Class: ContainerRegistry::Client

Inherits:

BaseClient

• Object
• BaseClient
• ContainerRegistry::Client

Includes:

Gitlab::Utils::StrongMemoize

Defined in:

lib/container_registry/client.rb

Constant Summary

REGISTRY_VERSION_HEADER =

'gitlab-container-registry-version'

REGISTRY_FEATURES_HEADER =

'gitlab-container-registry-features'

REGISTRY_TAG_DELETE_FEATURE =

'tag_delete'

REGISTRY_DB_ENABLED_HEADER =

'gitlab-container-registry-database-enabled'

DEFAULT_TAGS_PAGE_SIZE =

10000

ALLOWED_REDIRECT_SCHEMES =

%w[http https].freeze

REDIRECT_OPTIONS =

{
  clear_authorization_header: true,
  limit: 3,
  cookies: [],
  callback: ->(response_env, request_env) do
    request_env.request_headers.delete(::Faraday::FollowRedirects::Middleware::AUTH_HEADER)

    redirect_to = request_env.url
    unless redirect_to.scheme.in?(ALLOWED_REDIRECT_SCHEMES)
      raise ArgumentError, "Invalid scheme for #{redirect_to}"
    end
  end
}.freeze

Constants inherited from BaseClient

BaseClient::ACCEPTED_TYPES, BaseClient::ACCEPTED_TYPES_RAW, BaseClient::CONTAINER_IMAGE_V1_TYPE, BaseClient::DOCKER_DISTRIBUTION_MANIFEST_LIST_V2_TYPE, BaseClient::DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE, BaseClient::ERROR_CALLBACK_OPTIONS, BaseClient::OCI_DISTRIBUTION_INDEX_TYPE, BaseClient::OCI_MANIFEST_V1_TYPE, BaseClient::RETRY_EXCEPTIONS, BaseClient::RETRY_OPTIONS

Instance Attribute Summary

• #base_uri ⇒ Object readonly

  Returns the value of attribute base_uri.

• #options ⇒ Object readonly

  Returns the value of attribute options.

• #uri ⇒ Object

  Returns the value of attribute uri.

Class Method Summary

• .registry_info ⇒ Object
• .supports_tag_delete? ⇒ Boolean

Instance Method Summary

• #blob(name, digest, type = nil) ⇒ Object
• #connected? ⇒ Boolean
• #delete_blob(name, digest) ⇒ Object
• #delete_repository_tag_by_digest(name, reference) ⇒ Object
• #generate_empty_manifest(path) ⇒ Object
• #put_tag(name, reference, manifest) ⇒ Object
• #registry_info ⇒ Object
• #repository_manifest(name, reference) ⇒ Object
• #repository_tag_digest(name, reference) ⇒ Object
• #repository_tags(name, page_size: DEFAULT_TAGS_PAGE_SIZE) ⇒ Object
• #supports_tag_delete? ⇒ Boolean

  Check if the registry supports tag deletion.

• #upload_blob(name, content, digest) ⇒ Object
• #upload_raw_blob(path, blob) ⇒ Object

Methods inherited from BaseClient

#initialize

Constructor Details

This class inherits a constructor from ContainerRegistry::BaseClient

Instance Attribute Details

#base_uri ⇒ Object (readonly)

Returns the value of attribute base_uri.

# File 'lib/container_registry/client.rb', line 8

def base_uri
  @base_uri
end

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/container_registry/client.rb', line 8

def options
  @options
end

#uri ⇒ Object

Returns the value of attribute uri.

# File 'lib/container_registry/client.rb', line 7

def uri
  @uri
end

Class Method Details

.registry_info ⇒ Object

# File 'lib/container_registry/client.rb', line 36

def self.registry_info
  with_dummy_client(&:registry_info)
end

.supports_tag_delete? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/container_registry/client.rb', line 32

def self.supports_tag_delete?
  with_dummy_client(return_value_if_disabled: false, &:supports_tag_delete?)
end

Instance Method Details

#blob(name, digest, type = nil) ⇒ Object

# File 'lib/container_registry/client.rb', line 136

def blob(name, digest, type = nil)
  type ||= 'application/octet-stream'
  response_body faraday_blob.get("/v2/#{name}/blobs/#{digest}", nil, 'Accept' => type)
end

#connected? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/container_registry/client.rb', line 57

def connected?
  !registry_info.empty?
end

#delete_blob(name, digest) ⇒ Object

# File 'lib/container_registry/client.rb', line 141

def delete_blob(name, digest)
  delete_if_exists("/v2/#{name}/blobs/#{digest}")
end

#delete_repository_tag_by_digest(name, reference) ⇒ Object

# File 'lib/container_registry/client.rb', line 77

def delete_repository_tag_by_digest(name, reference)
  delete_if_exists("/v2/#{name}/manifests/#{reference}")
end

#generate_empty_manifest(path) ⇒ Object

# File 'lib/container_registry/client.rb', line 118

def generate_empty_manifest(path)
  image = {
    config: {}
  }
  image, image_digest = upload_raw_blob(path, Gitlab::Json.pretty_generate(image))
  return unless image

  {
    schemaVersion: 2,
    mediaType: DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE,
    config: {
      mediaType: CONTAINER_IMAGE_V1_TYPE,
      size: image.size,
      digest: image_digest
    }
  }
end

#put_tag(name, reference, manifest) ⇒ Object

# File 'lib/container_registry/client.rb', line 145

def put_tag(name, reference, manifest)
  response = faraday(timeout_enabled: false).put("/v2/#{name}/manifests/#{reference}") do |req|
    req.headers['Content-Type'] = DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE
    req.body = Gitlab::Json.pretty_generate(manifest)
  end

  response.headers[DependencyProxy::Manifest::DIGEST_HEADER] if response.success?
end

#registry_info ⇒ Object

# File 'lib/container_registry/client.rb', line 40

def registry_info
  response = faraday.get("/v2/")

  return {} unless response&.success?

  version = response.headers[REGISTRY_VERSION_HEADER]
  features = response.headers.fetch(REGISTRY_FEATURES_HEADER, '')
  db_enabled = response.headers.fetch(REGISTRY_DB_ENABLED_HEADER, '')

  {
    version: version,
    features: features.split(',').map(&:strip),
    vendor: version ? 'gitlab' : 'other',
    db_enabled: ::Gitlab::Utils.to_boolean(db_enabled, default: false)
  }
end

#repository_manifest(name, reference) ⇒ Object

# File 'lib/container_registry/client.rb', line 68

def repository_manifest(name, reference)
  response_body faraday.get("/v2/#{name}/manifests/#{reference}")
end

#repository_tag_digest(name, reference) ⇒ Object

# File 'lib/container_registry/client.rb', line 72

def repository_tag_digest(name, reference)
  response = faraday.head("/v2/#{name}/manifests/#{reference}")
  response.headers[DependencyProxy::Manifest::DIGEST_HEADER] if response.success?
end

#repository_tags(name, page_size: DEFAULT_TAGS_PAGE_SIZE) ⇒ Object

# File 'lib/container_registry/client.rb', line 61

def repository_tags(name, page_size: DEFAULT_TAGS_PAGE_SIZE)
  response = faraday.get("/v2/#{name}/tags/list") do |req|
    req.params['n'] = page_size
  end
  response_body(response)
end

#supports_tag_delete? ⇒ Boolean

Check if the registry supports tag deletion. This is only supported by the GitLab registry fork. The fastest and safest way to check this is to send an OPTIONS request to /v2/<name>/manifests/<tag>, using a random repository name and tag (the registry won’t check if they exist). Registries that support tag deletion will reply with a 200 OK and include the DELETE method in the Allow header. Others reply with an 404 Not Found.

Returns:

• (Boolean)

# File 'lib/container_registry/client.rb', line 87

def supports_tag_delete?
  strong_memoize(:supports_tag_delete) do
    registry_features = Gitlab::CurrentSettings.container_registry_features || []
    next true if ::Gitlab.com_except_jh? && registry_features.include?(REGISTRY_TAG_DELETE_FEATURE)

    response = faraday.run_request(:options, '/v2/name/manifests/tag', '', {})
    response.success? && response.headers['allow']&.include?('DELETE')
  end
end

#upload_blob(name, content, digest) ⇒ Object

# File 'lib/container_registry/client.rb', line 105

def upload_blob(name, content, digest)
  upload = faraday(timeout_enabled: false).post("/v2/#{name}/blobs/uploads/")
  return upload unless upload.success?

  location = URI(upload.headers['location'])

  faraday(timeout_enabled: false).put("#{location.path}?#{location.query}") do |req|
    req.params['digest'] = digest
    req.headers['Content-Type'] = 'application/octet-stream'
    req.body = content
  end
end

#upload_raw_blob(path, blob) ⇒ Object

# File 'lib/container_registry/client.rb', line 97

def upload_raw_blob(path, blob)
  digest = "sha256:#{Digest::SHA256.hexdigest(blob)}"

  if upload_blob(path, blob, digest).success?
    [blob, digest]
  end
end