smart_proxy_container_gateway 3.0.0 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb4e40d814ff330008ad5f1bf4bf667ba9e91415bc997ea4d66a2beb7fb0a00e
-  data.tar.gz: 84360d1228198e91460a2b841985b12c5c9f5d5d062d191862a2e9cc5bef10e9
+  metadata.gz: f16bba86dcd701d0d51877ed12b0c44f3c8bb86f135c18fd1babb73bbecb2b9b
+  data.tar.gz: 7dabc1909e9c578020f923f9033a34271fa085f9bb75c212fd9f55aa9f2f7cc3
 SHA512:
-  metadata.gz: 37997d8de598e480912ecc0785fc755138aa90163dcb20981210eff4a935ae85a49a157b8c51189a6a13a6a29a1ff391429e477257d466b0b9d0d19d04d33fcd
-  data.tar.gz: 5a81a246030ed8d9fcd7b847c30fb241c2974e203ae09b256a017432cffa549073430a203e5d6231f55527db005237477a4903482c88ddad47e4c2ca894f8def
+  metadata.gz: fd70d4d1b20e6f9f37a9c32dd14db3935f8321e723a7a3215cf135e513e4c0d839b1b5c963918c8ce92a19a91fc5a378f23ef427bd3d48cb3a7ffc5f955a0833
+  data.tar.gz: 4ce24b3e19d43bd838e1743ff2a8a34f93e00c64ed09c2db64848e6c40640e8dde91f2fa910b0d096bbca0b8055a5f13567b4b821a66359a6b6b84352235d62a

data/lib/smart_proxy_container_gateway/container_gateway_api.rb

@@ -50,18 +50,28 @@ module Proxy
         end
       end
 
+      put '/v2/*/manifests/*/?' do
+        throw_unsupported_error
+      end
+
       get '/v2/*/blobs/*/?' do
-        repository = params[:splat][0]
-        digest = params[:splat][1]
-        handle_repo_auth(repository, auth_header, request)
-        pulp_response = container_gateway_main.blobs(repository, digest, translated_headers_for_proxy)
-        if pulp_response.code.to_i >= 400
-          status pulp_response.code.to_i
-          body pulp_response.body
-        else
-          redirection_location = pulp_response['location']
-          redirect to(redirection_location)
-        end
+        head_or_get_blobs
+      end
+
+      head '/v2/*/blobs/*/?' do
+        head_or_get_blobs
+      end
+
+      post '/v2/*/blobs/uploads/?' do
+        throw_unsupported_error
+      end
+
+      put '/v2/*/blobs/uploads/*/?' do
+        throw_unsupported_error
+      end
+
+      patch '/v2/*/blobs/uploads/*/?' do
+        throw_unsupported_error
       end
 
       get '/v2/*/tags/list/?' do
@@ -80,10 +90,10 @@ module Proxy
       end
 
       get '/v1/search/?' do
-        # Checks for podman client and issues a 404 in that case. Podman
+        # Checks for v2 client and issues a 404 in that case. Podman
         # examines the response from a /v1/search request. If the result
         # is a 4XX, it will then proceed with a request to /_catalog
-        if !request.env['HTTP_USER_AGENT'].nil? && request.env['HTTP_USER_AGENT'].downcase.include?('libpod')
+        if request.env['HTTP_DOCKER_DISTRIBUTION_API_VERSION'] == 'registry/2.0'
           halt 404, "not found"
         end
 
@@ -198,6 +208,46 @@ module Proxy
 
       private
 
+      def head_or_get_blobs
+        repository = params[:splat][0]
+        digest = params[:splat][1]
+        handle_repo_auth(repository, auth_header, request)
+        pulp_response = container_gateway_main.blobs(repository, digest, translated_headers_for_proxy)
+        if pulp_response.code.to_i >= 400
+          status pulp_response.code.to_i
+          body pulp_response.body
+        else
+          redirection_location = pulp_response['location']
+          redirect to(redirection_location)
+        end
+      end
+
+      def throw_unsupported_error
+        content_type :json
+        body({
+          "errors" => [
+            {
+              "code" => "UNSUPPORTED",
+              "message" => "Pushing content is unsupported"
+            }
+          ]
+        }.to_json)
+        halt 404
+      end
+
+      def throw_repo_not_found_error
+        content_type :json
+        body({
+          "errors" => [
+            {
+              "code" => "NAME_UNKNOWN",
+              "message" => "Repository name unknown"
+            }
+          ]
+        }.to_json)
+        halt 404
+      end
+
       def translated_headers_for_proxy
         current_headers = {}
         env = request.env.select do |key, _value|
@@ -220,7 +270,7 @@ module Proxy
         return if container_gateway_main.authorized_for_repo?(repository, user_token_is_valid, username)
 
         redirect_authorization_headers
-        halt 401, "unauthorized"
+        throw_repo_not_found_error
       end
 
       def redirect_authorization_headers

data/lib/smart_proxy_container_gateway/container_gateway_main.rb

@@ -160,6 +160,9 @@ module Proxy
         end
       end
 
+      # Returns:
+      # true if the user is authorized to access the repo, or
+      # false if the user is not authorized to access the repo or if it does not exist
       def authorized_for_repo?(repo_name, user_token_is_valid, username = nil)
         repository = database.connection[:repositories][{ name: repo_name }]
 

data/lib/smart_proxy_container_gateway/version.rb

@@ -1,5 +1,5 @@
 module Proxy
   module ContainerGateway
-    VERSION = '3.0.0'.freeze
+    VERSION = '3.1.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_container_gateway
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.1.0
 platform: ruby
 authors:
 - Ian Ballou
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-20 00:00:00.000000000 Z
+date: 2024-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport