smart_proxy_container_gateway 1.0.0 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3d3c91e3e5a1e8ac14c401afd1a5f5bb610456ec
-  data.tar.gz: 1d6f13ea82165a9896d335c221980064c6d9356b
+SHA256:
+  metadata.gz: f7f64eda929055e1dbf8e33f6f25797f5f01eaec99fc44c68b48cdbb54e3ac24
+  data.tar.gz: 3b82489df2523cc112474f8f88925959123db0ea34848462dcaa3a15aa2f01f0
 SHA512:
-  metadata.gz: 1bf4eec507934bc9c9f567ac59b6eb14217b4f0a2f1801e2ad57a0b411648c572085f7074dbefb120f1cfe7516348cc53cbdcca1ecd21398a55be0c3c7ca5e55
-  data.tar.gz: 6dcb9de3d2fc3fc5d3956f32865a9770fae63359fdb994b35776df4cfd8c23fcb24720fed3f9e6f1b4cdf4437909a19cba8d5a1c36fbcfb1d1c3a57402a85acd
+  metadata.gz: 7275b37d4d4e2de7be47377f45790277df201752f429a3d1bea719a7f644b9a59e7b39a312f75d4b6c75d66c2ada8a21970cab2b6ee665ee11c45dfd739d2905
+  data.tar.gz: 0f12062658a3840ddccb627e1e2ef2602e3e53b03b218684ff2f6a733504107a49329237d56f6a0b5ed6669509b422622459f84dc2c66484ddb99f5ec10bfa71

data/lib/smart_proxy_container_gateway/container_gateway.rb

@@ -9,10 +9,21 @@ module Proxy
                        :katello_registry_path => '/v2/',
                        :sqlite_db_path => '/var/lib/foreman-proxy/smart_proxy_container_gateway.db'
 
-      http_rackup_path File.expand_path('smart_proxy_container_gateway/container_gateway_http_config.ru',
-                                        File.expand_path('..', __dir__))
-      https_rackup_path File.expand_path('smart_proxy_container_gateway/container_gateway_http_config.ru',
-                                         File.expand_path('..', __dir__))
+      # Load defaults that copy values from SETTINGS. This is done as
+      # programmable settings since SETTINGS isn't initialized during plugin
+      # loading.
+      load_programmable_settings do |settings|
+        settings[:pulp_client_ssl_ca] ||= SETTINGS.foreman_ssl_ca
+        settings[:pulp_client_ssl_cert] ||= SETTINGS.foreman_ssl_cert
+        settings[:pulp_client_ssl_key] ||= SETTINGS.foreman_ssl_key
+      end
+
+      # TODO: sqlite_db_path should able be readable or creatable. There's no
+      # test for creatable
+      validate_readable :pulp_client_ssl_ca, :pulp_client_ssl_cert, :pulp_client_ssl_key
+      validate :pulp_endpoint, url: true
+
+      rackup_path File.join(__dir__, 'container_gateway_http_config.ru')
     end
   end
 end

data/lib/smart_proxy_container_gateway/container_gateway_api.rb

@@ -2,7 +2,6 @@ require 'sinatra'
 require 'smart_proxy_container_gateway/container_gateway'
 require 'smart_proxy_container_gateway/container_gateway_main'
 require 'smart_proxy_container_gateway/foreman_api'
-require 'sequel'
 require 'sqlite3'
 
 module Proxy
@@ -10,7 +9,7 @@ module Proxy
     class Api < ::Sinatra::Base
       include ::Proxy::Log
       helpers ::Proxy::Helpers
-      Sequel.extension :migration, :core_extensions
+      helpers ::Sinatra::Authorization::Helpers
 
       get '/v1/_ping/?' do
         Proxy::ContainerGateway.ping
@@ -18,6 +17,7 @@ module Proxy
 
       get '/v2/?' do
         if auth_header.present? && (auth_header.unauthorized_token? || auth_header.valid_user_token?)
+          response.headers['Docker-Distribution-API-Version'] = 'registry/2.0'
           Proxy::ContainerGateway.ping
         else
           redirect_authorization_headers
@@ -26,31 +26,32 @@ module Proxy
       end
 
       get '/v2/:repository/manifests/:tag/?' do
-        unless Proxy::ContainerGateway.authorized_for_repo?(params[:repository])
-          redirect_authorization_headers
-          halt 401, "unauthorized"
-        end
+        handle_repo_auth(params, auth_header, request)
         redirection_location = Proxy::ContainerGateway.manifests(params[:repository], params[:tag])
         redirect to(redirection_location)
       end
 
       get '/v2/:repository/blobs/:digest/?' do
-        unless Proxy::ContainerGateway.authorized_for_repo?(params[:repository])
-          redirect_authorization_headers
-          halt 401, "unauthorized"
-        end
+        handle_repo_auth(params, auth_header, request)
         redirection_location = Proxy::ContainerGateway.blobs(params[:repository], params[:digest])
         redirect to(redirection_location)
       end
 
       get '/v1/search/?' do
         # Checks for podman client and issues a 404 in that case. Podman
-        # examines the response from a /v1_search request. If the result
+        # examines the response from a /v1/search request. If the result
         # is a 4XX, it will then proceed with a request to /_catalog
         if !request.env['HTTP_USER_AGENT'].nil? && request.env['HTTP_USER_AGENT'].downcase.include?('libpod')
           halt 404, "not found"
         end
 
+        if auth_header.present? && !auth_header.blank?
+          username = auth_header.v1_foreman_authorized_username
+          if username.nil?
+            halt 401, "unauthorized"
+          end
+          params[:user] = username
+        end
         repositories = Proxy::ContainerGateway.v1_search(params)
 
         content_type :json
@@ -58,13 +59,23 @@ module Proxy
       end
 
       get '/v2/_catalog/?' do
-        content_type :json
-        { repositories: Proxy::ContainerGateway.catalog }.to_json
-      end
+        catalog = []
+        if auth_header.present?
+          if auth_header.unauthorized_token?
+            catalog = Proxy::ContainerGateway.catalog
+          elsif auth_header.valid_user_token?
+            catalog = Proxy::ContainerGateway.catalog(auth_header.user)
+          else
+            redirect_authorization_headers
+            halt 401, "unauthorized"
+          end
+        else
+          redirect_authorization_headers
+          halt 401, "unauthorized"
+        end
 
-      get '/v2/unauthenticated_repository_list/?' do
         content_type :json
-        { repositories: Proxy::ContainerGateway.unauthenticated_repos }.to_json
+        { repositories: catalog }.to_json
       end
 
       get '/v2/token' do
@@ -72,8 +83,8 @@ module Proxy
 
         unless auth_header.present? && auth_header.basic_auth?
           one_year = (60 * 60 * 24 * 365)
-          return { token: AuthorizationHeader::UNAUTHORIZED_TOKEN, issued_at: Time.now,
-expires_at: Time.now + one_year }.to_json
+          return { token: AuthorizationHeader::UNAUTHORIZED_TOKEN, issued_at: Time.now.iso8601,
+                   expires_at: (Time.now + one_year).iso8601 }.to_json
         end
 
         token_response = ForemanApi.new.fetch_token(auth_header.raw_header, request.params)
@@ -83,28 +94,57 @@ expires_at: Time.now + one_year }.to_json
           token_response_body = JSON.parse(token_response.body)
           ContainerGateway.insert_token(request.params['account'], token_response_body['token'],
                                         token_response_body['expires_at'])
+
+          repo_response = ForemanApi.new.fetch_user_repositories(auth_header.raw_header, request.params)
+          if repo_response.code.to_i != 200
+            halt repo_response.code.to_i, repo_response.body
+          else
+            ContainerGateway.update_user_repositories(request.params['account'],
+                                                      JSON.parse(repo_response.body)['repositories'])
+          end
           return token_response_body.to_json
         end
       end
 
-      put '/v2/unauthenticated_repository_list/?' do
-        if params.key? :repositories
-          repo_names = params[:repositories]
-        else
-          repo_names = JSON.parse(request.body.read)["repositories"]
-        end
-      rescue JSON::ParserError
-        halt 400, "malformed repositories json"
-      else
-        if repo_names.nil?
-          Proxy::ContainerGateway.update_unauthenticated_repos([])
-        else
-          Proxy::ContainerGateway.update_unauthenticated_repos(repo_names)
-        end
+      get '/users/?' do
+        do_authorize_any
+
+        content_type :json
+        { users: User.map(:name) }.to_json
+      end
+
+      put '/user_repository_mapping/?' do
+        do_authorize_any
+
+        ContainerGateway.update_user_repo_mapping(params)
+        {}
+      end
+
+      put '/repository_list/?' do
+        do_authorize_any
+
+        repositories = params['repositories'].nil? ? [] : params['repositories']
+        ContainerGateway.update_repository_list(repositories)
+        {}
       end
 
       private
 
+      def handle_repo_auth(params, auth_header, request)
+        user_token_is_valid = false
+        # FIXME: Getting unauthenticated token here...
+        if auth_header.present? && auth_header.valid_user_token?
+          user_token_is_valid = true
+          username = auth_header.user.name
+        end
+        username = request.params['account'] if username.nil?
+
+        return if Proxy::ContainerGateway.authorized_for_repo?(params[:repository], user_token_is_valid, username)
+
+        redirect_authorization_headers
+        halt 401, "unauthorized"
+      end
+
       def redirect_authorization_headers
         response.headers['Docker-Distribution-API-Version'] = 'registry/2.0'
         response.headers['Www-Authenticate'] = "Bearer realm=\"https://#{request.host}/v2/token\"," \
@@ -123,6 +163,10 @@ expires_at: Time.now + one_year }.to_json
           @value = value || ''
         end
 
+        def user
+          ContainerGateway.token_user(@value.split(' ')[1])
+        end
+
         def valid_user_token?
           token_auth? && ContainerGateway.valid_token?(@value.split(' ')[1])
         end
@@ -146,6 +190,19 @@ expires_at: Time.now + one_year }.to_json
         def basic_auth?
           @value.split(' ')[0] == 'Basic'
         end
+
+        def blank?
+          Base64.decode64(@value.split(' ')[1]) == ':'
+        end
+
+        # A special case for the V1 API.  Defer authentication to Foreman and return the username. `nil` if not authorized.
+        def v1_foreman_authorized_username
+          username = Base64.decode64(@value.split(' ')[1]).split(':')[0]
+          auth_response = ForemanApi.new.fetch_token(raw_header, { 'account' => username })
+          return username if auth_response.code.to_i == 200 && (JSON.parse(auth_response.body)['token'] != 'unauthenticated')
+
+          nil
+        end
       end
     end
   end

data/lib/smart_proxy_container_gateway/container_gateway_main.rb

@@ -1,15 +1,17 @@
 require 'net/http'
 require 'uri'
 require 'digest'
-
+require 'sequel'
 module Proxy
   module ContainerGateway
     extend ::Proxy::Util
     extend ::Proxy::Log
 
     class << self
+      Sequel.extension :migration, :core_extensions
       def pulp_registry_request(uri)
         http_client = Net::HTTP.new(uri.host, uri.port)
+        http_client.ca_file = pulp_ca
         http_client.cert = pulp_cert
         http_client.key = pulp_key
         http_client.use_ssl = true
@@ -48,7 +50,8 @@ module Proxy
 
         repo_count = 0
         repositories = []
-        Proxy::ContainerGateway.catalog.each do |repo_name|
+        user = params[:user].nil? ? nil : User.find(name: params[:user])
+        Proxy::ContainerGateway.catalog(user).each do |repo_name|
           break if repo_count >= params[:n]
 
           if params[:q].nil? || params[:q] == "" || repo_name.include?(params[:q])
@@ -59,48 +62,103 @@ module Proxy
         repositories
       end
 
-      def catalog
-        unauthenticated_repos
+      def catalog(user = nil)
+        if user.nil?
+          unauthenticated_repos
+        else
+          (unauthenticated_repos + user.repositories_dataset.map(:name)).sort
+        end
       end
 
       def unauthenticated_repos
-        conn = initialize_db
-        conn[:unauthenticated_repositories].order(:name).map(:name)
+        Repository.where(auth_required: false).order(:name).map(:name)
       end
 
-      def update_unauthenticated_repos(repo_names)
-        conn = initialize_db
-        unauthenticated_repos = conn[:unauthenticated_repositories]
-        unauthenticated_repos.delete
-        repo_names.each do |repo_name|
-          unauthenticated_repos.insert(:name => repo_name)
+      # Replaces the entire list of repositories
+      def update_repository_list(repo_list)
+        RepositoryUser.dataset.delete
+        Repository.dataset.delete
+        repo_list.each do |repo|
+          Repository.find_or_create(name: repo['repository'],
+                                    auth_required: repo['auth_required'].to_s.downcase == "true")
+        end
+      end
+
+      # Replaces the entire user-repo mapping for all logged-in users
+      def update_user_repo_mapping(user_repo_maps)
+        # Get hash map of all users and their repositories
+        # Ex: {"users"=> [{"admin"=>[{"repository"=>"repo", "auth_required"=>"true"}]}]}
+        # Go through list of repositories and add them to the DB
+        RepositoryUser.dataset.delete
+        user_repo_maps['users'].each do |user_repo_map|
+          user_repo_map.each do |user, repos|
+            repos.each do |repo|
+              found_repo = Repository.find(name: repo['repository'],
+                                           auth_required: repo['auth_required'].to_s.downcase == "true")
+              if found_repo.nil?
+                logger.warn("#{repo['repository']} does not exist in this smart proxy's environments")
+              elsif found_repo.auth_required
+                found_repo.add_user(User.find(name: user))
+              end
+            end
+          end
         end
       end
 
-      def authorized_for_repo?(repo_name)
-        conn = initialize_db
-        unauthenticated_repo = conn[:unauthenticated_repositories].where(name: repo_name).first
-        !unauthenticated_repo.nil?
+      # Replaces the user-repo mapping for a single user
+      def update_user_repositories(username, repositories)
+        user = User.where(name: username).first
+        user.remove_all_repositories
+        repositories.each do |repo_name|
+          found_repo = Repository.find(name: repo_name)
+          if found_repo.nil?
+            logger.warn("#{repo_name} does not exist in this smart proxy's environments")
+          elsif user.repositories_dataset.where(name: repo_name).first.nil? && found_repo.auth_required
+            user.add_repository(found_repo)
+          end
+        end
+      end
+
+      def authorized_for_repo?(repo_name, user_token_is_valid, username = nil)
+        repository = Repository.where(name: repo_name).first
+
+        # Repository doesn't exist
+        return false if repository.nil?
+
+        # Repository doesn't require auth
+        return true unless repository.auth_required
+
+        if username && user_token_is_valid && repository.auth_required
+          # User is logged in and has access to the repository
+          user = User.find(name: username)
+          return !user.repositories_dataset.where(name: repo_name).first.nil?
+        end
+
+        false
+      end
+
+      def token_user(token)
+        User[AuthenticationToken.find(token_checksum: Digest::SHA256.hexdigest(token)).user_id]
       end
 
       def valid_token?(token)
-        tokens = initialize_db[:authentication_tokens]
-        tokens.where(token_checksum: Digest::SHA256.hexdigest(token)).where do
+        AuthenticationToken.where(token_checksum: Digest::SHA256.hexdigest(token)).where do
           expire_at > Sequel::CURRENT_TIMESTAMP
         end.count.positive?
       end
 
       def insert_token(username, token, expire_at_string, clear_expired_tokens: true)
-        tokens = initialize_db[:authentication_tokens]
         checksum = Digest::SHA256.hexdigest(token)
+        user = User.find_or_create(name: username)
 
-        tokens.where(:token_checksum => checksum).delete
-        tokens.insert(username: username, token_checksum: checksum, expire_at: expire_at_string.to_s)
-        tokens.where { expire_at < Sequel::CURRENT_TIMESTAMP }.delete if clear_expired_tokens
+        AuthenticationToken.where(:token_checksum => checksum).delete
+        AuthenticationToken.create(token_checksum: checksum, expire_at: expire_at_string.to_s, user_id: user.id)
+        AuthenticationToken.where { expire_at < Sequel::CURRENT_TIMESTAMP }.delete if clear_expired_tokens
       end
 
       def initialize_db
-        conn = Sequel.connect("sqlite://#{Proxy::ContainerGateway::Plugin.settings.sqlite_db_path}")
+        file_path = Proxy::ContainerGateway::Plugin.settings.sqlite_db_path
+        conn = Sequel.connect("sqlite://#{file_path}")
         container_gateway_path = $LOAD_PATH.detect { |path| path.include? 'smart_proxy_container_gateway' }
         begin
           Sequel::Migrator.check_current(conn, "#{container_gateway_path}/smart_proxy_container_gateway/sequel_migrations")
@@ -116,15 +174,34 @@ module Proxy
         Sequel::Migrator.run(db_connection, "#{container_gateway_path}/smart_proxy_container_gateway/sequel_migrations")
       end
 
+      def pulp_ca
+        Proxy::ContainerGateway::Plugin.settings.pulp_client_ssl_ca
+      end
+
       def pulp_cert
-        OpenSSL::X509::Certificate.new(File.open(Proxy::ContainerGateway::Plugin.settings.pulp_client_ssl_cert, 'r').read)
+        OpenSSL::X509::Certificate.new(File.read(Proxy::ContainerGateway::Plugin.settings.pulp_client_ssl_cert))
       end
 
       def pulp_key
         OpenSSL::PKey::RSA.new(
-          File.open(Proxy::ContainerGateway::Plugin.settings.pulp_client_ssl_key, 'r').read
+          File.read(Proxy::ContainerGateway::Plugin.settings.pulp_client_ssl_key)
         )
       end
     end
+
+    class Repository < ::Sequel::Model(Proxy::ContainerGateway.initialize_db[:repositories])
+      many_to_many :users
+    end
+
+    class User < ::Sequel::Model(Proxy::ContainerGateway.initialize_db[:users])
+      many_to_many :repositories
+      one_to_many :authentication_tokens
+    end
+
+    class RepositoryUser < ::Sequel::Model(Proxy::ContainerGateway.initialize_db[:repositories_users]); end
+
+    class AuthenticationToken < ::Sequel::Model(Proxy::ContainerGateway.initialize_db[:authentication_tokens])
+      many_to_one :users
+    end
   end
 end

data/lib/smart_proxy_container_gateway/foreman_api.rb

@@ -3,15 +3,15 @@ require 'uri'
 module Proxy
   module ContainerGateway
     class ForemanApi
-      def fetch_token(auth_header, params)
-        url = URI.join(Proxy::SETTINGS.foreman_url, Proxy::ContainerGateway::Plugin.settings.katello_registry_path, 'token')
-        url.query = process_params(params)
+      def registry_request(auth_header, params, suffix)
+        uri = URI.join(Proxy::SETTINGS.foreman_url, Proxy::ContainerGateway::Plugin.settings.katello_registry_path, suffix)
+        uri.query = process_params(params)
 
-        req = Net::HTTP::Get.new(url)
+        req = Net::HTTP::Get.new(uri)
         req.add_field('Authorization', auth_header)
         req.add_field('Accept', 'application/json')
         req.content_type = 'application/json'
-        http = Net::HTTP.new(url.hostname, url.port)
+        http = Net::HTTP.new(uri.hostname, uri.port)
         http.use_ssl = true
 
         http.request(req)
@@ -21,6 +21,14 @@ module Proxy
         params = params_in.slice('scope', 'account').compact
         URI.encode_www_form(params)
       end
+
+      def fetch_token(auth_header, params)
+        registry_request(auth_header, params, 'token')
+      end
+
+      def fetch_user_repositories(auth_header, params)
+        registry_request(auth_header, params, '_catalog')
+      end
     end
   end
 end

data/lib/smart_proxy_container_gateway/sequel_migrations/003_authorization_reorg.rb

@@ -0,0 +1,65 @@
+Sequel.migration do
+  up do
+    # TODO: Should I be migrating the existing data?
+
+    create_table(:repositories) do
+      primary_key :id
+      String :name, null: false
+      Boolean :auth_required, null: false
+    end
+
+    create_table(:users) do
+      primary_key :id
+      String :name, null: false
+    end
+
+    # Migrate unauthenticated_repositories to the new repositories table (TODO: can I select `false` like that?)
+    from(:repositories).insert(%i[name auth_required],
+                               from(:unauthenticated_repositories).select(:name, false))
+
+    # Migrate names from authentication_tokens to the new users table
+    from(:users).insert([:name], from(:authentication_tokens).select(:username))
+
+    alter_table(:authentication_tokens) do
+      add_foreign_key :user_id, :users
+    end
+
+    # Populate the new user_id foreign key for all authentication_tokens
+    from(:authentication_tokens).insert([:user_id],
+                                        from(:users).select(:id).where(name: self[:authentication_tokens][:username]))
+
+    alter_table(:authentication_tokens) do
+      drop_column :username
+    end
+
+    create_join_table(repository_id: :repositories, user_id: :users)
+    drop_table :unauthenticated_repositories
+  end
+
+  down do
+    alter_table(:authentication_tokens) do
+      add_column :username, String
+    end
+
+    # Repopulate the name column with usernames
+    from(:authentication_tokens).update(username:
+                                        from(:users).select(:name).where(id: self[:authentication_tokens][:user_id]))
+
+    alter_table(:authentication_tokens) do
+      drop_foreign_key :user_id
+    end
+
+    create_table(:unauthenticated_repositories) do
+      primary_key :id
+      String :name, null: false
+    end
+
+    # Repopulate the unauthenticated_repositories table
+    from(:unauthenticated_repositories).insert([:username],
+                                               from(:repositories).select(:name).where(auth_required: true))
+
+    drop_table :users
+    drop_table :repositories
+    drop_join_table(repository_id: :repositories, user_id: :users)
+  end
+end

data/lib/smart_proxy_container_gateway/version.rb

@@ -1,5 +1,5 @@
 module Proxy
   module ContainerGateway
-    VERSION = '1.0.0'.freeze
+    VERSION = '1.0.5'.freeze
   end
 end

data/settings.d/container_gateway.yml.example

@@ -1,6 +1,8 @@
 ---
 :enabled: true
 :pulp_endpoint: 'https://your_pulp_3_server_here.com'
+:pulp_client_ssl_ca: 'CA Cert for authenticating with Pulp'
 :pulp_client_ssl_cert: 'X509 certificate for authenticating with Pulp'
 :pulp_client_ssl_key: 'RSA private key for the Pulp certificate'
+:katello_registry_path: 'Katello container registry suffix, e.g., /v2/'
 :sqlite_db_path: '/var/lib/foreman-proxy/smart_proxy_container_gateway.db'

metadata

@@ -1,41 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_container_gateway
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.5
 platform: ruby
 authors:
 - Ian Ballou
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-22 00:00:00.000000000 Z
+date: 2021-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Pulp 3 container registry support for Foreman/Katello Smart-Proxy
@@ -46,19 +46,20 @@ extra_rdoc_files:
 - README.md
 - LICENSE
 files:
+- LICENSE
+- README.md
+- bundler.d/container_gateway.rb
 - lib/smart_proxy_container_gateway.rb
+- lib/smart_proxy_container_gateway/container_gateway.rb
+- lib/smart_proxy_container_gateway/container_gateway_api.rb
+- lib/smart_proxy_container_gateway/container_gateway_http_config.ru
+- lib/smart_proxy_container_gateway/container_gateway_main.rb
 - lib/smart_proxy_container_gateway/foreman_api.rb
 - lib/smart_proxy_container_gateway/sequel_migrations/001_initial.rb
 - lib/smart_proxy_container_gateway/sequel_migrations/002_auth_tokens.rb
-- lib/smart_proxy_container_gateway/container_gateway_http_config.ru
+- lib/smart_proxy_container_gateway/sequel_migrations/003_authorization_reorg.rb
 - lib/smart_proxy_container_gateway/version.rb
-- lib/smart_proxy_container_gateway/container_gateway.rb
-- lib/smart_proxy_container_gateway/container_gateway_api.rb
-- lib/smart_proxy_container_gateway/container_gateway_main.rb
 - settings.d/container_gateway.yml.example
-- bundler.d/container_gateway.rb
-- README.md
-- LICENSE
 homepage: http://github.com/ianballou/smart_proxy_container_gateway
 licenses:
 - GPLv3
@@ -69,17 +70,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ~>
+  - - "~>"
     - !ruby/object:Gem::Version
       version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.14.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Pulp 3 container registry support for Foreman/Katello Smart-Proxy