 11:40:13 +09:00
Aaron Lehmann
a601f92336 Add an "enabled" parameter under "readonly", and make it as if the mutable handlers don't exist when read-only mode is enabled
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:49:26 -07:00
Aaron Lehmann
c9bb330b71 Add a read-only mode as a configuration option
Add "readonly" under the storage/maintenance section. When this is set
to true, uploads and deletions will return 503 Service Unavailable
errors.

Document the parameter and add some unit testing.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:47:48 -07:00
Nuutti Kotivuori
26d8344872 Remove initial access check from S3 driver
In the S3 storage driver there is currently an initial access permission check by listing the bucket. If this check fails, registry will panic and exit.

However, this check is broken in two ways. First of all it strips the final slash from the root directory path, meaning that any access permissions which limit access to a single directory will fail, because S3 treats the path as strict prefix match. Secondly it fails to strip any leading slash that might be present, unlike the other access places, which means that the path used is different as a leading slash is allowed and significant in a filename in S3.

Since there is also a periodic health check which correctly checks access permissions and shows the error more cleanly, the best solution seems to be to just remove this initial access check.

Signed-off-by: Nuutti Kotivuori <nuutti.kotivuori@poplatek.fi>
2015-09-19 12:47:12 +03:00
Richard Scothern
f36ab5a834 Don't return a nil array and a nil error if the Tags endpoint cannot be found
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-18 16:19:41 -07:00
Richard Scothern
924913b4c3 Avoid returning nil, nil when fetching a manifest by tag by introducing a new
error ErrManifestNotModified which can be checked by clients.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-18 16:19:37 -07:00
Matt Moore
ca7c845dc0 Fixes #684
Split the discussion of v2 authentication into two parts:
1) A specification of the handshake between the client, registry and
authentication service.
2) A description of how `docker/distribution` implements this using JWT.

This should make it clearer that `#2` is an implementation detail, and
that clients should regard tokens as opaque entities that only the
registry and authentication service should understand.

Signed-off-by: Matt Moore <mattmoor@google.com>
2015-09-18 15:26:32 -07:00
Richard Scothern
f8109a78f9 Merge pull request #997 from xiekeyang/typo
typo
2015-09-18 12:03:58 -07:00
xiekeyang
78c760f898 typo
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-09-18 17:27:01 +08:00
Aaron Lehmann
f651c5d68e Merge pull request #981 from LouisKottmann/master
Add exemple proxy mistake whith nginx sitting behind an ELB
2015-09-17 14:35:12 -07:00
Louis Kottmann
4075e2bb3d Add exemple proxy mistake whith nginx sitting behind an ELB
closes #970

Signed-off-by: Louis Kottmann <louis.kottmann@gmail.com>
2015-09-17 12:46:12 +02:00
Richard Scothern
4271c60d98 Merge pull request #973 from jlhawn/update_token_spec
[docs/spec/auth] Clarify the Token auth workflow
2015-09-16 10:41:08 -07:00
Stephen Day
ece8e132bf Merge pull request #974 from stevvooe/context-cleanup
context: WithVersion and context package cleanup
2015-09-14 19:24:33 -07:00
Stephen J Day
530afa5234 Add WithVersion to context and other cleanup
By adding WithVersion to the context package, we can simplify context setup in
the application. This avoids some odd bugs where instantiation order can lead
to missing instance.id or version from log messages.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-09-14 17:14:31 -07:00
Josh Hawn
fb481ef843 [docs/spec/auth] Clarify the Token auth workflow
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-09-14 15:57:16 -07:00
Stephen J Day
360c24d975 Allow interface{} keys when using logger
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-09-11 11:33:55 -07:00
Stephen Day
b0e94fb154 Merge pull request #977 from aaronlehmann/use-distribution-context
Only use the distribution/context package in registry.go
2015-09-11 11:33:19 -07:00
Aaron Lehmann
c4cf32c797 Only use the distribution/context package in registry.go
This solves a issue from #909 where instance.id was not printed in logs,
because this file was using the background context from
golang.org/x/net/context instead of
github.com/docker/distribution/context.

It's cleaner to standardize on one package, so this commit removes the
import of golang.org/x/net/context entirely. The Context interfaces
defined in both packages are the same, so other code using
golang.org/x/net/context can still pass its context to NewRegistry.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-11 09:54:15 -07:00
Richard Scothern
00d59d621f Merge pull request #909 from aaronlehmann/importable-registry
Move initialization code from main.go to the registry package
2015-09-10 17:48:11 -07:00
Stephen Day
1cdcc0462a Merge pull request #888 from aaronlehmann/config-env-vars
More flexible environment variable overrides
2015-09-10 17:01:30 -07:00
Olivier Gambier
6bf5a049ff Merge pull request #964 from aaronlehmann/pin-dind-dep
Download dind from v1.8.1 tag of docker/docker repo
2015-09-09 18:13:10 -07:00
Aaron Lehmann
540e3f1433 Update godeps for addition of cobra dependency
codegangsta/cli is being removed since the "dist" tool which used it is
no longer in the repo.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-09 14:39:31 -07:00
Aaron Lehmann
cbc9957e29 Add a cobra command that implements the entire main function for registry
Use this command in cmd/registry/main.go.

Move debug server to the main command, and change Serve to be a
ListenAndServe function.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-09 14:39:31 -07:00
Aaron Lehmann
9b69e40c93 Move initialization code from main.go to the registry package
This makes it easier to embed a registry instance inside another
application.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-09 14:39:31 -07:00
Aaron Lehmann
2b42e98a98 Download dind from v1.8.1 tag of docker/docker repo
Fixes #898.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-08 17:48:13 -07:00
Richard Scothern
7a305cc8cd Merge pull request #946 from humble00/master
Add TrustId parameter to swift driver
2015-09-08 15:59:29 -07:00
Jack Griffin
2749bcdc28 Skip creating swift container if already exists
Signed-off-by: Jack Griffin <jackpg14@gmail.com>
2015-09-04 18:53:17 +00:00
Aaron Lehmann
a49bf24abe More flexible environment variable overrides
Overriding configuration parameters with environment variables used to
work by walking the configuration structure and checking for a
corresponding environment variable for each item. This was very limiting
because only variables corresponding to items that already existed in
the configuration structure would be checked. For example, an
environment variable corresponding to nested maps would only be noticed
if the outer map's key already existed.

This commit changes environment variable overriding to iterate over the
environment instead. For environment variables beginning with the
REGISTRY_ prefix, it splits the rest of their names on "_", and
interprets that as a path to the variable to unmarshal into. Map keys
are created as necessary. If we encounter an empty interface partway
through following the path, it becomes an implicit
map[string]interface{}.

With the new unit tests added here, parser.go now has 89.2% test
coverage.

TestParseWithExtraneousEnvStorageParams was removed, because the limit
of one storage driver is no longer enforced while parsing environment
variables. Now, Storage.Type will panic if multiple drivers are
specified.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-03 16:11:53 -07:00
Stephen Day
7c5a9ae96d Merge pull request #949 from docker/amylindburg-patch-1
Delete stale info from Project Planning in ROADMAP.md
2015-09-02 13:09:44 -07:00
Amy Lindburg
1ecceb6192 Delete stale info from Project Planning section
Alter Project Planning area to point to Wiki so ROADMAP.md does not get stale.

Signed-off-by: Amy Lindburg <amy.lindburg@docker.com>
2015-09-02 11:37:10 -07:00
Hua Wang
ddb689ef8b Add TrustId parameter to swift driver
github/ncw/swift has added support for trust, so let's add it.

Signed-off-by: Hua Wang <wanghua.humble@gmail.com>
2015-09-02 15:05:29 +08:00
Olivier Gambier
dbbafe92e9 Merge pull request #941 from liubin/master
add indentations
2015-08-28 12:52:50 -07:00
Aaron Lehmann
bc010e506e Merge pull request #931 from dmp42/5.all-ur-proxy-are-belong-to-us
Documentation fixes
2015-08-28 12:51:27 -07:00
Olivier Gambier
0c42f0cd63 Granmar and speeling fixes
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-28 12:48:55 -07:00