Commit Graph

1363 Commits

Author SHA1 Message Date
Stephen Day
7c3b73482f Merge pull request #314 from stevvooe/lockdown-uuid-route
registry/api/v2: stronger validation for uuid field in urls
2015-04-02 13:57:17 -07:00
Stephen Day
277c68d51e Merge pull request #313 from stevvooe/move-panic-fix
registry/storage/driver/inmemory: avoid crash on invalid Move arguments
2015-04-02 13:56:40 -07:00
Josh Hawn
18c9a1cdd8 Use resumable digest for efficient upload finish
By using a resumable digester and storing the state of upload digests between
subsequent upload chunks, finalizing an upload no longer requires reading back
all of the uploaded data to verify the client's expected digest.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-04-02 11:20:31 -07:00
Stephen J Day
f26a283a48 Avoid crash on invalid Move arguments
This chnage prevents a crash when moving from a non-existent directory that has
a file as a parent. To prevent this, we simply check that the node is a
directory and throws an error if it is not.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-01 19:03:02 -07:00
Stephen J Day
1944be9db3 Stronger validation for uuid field in urls
This change adds strong validation for the uuid variable for v2 routes. This is
a minor specification change but is okay since the uuid field is controlled by
the server. The character set is restricted to avoid path traversal, allowing
for alphanumeric values and urlsafe base64 encoding.

This change has no effect on client implementations.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-01 18:57:59 -07:00
Josh Hawn
60b6748c95 Use resumable hash in digest package
Vendored resumable sha256/sha512 library. Digest package new exports a
resumable variant of the Digester.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-04-01 17:11:47 -07:00
Stephen Day
da9d49d186 Merge pull request #310 from jlhawn/improve_context_pkg
context: improve context package
2015-04-01 16:39:59 -07:00
Stephen J Day
3cad3c7b6a Add redis pool to registry webapp
Redis has been integrated with the web application for use with various
services. The configuraiton exposes connection details, timeouts and pool
parameters. Documentation has been updated accordingly.

A few convenience methods have been added to the context package to get loggers
with certain fields, exposing some missing functionality from logrus.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-01 16:27:24 -07:00
Stephen J Day
fcdfdd2ae0 Add redigo dependency to Godeps
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-01 15:55:30 -07:00
Josh Hawn
731e0b0066 Improve context package
You shouldn't have to import both:

  github.com/docker/distribution/context
  golang.org/x/net/context

just to use the distribution tools and implement the distribution interfaces.

By pulling the Context interface from golang.org/x/net/context into the
context package within the distribution project, you no longer have to import
both packages.

Note: You do not have to change anything anywhere else yet! All current uses
of both packages together will still work correctly because the Context
interface from either package is identical.

I've also made some other minor changes:

- Added a RemoteIP function. It's like RemoteAddr but discards the port suffix
- Added `.String()` to the response duration context value so that JSON log
  formatting shows human-parseable duration and not just number of nano-seconds
- Added WithMapContext(...) to the context package. This is a useful function
  so I pulled it out of the main.go in cmd/registry so that it can be used
  elsewhere.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-04-01 15:40:21 -07:00
Stephen Day
5052dc692f Merge pull request #283 from sthulb/client-certs
registry, configuration, doc: client certificates for authentication purposes.
2015-03-31 16:45:03 -07:00
Stephen Day
fd3373b91c Merge pull request #302 from RichardScothern/richardscothern-298
Attempt to identify remote IP addresses for requests which come through proxies.
2015-03-25 15:43:34 -07:00
Richard
78562258b2 Log invalid remote IPs 2015-03-25 13:44:16 -07:00
Stephen Day
e9c69ffe14 Merge pull request #293 from stevvooe/log-formatter-configuration
main, configuration, doc: allow logging formatter to be configured
2015-03-25 13:34:42 -07:00
Richard
e21a425f88 Verify IP addresses
Fix lint errors
Add more test
2015-03-25 11:11:46 -07:00
Simon Thulbourn
c8f3800f1c Add client certificate CA option to authenticate with client certs
Add the ability to authenticate against multiple client CA certificates.

Signed-off-by: Simon Thulbourn <simon+github@thulbourn.com>
2015-03-25 10:53:03 +00:00
Stephen J Day
ac73963d7e Add support for configuration static logging fields
To allow flexibility in log message context information, this changeset
provides the ability to configure static fields that are included in the
context. Such fields can be set via configuration or environment variables.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-24 18:47:22 -07:00
Richard
c6fdfc9cd5 Attempt to identify remote IP addresses for requests which come
through proxies.

Add a function to examine X-Forward-For and X-Real-Ip headers for
originating IP addresses.  Use RemoteAddr for notification request
record and HTTP request context.
2015-03-24 18:45:14 -07:00
Stephen J Day
a75f0f26f7 Allow logging formatter to be configured
This changeset simply adds hooks into the configuration system to support
multiple different kinds of output formats. These formatters are provided by
logrus and include options such as "text" and "json". The configuraiton
documentation has been updated accordingly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-24 16:56:43 -07:00
Stephen J Day
00e6b0d2b8 Update logrus dependency in Godep
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-24 16:56:43 -07:00
Stephen Day
73be4d5e3e Merge pull request #300 from shreyu86/master
removing references to chunksize which is optional
2015-03-24 16:48:04 -07:00
Shreyas Karnik
5537bcd4ae Added valid values to the configuration examples
Signed-off-by: Shreyas Karnik <karnik.shreyas@gmail.com>
2015-03-24 18:28:20 -05:00
Shreyas Karnik
98e2aa96de removing references to chunksize which is optional 2015-03-24 18:16:02 -05:00
Stephen Day
02b8c7b8cf Merge pull request #294 from fkautz/pr_out_updating_msopentech_azure_sdk_for_go_to_latest_master
Updating MSOpenTech/azure-sdk-for-go to latest master
2015-03-24 13:27:19 -07:00
Derek McGowan
7258fda98a Add digest set implementation
Set represents a unique set of digests which allow for efficient lookup.
Dumping short codes is a function which takes in a digest set.
Any operation involving short codes may be considered secure if the list of digests added to the set is the complete list of referenceable digests.
Contains benchmarks for Add, Lookup, and Dump.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-03-24 08:17:43 -07:00
Olivier Gambier
d3bbb078c1 Merge pull request #291 from ahmetalpbalkan/azure/realm
azure: Allow non-default Azure realms
2015-03-23 23:42:17 -07:00
Frederick F. Kautz IV
5e62ffcc30 Updating Godep path from MSOpenTech/azure-sdk-for-go to MSOpenTech/azure-sdk-for-go/storage 2015-03-23 22:04:53 -07:00
Frederick F. Kautz IV
11db8185bc Updating MSOpenTech/azure-sdk-for-go to latest master
Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
2015-03-23 21:59:21 -07:00
Olivier Gambier
60dedc5178 Merge pull request #292 from stevvooe/update-authors
Update AUTHORS file
2015-03-23 21:09:43 -07:00
Ahmet Alp Balkan
ce9f500a31 storage/driver/azure: Allow non-default realms
This enables Azure storage driver to be used with non-default
cloud endpoints like Azure China or Azure Government that does
not use `.blob.core.windows.net` FQDN suffix.

Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-03-23 20:41:16 -07:00
Stephen J Day
17b2b52d66 Update AUTHORS file
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-23 18:42:26 -07:00
Stephen Day
9b73abdcfe Merge pull request #284 from ahmetalpbalkan/azure-register
cmd/registry: Import Azure driver for factory registration
2015-03-23 14:43:05 -07:00
Ahmet Alp Balkan
878a39fef2 Import Azure driver for factory registration
Importing Azure storage driver to make it register itself as
a storage driver.

Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-03-20 17:44:25 -07:00
Stephen Day
50393dbe22 Merge pull request #270 from stevvooe/roadmap
Add ROADMAP.md to the project and cleanup existing items
2015-03-20 17:16:31 -07:00
Stephen Day
15a7926288 Merge pull request #230 from diogomonica/adding-healthcheck
registry/health: adding healthcheck package
2015-03-20 17:15:37 -07:00
Stephen Day
57a6854ae0 Merge pull request #281 from tcnghia/patch-1
Update api.md
2015-03-20 16:51:09 -07:00
Diogo Mónica
5370f2c0be Adding first version of HealthCheck
Added a expvar style handler for the debug http server to allow health checks (/debug/health).

Signed-off-by: Diogo Monica <diogo@docker.com>
2015-03-20 14:38:40 -07:00
Nghia Tran
5e06d6500c Update api.md
It seems a few places "download" instead of "upload".

Signed-off-by: Nghia Tran <tcnghia@gmail.com>
2015-03-20 07:56:30 -07:00
Stephen Day
06fcf053e7 Merge pull request #275 from docker/stevvooe-patch-2
digest: remove unnecessary error pointer formats in test
2015-03-18 19:25:35 -07:00
Stephen Day
b1232a92e7 Merge pull request #1 from amylindburg/patch-1
recast text of the page
2015-03-18 19:12:47 -07:00
Amy Lindburg
028fece85c more formatting... 2015-03-18 19:02:37 -07:00
Stephen Day
2ced84f31d Remove unnecessary error pointer formats in test
The linter was complaining about these and they are quite unnecessary.
2015-03-18 19:02:32 -07:00
Amy Lindburg
121c4a2f80 recast text of the page 2015-03-18 18:57:20 -07:00
Olivier Gambier
d957768537 Merge pull request #274 from stevvooe/tarsum-verification-deadlock
digest: correctly close pipe after error in tarsum verification
2015-03-18 18:38:31 -07:00
Stephen J Day
8c254edb9a Correctly close pipe after error in tarsum verification
This addresses a subtle deadlock where an error during a copy prevented pipe
closure to propagate correctly. By closing down the read end of the pipe rather
than the write end, the waiting writer is properly signaled. A nice side-effect
of this change is that errors encountered by io.Copy are no propagated to the
verifier's Write method.

A test to ensure validation errors for unsupported digest types has been added,
as well.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-18 18:26:09 -07:00
Stephen J Day
574c9c821b Add ROADMAP.md to the project and cleanup existing items
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-18 16:15:34 -07:00
Olivier Gambier
53e1b27a76 Merge pull request #268 from docker/stevvooe-patch-2
Update Sprint label link from Ready
2015-03-17 21:29:12 -07:00
Stephen Day
7e7b6109dc Merge pull request #236 from endophage/config
Adding docs for full suite of configuration options
2015-03-17 21:12:19 -07:00
Stephen Day
1f229923d3 Update Sprint label link from Ready 2015-03-17 18:56:56 -07:00
Stephen Day
ac550484be Merge pull request #226 from stevvooe/json-canonicalization
doc/spec: canonicalized JSON format for distribution APIs
2015-03-16 13:21:39 -07:00