docker-remote 0.2.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -0
- data/Gemfile +1 -0
- data/lib/docker/remote.rb +2 -0
- data/lib/docker/remote/client.rb +146 -25
- data/lib/docker/remote/no_auth.rb +11 -0
- data/lib/docker/remote/utils.rb +9 -0
- data/lib/docker/remote/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 67104ac59d9b809cfaafaac9c1711b4d68b4d514c4c0360a28cb42cea105a72b
|
4
|
+
data.tar.gz: 59d0560b904d4fbf9bd4e7484caf179cf0355f3b716eaaf104c87a3700be00f6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ee73da94c49c3c70779ad258d9b0e0147c2768998762bcaa5829756ba4203163245fcb00031bdd7d9abeaee5d680bc5077788fa5826deb03e7e99f9a7eb01591
|
7
|
+
data.tar.gz: 1cd3bac68947f1bf7af75ca903de81b932ae2258842ae22a71eee444c621ea63975b243cbc63a1bd273a848d756a3427409548375454580372f6f7c6d00b0626
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,19 @@
|
|
1
|
+
## 0.6.0
|
2
|
+
* Raise `UnknownRepoError` if the registry returns the `NAME_UNKNOWN` error code, which indicates the repo has never been pushed to before.
|
3
|
+
|
4
|
+
## 0.5.1
|
5
|
+
* Just use given port if present, i.e. without checking it for connectivity.
|
6
|
+
|
7
|
+
## 0.5.0
|
8
|
+
* Figure out registry port more accurately.
|
9
|
+
|
10
|
+
## 0.4.0
|
11
|
+
* Support redirection when making HTTP requests.
|
12
|
+
|
13
|
+
## 0.3.0
|
14
|
+
* Support registries with no auth.
|
15
|
+
* Raise errors upon receiving unexpected response codes during auth flow.
|
16
|
+
|
1
17
|
## 0.2.0
|
2
18
|
* Support both basic and bearer auth.
|
3
19
|
|
data/Gemfile
CHANGED
data/lib/docker/remote.rb
CHANGED
@@ -4,12 +4,14 @@ module Docker
|
|
4
4
|
class ServerError < StandardError; end
|
5
5
|
class UnauthorizedError < ClientError; end
|
6
6
|
class NotFoundError < ClientError; end
|
7
|
+
class UnknownRepoError < ClientError; end
|
7
8
|
|
8
9
|
class UnsupportedAuthTypeError < StandardError; end
|
9
10
|
|
10
11
|
autoload :BasicAuth, 'docker/remote/basic_auth'
|
11
12
|
autoload :BearerAuth, 'docker/remote/bearer_auth'
|
12
13
|
autoload :Client, 'docker/remote/client'
|
14
|
+
autoload :NoAuth, 'docker/remote/no_auth'
|
13
15
|
autoload :Utils, 'docker/remote/utils'
|
14
16
|
end
|
15
17
|
end
|
data/lib/docker/remote/client.rb
CHANGED
@@ -1,14 +1,23 @@
|
|
1
1
|
require 'json'
|
2
2
|
require 'net/http'
|
3
|
+
require 'socket'
|
3
4
|
require 'uri'
|
4
5
|
|
5
6
|
module Docker
|
6
7
|
module Remote
|
8
|
+
class DockerRemoteError < StandardError; end
|
9
|
+
class UnsupportedVersionError < DockerRemoteError; end
|
10
|
+
class UnexpectedResponseCodeError < DockerRemoteError; end
|
11
|
+
|
7
12
|
class Client
|
8
13
|
include Utils
|
9
14
|
|
10
15
|
attr_reader :registry_url, :repo, :username, :password
|
11
16
|
|
17
|
+
PORTMAP = { 'ghcr.io' => 443 }.freeze
|
18
|
+
DEFAULT_PORT = 443
|
19
|
+
STANDARD_PORTS = [DEFAULT_PORT, 80].freeze
|
20
|
+
|
12
21
|
def initialize(registry_url, repo, username = nil, password = nil)
|
13
22
|
@registry_url = registry_url
|
14
23
|
@repo = repo
|
@@ -17,22 +26,19 @@ module Docker
|
|
17
26
|
end
|
18
27
|
|
19
28
|
def tags
|
20
|
-
|
21
|
-
response = registry_http.request(request)
|
29
|
+
response = get("/v2/#{repo}/tags/list")
|
22
30
|
potentially_raise_error!(response)
|
23
31
|
JSON.parse(response.body)['tags']
|
24
32
|
end
|
25
33
|
|
26
34
|
def manifest_for(reference)
|
27
|
-
|
28
|
-
response = registry_http.request(request)
|
35
|
+
response = get("/v2/#{repo}/manifests/#{reference}")
|
29
36
|
potentially_raise_error!(response)
|
30
37
|
JSON.parse(response.body)
|
31
38
|
end
|
32
39
|
|
33
40
|
def catalog
|
34
|
-
|
35
|
-
response = registry_http.request(request)
|
41
|
+
response = get("/v2/_catalog")
|
36
42
|
potentially_raise_error!(response)
|
37
43
|
JSON.parse(response.body)
|
38
44
|
end
|
@@ -41,37 +47,152 @@ module Docker
|
|
41
47
|
|
42
48
|
def auth
|
43
49
|
@auth ||= begin
|
44
|
-
|
45
|
-
|
46
|
-
|
50
|
+
response = get('/v2/', use_auth: nil)
|
51
|
+
|
52
|
+
case response.code
|
53
|
+
when '200'
|
54
|
+
NoAuth.instance
|
55
|
+
when '401'
|
56
|
+
www_auth(response)
|
57
|
+
when '404'
|
58
|
+
raise UnsupportedVersionError,
|
59
|
+
"the registry at #{registry_url} doesn't support v2 "\
|
60
|
+
'of the Docker registry API'
|
61
|
+
else
|
62
|
+
raise UnexpectedResponseCodeError,
|
63
|
+
"the registry at #{registry_url} responded with an "\
|
64
|
+
"unexpected HTTP status code of #{response.code}"
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
def www_auth(response)
|
70
|
+
auth = response['www-authenticate']
|
71
|
+
|
72
|
+
idx = auth.index(' ')
|
73
|
+
auth_type = auth[0..idx].strip
|
74
|
+
|
75
|
+
params = auth[idx..-1].split(',').each_with_object({}) do |param, ret|
|
76
|
+
key, value = param.split('=')
|
77
|
+
ret[key.strip] = value.strip[1..-2] # remove quotes
|
78
|
+
end
|
79
|
+
|
80
|
+
case auth_type.downcase
|
81
|
+
when 'bearer'
|
82
|
+
BearerAuth.new(params, repo, username, password)
|
83
|
+
when 'basic'
|
84
|
+
BasicAuth.new(username, password)
|
85
|
+
else
|
86
|
+
raise UnsupportedAuthTypeError,
|
87
|
+
"unsupported Docker auth type '#{auth_type}'"
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
def get(path, http: registry_http, use_auth: auth, limit: 5)
|
92
|
+
if limit == 0
|
93
|
+
raise DockerRemoteError, 'too many redirects'
|
94
|
+
end
|
95
|
+
|
96
|
+
request = if use_auth
|
97
|
+
use_auth.make_get(path)
|
98
|
+
else
|
99
|
+
Net::HTTP::Get.new(path)
|
100
|
+
end
|
47
101
|
|
48
|
-
|
49
|
-
auth_type = auth[0..idx].strip
|
102
|
+
response = http.request(request)
|
50
103
|
|
51
|
-
|
52
|
-
|
53
|
-
|
104
|
+
case response
|
105
|
+
when Net::HTTPRedirection
|
106
|
+
redirect_uri = URI.parse(response['location'])
|
107
|
+
redirect_http = make_http(redirect_uri)
|
108
|
+
return get(
|
109
|
+
redirect_uri.path, {
|
110
|
+
http: redirect_http,
|
111
|
+
use_auth: use_auth,
|
112
|
+
limit: limit - 1
|
113
|
+
}
|
114
|
+
)
|
115
|
+
end
|
116
|
+
|
117
|
+
response
|
118
|
+
end
|
119
|
+
|
120
|
+
def registry_uri
|
121
|
+
@registry_uri ||= begin
|
122
|
+
host_port, *rest = registry_url.split('/')
|
123
|
+
host, orig_port = host_port.split(':')
|
124
|
+
|
125
|
+
port = if orig_port
|
126
|
+
orig_port.to_i
|
127
|
+
elsif prt = PORTMAP[host]
|
128
|
+
prt
|
129
|
+
else
|
130
|
+
STANDARD_PORTS.find do |prt|
|
131
|
+
can_connect?(host, prt)
|
132
|
+
end
|
54
133
|
end
|
55
134
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
when 'basic'
|
60
|
-
BasicAuth.new(username, password)
|
61
|
-
else
|
62
|
-
raise UnsupportedAuthTypeError, "unsupported Docker auth type '#{auth_type}'"
|
135
|
+
unless port
|
136
|
+
raise DockerRemoteError,
|
137
|
+
"couldn't determine what port to connect to for '#{registry_url}'"
|
63
138
|
end
|
139
|
+
|
140
|
+
scheme = port == DEFAULT_PORT ? 'https' : 'http'
|
141
|
+
URI.parse("#{scheme}://#{host}:#{port}/#{rest.join('/')}")
|
64
142
|
end
|
65
143
|
end
|
66
144
|
|
67
|
-
def
|
68
|
-
|
145
|
+
def make_http(uri)
|
146
|
+
Net::HTTP.new(uri.host, uri.port).tap do |http|
|
147
|
+
http.use_ssl = true if uri.scheme == 'https'
|
148
|
+
end
|
69
149
|
end
|
70
150
|
|
71
151
|
def registry_http
|
72
|
-
@registry_http ||=
|
73
|
-
|
152
|
+
@registry_http ||= make_http(registry_uri)
|
153
|
+
end
|
154
|
+
|
155
|
+
# Adapted from: https://spin.atomicobject.com/2013/09/30/socket-connection-timeout-ruby/
|
156
|
+
def can_connect?(host, port)
|
157
|
+
# Convert the passed host into structures the non-blocking calls
|
158
|
+
# can deal with
|
159
|
+
addr = Socket.getaddrinfo(host, nil)
|
160
|
+
sockaddr = Socket.pack_sockaddr_in(port, addr[0][3])
|
161
|
+
timeout = 3
|
162
|
+
|
163
|
+
Socket.new(Socket.const_get(addr[0][0]), Socket::SOCK_STREAM, 0).tap do |socket|
|
164
|
+
socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
|
165
|
+
|
166
|
+
begin
|
167
|
+
# Initiate the socket connection in the background. If it doesn't fail
|
168
|
+
# immediately it will raise an IO::WaitWritable (Errno::EINPROGRESS)
|
169
|
+
# indicating the connection is in progress.
|
170
|
+
socket.connect_nonblock(sockaddr)
|
171
|
+
|
172
|
+
rescue IO::WaitWritable
|
173
|
+
# IO.select will block until the socket is writable or the timeout
|
174
|
+
# is exceeded - whichever comes first.
|
175
|
+
if IO.select(nil, [socket], nil, timeout)
|
176
|
+
begin
|
177
|
+
# Verify there is now a good connection
|
178
|
+
socket.connect_nonblock(sockaddr)
|
179
|
+
rescue Errno::EISCONN
|
180
|
+
# Good news everybody, the socket is connected!
|
181
|
+
socket.close
|
182
|
+
return true
|
183
|
+
rescue
|
184
|
+
# An unexpected exception was raised - the connection is no good.
|
185
|
+
socket.close
|
186
|
+
end
|
187
|
+
else
|
188
|
+
# IO.select returns nil when the socket is not ready before timeout
|
189
|
+
# seconds have elapsed
|
190
|
+
socket.close
|
191
|
+
end
|
192
|
+
end
|
74
193
|
end
|
194
|
+
|
195
|
+
false
|
75
196
|
end
|
76
197
|
end
|
77
198
|
end
|
data/lib/docker/remote/utils.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'json'
|
2
|
+
|
1
3
|
module Docker
|
2
4
|
module Remote
|
3
5
|
module Utils
|
@@ -6,6 +8,13 @@ module Docker
|
|
6
8
|
when 401
|
7
9
|
raise UnauthorizedError, "401 Unauthorized: #{response.message}"
|
8
10
|
when 404
|
11
|
+
json = JSON.parse(response.body) rescue {}
|
12
|
+
error = (json['errors'] || []).first || {}
|
13
|
+
|
14
|
+
if error['code'] == 'NAME_UNKNOWN'
|
15
|
+
raise UnknownRepoError, error['message']
|
16
|
+
end
|
17
|
+
|
9
18
|
raise NotFoundError, "404 Not Found: #{response.message}"
|
10
19
|
end
|
11
20
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: docker-remote
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Cameron Dutro
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-06-06 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: A Ruby client for communicating with the Docker registry API v2.
|
14
14
|
email:
|
@@ -26,6 +26,7 @@ files:
|
|
26
26
|
- lib/docker/remote/basic_auth.rb
|
27
27
|
- lib/docker/remote/bearer_auth.rb
|
28
28
|
- lib/docker/remote/client.rb
|
29
|
+
- lib/docker/remote/no_auth.rb
|
29
30
|
- lib/docker/remote/utils.rb
|
30
31
|
- lib/docker/remote/version.rb
|
31
32
|
homepage: http://github.com/getkuby/docker-remote
|