docker-remote 0.1.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f8dcfda8b4cbf58474274964a653f5049f609333bf88d1b9497205a4bb366e6e
-  data.tar.gz: 9ec104d6e95619a579b0e8e4049d00d6e1eb68c425f7490a83a12477ca812e21
+  metadata.gz: dff0f9b1ca90b5aee31b32c2a21804958e56c820d0dea006dc72e01ec9d7bde0
+  data.tar.gz: 37430773f8c4cc38eab13ffe84c130ce1004248eb1eede2c9017125fda24fe52
 SHA512:
-  metadata.gz: 96faa086fc0223dc3377c77e57042b806f446923156c46bf6627438d64104c06bcadcda9674901a830f209ab68abb09a79335893df8e9428472d292e62dc8c83
-  data.tar.gz: '038eb80f159cc9c1c0a3740923c55a4c351c156b10a1e641aaaf4f3d7ceab790fe03d1ca0001f5b2b150978acf8f3e709654764b1e9ab9e950874d2837b54c59'
+  metadata.gz: ee3d605c43385c3ab6dd3da722813806abff376a762e1dc1a1d11192a1f9013dbbb63342ae70fe737770d63a065d33e3e1e4868617d78dd45dc401dd3026c57e
+  data.tar.gz: 437bb0ab332ebf9c62ef3ed9ff7609271770a711dc1d5c7f7d34d15bb9bf2d75076679667ff2e8c850d8e3b654ecca00c2c77dbb950b5a10d730bdff71ef0164

data/CHANGELOG.md

@@ -1,2 +1,18 @@
+## 0.5.1
+* Just use given port if present, i.e. without checking it for connectivity.
+
+## 0.5.0
+* Figure out registry port more accurately.
+
+## 0.4.0
+* Support redirection when making HTTP requests.
+
+## 0.3.0
+* Support registries with no auth.
+* Raise errors upon receiving unexpected response codes during auth flow.
+
+## 0.2.0
+* Support both basic and bearer auth.
+
 ## 0.1.0
 * Birthday!

data/Gemfile

@@ -4,6 +4,7 @@ gemspec
 
 group :development do
   gem 'rake'
+  gem 'pry-byebug'
 end
 
 group :test do

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Cameron Dutro
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/docker-remote.gemspec

@@ -8,10 +8,10 @@ Gem::Specification.new do |s|
   s.email    = ['camertron@gmail.com']
   s.homepage = 'http://github.com/getkuby/docker-remote'
 
-  s.description = s.summary = 'A Ruby client for communicating with the Docker HTTP API v2.'
+  s.description = s.summary = 'A Ruby client for communicating with the Docker registry API v2.'
 
   s.platform = Gem::Platform::RUBY
 
   s.require_path = 'lib'
-  s.files = Dir['{lib,spec}/**/*', 'Gemfile', 'CHANGELOG.md', 'README.md', 'Rakefile', 'docker-remote.gemspec']
+  s.files = Dir['{lib,spec}/**/*', 'Gemfile', 'CHANGELOG.md', 'LICENSE', 'README.md', 'Rakefile', 'docker-remote.gemspec']
 end

data/lib/docker/remote.rb

@@ -1,9 +1,16 @@
-require 'net/http'
-require 'uri'
-
 module Docker
   module Remote
+    class ClientError < StandardError; end
+    class ServerError < StandardError; end
+    class UnauthorizedError < ClientError; end
+    class NotFoundError < ClientError; end
+
+    class UnsupportedAuthTypeError < StandardError; end
+
+    autoload :BasicAuth,  'docker/remote/basic_auth'
+    autoload :BearerAuth, 'docker/remote/bearer_auth'
     autoload :Client,     'docker/remote/client'
-    autoload :ServerAuth, 'docker/remote/server_auth'
+    autoload :NoAuth,     'docker/remote/no_auth'
+    autoload :Utils,      'docker/remote/utils'
   end
 end

data/lib/docker/remote/basic_auth.rb

@@ -0,0 +1,20 @@
+require 'net/http'
+
+module Docker
+  module Remote
+    class BasicAuth
+      attr_reader :username, :password
+
+      def initialize(username, password)
+        @username = username
+        @password = password
+      end
+
+      def make_get(path)
+        Net::HTTP::Get.new(path).tap do |request|
+          request.basic_auth(username, password)
+        end
+      end
+    end
+  end
+end

data/lib/docker/remote/bearer_auth.rb

@@ -0,0 +1,55 @@
+require 'json'
+require 'net/http'
+require 'uri'
+
+module Docker
+  module Remote
+    class BearerAuth
+      include Utils
+
+      attr_reader :params, :repo, :username, :password
+
+      def initialize(params, repo, username, password)
+        @params = params
+        @repo = repo
+        @username = username
+        @password = password
+      end
+
+      def make_get(path)
+        Net::HTTP::Get.new(path).tap do |request|
+          request['Authorization'] = "Bearer #{token}"
+        end
+      end
+
+      private
+
+      def realm
+        @realm ||= URI.parse(params['realm'])
+      end
+
+      def service
+        @serivce ||= params['service']
+      end
+
+      def token
+        @token ||= begin
+          http = Net::HTTP.new(realm.host, realm.port)
+          http.use_ssl = true if realm.scheme == 'https'
+
+          request = Net::HTTP::Get.new(
+            "#{realm.request_uri}?service=#{service}&scope=repository:#{repo}:pull"
+          )
+
+          if username && password
+            request.basic_auth(username, password)
+          end
+
+          response = http.request(request)
+          potentially_raise_error!(response)
+          JSON.parse(response.body)['token']
+        end
+      end
+    end
+  end
+end

data/lib/docker/remote/client.rb

@@ -1,15 +1,23 @@
 require 'json'
+require 'net/http'
+require 'socket'
+require 'uri'
 
 module Docker
   module Remote
-    class ClientError < StandardError; end
-    class ServerError < StandardError; end
-    class UnauthorizedError < ClientError; end
-    class NotFoundError < ClientError; end
+    class DockerRemoteError < StandardError; end
+    class UnsupportedVersionError < DockerRemoteError; end
+    class UnexpectedResponseCodeError < DockerRemoteError; end
 
     class Client
+      include Utils
+
       attr_reader :registry_url, :repo, :username, :password
 
+      PORTMAP = { 'ghcr.io' => 443 }.freeze
+      DEFAULT_PORT = 443
+      STANDARD_PORTS = [DEFAULT_PORT, 80].freeze
+
       def initialize(registry_url, repo, username = nil, password = nil)
         @registry_url = registry_url
         @repo = repo
@@ -18,96 +26,173 @@ module Docker
       end
 
       def tags
-        request = make_get("/v2/#{repo}/tags/list")
-        response = registry_http.request(request)
+        response = get("/v2/#{repo}/tags/list")
         potentially_raise_error!(response)
         JSON.parse(response.body)['tags']
       end
 
       def manifest_for(reference)
-        request = make_get("/v2/#{repo}/manifests/#{reference}")
-        response = registry_http.request(request)
+        response = get("/v2/#{repo}/manifests/#{reference}")
         potentially_raise_error!(response)
         JSON.parse(response.body)
       end
 
       def catalog
-        request = make_get("/v2/_catalog")
-        response = registry_http.request(request)
+        response = get("/v2/_catalog")
         potentially_raise_error!(response)
         JSON.parse(response.body)
       end
 
       private
 
-      def token
-        @token ||= begin
-          uri = URI.parse(server_auth.realm)
-          http = Net::HTTP.new(uri.host, uri.port)
-          http.use_ssl = true if uri.scheme == 'https'
+      def auth
+        @auth ||= begin
+          response = get('/v2/', use_auth: nil)
+
+          case response.code
+            when '200'
+              NoAuth.instance
+            when '401'
+              www_auth(response)
+            when '404'
+              raise UnsupportedVersionError,
+                "the registry at #{registry_url} doesn't support v2 "\
+                  'of the Docker registry API'
+            else
+              raise UnexpectedResponseCodeError,
+                "the registry at #{registry_url} responded with an "\
+                  "unexpected HTTP status code of #{response.code}"
+          end
+        end
+      end
 
-          request = Net::HTTP::Get.new(
-            "#{uri.request_uri}?service=#{server_auth.service}&scope=repository:#{repo}:pull"
-          )
+      def www_auth(response)
+        auth = response['www-authenticate']
 
-          if username && password
-            request.basic_auth(username, password)
-          end
+        idx = auth.index(' ')
+        auth_type = auth[0..idx].strip
 
-          response = http.request(request)
-          potentially_raise_error!(response)
-          JSON.parse(response.body)['token']
+        params = auth[idx..-1].split(',').each_with_object({}) do |param, ret|
+          key, value = param.split('=')
+          ret[key.strip] = value.strip[1..-2]  # remove quotes
         end
-      end
 
-      def server_auth
-        @server_auth ||= begin
-          request = Net::HTTP::Get.new('/v2/')
-          response = registry_http.request(request)
-          auth = response['www-authenticate']
+        case auth_type.downcase
+          when 'bearer'
+            BearerAuth.new(params, repo, username, password)
+          when 'basic'
+            BasicAuth.new(username, password)
+          else
+            raise UnsupportedAuthTypeError,
+              "unsupported Docker auth type '#{auth_type}'"
+        end
+      end
 
-          idx = auth.index(' ')
-          auth_type = auth[0..idx].strip
+      def get(path, http: registry_http, use_auth: auth, limit: 5)
+        if limit == 0
+          raise DockerRemoteError, 'too many redirects'
+        end
 
-          params = auth[idx..-1].split(',').each_with_object({}) do |param, ret|
-            key, value = param.split('=')
-            ret[key.strip] = value.strip[1..-2]  # remove quotes
-          end
+        request = if use_auth
+          use_auth.make_get(path)
+        else
+          Net::HTTP::Get.new(path)
+        end
 
-          ServerAuth.new(auth_type, params)
+        response = http.request(request)
+
+        case response
+          when Net::HTTPRedirection
+            redirect_uri = URI.parse(response['location'])
+            redirect_http = make_http(redirect_uri)
+            return get(
+              redirect_uri.path, {
+                http: redirect_http,
+                use_auth: use_auth,
+                limit: limit - 1
+              }
+            )
         end
+
+        response
       end
 
       def registry_uri
-        @registry_uri ||= URI.parse(registry_url)
-      end
+        @registry_uri ||= begin
+          host_port, *rest = registry_url.split('/')
+          host, orig_port = host_port.split(':')
+
+          port = if orig_port
+            orig_port.to_i
+          elsif prt = PORTMAP[host]
+            prt
+          else
+            STANDARD_PORTS.find do |prt|
+              can_connect?(host, prt)
+            end
+          end
 
-      def registry_http
-        @registry_http ||= Net::HTTP.new(registry_uri.host, registry_uri.port).tap do |http|
-          http.use_ssl = true if registry_uri.scheme == 'https'
+          unless port
+            raise DockerRemoteError,
+              "couldn't determine what port to connect to for '#{registry_url}'"
+          end
+
+          scheme = port == DEFAULT_PORT ? 'https' : 'http'
+          URI.parse("#{scheme}://#{host}:#{port}/#{rest.join('/')}")
         end
       end
 
-      def make_get(path)
-        Net::HTTP::Get.new(path).tap do |request|
-          request['Authorization'] = "Bearer #{token}"
+      def make_http(uri)
+        Net::HTTP.new(uri.host, uri.port).tap do |http|
+          http.use_ssl = true if uri.scheme == 'https'
         end
       end
 
-      def potentially_raise_error!(response)
-        case response.code.to_i
-          when 401
-            raise UnauthorizedError, "401 Unauthorized: #{response.message}"
-          when 404
-            raise NotFoundError, "404 Not Found: #{response.message}"
-        end
+      def registry_http
+        @registry_http ||= make_http(registry_uri)
+      end
 
-        case response.code.to_i / 100
-          when 4
-            raise ClientError, "#{response.code}: #{response.message}"
-          when 5
-            raise ServerError, "#{response.code}: #{response.message}"
+      # Adapted from: https://spin.atomicobject.com/2013/09/30/socket-connection-timeout-ruby/
+      def can_connect?(host, port)
+        # Convert the passed host into structures the non-blocking calls
+        # can deal with
+        addr = Socket.getaddrinfo(host, nil)
+        sockaddr = Socket.pack_sockaddr_in(port, addr[0][3])
+        timeout = 3
+
+        Socket.new(Socket.const_get(addr[0][0]), Socket::SOCK_STREAM, 0).tap do |socket|
+          socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+
+          begin
+            # Initiate the socket connection in the background. If it doesn't fail
+            # immediately it will raise an IO::WaitWritable (Errno::EINPROGRESS)
+            # indicating the connection is in progress.
+            socket.connect_nonblock(sockaddr)
+
+          rescue IO::WaitWritable
+            # IO.select will block until the socket is writable or the timeout
+            # is exceeded - whichever comes first.
+            if IO.select(nil, [socket], nil, timeout)
+              begin
+                # Verify there is now a good connection
+                socket.connect_nonblock(sockaddr)
+              rescue Errno::EISCONN
+                # Good news everybody, the socket is connected!
+                socket.close
+                return true
+              rescue
+                # An unexpected exception was raised - the connection is no good.
+                socket.close
+              end
+            else
+              # IO.select returns nil when the socket is not ready before timeout
+              # seconds have elapsed
+              socket.close
+            end
+          end
         end
+
+        false
       end
     end
   end

data/lib/docker/remote/no_auth.rb

@@ -0,0 +1,11 @@
+module Docker
+  module Remote
+    class NoAuth
+      include Singleton
+
+      def make_get(path)
+        Net::HTTP::Get.new(path)
+      end
+    end
+  end
+end

data/lib/docker/remote/utils.rb

@@ -0,0 +1,21 @@
+module Docker
+  module Remote
+    module Utils
+      def potentially_raise_error!(response)
+        case response.code.to_i
+          when 401
+            raise UnauthorizedError, "401 Unauthorized: #{response.message}"
+          when 404
+            raise NotFoundError, "404 Not Found: #{response.message}"
+        end
+
+        case response.code.to_i / 100
+          when 4
+            raise ClientError, "#{response.code}: #{response.message}"
+          when 5
+            raise ServerError, "#{response.code}: #{response.message}"
+        end
+      end
+    end
+  end
+end

data/lib/docker/remote/version.rb

@@ -1,5 +1,5 @@
 module Docker
   module Remote
-    VERSION = '0.1.0'
+    VERSION = '0.5.1'
   end
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: docker-remote
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.5.1
 platform: ruby
 authors:
 - Cameron Dutro
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-21 00:00:00.000000000 Z
+date: 2020-11-12 00:00:00.000000000 Z
 dependencies: []
-description: A Ruby client for communicating with the Docker HTTP API v2.
+description: A Ruby client for communicating with the Docker registry API v2.
 email:
 - camertron@gmail.com
 executables: []
@@ -19,16 +19,20 @@ extra_rdoc_files: []
 files:
 - CHANGELOG.md
 - Gemfile
+- LICENSE
 - Rakefile
 - docker-remote.gemspec
 - lib/docker/remote.rb
+- lib/docker/remote/basic_auth.rb
+- lib/docker/remote/bearer_auth.rb
 - lib/docker/remote/client.rb
-- lib/docker/remote/server_auth.rb
+- lib/docker/remote/no_auth.rb
+- lib/docker/remote/utils.rb
 - lib/docker/remote/version.rb
 homepage: http://github.com/getkuby/docker-remote
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -43,8 +47,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
-summary: A Ruby client for communicating with the Docker HTTP API v2.
+summary: A Ruby client for communicating with the Docker registry API v2.
 test_files: []

data/lib/docker/remote/server_auth.rb

@@ -1,20 +0,0 @@
-module Docker
-  module Remote
-    class ServerAuth
-      attr_reader :auth_type, :params
-
-      def initialize(auth_type, params)
-        @auth_type = auth_type
-        @params = params
-      end
-
-      def realm
-        @params['realm']
-      end
-
-      def service
-        @params['service']
-      end
-    end
-  end
-end