docker-remote 0.2.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 19acf54d628fdf18296c7a86ffdd6760840f7222fa28e5438e5b0edc7bac7136
-  data.tar.gz: 1ce08796037731c708c9f5ce79e8038d31d288654f0ea7070166a2d6ac4e711c
+  metadata.gz: 67104ac59d9b809cfaafaac9c1711b4d68b4d514c4c0360a28cb42cea105a72b
+  data.tar.gz: 59d0560b904d4fbf9bd4e7484caf179cf0355f3b716eaaf104c87a3700be00f6
 SHA512:
-  metadata.gz: 273f430350900735e9efb3a63155d01d32d14afcc7ab5b34b94250e2de0d12c2cd5301f88d08c0729513848f06a559b918d7a762a0b1803854c6f8069e9263f3
-  data.tar.gz: 60684d86a0675c3465455b3df6373144db0894a908fd5c0491c5b822a7c5544d00dd50121a3d57d666ea4b5a4b0a4a34b674c29bd6e25e690c142217a63c60d0
+  metadata.gz: ee73da94c49c3c70779ad258d9b0e0147c2768998762bcaa5829756ba4203163245fcb00031bdd7d9abeaee5d680bc5077788fa5826deb03e7e99f9a7eb01591
+  data.tar.gz: 1cd3bac68947f1bf7af75ca903de81b932ae2258842ae22a71eee444c621ea63975b243cbc63a1bd273a848d756a3427409548375454580372f6f7c6d00b0626

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+## 0.6.0
+* Raise `UnknownRepoError` if the registry returns the `NAME_UNKNOWN` error code, which indicates the repo has never been pushed to before.
+
+## 0.5.1
+* Just use given port if present, i.e. without checking it for connectivity.
+
+## 0.5.0
+* Figure out registry port more accurately.
+
+## 0.4.0
+* Support redirection when making HTTP requests.
+
+## 0.3.0
+* Support registries with no auth.
+* Raise errors upon receiving unexpected response codes during auth flow.
+
 ## 0.2.0
 * Support both basic and bearer auth.
 

data/Gemfile

@@ -4,6 +4,7 @@ gemspec
 
 group :development do
   gem 'rake'
+  gem 'pry-byebug'
 end
 
 group :test do

data/lib/docker/remote.rb

@@ -4,12 +4,14 @@ module Docker
     class ServerError < StandardError; end
     class UnauthorizedError < ClientError; end
     class NotFoundError < ClientError; end
+    class UnknownRepoError < ClientError; end
 
     class UnsupportedAuthTypeError < StandardError; end
 
     autoload :BasicAuth,  'docker/remote/basic_auth'
     autoload :BearerAuth, 'docker/remote/bearer_auth'
     autoload :Client,     'docker/remote/client'
+    autoload :NoAuth,     'docker/remote/no_auth'
     autoload :Utils,      'docker/remote/utils'
   end
 end

data/lib/docker/remote/client.rb

@@ -1,14 +1,23 @@
 require 'json'
 require 'net/http'
+require 'socket'
 require 'uri'
 
 module Docker
   module Remote
+    class DockerRemoteError < StandardError; end
+    class UnsupportedVersionError < DockerRemoteError; end
+    class UnexpectedResponseCodeError < DockerRemoteError; end
+
     class Client
       include Utils
 
       attr_reader :registry_url, :repo, :username, :password
 
+      PORTMAP = { 'ghcr.io' => 443 }.freeze
+      DEFAULT_PORT = 443
+      STANDARD_PORTS = [DEFAULT_PORT, 80].freeze
+
       def initialize(registry_url, repo, username = nil, password = nil)
         @registry_url = registry_url
         @repo = repo
@@ -17,22 +26,19 @@ module Docker
       end
 
       def tags
-        request = auth.make_get("/v2/#{repo}/tags/list")
-        response = registry_http.request(request)
+        response = get("/v2/#{repo}/tags/list")
         potentially_raise_error!(response)
         JSON.parse(response.body)['tags']
       end
 
       def manifest_for(reference)
-        request = auth.make_get("/v2/#{repo}/manifests/#{reference}")
-        response = registry_http.request(request)
+        response = get("/v2/#{repo}/manifests/#{reference}")
         potentially_raise_error!(response)
         JSON.parse(response.body)
       end
 
       def catalog
-        request = auth.make_get("/v2/_catalog")
-        response = registry_http.request(request)
+        response = get("/v2/_catalog")
         potentially_raise_error!(response)
         JSON.parse(response.body)
       end
@@ -41,37 +47,152 @@ module Docker
 
       def auth
         @auth ||= begin
-          request = Net::HTTP::Get.new('/v2/')
-          response = registry_http.request(request)
-          auth = response['www-authenticate']
+          response = get('/v2/', use_auth: nil)
+
+          case response.code
+            when '200'
+              NoAuth.instance
+            when '401'
+              www_auth(response)
+            when '404'
+              raise UnsupportedVersionError,
+                "the registry at #{registry_url} doesn't support v2 "\
+                  'of the Docker registry API'
+            else
+              raise UnexpectedResponseCodeError,
+                "the registry at #{registry_url} responded with an "\
+                  "unexpected HTTP status code of #{response.code}"
+          end
+        end
+      end
+
+      def www_auth(response)
+        auth = response['www-authenticate']
+
+        idx = auth.index(' ')
+        auth_type = auth[0..idx].strip
+
+        params = auth[idx..-1].split(',').each_with_object({}) do |param, ret|
+          key, value = param.split('=')
+          ret[key.strip] = value.strip[1..-2]  # remove quotes
+        end
+
+        case auth_type.downcase
+          when 'bearer'
+            BearerAuth.new(params, repo, username, password)
+          when 'basic'
+            BasicAuth.new(username, password)
+          else
+            raise UnsupportedAuthTypeError,
+              "unsupported Docker auth type '#{auth_type}'"
+        end
+      end
+
+      def get(path, http: registry_http, use_auth: auth, limit: 5)
+        if limit == 0
+          raise DockerRemoteError, 'too many redirects'
+        end
+
+        request = if use_auth
+          use_auth.make_get(path)
+        else
+          Net::HTTP::Get.new(path)
+        end
 
-          idx = auth.index(' ')
-          auth_type = auth[0..idx].strip
+        response = http.request(request)
 
-          params = auth[idx..-1].split(',').each_with_object({}) do |param, ret|
-            key, value = param.split('=')
-            ret[key.strip] = value.strip[1..-2]  # remove quotes
+        case response
+          when Net::HTTPRedirection
+            redirect_uri = URI.parse(response['location'])
+            redirect_http = make_http(redirect_uri)
+            return get(
+              redirect_uri.path, {
+                http: redirect_http,
+                use_auth: use_auth,
+                limit: limit - 1
+              }
+            )
+        end
+
+        response
+      end
+
+      def registry_uri
+        @registry_uri ||= begin
+          host_port, *rest = registry_url.split('/')
+          host, orig_port = host_port.split(':')
+
+          port = if orig_port
+            orig_port.to_i
+          elsif prt = PORTMAP[host]
+            prt
+          else
+            STANDARD_PORTS.find do |prt|
+              can_connect?(host, prt)
+            end
           end
 
-          case auth_type.downcase
-            when 'bearer'
-              BearerAuth.new(params, repo, username, password)
-            when 'basic'
-              BasicAuth.new(username, password)
-            else
-              raise UnsupportedAuthTypeError, "unsupported Docker auth type '#{auth_type}'"
+          unless port
+            raise DockerRemoteError,
+              "couldn't determine what port to connect to for '#{registry_url}'"
           end
+
+          scheme = port == DEFAULT_PORT ? 'https' : 'http'
+          URI.parse("#{scheme}://#{host}:#{port}/#{rest.join('/')}")
         end
       end
 
-      def registry_uri
-        @registry_uri ||= URI.parse(registry_url)
+      def make_http(uri)
+        Net::HTTP.new(uri.host, uri.port).tap do |http|
+          http.use_ssl = true if uri.scheme == 'https'
+        end
       end
 
       def registry_http
-        @registry_http ||= Net::HTTP.new(registry_uri.host, registry_uri.port).tap do |http|
-          http.use_ssl = true if registry_uri.scheme == 'https'
+        @registry_http ||= make_http(registry_uri)
+      end
+
+      # Adapted from: https://spin.atomicobject.com/2013/09/30/socket-connection-timeout-ruby/
+      def can_connect?(host, port)
+        # Convert the passed host into structures the non-blocking calls
+        # can deal with
+        addr = Socket.getaddrinfo(host, nil)
+        sockaddr = Socket.pack_sockaddr_in(port, addr[0][3])
+        timeout = 3
+
+        Socket.new(Socket.const_get(addr[0][0]), Socket::SOCK_STREAM, 0).tap do |socket|
+          socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+
+          begin
+            # Initiate the socket connection in the background. If it doesn't fail
+            # immediately it will raise an IO::WaitWritable (Errno::EINPROGRESS)
+            # indicating the connection is in progress.
+            socket.connect_nonblock(sockaddr)
+
+          rescue IO::WaitWritable
+            # IO.select will block until the socket is writable or the timeout
+            # is exceeded - whichever comes first.
+            if IO.select(nil, [socket], nil, timeout)
+              begin
+                # Verify there is now a good connection
+                socket.connect_nonblock(sockaddr)
+              rescue Errno::EISCONN
+                # Good news everybody, the socket is connected!
+                socket.close
+                return true
+              rescue
+                # An unexpected exception was raised - the connection is no good.
+                socket.close
+              end
+            else
+              # IO.select returns nil when the socket is not ready before timeout
+              # seconds have elapsed
+              socket.close
+            end
+          end
         end
+
+        false
       end
     end
   end

data/lib/docker/remote/no_auth.rb

@@ -0,0 +1,11 @@
+module Docker
+  module Remote
+    class NoAuth
+      include Singleton
+
+      def make_get(path)
+        Net::HTTP::Get.new(path)
+      end
+    end
+  end
+end

data/lib/docker/remote/utils.rb

@@ -1,3 +1,5 @@
+require 'json'
+
 module Docker
   module Remote
     module Utils
@@ -6,6 +8,13 @@ module Docker
           when 401
             raise UnauthorizedError, "401 Unauthorized: #{response.message}"
           when 404
+            json = JSON.parse(response.body) rescue {}
+            error = (json['errors'] || []).first || {}
+
+            if error['code'] == 'NAME_UNKNOWN'
+              raise UnknownRepoError, error['message']
+            end
+
             raise NotFoundError, "404 Not Found: #{response.message}"
         end
 

data/lib/docker/remote/version.rb

@@ -1,5 +1,5 @@
 module Docker
   module Remote
-    VERSION = '0.2.0'
+    VERSION = '0.6.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: docker-remote
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Cameron Dutro
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-26 00:00:00.000000000 Z
+date: 2021-06-06 00:00:00.000000000 Z
 dependencies: []
 description: A Ruby client for communicating with the Docker registry API v2.
 email:
@@ -26,6 +26,7 @@ files:
 - lib/docker/remote/basic_auth.rb
 - lib/docker/remote/bearer_auth.rb
 - lib/docker/remote/client.rb
+- lib/docker/remote/no_auth.rb
 - lib/docker/remote/utils.rb
 - lib/docker/remote/version.rb
 homepage: http://github.com/getkuby/docker-remote