The Delete method lists objects under the given path and tries to delete
all of them with a bulk delete request. If the path has no objects
underneath it, the body of this request will be empty, which causes
HTTP-level issues. Specifically, Go's HTTP client senses the empty
request buffer and doesn't include a Content-Length, which causes the
Swift server to fail the request.
This commit fixes the problem by avoiding sending empty bulk delete
requests. This is the correct thing to do anyway, since there's no
reason to request deletion of zero objects.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Previously, this error message would stringify as a pointer address,
which isn't particularly helpful.
This change breaks out the elements of the challenge object such that
the error is appropriately represented.
Signed-off-by: Ted Reed <ted.reed@gmail.com>
contains equal length History and FSLayer arrays.
This is required to prevent malformed manifests being put to the registry and
failing external verification checks.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Errors thrown by storage drivers don't have the name of the driver, causing user
confusion about whether the error is coming from Docker or from a storage driver.
This change adds the storage driver name to each error message.
This required changing ErrUnsupportedDriver to a type, leading to code changes
whenever ErrUnsupportedDriver is used. The tests check whether the driver name
appears in the error message.
Signed-off-by: Amit Shukla <amit.shukla@docker.com>
This extends the specification for the Bearer token response to include
information pertaining to when an issued Bearer token will expire.
This also allows the client to accept `access_token` as an alias for `token`.
Signed-off-by: Matt Moore <mattmoor@google.com>
The proxy scheduler implemented its own timer state machine. It's
simpler and more efficient to leverage the Go runtime's timer heap by
using time.AfterFunc.
This commit adds a time.Timer to each scheduler entry, and starts and
stops those timers as necessary. Then the mainloop goroutine and its
associated logic are not needed.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
To ensure that we only unmarshal the verified payload into the contained
manifest, we first copy the entire incoming buffer into Raw and then unmarshal
only the Payload portion of the incoming bytes. If the contents is later
verified, the caller can then be sure that the contents of the Manifest fields
can be trusted.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
There seems to be a need for a type that represents a way of pointing
to an image, irrespective of the implementation.
This patch defines a Reference interface and provides 3 implementations:
- TagReference: when only a tag is provided
- DigestReference: when a digest (according to the digest package) is
provided, can include optional tag as well
Validation of references are purely syntactic.
There is also a strong type for tags, analogous to digests, as well
as a strong type for Repository from which clients can access the
hostname alone, or the repository name without the hostname, or both
together via the String() method.
For Repository, the files names.go and names_test.go were moved from
the v2 package.
Signed-off-by: Tibor Vass <tibor@docker.com>
of readers joining current downloads. Concurrent requests for the same blob
will not block, but only the first instance will be comitted locally.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Fixes https://github.com/docker/distribution/issues/1062
This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).
It deviates from the RFC in the following ways:
1) Allow underscores where we allow hyphens (hostnames don't allow
underscores, which we must for backwards compatibility).
2) Leave "top-level" name segments unrestricted (domains require an
alpha character to begin a top-level domain, e.g. "com").
3) DO NOT allow a trailing dot, as permitted by FQDNs.
Signed-off-by: Matt Moore <mattmoor@google.com>
This allows the administrator to specify an externally-reachable URL for
the registry. It takes precedence over the X-Forwarded-Proto and
X-Forwarded-Host headers, and the hostname in the request.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Associate HTTP 401s with Authentication errors rather than Authorization
errors. Changes the meaning of the UNAUTHORIZED error to be authentication
specific.
Defines DENIED error code to be associated with authorization
errors which result in HTTP 403 responses.
Add 'No Such Repository' errors to more endpoints.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
The "testing" package adds some flags in its init function, so utilities
that import distribution code may print a page of extra testing flags in
their help output.
This commit solves the issue by moving an import of "testing" in the
registry/storage/cache package to a new
registry/storage/cache/cachecheck package, which is only imported by
tests.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Add "readonly" under the storage/maintenance section. When this is set
to true, uploads and deletions will return 503 Service Unavailable
errors.
Document the parameter and add some unit testing.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
In the S3 storage driver there is currently an initial access permission check by listing the bucket. If this check fails, registry will panic and exit.
However, this check is broken in two ways. First of all it strips the final slash from the root directory path, meaning that any access permissions which limit access to a single directory will fail, because S3 treats the path as strict prefix match. Secondly it fails to strip any leading slash that might be present, unlike the other access places, which means that the path used is different as a leading slash is allowed and significant in a filename in S3.
Since there is also a periodic health check which correctly checks access permissions and shows the error more cleanly, the best solution seems to be to just remove this initial access check.
Signed-off-by: Nuutti Kotivuori <nuutti.kotivuori@poplatek.fi>
Richard Scothern
Stephen Day
Richard Scothern
Aaron Lehmann
Ted Reed
amitshukla
Sylvain Baubeau
Stephen J Day
Arthur Baars
Matt Moore
Rusty Conover
Tianon Gravi
Li Yi
Derek McGowan
Tibor Vass
Josh Hawn
Nuutti Kotivuori