Commit Graph

28 Commits

Author SHA1 Message Date
Derek McGowan d620a32c7b Fix login and search TLS configuration
Currently login and search do not load per registry certificates.
This is a regression caused by the last refactor since this was recently fixed.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: e863a07b89599fd4a03d34491d67c09c6bc84444
Component: engine
2015-07-28 10:36:57 -07:00
Derek McGowan 7e6fe45a4f Use notary library for trusted image fetch and signing
Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest.
On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server.
If a tag is given, the cli will resolve the tag into a digest and pull by digest.
After pulling, if a tag is given the cli makes a request to tag the image.

Use certificate directory for notary requests

Read certificates using same logic used by daemon for registry requests.

Catch JSON syntax errors from Notary client

When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user.
Provide a generic error when a JSON syntax error occurs.

Catch expiration errors and wrap in additional context.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: ed13c3abfb242905ec012e8255dc6f26dcf122f6
Component: engine
2015-07-24 14:08:20 -07:00
Aaron Lehmann 4d9279a3fb Improve documentation and golint compliance of registry package
* Add godoc documentation where it was missing

* Change identifier names that don't match Go style, such as INDEX_NAME

* Rename RegistryInfo to PingResult, which more accurately describes
  what this structure is for. It also has the benefit of making the name
  not stutter if used outside the package.

Updates #14756

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 4fcb9ac40ce33c4d6e08d5669af6be5e076e2574
Component: engine
2015-07-24 11:55:07 -07:00
Richard Scothern 82b193c1f9 Remove v1 registry mirror configuration from LookupEndpoints.
V1 mirrors do not mirror the index and those endpoints should
only be indexes.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Upstream-commit: 6b36a488e77c9d91c8eacb07053bff263bda04f3
Component: engine
2015-07-21 15:21:41 -07:00
Richard Scothern 62d1021452 Configure TLS for private registry mirrors.
If a registry mirror is using TLS, ensure that certs for it
are picked up from /etc/docker/certs.d

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Upstream-commit: cb57b256892b7d6c046cf28e45b9114f28f07aa3
Component: engine
2015-07-21 15:21:25 -07:00
Derek McGowan 1492d5ce64 Update graph to use vendored distribution client for the v2 codepath
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 19515a7ad859b28c474d81e756ac245afcd968e3
Component: engine
2015-07-16 13:13:47 -04:00
Tibor Vass 04b3252768 Add transport package to support CancelRequest
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 73823e5e56446b23ce01bb8e44a9670ab2552b0a
Component: engine
2015-05-18 23:31:42 -04:00
Tibor Vass 14d2347fac registry: Refactor requestfactory to use http.RoundTrippers
This patch removes the need for requestFactories and decorators
by implementing http.RoundTripper transports instead.

It refactors some challenging-to-read code.

NewSession now takes an *http.Client that can already have a
custom Transport, it will add its own auth transport by wrapping
it.

The idea is that callers of http.Client should not bother
setting custom headers for every handler but instead it should
be transparent to the callers of a same context.

This patch is needed for future refactorings of registry,
namely refactoring of the v1 client code.

Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: a01cc3ca7729c3ce635fef7c1db837b5c6ae1028
Component: engine
2015-05-18 21:51:53 -04:00
Doug Davis c8f1332dce Move CLI config processing out from under registry dir
No logic changes should be in here, just moving things around.

Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: bb9da6ba9294a8eab8f4dfaf7cf07c57959fe608
Component: engine
2015-04-23 10:18:38 -07:00
Michael Crosby 753b8ae08c Remove jobs from registry.Service
This makes `registry.Service` a first class type and does not use jobs
to interact with this type.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 03d3d79b2b3f8b720fff2d649aff0ef791cff417
Component: engine
2015-03-31 16:38:04 -07:00
Antonio Murdaca e5b36a723c Replace aliased imports of logrus, fixes #11762
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
Upstream-commit: 6f4d847046cb4e072de61d042c0266190d73a8c9
Component: engine
2015-03-26 23:22:04 +01:00
Antonio Murdaca a16f3d6cb4 Remove engine.Status and replace it with standard go error
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
Upstream-commit: c79b9bab541673af121d829ebc3b29ff1b01efa2
Component: engine
2015-03-25 22:32:08 +01:00
Josh Hawn e89bb2e57b Adds support for v2 registry login
summary of changes:

registry/auth.go
  - More logging around the login functions
  - split Login() out to handle different code paths for v1 (unchanged logic)
    and v2 (does not currently do account creation)
  - handling for either basic or token based login attempts
registry/authchallenge.go
  - New File
  - credit to Brian Bland <brian.bland@docker.com> (github: BrianBland)
  - handles parsing of WWW-Authenticate response headers
registry/endpoint.go
  - EVEN MOAR LOGGING
  - Many edits throught to make the coad less dense. Sparse code is more
    readable code.
  - slit Ping() out to handle different code paths for v1 (unchanged logic)
    and v2.
  - Updated Endpoint struct type to include an entry for authorization
    challenges discovered during ping of a v2 registry.
  - If registry endpoint version is unknown, v2 code path is first attempted,
    then fallback to v1 upon failure.
registry/service.go
  - STILL MOAR LOGGING
  - simplified the logic around starting the 'auth' job.
registry/session.go
  - updated use of a registry.Endpoint struct field.
registry/token.go
  - New File
  - Handles getting token from the parameters of a token auth challenge.
  - Modified from function written by Brian Bland (see above credit).
registry/types.go
  - Removed 'DefaultAPIVersion' in lieu of 'APIVersionUnknown = 0'`

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Upstream-commit: 41e20cecb9944137de82ff5fa0898f953aa2bf87
Component: engine
2015-01-15 14:04:14 -08:00
Don Kjer 196597b4ad Moving NewIndexInfo, NewRepositoryInfo and associated helpers into config.go
Signed-off-by: Don Kjer <don.kjer@gmail.com>
Upstream-commit: 6f0068f2733232b8357c2308517f6ddddb63aace
Component: engine
2015-01-08 20:15:00 +00:00
Don Kjer 5aa04a56fb Deprecating ResolveRepositoryName
Passing RepositoryInfo to ResolveAuthConfig, pullRepository, and pushRepository

Moving --registry-mirror configuration to registry config

Created resolve_repository job

Repo names with 'index.docker.io' or 'docker.io' are now synonymous with omitting an index name.

Adding test for RepositoryInfo

Adding tests for opts.StringSetOpts and registry.ValidateMirror

Fixing search term use of repoInfo

Adding integration tests for registry mirror configuration

Normalizing LookupImage image name to match LocalName parsing rules

Normalizing repository LocalName to avoid multiple references to an official image

Removing errorOut use in tests

Removing TODO comment

gofmt changes

golint comments cleanup.  renaming RegistryOptions => registry.Options, and RegistryServiceConfig => registry.ServiceConfig

Splitting out builtins.Registry and registry.NewService calls

Stray whitespace cleanup

Moving integration tests for Mirrors and InsecureRegistries into TestNewIndexInfo unit test

Factoring out ValidateRepositoryName from NewRepositoryInfo

Removing unused IndexServerURL

Allowing json marshaling of ServiceConfig.  Exposing ServiceConfig in /info

Switching to CamelCase for json marshaling

PR cleanup; removing 'Is' prefix from boolean members.  Removing unneeded json tags.

Removing non-cleanup related fix for 'localhost:[port]' in splitReposName

Merge fixes for gh9735

Fixing integration test

Reapplying #9754

Adding comment on config.IndexConfigs use from isSecureIndex

Remove unused error return value from isSecureIndex

Signed-off-by: Don Kjer <don.kjer@gmail.com>

Adding back comment in isSecureIndex

Signed-off-by: Don Kjer <don.kjer@gmail.com>
Upstream-commit: 568f86eb186731b907b659e4ec64bda21c2fe31d
Component: engine
2015-01-08 20:14:58 +00:00
Tibor Vass 166cb2e350 registry: refactor registry.IsSecure calls into registry.NewEndpoint
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Upstream-commit: 4455f517605f1fd7279bbe9547915f15c037997d
Component: engine
2014-11-12 20:34:03 -06:00
Tibor Vass 1b58e19e34 Fix login command
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Upstream-commit: 05c18a2434ab7bd68a86c87fe866bc7107ac1941
Component: engine
2014-10-30 19:44:44 -04:00
Tibor Vass 6d16ddef35 Do not verify certificate when using --insecure-registry on an HTTPS registry
Signed-off-by: Tibor Vass <teabee89@gmail.com>

Conflicts:
	registry/registry.go
	registry/registry_test.go
	registry/service.go
	registry/session.go

Conflicts:
	registry/endpoint.go
	registry/registry.go
Upstream-commit: 6a1ff022b0744213ed588d9c16dbb13ce055eda6
Component: engine
2014-10-30 19:44:09 -04:00
Michael Crosby ff11c586b2 Don't hard code true for auth job
Signed-off-by: Michael Crosby <michael@docker.com>

Conflicts:
	registry/service.go
Upstream-commit: afade4236d3f15704653132c364d6e7ccc975f8b
Component: engine
2014-10-30 19:41:55 -04:00
unclejack 6b54bde512 make http usage for registry explicit
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)

Conflicts:
	daemon/config.go
	daemon/daemon.go
	graph/pull.go
	graph/push.go
	graph/tags.go
	registry/registry.go
	registry/service.go
Upstream-commit: 380c8320a78dc16da65d9d13004422ac5a0cca53
Component: engine
2014-10-30 19:41:55 -04:00
Vincent Batts 082c35423e registry: getting Endpoint ironned out
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: 61c6f206b073159c5463a083e0d04e5934351dfe
Component: engine
2014-10-01 13:19:40 -07:00
Daniel Menet 06081e86de Expand hostname before passing it to NewRegistry()
Signed-off-by: Daniel Menet <membership@sontags.ch>
Upstream-commit: 676308b853a43bb7be4838e937ab4effff670b1a
Component: engine
2014-08-16 14:25:46 +02:00
Daniel Menet bc706dc232 Enable docker search on private docker registry.
The cli interface works similar to other registry related commands:

  docker search foo

... searches for foo on the official hub

  docker search localhost:5000/foo

... does the same for the private reg at localhost:5000

Signed-off-by: Daniel Menet <membership@sontags.ch>
Upstream-commit: 3231033a80451adff73b53554e27fbabfebb4a4f
Component: engine
2014-08-16 14:24:32 +02:00
Vincent Batts 955bae5653 registry.Registry -> registry.Session
renaming this struct to more clearly be session, as that is what it
handles.

Splitting out files for easier readability.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: 752dd707ac09cdcd88307b28aa9e39ac7c763b44
Component: engine
2014-08-13 09:27:43 -04:00
Victor Vieux 6ae4c9014c update go import path and libcontainer
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: b3ee9ac74e171e00f14027e39278013629e681b8
Component: engine
2014-07-24 22:19:50 +00:00
Victor Vieux c2d0bb307f Disable timeout for push
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 8baafacf404265c95753e63d2b7510731359c4b4
Component: engine
2014-06-07 23:48:25 +00:00
Solomon Hykes 231057613f Move 'search' to the registry subsystem
This continues the effort to separate all registry logic from the
deprecated `Server` object.

* 'search' is exposed by `github.com/dotcloud/docker/registry/Service`
* Added proper documentation of Search while I was at it

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: c4089ad80bcc1466535696ac0b11d388df529391
Component: engine
2014-05-03 00:37:32 +00:00
Solomon Hykes 3dfee4b46a Move 'auth' to the registry subsystem
This is the first step towards separating the registry subsystem from
the deprecated `Server` object.

* New service `github.com/dotcloud/docker/registry/Service`
* The service is installed by default in `builtins`
* The service only exposes `auth` for now...
* ...Soon to be followed by `pull`, `push` and `search`.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 3d605683b3d272982399635a55ee81b2a7535e81
Component: engine
2014-05-03 00:37:06 +00:00