docker_registry_cli 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 996d8a4754101bc04171017e1cd8173e49950333
+  data.tar.gz: a17f24f12d11e5a4249acae8d8a7f175a80cc803
+SHA512:
+  metadata.gz: 72fde0e8eccd506b3da0f970f032f66376db75a68da743a3972cdd94e944ac0dae5a8e6d68b31a4fb4b8ff2478c952e85025a338ae075f72a38d7d590a09deea
+  data.tar.gz: 4c45321b3a9dc5a301ac13d1feb31bb2cb444069ff82c95493e3e6d90eb74ce471b9f1b4cf6193f50035078b30a6745648aca262f719defd3ebb90398f36faf9

data/auth/BasicAuthService.rb

@@ -0,0 +1,26 @@
+class BasicAuthService
+
+  @@requestToBeAuthed = nil
+  def initialize(requestToBeAuthed)
+    @@requestToBeAuthed = requestToBeAuthed
+  end
+  def byCredentials(user, pass)
+    @@requestToBeAuthed.class.basic_auth user, pass
+  end
+
+  def byToken(domain)
+    # load the docker config and see, if the domain is included there - reuse the auth token
+    config = JSON.parse(File.read(File.join(ENV['HOME'], '.docker/config.json')))
+    token = config['auths'][domain]['auth']
+    if(!token)
+      pp config if @@debug
+      throw('No auth token found for this domain')
+    end
+
+    pp "Using existing token from config.json "
+
+    # decorate our request object
+    # set the Authorization header directly, since it is already base64 encoded
+    @@requestToBeAuthed.class.headers['Authorization'] = "Basic #{token}"
+  end
+end

data/auth/TokenAuthService.rb

@@ -0,0 +1,41 @@
+class TokenAuthService
+  @@requestToBeAuthed = nil
+  def initialize(requestToBeAuthed)
+    @@requestToBeAuthed = requestToBeAuthed
+  end
+
+  def tokenAuth(responseToBeAuthed)
+    # retrieve how we will contact the token service
+    auth_description = responseToBeAuthed.headers()['www-authenticate']
+    options = {
+        :query => {
+        }
+    }
+    # get the url
+    m = /Bearer realm="(?<url>[^"]+)"/.match(auth_description)
+    url = m['url']
+
+    # get the service we will generate the tokens for
+    m = /service="(?<service>[^"]+)"/.match(auth_description)
+    if(m)
+      options[:query][:service] = m['service']
+    end
+    # the scope, importent if scopes are used in the token service
+    # this is not always set
+    m = /scope="(?<scope>[^"]+)"/.match(auth_description)
+    if(m)
+      options[:query][:scope] = m['scope']
+    end
+
+    unless(url)
+      puts "Could not extract auth information for Bearer token".colorize(:red) if @@debug
+      throw "Could not extract auth information for Bearer token"
+    end
+    # get the bearer token
+    response = HTTParty.get(url,options)
+
+    throw "Failed to authenticate, code #{response.code}" unless response.code == 200 || response.has_key?('token')
+    # decorate our request object
+    @@requestToBeAuthed.class.headers['Authorization'] = "Bearer #{response['token']}"
+  end
+end

data/bin/docker_registry.rb

@@ -0,0 +1,140 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'colorize'
+require 'pp'
+
+require_relative '../commands/DockerRegistryCommand'
+
+# our defaults / defines
+options = {:user => nil,:password => nil, :domain => nil, :debug => false}
+ops = ['list','search', 'tags', 'delete_image', 'delete_tag']
+
+# define our options and help
+OptionParser.new do |opts|
+  opts.banner = "Usage: registry.rb [options]"
+
+  opts.on("-u", "--user USER", "optional, user to login") do |v|
+    options[:user] = v
+  end
+  opts.on("-p", "--password PASSWORD", "optional, password to login") do |v|
+    options[:password] = v
+  end
+  opts.on("--domain DOMAIN", "Set this to override the domain you defined in ~./docker_registry.yml") do |v|
+    options[:domain] = v
+  end
+  opts.on("-d", "--debug", "debug mode") do |v|
+    options[:debug] = v
+  end
+  opts.on("-h", "--help", "Prints this help") do
+
+    puts opts
+    puts "\nArguments:"
+    puts '<registry-domain> <operation> <value(optional)>'.colorize(:green)
+    puts "\nif you have set domain in ~/.docker_registry.yml you can ease it up like this:"
+    puts '<operation> <value(optional)>'.colorize(:green)
+
+    puts "\nOperations:"
+    puts 'list: list all available repositorys'
+    puts 'search <key>: search for a repository'
+    puts 'tags <repo-name>: list all tags of a repository'
+    puts 'delete_image <repo-name> <tag>: delete a image with all its tags'
+    puts 'delete_tag <repo-name> <tag>: delete a tag'
+    exit
+  end
+end.parse!
+
+# try to load values from tour configuration. Those get superseded by the arguments though
+begin
+  config = YAML::load(File.read(File.join(ENV['HOME'], '.docker_registry.yml')))
+  if options[:debug]
+    puts 'Found config:'.colorize(:blue)
+    pp config
+  end
+
+  options[:domain] = config['domain'] if config['domain'] && !options[:domain]
+  options[:user] = config['user'] if config['user'] && !options[:user]
+  options[:password] = config['password'] if config['password'] && !options[:password]
+rescue
+  # just no config, move on
+  puts 'No config found in ~/.docker_registry.yml . Create it and add domain:<> and optional user/password to avoid adding any arguments'.colorize(:light_white)
+  if !ARGV[0]
+    puts 'The first argument should be your registry domain without schema (HTTPS mandatory), optional with :port'.colorize(:red)
+    exit 1
+  else
+    options[:domain]  = ARGV.shift
+  end
+end
+
+# ensure a operation is set. Be aware, we used shift up there - so we always stick with 0
+if !ARGV[0]
+  puts "Define the operation: #{ops.join(', ')}".colorize(:red)
+  exit 1
+else
+  if !ops.include?(ARGV[0])
+    puts "This operation is yet not implemented. Select on of:  #{ops.join(', ')}".colorize(:red)
+    exit 1
+  end
+
+  op = ARGV.shift
+end
+
+# print out some informations debug mode
+if options[:debug]
+  pp options
+  puts "Operation: #{op}".colorize(:blue)
+end
+
+# configure our request handler
+registry = DockerRegistryCommand.new(options[:domain], options[:user], options[:password], options[:debug])
+
+# run the operations, which can actually have different amounts of mandatory arguments
+case op
+  when 'delete_image'
+    if !ARGV[0]
+      puts 'Please define a image name'
+      exit 1
+    else
+      image_name = ARGV.shift
+    end
+    registry.delete_image(image_name)
+  when 'delete_tag'
+    if !ARGV[0]
+      puts 'Please define a image name'
+      exit 1
+    else
+      image_name = ARGV.shift
+    end
+    if !ARGV[0]
+      puts 'Please define a tag'
+      exit 1
+    else
+      tag = ARGV.shift
+    end
+    registry.delete_tag(image_name, tag)
+  when 'list'
+    registry.list
+  when 'search'
+    if !ARGV[0]
+      puts 'Please define a search key'
+      exit 1
+    else
+      key = ARGV.shift
+      registry.search(key)
+    end
+  when 'tags'
+    if !ARGV[0]
+      puts 'Please define a repo name'
+      exit 1
+    else
+      repo = ARGV.shift
+      tags = registry.tags(repo)
+      unless tags.nil?
+        tags.each { |tag|
+          puts tag
+        }
+      else
+        puts 'Not tags found'
+      end
+    end
+end

data/commands/DockerRegistryCommand.rb

@@ -0,0 +1,76 @@
+#!/usr/bin/ruby
+
+require_relative '../requests/DockerRegistryRequest'
+
+class DockerRegistryCommand < DockerRegistryRequest
+  ### list all available repos
+  def list(search_key = nil)
+    response = send_get_request("/_catalog")
+    if response['repositories'].nil?
+      puts "no repositories found"
+      exit 1
+    else
+      response['repositories'].each { |repo|
+        puts repo if search_key.nil? || repo.include?(search_key)
+      }
+    end
+  end
+
+  ### search for a specific repo using a key ( wildcard )
+  def search(search_key)
+    list(search_key)
+  end
+
+  ### delete an image, so all its tags
+  ### @see https://docs.docker.com/registry/spec/api/#deleting-an-image
+  def delete_image(image_name)
+    # be sure to enabel storage->delete->true in your registry, see https://github.com/docker/distribution/blob/master/docs/configuration.md
+    tags = tags(image_name)
+    if tags.nil?
+      puts "Image #{image_name} has no current tags, nothing to delete".red
+      exit
+    end
+    tags.each { |tag|
+      begin
+        puts "Deleting tag : #{tag}"
+        delete_tag(image_name, tag)
+        puts 'success'.green
+      rescue
+        puts 'failed'.red
+      end
+    }
+
+  end
+
+
+  ### delete a tag, identified by image name and tag
+  ### @see https://docs.docker.com/registry/spec/api/#deleting-an-image
+  def delete_tag(image_name, tag)
+    # be sure to enabel storage->delete->true in your registry, see https://github.com/docker/distribution/blob/master/docs/configuration.md
+
+    # fetch digest
+    digest = digest(image_name, tag)
+    unless digest
+      puts "Could not find digest from tag #{tag}".colorize(:red)
+      exit 1
+    end
+    result = send_delete_request("/#{image_name}/manifests/#{digest}")
+
+    unless result.code == 202
+      puts "Could not delete tag #{tag}".colorize(:red)
+      exit 1
+    end
+
+    #result = send_delete_request("/#{image_name}/blobs/#{digest}")
+    #unless result.code == 202
+    #  puts "Could not delete blob from digest #{digest}".colorize(:red)
+    #  exit 1
+    #end
+  end
+
+  ### list all tags of a repo
+  def tags(repo)
+    result = send_get_request("/#{repo}/tags/list")
+    return result['tags']
+  end
+end

data/install.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+echo  "Please enter your registry domain like docker.mycompany.com - do not add https://, you can add a port"
+read domain
+echo "domain: $domain" > ~/.docker_registry.yml
+echo "created configuration"
+echo "installing gems"
+bundle install
+echo "Should i create a symlink into /usr/local/bin (needs sudo permissions)"
+select yn in "Yes" "No"; do
+    case $yn in
+        Yes ) sudo ln -fs `pwd`/bin/docker_registry.rb /usr/local/bin/docker_registry; break;;
+        No ) echo "skipped";;
+    esac
+done
+
+echo "HINT: Ensure you run docker login $domain to save your credentials encrypted"

data/requests/DockerRegistryRequest.rb

@@ -0,0 +1,119 @@
+#!/usr/bin/ruby
+
+require 'rubygems'
+require 'json'
+require 'httparty'
+require 'yaml'
+require 'pp'
+
+require_relative '../auth/TokenAuthService'
+require_relative '../auth/BasicAuthService'
+
+class DockerRegistryRequest
+  include HTTParty
+  format :json
+  headers 'Content-Type' => 'application/json'
+  headers 'Accept' => 'application/json'
+  @@debug = false
+
+  def initialize(domain, user = nil, pass = nil, debug = false)
+    @@debug = debug
+    self.class.base_uri "https://#{domain}/v2"
+    handle_preauth(domain, user, pass)
+  end
+
+  def handle_preauth(domain, user = nil, pass = nil)
+    # Only BasicAuth is supported
+    authService = BasicAuthService.new(self)
+    begin
+      if user && pass
+        # this will base64 encode automatically
+        authService.byCredentials(user, pass)
+      else
+        authService.byToken(domain)
+      end
+    rescue Exception
+      puts "No BasicAuth pre-auth available, will try to use different auth-services later".green
+    end
+
+  end
+
+  ### check if the login actually will succeed
+  def authenticate(response)
+    headers = response.headers()
+    begin
+      if headers.has_key?('www-authenticate')
+        auth_description = headers['www-authenticate']
+        if auth_description.match('Bearer realm=')
+          authService = TokenAuthService.new(self)
+          authService.tokenAuth(response)
+        else
+          throw "Auth method not supported #{auth_description}"
+        end
+      end
+    rescue Exception
+      puts "Authentication failed".colorize(:red)
+    end
+  end
+
+  ## sends a get request, authenticates if needed
+  def send_get_request(path, options = {})
+    # we try to send the request. if it fails due to auth, we need the returned scope
+    # thats why we first try to do it without auth, then reusing the scope from the response
+    response = self.class.get(path, options)
+    # need auth
+    case (response.code)
+      when 200
+        # just continue
+      when 401
+        authenticate(response)
+        response = self.class.get(path, options)
+      else
+    end
+    unless response.code == 200
+      throw "Could not finish request, status #{response.code}"
+    end
+    return response
+  end
+
+  ## sends a delete request, authenticates if needed
+  def send_delete_request(path)
+    response = self.class.delete(path)
+    # need auth
+    case (response.code)
+      when 200
+        # just continue
+      when 401
+        authenticate(response)
+        response = self.class.delete(path)
+      else
+    end
+    if response.code != 200 && response.code != 202
+      throw "Could not finish request, status #{response.code}"
+    end
+    return response
+  end
+
+  ### returns the digest for a tag
+  ### @see https://docs.docker.com/registry/spec/api/#pulling-an-image
+  def digest(image_name, tag)
+    options = {
+        :headers => {
+            'Accept' => 'application/vnd.docker.distribution.manifest.v2+json'
+        }
+    }
+    begin
+      response = send_get_request("/#{image_name}/manifests/#{tag}", options)
+    rescue
+      puts "Could not find digest for image #{image_name} with tag #{tag}".colorize(:red)
+      exit 1
+    end
+
+    unless response.code == 200
+      puts "Could not find digest for image #{image_name} with tag #{tag}".colorize(:red)
+      exit 1
+    end
+
+    return response.headers['docker-content-digest']
+  end
+end

metadata

@@ -0,0 +1,50 @@
+--- !ruby/object:Gem::Specification
+name: docker_registry_cli
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Eugen Mayer
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-20 00:00:00.000000000 Z
+dependencies: []
+description: This cli-tool lets you query your private docker registry for different
+  things. For now, there is no tool provided by docker to do so
+email: eugen.mayer@kontextwork.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- auth/BasicAuthService.rb
+- auth/TokenAuthService.rb
+- bin/docker_registry.rb
+- commands/DockerRegistryCommand.rb
+- install.sh
+- requests/DockerRegistryRequest.rb
+homepage: 
+licenses:
+- GPL
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Docker Registry Cli - Search your docker registry from the cli
+test_files: []