smart_proxy_container_gateway 2.0.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fee65676d4362e1328671832a7bf3308b193ab1265ea5626eb52d5300ab7d35a
-  data.tar.gz: fe57f17f732079b2ac27ce70cc7c04ef3ed141283cba58db75676a36dfb4b678
+  metadata.gz: bb4e40d814ff330008ad5f1bf4bf667ba9e91415bc997ea4d66a2beb7fb0a00e
+  data.tar.gz: 84360d1228198e91460a2b841985b12c5c9f5d5d062d191862a2e9cc5bef10e9
 SHA512:
-  metadata.gz: b6f0716504c021e799a8a7d31390c9d203c248530073211cf24d7659439b1220647306033c4e60bf98b9425d427b822a8f98b6962f3dab788883bc17b3f5e9a8
-  data.tar.gz: cfe03eaf3ce5e9ffa23dd355849e81abf249cede80a0f98ac12cf056fc7ec20de81195794e820c44adc9eea9000f176c837b70756670244334b1bbca4690dc54
+  metadata.gz: 37997d8de598e480912ecc0785fc755138aa90163dcb20981210eff4a935ae85a49a157b8c51189a6a13a6a29a1ff391429e477257d466b0b9d0d19d04d33fcd
+  data.tar.gz: 5a81a246030ed8d9fcd7b847c30fb241c2974e203ae09b256a017432cffa549073430a203e5d6231f55527db005237477a4903482c88ddad47e4c2ca894f8def

data/README.md

@@ -38,9 +38,8 @@ The Container Gateway plugin requires a Pulp 3 instance to connect to.  Related
 SQLite and PostgreSQL are supported, with SQLite being the default for development and testing.
 Use PostgreSQL in production for improved performance by adding the following settings:
 ```
-# Example PostgreSQL connection settings (default port is 5432)
-:database_backend: postgresql
-:postgresql_connection_string: postgres://foreman-proxy:changeme@localhost:5432/container_gateway
+# Example PostgreSQL connection settings, using UNIX socket and ident auth
+:db_connection_string: postgres:///container_gateway
 ```
 
 When switching from SQLite to PostgreSQL, if the PostgreSQL database is empty, the SQLite database will be automatically migrated to PostgreSQL.

data/lib/smart_proxy_container_gateway/container_gateway.rb

@@ -7,8 +7,6 @@ module Proxy
 
       default_settings :pulp_endpoint => "https://#{`hostname`.strip}",
                        :katello_registry_path => '/v2/',
-                       :database_backend => 'sqlite',
-                       :sqlite_db_path => '/var/lib/foreman-proxy/smart_proxy_container_gateway.db',
                        :sqlite_timeout => 30_000
 
       # Load defaults that copy values from SETTINGS. This is done as
@@ -29,10 +27,16 @@ module Proxy
 
       load_dependency_injection_wirings do |container_instance, settings|
         container_instance.singleton_dependency :database_impl, (lambda do
-          Proxy::ContainerGateway::Database.new(
-            database_backend: settings[:database_backend], sqlite_db_path: settings[:sqlite_db_path],
-            sqlite_timeout: settings[:sqlite_timeout], postgresql_connection_string: settings[:postgresql_connection_string]
-          )
+          connection_string = settings.fetch(:db_connection_string) do
+            unless settings[:sqlite_db_path]
+              raise ValueError, 'Missing db_connection_string or sqlite_db_path option'
+            end
+
+            # Legacy setup
+            "sqlite://#{settings[:sqlite_db_path]}?timeout=#{settings[:sqlite_timeout]}"
+          end
+
+          Proxy::ContainerGateway::Database.new(connection_string, settings[:sqlite_db_path])
         end)
         container_instance.singleton_dependency :container_gateway_main_impl, (lambda do
           Proxy::ContainerGateway::ContainerGatewayMain.new(

data/lib/smart_proxy_container_gateway/container_gateway_api.rb

@@ -19,13 +19,17 @@ module Proxy
       inject_attr :container_gateway_main_impl, :container_gateway_main
 
       get '/v1/_ping/?' do
-        container_gateway_main.ping
+        pulp_response = container_gateway_main.ping(translated_headers_for_proxy)
+        status pulp_response.code.to_i
+        body pulp_response.body
       end
 
       get '/v2/?' do
         if auth_header.present? && (auth_header.unauthorized_token? || auth_header.valid_user_token?)
           response.headers['Docker-Distribution-API-Version'] = 'registry/2.0'
-          container_gateway_main.ping
+          pulp_response = container_gateway_main.ping(translated_headers_for_proxy)
+          status pulp_response.code.to_i
+          body pulp_response.body
         else
           redirect_authorization_headers
           halt 401, "unauthorized"
@@ -36,22 +40,34 @@ module Proxy
         repository = params[:splat][0]
         tag = params[:splat][1]
         handle_repo_auth(repository, auth_header, request)
-        redirection_location = container_gateway_main.manifests(repository, tag)
-        redirect to(redirection_location)
+        pulp_response = container_gateway_main.manifests(repository, tag, translated_headers_for_proxy)
+        if pulp_response.code.to_i >= 400
+          status pulp_response.code.to_i
+          body pulp_response.body
+        else
+          redirection_location = pulp_response['location']
+          redirect to(redirection_location)
+        end
       end
 
       get '/v2/*/blobs/*/?' do
         repository = params[:splat][0]
         digest = params[:splat][1]
         handle_repo_auth(repository, auth_header, request)
-        redirection_location = container_gateway_main.blobs(repository, digest)
-        redirect to(redirection_location)
+        pulp_response = container_gateway_main.blobs(repository, digest, translated_headers_for_proxy)
+        if pulp_response.code.to_i >= 400
+          status pulp_response.code.to_i
+          body pulp_response.body
+        else
+          redirection_location = pulp_response['location']
+          redirect to(redirection_location)
+        end
       end
 
       get '/v2/*/tags/list/?' do
         repository = params[:splat][0]
         handle_repo_auth(repository, auth_header, request)
-        pulp_response = container_gateway_main.tags(repository, params)
+        pulp_response = container_gateway_main.tags(repository, translated_headers_for_proxy, params)
         # "link"=>["<http://pulpcore-api/v2/container-image-name/tags/list?n=100&last=last-tag-name>; rel=\"next\""],
         # https://docs.docker.com/registry/spec/api/#pagination-1
         if pulp_response['link'].nil?
@@ -59,7 +75,8 @@ module Proxy
         else
           headers['link'] = pulp_response['link']
         end
-        pulp_response.body
+        status pulp_response.code.to_i
+        body pulp_response.body
       end
 
       get '/v1/search/?' do
@@ -181,6 +198,17 @@ module Proxy
 
       private
 
+      def translated_headers_for_proxy
+        current_headers = {}
+        env = request.env.select do |key, _value|
+          key.match("^HTTP_.*")
+        end
+        env.each do |header|
+          current_headers[header[0].split('_')[1..].join('-')] = header[1]
+        end
+        current_headers
+      end
+
       def handle_repo_auth(repository, auth_header, request)
         user_token_is_valid = false
         if auth_header.present? && auth_header.valid_user_token?

data/lib/smart_proxy_container_gateway/container_gateway_main.rb

@@ -21,7 +21,7 @@ module Proxy
         )
       end
 
-      def pulp_registry_request(uri)
+      def pulp_registry_request(uri, headers)
         http_client = Net::HTTP.new(uri.host, uri.port)
         http_client.ca_file = @pulp_client_ssl_ca
         http_client.cert = @pulp_client_ssl_cert
@@ -30,30 +30,33 @@ module Proxy
 
         http_client.start do |http|
           request = Net::HTTP::Get.new uri
+          headers.each do |key, value|
+            request[key] = value
+          end
           http.request request
         end
       end
 
-      def ping
+      def ping(headers)
         uri = URI.parse("#{@pulp_endpoint}/pulpcore_registry/v2/")
-        pulp_registry_request(uri).body
+        pulp_registry_request(uri, headers)
       end
 
-      def manifests(repository, tag)
+      def manifests(repository, tag, headers)
         uri = URI.parse(
           "#{@pulp_endpoint}/pulpcore_registry/v2/#{repository}/manifests/#{tag}"
         )
-        pulp_registry_request(uri)['location']
+        pulp_registry_request(uri, headers)
       end
 
-      def blobs(repository, digest)
+      def blobs(repository, digest, headers)
         uri = URI.parse(
           "#{@pulp_endpoint}/pulpcore_registry/v2/#{repository}/blobs/#{digest}"
         )
-        pulp_registry_request(uri)['location']
+        pulp_registry_request(uri, headers)
       end
 
-      def tags(repository, params = {})
+      def tags(repository, headers, params = {})
         query = "?"
         unless params[:n].nil? || params[:n] == ""
           query = "#{query}n=#{params[:n]}"
@@ -64,7 +67,7 @@ module Proxy
         uri = URI.parse(
           "#{@pulp_endpoint}/pulpcore_registry/v2/#{repository}/tags/list#{query}"
         )
-        pulp_registry_request(uri)
+        pulp_registry_request(uri, headers)
       end
 
       def v1_search(params = {})
@@ -192,12 +195,14 @@ module Proxy
         checksum = Digest::SHA256.hexdigest(token)
         user = Sequel::Model(database.connection[:users]).find_or_create(name: username)
 
-        database.connection[:authentication_tokens].where(:token_checksum => checksum).delete
-        Sequel::Model(database.connection[:authentication_tokens]).
-          create(token_checksum: checksum, expire_at: expire_at_string.to_s, user_id: user.id)
-        return unless clear_expired_tokens
+        database.connection.transaction(isolation: :serializable, retry_on: [Sequel::SerializationFailure]) do
+          database.connection[:authentication_tokens].where(:token_checksum => checksum).delete
+          Sequel::Model(database.connection[:authentication_tokens]).
+            create(token_checksum: checksum, expire_at: expire_at_string.to_s, user_id: user.id)
+          return unless clear_expired_tokens
 
-        database.connection[:authentication_tokens].where { expire_at < Sequel::CURRENT_TIMESTAMP }.delete
+          database.connection[:authentication_tokens].where { expire_at < Sequel::CURRENT_TIMESTAMP }.delete
+        end
       end
 
       private

data/lib/smart_proxy_container_gateway/database.rb

@@ -4,22 +4,15 @@ module Proxy
     class Database
       attr_reader :connection
 
-      def initialize(options = {})
-        if options[:database_backend] == 'sqlite'
-          @connection = Sequel.connect("sqlite://#{options[:sqlite_db_path]}", timeout: options[:sqlite_timeout])
+      def initialize(connection_string, prior_sqlite_db_path = nil)
+        @connection = Sequel.connect(connection_string)
+        if connection_string.start_with?('sqlite://')
           @connection.run("PRAGMA foreign_keys = ON;")
           @connection.run("PRAGMA journal_mode = wal;")
-        else
-          unless options[:postgresql_connection_string]
-            raise ArgumentError, 'PostgreSQL connection string is required'
-          end
-
-          @connection = Sequel.connect(options[:postgresql_connection_string])
-          if File.exist?(options[:sqlite_db_path]) &&
-             (!@connection.table_exists?(:repositories) || @connection[:repositories].count.zero?)
-            migrate_to_postgres(Sequel.sqlite(options[:sqlite_db_path]), @connection)
-            File.delete(options[:sqlite_db_path])
-          end
+        elsif prior_sqlite_db_path && File.exist?(prior_sqlite_db_path) &&
+              (!@connection.table_exists?(:repositories) || @connection[:repositories].count.zero?)
+          migrate_to_postgres(Sequel.sqlite(prior_sqlite_db_path), @connection)
+          File.delete(prior_sqlite_db_path)
         end
         migrate
       end

data/lib/smart_proxy_container_gateway/version.rb

@@ -1,5 +1,5 @@
 module Proxy
   module ContainerGateway
-    VERSION = '2.0.0'.freeze
+    VERSION = '3.0.0'.freeze
   end
 end

data/settings.d/container_gateway.yml.example

@@ -1,10 +1,16 @@
 ---
 :enabled: true
-:pulp_endpoint: 'https://your_pulp_3_server_here.com'
-:pulp_client_ssl_ca: 'CA Cert for authenticating with Pulp'
-:pulp_client_ssl_cert: 'X509 certificate for authenticating with Pulp'
-:pulp_client_ssl_key: 'RSA private key for the Pulp certificate'
-:katello_registry_path: 'Katello container registry suffix, e.g., /v2/'
-:sqlite_db_path: '/var/lib/foreman-proxy/smart_proxy_container_gateway.db'
+
+#:pulp_endpoint: 'https://pulp3.example.com'
+#:pulp_client_ssl_ca: '/path/to/ca.pem'
+#:pulp_client_ssl_cert: '/path/to/cert.pem'
+#:pulp_client_ssl_key: '/path/to/key.pem'
+
+#:katello_registry_path: '/v2/'
+
+#:db_connection_string: postgresql:///container_gateway
+
+# Legacy options
+#:sqlite_db_path: '/var/lib/foreman-proxy/smart_proxy_container_gateway.db'
 # Database busy timeout in milliseconds
-:sqlite_timeout: 30000
+#:sqlite_timeout: 30000

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_container_gateway
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Ian Ballou
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-15 00:00:00.000000000 Z
+date: 2024-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport