debian-mirror-gitlab/lib/container_registry/client.rb

266 lines
8.5 KiB
Ruby
Raw Normal View History

2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2016-06-02 11:05:42 +05:30
require 'faraday'
require 'faraday_middleware'
2019-12-21 20:55:43 +05:30
require 'digest'
2016-06-02 11:05:42 +05:30
module ContainerRegistry
class Client
2020-03-13 15:44:24 +05:30
include Gitlab::Utils::StrongMemoize
2016-06-02 11:05:42 +05:30
attr_accessor :uri
2019-09-30 21:07:59 +05:30
DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE = 'application/vnd.docker.distribution.manifest.v2+json'
2021-09-30 23:02:18 +05:30
DOCKER_DISTRIBUTION_MANIFEST_LIST_V2_TYPE = 'application/vnd.docker.distribution.manifest.list.v2+json'
2019-09-30 21:07:59 +05:30
OCI_MANIFEST_V1_TYPE = 'application/vnd.oci.image.manifest.v1+json'
2019-12-21 20:55:43 +05:30
CONTAINER_IMAGE_V1_TYPE = 'application/vnd.docker.container.image.v1+json'
2020-05-24 23:13:21 +05:30
REGISTRY_VERSION_HEADER = 'gitlab-container-registry-version'
REGISTRY_FEATURES_HEADER = 'gitlab-container-registry-features'
2021-01-29 00:20:46 +05:30
REGISTRY_TAG_DELETE_FEATURE = 'tag_delete'
2019-12-21 20:55:43 +05:30
2019-09-30 21:07:59 +05:30
ACCEPTED_TYPES = [DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE, OCI_MANIFEST_V1_TYPE].freeze
2016-06-02 11:05:42 +05:30
2021-09-30 23:02:18 +05:30
ACCEPTED_TYPES_RAW = [DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE, OCI_MANIFEST_V1_TYPE, DOCKER_DISTRIBUTION_MANIFEST_LIST_V2_TYPE].freeze
2016-08-24 12:49:21 +05:30
# Taken from: FaradayMiddleware::FollowRedirects
REDIRECT_CODES = Set.new [301, 302, 303, 307]
2021-03-08 18:12:59 +05:30
RETRY_EXCEPTIONS = [Faraday::Request::Retry::DEFAULT_EXCEPTIONS, Faraday::ConnectionFailed].flatten.freeze
RETRY_OPTIONS = {
max: 1,
interval: 5,
exceptions: RETRY_EXCEPTIONS
}.freeze
ERROR_CALLBACK_OPTIONS = {
callback: -> (env, exception) do
Gitlab::ErrorTracking.log_exception(
exception,
class: name,
url: env[:url]
)
end
}.freeze
2020-11-24 15:15:51 +05:30
def self.supports_tag_delete?
registry_config = Gitlab.config.registry
return false unless registry_config.enabled && registry_config.api_url.present?
token = Auth::ContainerRegistryAuthenticationService.access_token([], [])
client = new(registry_config.api_url, token: token)
client.supports_tag_delete?
end
2021-11-18 22:05:49 +05:30
def self.registry_info
registry_config = Gitlab.config.registry
return unless registry_config.enabled && registry_config.api_url.present?
token = Auth::ContainerRegistryAuthenticationService.access_token([], [])
client = new(registry_config.api_url, token: token)
client.registry_info
end
2016-06-02 11:05:42 +05:30
def initialize(base_uri, options = {})
@base_uri = base_uri
2016-08-24 12:49:21 +05:30
@options = options
2016-06-02 11:05:42 +05:30
end
2020-05-24 23:13:21 +05:30
def registry_info
response = faraday.get("/v2/")
return {} unless response&.success?
version = response.headers[REGISTRY_VERSION_HEADER]
features = response.headers.fetch(REGISTRY_FEATURES_HEADER, '')
{
version: version,
features: features.split(',').map(&:strip),
vendor: version ? 'gitlab' : 'other'
}
end
2016-06-02 11:05:42 +05:30
def repository_tags(name)
2016-08-24 12:49:21 +05:30
response_body faraday.get("/v2/#{name}/tags/list")
2016-06-02 11:05:42 +05:30
end
def repository_manifest(name, reference)
2016-08-24 12:49:21 +05:30
response_body faraday.get("/v2/#{name}/manifests/#{reference}")
2016-06-02 11:05:42 +05:30
end
def repository_tag_digest(name, reference)
2016-08-24 12:49:21 +05:30
response = faraday.head("/v2/#{name}/manifests/#{reference}")
2021-12-11 22:18:48 +05:30
response.headers[DependencyProxy::Manifest::DIGEST_HEADER] if response.success?
2016-06-02 11:05:42 +05:30
end
2020-03-13 15:44:24 +05:30
def delete_repository_tag_by_digest(name, reference)
delete_if_exists("/v2/#{name}/manifests/#{reference}")
end
2019-12-21 20:55:43 +05:30
2020-03-13 15:44:24 +05:30
def delete_repository_tag_by_name(name, reference)
delete_if_exists("/v2/#{name}/tags/reference/#{reference}")
end
# Check if the registry supports tag deletion. This is only supported by the
# GitLab registry fork. The fastest and safest way to check this is to send
# an OPTIONS request to /v2/<name>/tags/reference/<tag>, using a random
# repository name and tag (the registry won't check if they exist).
# Registries that support tag deletion will reply with a 200 OK and include
# the DELETE method in the Allow header. Others reply with an 404 Not Found.
def supports_tag_delete?
strong_memoize(:supports_tag_delete) do
2021-01-29 00:20:46 +05:30
registry_features = Gitlab::CurrentSettings.container_registry_features || []
next true if ::Gitlab.com? && registry_features.include?(REGISTRY_TAG_DELETE_FEATURE)
2020-03-13 15:44:24 +05:30
response = faraday.run_request(:options, '/v2/name/tags/reference/tag', '', {})
response.success? && response.headers['allow']&.include?('DELETE')
end
2019-12-21 20:55:43 +05:30
end
def upload_raw_blob(path, blob)
digest = "sha256:#{Digest::SHA256.hexdigest(blob)}"
if upload_blob(path, blob, digest).success?
[blob, digest]
end
end
def upload_blob(name, content, digest)
2021-03-08 18:12:59 +05:30
upload = faraday(timeout_enabled: false).post("/v2/#{name}/blobs/uploads/")
2019-12-26 22:10:19 +05:30
return upload unless upload.success?
2019-12-21 20:55:43 +05:30
location = URI(upload.headers['location'])
2021-03-08 18:12:59 +05:30
faraday(timeout_enabled: false).put("#{location.path}?#{location.query}") do |req|
2019-12-21 20:55:43 +05:30
req.params['digest'] = digest
req.headers['Content-Type'] = 'application/octet-stream'
req.body = content
end
end
def generate_empty_manifest(path)
image = {
config: {}
}
2020-05-24 23:13:21 +05:30
image, image_digest = upload_raw_blob(path, Gitlab::Json.pretty_generate(image))
2019-12-21 20:55:43 +05:30
return unless image
{
schemaVersion: 2,
mediaType: DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE,
config: {
mediaType: CONTAINER_IMAGE_V1_TYPE,
size: image.size,
digest: image_digest
}
}
2016-06-02 11:05:42 +05:30
end
def blob(name, digest, type = nil)
2016-08-24 12:49:21 +05:30
type ||= 'application/octet-stream'
response_body faraday_blob.get("/v2/#{name}/blobs/#{digest}", nil, 'Accept' => type), allow_redirect: true
2016-06-02 11:05:42 +05:30
end
def delete_blob(name, digest)
2020-03-13 15:44:24 +05:30
delete_if_exists("/v2/#{name}/blobs/#{digest}")
2019-12-21 20:55:43 +05:30
end
def put_tag(name, reference, manifest)
2021-03-08 18:12:59 +05:30
response = faraday(timeout_enabled: false).put("/v2/#{name}/manifests/#{reference}") do |req|
2019-12-21 20:55:43 +05:30
req.headers['Content-Type'] = DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE
2020-05-24 23:13:21 +05:30
req.body = Gitlab::Json.pretty_generate(manifest)
2019-12-21 20:55:43 +05:30
end
2021-12-11 22:18:48 +05:30
response.headers[DependencyProxy::Manifest::DIGEST_HEADER] if response.success?
2016-06-02 11:05:42 +05:30
end
2016-08-24 12:49:21 +05:30
2016-06-02 11:05:42 +05:30
private
2016-08-24 12:49:21 +05:30
2016-06-02 11:05:42 +05:30
def initialize_connection(conn, options)
conn.request :json
2016-08-24 12:49:21 +05:30
if options[:user] && options[:password]
conn.request(:basic_auth, options[:user].to_s, options[:password].to_s)
elsif options[:token]
conn.request(:authorization, :bearer, options[:token].to_s)
end
2018-05-09 12:01:36 +05:30
yield(conn) if block_given?
2021-03-08 18:12:59 +05:30
conn.request(:retry, RETRY_OPTIONS)
conn.request(:gitlab_error_callback, ERROR_CALLBACK_OPTIONS)
2016-08-24 12:49:21 +05:30
conn.adapter :net_http
end
def accept_manifest(conn)
2019-09-30 21:07:59 +05:30
conn.headers['Accept'] = ACCEPTED_TYPES
2016-06-02 11:05:42 +05:30
2016-06-22 15:30:34 +05:30
conn.response :json, content_type: 'application/json'
conn.response :json, content_type: 'application/vnd.docker.distribution.manifest.v1+prettyjws'
conn.response :json, content_type: 'application/vnd.docker.distribution.manifest.v1+json'
2019-09-30 21:07:59 +05:30
conn.response :json, content_type: DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE
conn.response :json, content_type: OCI_MANIFEST_V1_TYPE
2016-08-24 12:49:21 +05:30
end
2016-06-02 11:05:42 +05:30
2016-08-24 12:49:21 +05:30
def response_body(response, allow_redirect: false)
if allow_redirect && REDIRECT_CODES.include?(response.status)
response = redirect_response(response.headers['location'])
2016-06-02 11:05:42 +05:30
end
2016-08-24 12:49:21 +05:30
response.body if response && response.success?
end
def redirect_response(location)
return unless location
2019-10-12 21:52:04 +05:30
uri = URI(@base_uri).merge(location)
raise ArgumentError, "Invalid scheme for #{location}" unless %w[http https].include?(uri.scheme)
faraday_redirect.get(uri)
2016-06-02 11:05:42 +05:30
end
2016-06-22 15:30:34 +05:30
2021-03-08 18:12:59 +05:30
def faraday(timeout_enabled: true)
@faraday ||= faraday_base(timeout_enabled: timeout_enabled) do |conn|
2018-05-09 12:01:36 +05:30
initialize_connection(conn, @options, &method(:accept_manifest))
2016-08-24 12:49:21 +05:30
end
end
def faraday_blob
2020-04-22 19:07:51 +05:30
@faraday_blob ||= faraday_base do |conn|
2016-08-24 12:49:21 +05:30
initialize_connection(conn, @options)
end
2016-06-22 15:30:34 +05:30
end
2017-09-10 17:25:29 +05:30
# Create a new request to make sure the Authorization header is not inserted
# via the Faraday middleware
def faraday_redirect
2020-04-22 19:07:51 +05:30
@faraday_redirect ||= faraday_base do |conn|
2017-09-10 17:25:29 +05:30
conn.request :json
2021-03-08 18:12:59 +05:30
conn.request(:retry, RETRY_OPTIONS)
conn.request(:gitlab_error_callback, ERROR_CALLBACK_OPTIONS)
2017-09-10 17:25:29 +05:30
conn.adapter :net_http
end
end
2020-03-13 15:44:24 +05:30
2021-03-08 18:12:59 +05:30
def faraday_base(timeout_enabled: true, &block)
request_options = timeout_enabled ? Gitlab::HTTP::DEFAULT_TIMEOUT_OPTIONS : nil
Faraday.new(
@base_uri,
headers: { user_agent: "GitLab/#{Gitlab::VERSION}" },
request: request_options,
&block
)
2020-04-22 19:07:51 +05:30
end
2020-03-13 15:44:24 +05:30
def delete_if_exists(path)
result = faraday.delete(path)
result.success? || result.status == 404
end
2016-06-02 11:05:42 +05:30
end
end
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
ContainerRegistry::Client.prepend_mod_with('ContainerRegistry::Client')