smart_proxy_container_gateway 3.2.0 → 3.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/smart_proxy_container_gateway/container_gateway.rb +2 -1
- data/lib/smart_proxy_container_gateway/container_gateway_api.rb +32 -34
- data/lib/smart_proxy_container_gateway/container_gateway_main.rb +5 -2
- data/lib/smart_proxy_container_gateway/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b85cb8971300559f91cbae183a96bfa821c0bd90151c2b7c765561d9e1f84adc
|
|
4
|
+
data.tar.gz: 988f40bafe8e1aaf13042faf2bd5505bfc416e7e4160f94419ba7b271878bdfe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4c249cf8162619a123d179234182ff19b7f724393600738c421acd2b0627b0b370fb01f38cd0b57304c3d50765015df40170eae42617e5c29d56c457a25ec531
|
|
7
|
+
data.tar.gz: ff795672ab091823d36af4085ca328775ec8ce2f1f5d954d0760c7ba4540b4842ab0dfcdf9d741d53ec534a7603711f5da78ac65e7b8a423a5b5f44c54d2980c
|
|
@@ -41,7 +41,8 @@ module Proxy
|
|
|
41
41
|
container_instance.singleton_dependency :container_gateway_main_impl, (lambda do
|
|
42
42
|
Proxy::ContainerGateway::ContainerGatewayMain.new(
|
|
43
43
|
database: container_instance.get_dependency(:database_impl),
|
|
44
|
-
**settings.slice(:pulp_endpoint, :pulp_client_ssl_ca, :pulp_client_ssl_cert,
|
|
44
|
+
**settings.slice(:pulp_endpoint, :pulp_client_ssl_ca, :pulp_client_ssl_cert,
|
|
45
|
+
:pulp_client_ssl_key, :client_endpoint)
|
|
45
46
|
)
|
|
46
47
|
end)
|
|
47
48
|
end
|
|
@@ -46,8 +46,9 @@ module Proxy
|
|
|
46
46
|
status pulp_response.code.to_i
|
|
47
47
|
body pulp_response.body
|
|
48
48
|
else
|
|
49
|
-
|
|
50
|
-
|
|
49
|
+
redirection_uri = URI(pulp_response['location'])
|
|
50
|
+
redirection_uri.host = URI(container_gateway_main.client_endpoint).host
|
|
51
|
+
redirect(redirection_uri.to_s)
|
|
51
52
|
end
|
|
52
53
|
end
|
|
53
54
|
|
|
@@ -118,7 +119,7 @@ module Proxy
|
|
|
118
119
|
get '/v2/_catalog/?' do
|
|
119
120
|
catalog = []
|
|
120
121
|
if auth_header.present?
|
|
121
|
-
if auth_header.unauthorized_token?
|
|
122
|
+
if auth_header.unauthenticated_token? || auth_header.unauthorized_token?
|
|
122
123
|
catalog = container_gateway_main.catalog.select_map(::Sequel[:repositories][:name])
|
|
123
124
|
elsif auth_header.valid_user_token?
|
|
124
125
|
catalog = container_gateway_main.catalog(auth_header.user).select_map(::Sequel[:repositories][:name])
|
|
@@ -149,42 +150,33 @@ module Proxy
|
|
|
149
150
|
request.params['account'] ||= username if username.present?
|
|
150
151
|
end
|
|
151
152
|
|
|
152
|
-
unless auth_header.present? && auth_header.basic_auth?
|
|
153
|
-
return { token: AuthorizationHeader::UNAUTHORIZED_TOKEN, issued_at: Time.now.rfc3339,
|
|
154
|
-
expires_in: 1.year.seconds.to_i }.to_json
|
|
155
|
-
end
|
|
156
|
-
|
|
157
153
|
token_response = ForemanApi.new.fetch_token(auth_header.raw_header, request.params)
|
|
158
|
-
|
|
159
|
-
halt token_response.code.to_i, token_response.body
|
|
160
|
-
else
|
|
161
|
-
# This returned token should follow OAuth2 spec. We need some minor conversion
|
|
162
|
-
# to store the token with the expires_at time (using rfc3339).
|
|
163
|
-
token_response_body = JSON.parse(token_response.body)
|
|
154
|
+
halt token_response.code.to_i, token_response.body unless token_response.code.to_i == 200
|
|
164
155
|
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
156
|
+
token_response_body = JSON.parse(token_response.body)
|
|
157
|
+
halt 502, "Recieved malformed token response" if token_response_body['token'].nil?
|
|
158
|
+
|
|
159
|
+
# Check for unauthorized tokens and respond with 401
|
|
160
|
+
halt 401, "unauthorized" if token_response_body['token'] == AuthorizationHeader::UNAUTHORIZED_TOKEN
|
|
161
|
+
|
|
162
|
+
# Skip storing the token if it is unauthenticated
|
|
163
|
+
unless token_response_body['token'] == AuthorizationHeader::UNAUTHENTICATED_TOKEN
|
|
168
164
|
|
|
169
165
|
# "issued_at" is an optional field. Per OAuth2 we assume time of token response as
|
|
170
166
|
# the issue time if the field is ommitted.
|
|
171
167
|
token_issue_time = (token_response_body["issued_at"] || token_response["Date"])&.to_time
|
|
172
|
-
if token_issue_time.nil?
|
|
173
|
-
halt 502, "Recieved malformed token response"
|
|
174
|
-
end
|
|
168
|
+
halt 502, "Recieved malformed token response" if token_issue_time.nil?
|
|
175
169
|
|
|
170
|
+
# This returned token should follow OAuth2 spec. We need some minor conversion
|
|
171
|
+
# to store the token with the expires_at time (using rfc3339).
|
|
176
172
|
# 'expires_in' is an optional field. If not provided, assume 60 seconds per OAuth2 spec
|
|
177
173
|
expires_in = token_response_body.fetch("expires_in", 60)
|
|
178
174
|
expires_at = token_issue_time + expires_in.seconds
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
)
|
|
185
|
-
else
|
|
186
|
-
halt 401, "unauthorized"
|
|
187
|
-
end
|
|
175
|
+
container_gateway_main.insert_token(
|
|
176
|
+
request.params['account'],
|
|
177
|
+
token_response_body['token'],
|
|
178
|
+
expires_at.rfc3339
|
|
179
|
+
)
|
|
188
180
|
|
|
189
181
|
repo_response = ForemanApi.new.fetch_user_repositories(auth_header.raw_header, request.params)
|
|
190
182
|
if repo_response.code.to_i != 200
|
|
@@ -193,10 +185,10 @@ module Proxy
|
|
|
193
185
|
container_gateway_main.update_user_repositories(request.params['account'],
|
|
194
186
|
JSON.parse(repo_response.body)['repositories'])
|
|
195
187
|
end
|
|
196
|
-
|
|
197
|
-
# Return the original token response from Katello
|
|
198
|
-
return token_response.body
|
|
199
188
|
end
|
|
189
|
+
|
|
190
|
+
# Return the original token response from Katello
|
|
191
|
+
return token_response.body
|
|
200
192
|
end
|
|
201
193
|
|
|
202
194
|
get '/users/?' do
|
|
@@ -236,8 +228,9 @@ module Proxy
|
|
|
236
228
|
status pulp_response.code.to_i
|
|
237
229
|
body pulp_response.body
|
|
238
230
|
else
|
|
239
|
-
|
|
240
|
-
|
|
231
|
+
redirection_uri = URI(pulp_response['location'])
|
|
232
|
+
redirection_uri.host = URI(container_gateway_main.client_endpoint).host
|
|
233
|
+
redirect(redirection_uri.to_s)
|
|
241
234
|
end
|
|
242
235
|
end
|
|
243
236
|
|
|
@@ -318,6 +311,7 @@ module Proxy
|
|
|
318
311
|
inject_attr :database_impl, :database
|
|
319
312
|
inject_attr :container_gateway_main_impl, :container_gateway_main
|
|
320
313
|
UNAUTHORIZED_TOKEN = 'unauthorized'.freeze
|
|
314
|
+
UNAUTHENTICATED_TOKEN = 'unauthenticated'.freeze
|
|
321
315
|
|
|
322
316
|
def initialize(value)
|
|
323
317
|
@value = value || ''
|
|
@@ -343,6 +337,10 @@ module Proxy
|
|
|
343
337
|
@value.split(' ')[1] == UNAUTHORIZED_TOKEN
|
|
344
338
|
end
|
|
345
339
|
|
|
340
|
+
def unauthenticated_token?
|
|
341
|
+
@value.split(' ')[1] == UNAUTHENTICATED_TOKEN
|
|
342
|
+
end
|
|
343
|
+
|
|
346
344
|
def token_auth?
|
|
347
345
|
@value.split(' ')[0] == 'Bearer'
|
|
348
346
|
end
|
|
@@ -9,17 +9,20 @@ module Proxy
|
|
|
9
9
|
extend ::Proxy::Log
|
|
10
10
|
|
|
11
11
|
class ContainerGatewayMain
|
|
12
|
-
attr_reader :database
|
|
12
|
+
attr_reader :database, :client_endpoint
|
|
13
13
|
|
|
14
|
-
|
|
14
|
+
# rubocop:disable Metrics/ParameterLists, Layout/LineLength
|
|
15
|
+
def initialize(database:, pulp_endpoint:, pulp_client_ssl_ca:, pulp_client_ssl_cert:, pulp_client_ssl_key:, client_endpoint: nil)
|
|
15
16
|
@database = database
|
|
16
17
|
@pulp_endpoint = pulp_endpoint
|
|
18
|
+
@client_endpoint = client_endpoint || pulp_endpoint
|
|
17
19
|
@pulp_client_ssl_ca = pulp_client_ssl_ca
|
|
18
20
|
@pulp_client_ssl_cert = OpenSSL::X509::Certificate.new(File.read(pulp_client_ssl_cert))
|
|
19
21
|
@pulp_client_ssl_key = OpenSSL::PKey::RSA.new(
|
|
20
22
|
File.read(pulp_client_ssl_key)
|
|
21
23
|
)
|
|
22
24
|
end
|
|
25
|
+
# rubocop:enable Metrics/ParameterLists, Layout/LineLength
|
|
23
26
|
|
|
24
27
|
def pulp_registry_request(uri, headers)
|
|
25
28
|
http_client = Net::HTTP.new(uri.host, uri.port)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_container_gateway
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ian Ballou
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
11
|
+
date: 2025-04-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -116,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
117
|
version: '0'
|
|
118
118
|
requirements: []
|
|
119
|
-
rubygems_version: 3.
|
|
119
|
+
rubygems_version: 3.5.22
|
|
120
120
|
signing_key:
|
|
121
121
|
specification_version: 4
|
|
122
122
|
summary: Pulp 3 container registry support for Foreman/Katello Smart-Proxy
|