smart_proxy_container_gateway 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f16bba86dcd701d0d51877ed12b0c44f3c8bb86f135c18fd1babb73bbecb2b9b
|
|
4
|
+
data.tar.gz: 7dabc1909e9c578020f923f9033a34271fa085f9bb75c212fd9f55aa9f2f7cc3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fd70d4d1b20e6f9f37a9c32dd14db3935f8321e723a7a3215cf135e513e4c0d839b1b5c963918c8ce92a19a91fc5a378f23ef427bd3d48cb3a7ffc5f955a0833
|
|
7
|
+
data.tar.gz: 4ce24b3e19d43bd838e1743ff2a8a34f93e00c64ed09c2db64848e6c40640e8dde91f2fa910b0d096bbca0b8055a5f13567b4b821a66359a6b6b84352235d62a
|
|
@@ -50,18 +50,28 @@ module Proxy
|
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
52
|
|
|
53
|
+
put '/v2/*/manifests/*/?' do
|
|
54
|
+
throw_unsupported_error
|
|
55
|
+
end
|
|
56
|
+
|
|
53
57
|
get '/v2/*/blobs/*/?' do
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
58
|
+
head_or_get_blobs
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
head '/v2/*/blobs/*/?' do
|
|
62
|
+
head_or_get_blobs
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
post '/v2/*/blobs/uploads/?' do
|
|
66
|
+
throw_unsupported_error
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
put '/v2/*/blobs/uploads/*/?' do
|
|
70
|
+
throw_unsupported_error
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
patch '/v2/*/blobs/uploads/*/?' do
|
|
74
|
+
throw_unsupported_error
|
|
65
75
|
end
|
|
66
76
|
|
|
67
77
|
get '/v2/*/tags/list/?' do
|
|
@@ -80,10 +90,10 @@ module Proxy
|
|
|
80
90
|
end
|
|
81
91
|
|
|
82
92
|
get '/v1/search/?' do
|
|
83
|
-
# Checks for
|
|
93
|
+
# Checks for v2 client and issues a 404 in that case. Podman
|
|
84
94
|
# examines the response from a /v1/search request. If the result
|
|
85
95
|
# is a 4XX, it will then proceed with a request to /_catalog
|
|
86
|
-
if
|
|
96
|
+
if request.env['HTTP_DOCKER_DISTRIBUTION_API_VERSION'] == 'registry/2.0'
|
|
87
97
|
halt 404, "not found"
|
|
88
98
|
end
|
|
89
99
|
|
|
@@ -198,6 +208,46 @@ module Proxy
|
|
|
198
208
|
|
|
199
209
|
private
|
|
200
210
|
|
|
211
|
+
def head_or_get_blobs
|
|
212
|
+
repository = params[:splat][0]
|
|
213
|
+
digest = params[:splat][1]
|
|
214
|
+
handle_repo_auth(repository, auth_header, request)
|
|
215
|
+
pulp_response = container_gateway_main.blobs(repository, digest, translated_headers_for_proxy)
|
|
216
|
+
if pulp_response.code.to_i >= 400
|
|
217
|
+
status pulp_response.code.to_i
|
|
218
|
+
body pulp_response.body
|
|
219
|
+
else
|
|
220
|
+
redirection_location = pulp_response['location']
|
|
221
|
+
redirect to(redirection_location)
|
|
222
|
+
end
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
def throw_unsupported_error
|
|
226
|
+
content_type :json
|
|
227
|
+
body({
|
|
228
|
+
"errors" => [
|
|
229
|
+
{
|
|
230
|
+
"code" => "UNSUPPORTED",
|
|
231
|
+
"message" => "Pushing content is unsupported"
|
|
232
|
+
}
|
|
233
|
+
]
|
|
234
|
+
}.to_json)
|
|
235
|
+
halt 404
|
|
236
|
+
end
|
|
237
|
+
|
|
238
|
+
def throw_repo_not_found_error
|
|
239
|
+
content_type :json
|
|
240
|
+
body({
|
|
241
|
+
"errors" => [
|
|
242
|
+
{
|
|
243
|
+
"code" => "NAME_UNKNOWN",
|
|
244
|
+
"message" => "Repository name unknown"
|
|
245
|
+
}
|
|
246
|
+
]
|
|
247
|
+
}.to_json)
|
|
248
|
+
halt 404
|
|
249
|
+
end
|
|
250
|
+
|
|
201
251
|
def translated_headers_for_proxy
|
|
202
252
|
current_headers = {}
|
|
203
253
|
env = request.env.select do |key, _value|
|
|
@@ -220,7 +270,7 @@ module Proxy
|
|
|
220
270
|
return if container_gateway_main.authorized_for_repo?(repository, user_token_is_valid, username)
|
|
221
271
|
|
|
222
272
|
redirect_authorization_headers
|
|
223
|
-
|
|
273
|
+
throw_repo_not_found_error
|
|
224
274
|
end
|
|
225
275
|
|
|
226
276
|
def redirect_authorization_headers
|
|
@@ -160,6 +160,9 @@ module Proxy
|
|
|
160
160
|
end
|
|
161
161
|
end
|
|
162
162
|
|
|
163
|
+
# Returns:
|
|
164
|
+
# true if the user is authorized to access the repo, or
|
|
165
|
+
# false if the user is not authorized to access the repo or if it does not exist
|
|
163
166
|
def authorized_for_repo?(repo_name, user_token_is_valid, username = nil)
|
|
164
167
|
repository = database.connection[:repositories][{ name: repo_name }]
|
|
165
168
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_container_gateway
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ian Ballou
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-08-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|