remove database package
This commit is contained in:
parent
d9c84e8907
commit
b45f471ccb
@ -3,6 +3,7 @@ package clair
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -10,6 +11,9 @@ import (
|
|||||||
"github.com/coreos/clair/api/v1"
|
"github.com/coreos/clair/api/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
//ErrOSNotSupported is returned when Clair received a layer which on os not supported
|
||||||
|
var ErrOSNotSupported = errors.New("worker: OS and/or package manager are not supported")
|
||||||
|
|
||||||
//Push send a layer to Clair for analysis
|
//Push send a layer to Clair for analysis
|
||||||
func Push(layer v1.LayerEnvelope) error {
|
func Push(layer v1.LayerEnvelope) error {
|
||||||
lJSON, err := json.Marshal(layer)
|
lJSON, err := json.Marshal(layer)
|
||||||
|
@ -7,6 +7,7 @@ import (
|
|||||||
|
|
||||||
"github.com/Sirupsen/logrus"
|
"github.com/Sirupsen/logrus"
|
||||||
"github.com/coreos/clair/cmd/clairctl/clair"
|
"github.com/coreos/clair/cmd/clairctl/clair"
|
||||||
|
"github.com/coreos/clair/cmd/clairctl/config"
|
||||||
"github.com/coreos/clair/cmd/clairctl/docker"
|
"github.com/coreos/clair/cmd/clairctl/docker"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
@ -49,7 +50,7 @@ func analyse(imageName string) clair.ImageAnalysis {
|
|||||||
image, err = docker.Pull(imageName)
|
image, err = docker.Pull(imageName)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err == docker.ErrLoginNotFound {
|
if err == config.ErrLoginNotFound {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
} else {
|
} else {
|
||||||
fmt.Println(errInternalError)
|
fmt.Println(errInternalError)
|
||||||
|
@ -31,7 +31,7 @@ var pushCmd = &cobra.Command{
|
|||||||
var err error
|
var err error
|
||||||
image, err = docker.Pull(imageName)
|
image, err = docker.Pull(imageName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err == docker.ErrLoginNotFound {
|
if err == config.ErrLoginNotFound {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
} else {
|
} else {
|
||||||
fmt.Println(errInternalError)
|
fmt.Println(errInternalError)
|
||||||
|
@ -1,28 +0,0 @@
|
|||||||
package database
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
|
|
||||||
"github.com/Sirupsen/logrus"
|
|
||||||
)
|
|
||||||
|
|
||||||
var registryMapping map[string]string
|
|
||||||
|
|
||||||
//InsertRegistryMapping insert the pair layerID,RegistryURI
|
|
||||||
func InsertRegistryMapping(layerDigest string, registryURI string) {
|
|
||||||
logrus.Debugf("Saving %s[%s]", layerDigest, registryURI)
|
|
||||||
registryMapping[layerDigest] = registryURI
|
|
||||||
}
|
|
||||||
|
|
||||||
//GetRegistryMapping return the registryURI corresponding to the layerID passed as parameter
|
|
||||||
func GetRegistryMapping(layerDigest string) (string, error) {
|
|
||||||
registryURI, present := registryMapping[layerDigest]
|
|
||||||
if !present {
|
|
||||||
return "", fmt.Errorf("%v mapping not found", layerDigest)
|
|
||||||
}
|
|
||||||
return registryURI, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
registryMapping = map[string]string{}
|
|
||||||
}
|
|
@ -2,6 +2,7 @@ package docker
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
@ -9,7 +10,7 @@ import (
|
|||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
)
|
)
|
||||||
|
|
||||||
errDisallowed = errors.New("analysing official images is not allowed")
|
var errDisallowed = errors.New("analysing official images is not allowed")
|
||||||
|
|
||||||
//Image represent Image Manifest from Docker image, including the registry URL
|
//Image represent Image Manifest from Docker image, including the registry URL
|
||||||
type Image struct {
|
type Image struct {
|
||||||
|
@ -7,6 +7,7 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/Sirupsen/logrus"
|
"github.com/Sirupsen/logrus"
|
||||||
|
"github.com/coreos/clair/cmd/clairctl/config"
|
||||||
"github.com/coreos/clair/cmd/clairctl/docker/httpclient"
|
"github.com/coreos/clair/cmd/clairctl/docker/httpclient"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -49,7 +50,7 @@ func Pull(imageName string) (Image, error) {
|
|||||||
case http.StatusUnauthorized:
|
case http.StatusUnauthorized:
|
||||||
return Image{}, ErrUnauthorized
|
return Image{}, ErrUnauthorized
|
||||||
case http.StatusNotFound:
|
case http.StatusNotFound:
|
||||||
return Image{}, docker.ErrLoginNotFound
|
return Image{}, config.ErrLoginNotFound
|
||||||
default:
|
default:
|
||||||
return Image{}, fmt.Errorf("%d - %s", response.StatusCode, string(body))
|
return Image{}, fmt.Errorf("%d - %s", response.StatusCode, string(body))
|
||||||
}
|
}
|
||||||
|
@ -8,10 +8,11 @@ import (
|
|||||||
"github.com/coreos/clair/api/v1"
|
"github.com/coreos/clair/api/v1"
|
||||||
"github.com/coreos/clair/cmd/clairctl/clair"
|
"github.com/coreos/clair/cmd/clairctl/clair"
|
||||||
"github.com/coreos/clair/cmd/clairctl/config"
|
"github.com/coreos/clair/cmd/clairctl/config"
|
||||||
"github.com/coreos/clair/cmd/clairctl/database"
|
|
||||||
"github.com/coreos/clair/cmd/clairctl/xstrings"
|
"github.com/coreos/clair/cmd/clairctl/xstrings"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var registryMapping map[string]string
|
||||||
|
|
||||||
//Push image to Clair for analysis
|
//Push image to Clair for analysis
|
||||||
func Push(image Image) error {
|
func Push(image Image) error {
|
||||||
layerCount := len(image.FsLayers)
|
layerCount := len(image.FsLayers)
|
||||||
@ -35,7 +36,7 @@ func Push(image Image) error {
|
|||||||
lUID := xstrings.Substr(layer.BlobSum, 0, 12)
|
lUID := xstrings.Substr(layer.BlobSum, 0, 12)
|
||||||
logrus.Infof("Pushing Layer %d/%d [%v]", index+1, layerCount, lUID)
|
logrus.Infof("Pushing Layer %d/%d [%v]", index+1, layerCount, lUID)
|
||||||
|
|
||||||
database.InsertRegistryMapping(layer.BlobSum, image.Registry)
|
insertRegistryMapping(layer.BlobSum, image.Registry)
|
||||||
payload := v1.LayerEnvelope{Layer: &v1.Layer{
|
payload := v1.LayerEnvelope{Layer: &v1.Layer{
|
||||||
Name: layer.BlobSum,
|
Name: layer.BlobSum,
|
||||||
Path: image.BlobsURI(layer.BlobSum),
|
Path: image.BlobsURI(layer.BlobSum),
|
||||||
@ -66,3 +67,21 @@ func Push(image Image) error {
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func insertRegistryMapping(layerDigest string, registryURI string) {
|
||||||
|
logrus.Debugf("Saving %s[%s]", layerDigest, registryURI)
|
||||||
|
registryMapping[layerDigest] = registryURI
|
||||||
|
}
|
||||||
|
|
||||||
|
//GetRegistryMapping return the registryURI corresponding to the layerID passed as parameter
|
||||||
|
func GetRegistryMapping(layerDigest string) (string, error) {
|
||||||
|
registryURI, present := registryMapping[layerDigest]
|
||||||
|
if !present {
|
||||||
|
return "", fmt.Errorf("%v mapping not found", layerDigest)
|
||||||
|
}
|
||||||
|
return registryURI, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
registryMapping = map[string]string{}
|
||||||
|
}
|
||||||
|
@ -1,28 +1,28 @@
|
|||||||
package database
|
package docker
|
||||||
|
|
||||||
import "testing"
|
import "testing"
|
||||||
|
|
||||||
func TestInsertRegistryMapping(t *testing.T) {
|
func TestInsertRegistryMapping(t *testing.T) {
|
||||||
layerID := "sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e"
|
layerID := "sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e"
|
||||||
registryURI := "registry:5000"
|
registryURI := "registry:5000"
|
||||||
InsertRegistryMapping(layerID, registryURI)
|
insertRegistryMapping(layerID, registryURI)
|
||||||
|
|
||||||
if r := registryMapping[layerID]; r != registryURI {
|
if r := registryMapping[layerID]; r != registryURI {
|
||||||
t.Errorf("InsertRegistryMapping(%q,%q) => %q, want %q", layerID, registryURI, r, registryURI)
|
t.Errorf("insertRegistryMapping(%q,%q) => %q, want %q", layerID, registryURI, r, registryURI)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestGetRegistryMapping(t *testing.T) {
|
func TestGetRegistryMapping(t *testing.T) {
|
||||||
layerID := "sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e"
|
layerID := "sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e"
|
||||||
registryURI := "registry:5000"
|
registryURI := "registry:5000"
|
||||||
InsertRegistryMapping(layerID, registryURI)
|
insertRegistryMapping(layerID, registryURI)
|
||||||
|
|
||||||
if r, err := GetRegistryMapping(layerID); r != registryURI {
|
if r, err := GetRegistryMapping(layerID); r != registryURI {
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("InsertRegistryMapping(%q,%q) failed => %v", layerID, registryURI, err)
|
t.Errorf("GetRegistryMapping(%q) failed => %v", layerID, err)
|
||||||
} else {
|
} else {
|
||||||
t.Errorf("InsertRegistryMapping(%q,%q) => %q, want %q", layerID, registryURI, r, registryURI)
|
t.Errorf("GetRegistryMapping(%q) => %q, want %q", layerID, registryURI, r)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,245 +0,0 @@
|
|||||||
package reverseProxy
|
|
||||||
|
|
||||||
// Modified version of the original golang HTTP reverse proxy handler
|
|
||||||
// And Vars in Gorilla/mux
|
|
||||||
// Added support for Filter functions
|
|
||||||
|
|
||||||
// Copyright 2011 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
import (
|
|
||||||
"io"
|
|
||||||
"log"
|
|
||||||
"net"
|
|
||||||
"net/http"
|
|
||||||
"net/url"
|
|
||||||
"strings"
|
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/Sirupsen/logrus"
|
|
||||||
"github.com/gorilla/context"
|
|
||||||
"github.com/gorilla/mux"
|
|
||||||
"github.com/coreos/clair/cmd/clairctl/database"
|
|
||||||
"github.com/coreos/clair/cmd/clairctl/docker"
|
|
||||||
"github.com/coreos/clair/cmd/clairctl/docker/httpclient"
|
|
||||||
"github.com/wunderlist/moxy"
|
|
||||||
)
|
|
||||||
|
|
||||||
// FilterFunc is a function that is called to process a proxy response
|
|
||||||
// Since it has handle to the response object, it can manipulate the content
|
|
||||||
type FilterFunc func(*http.Request, *http.Response)
|
|
||||||
|
|
||||||
// onExitFlushLoop is a callback set by tests to detect the state of the
|
|
||||||
// flushLoop() goroutine.
|
|
||||||
var onExitFlushLoop func()
|
|
||||||
|
|
||||||
// ReverseProxy is an HTTP Handler that takes an incoming request and
|
|
||||||
// sends it to another server, proxying the response back to the
|
|
||||||
// client.
|
|
||||||
type ReverseProxy struct {
|
|
||||||
// Director must be a function which modifies
|
|
||||||
// the request into a new request to be sent
|
|
||||||
// using Transport. Its response is then copied
|
|
||||||
// back to the original client unmodified.
|
|
||||||
Director func(*http.Request)
|
|
||||||
|
|
||||||
// Filters must be an array of functions which modify
|
|
||||||
// the response before the body is written
|
|
||||||
Filters []FilterFunc
|
|
||||||
|
|
||||||
// The transport used to perform proxy requests.
|
|
||||||
// If nil, http.DefaultTransport is used.
|
|
||||||
Transport http.RoundTripper
|
|
||||||
|
|
||||||
// FlushInterval specifies the flush interval
|
|
||||||
// to flush to the client while copying the
|
|
||||||
// response body.
|
|
||||||
// If zero, no periodic flushing is done.
|
|
||||||
FlushInterval time.Duration
|
|
||||||
|
|
||||||
// ErrorLog specifies an optional logger for errors
|
|
||||||
// that occur when attempting to proxy the request.
|
|
||||||
// If nil, logging goes to os.Stderr via the log package's
|
|
||||||
// standard logger.
|
|
||||||
ErrorLog *log.Logger
|
|
||||||
}
|
|
||||||
|
|
||||||
func copyHeader(dst, src http.Header) {
|
|
||||||
for k, vv := range src {
|
|
||||||
for _, v := range vv {
|
|
||||||
dst.Add(k, v)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Hop-by-hop headers. These are removed when sent to the backend.
|
|
||||||
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
|
|
||||||
var hopHeaders = []string{
|
|
||||||
"Connection",
|
|
||||||
"Keep-Alive",
|
|
||||||
"Proxy-Authenticate",
|
|
||||||
"Proxy-Authorization",
|
|
||||||
"Te", // canonicalized version of "TE"
|
|
||||||
"Trailers",
|
|
||||||
"Transfer-Encoding",
|
|
||||||
"Upgrade",
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|
||||||
|
|
||||||
transport := p.Transport
|
|
||||||
if transport == nil {
|
|
||||||
transport = http.DefaultTransport
|
|
||||||
}
|
|
||||||
|
|
||||||
outreq := new(http.Request)
|
|
||||||
*outreq = *req // includes shallow copies of maps, but okay
|
|
||||||
|
|
||||||
context.Set(outreq, "in_req", req)
|
|
||||||
p.Director(outreq)
|
|
||||||
outreq.Proto = "HTTP/1.1"
|
|
||||||
outreq.ProtoMajor = 1
|
|
||||||
outreq.ProtoMinor = 1
|
|
||||||
outreq.Close = false
|
|
||||||
// Remove hop-by-hop headers to the backend. Especially
|
|
||||||
// important is "Connection" because we want a persistent
|
|
||||||
// connection, regardless of what the client sent to us. This
|
|
||||||
// is modifying the same underlying map from req (shallow
|
|
||||||
// copied above) so we only copy it if necessary.
|
|
||||||
copiedHeaders := false
|
|
||||||
for _, h := range hopHeaders {
|
|
||||||
if outreq.Header.Get(h) != "" {
|
|
||||||
if !copiedHeaders {
|
|
||||||
outreq.Header = make(http.Header)
|
|
||||||
copyHeader(outreq.Header, req.Header)
|
|
||||||
copiedHeaders = true
|
|
||||||
}
|
|
||||||
outreq.Header.Del(h)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
|
|
||||||
// If we aren't the first proxy retain prior
|
|
||||||
// X-Forwarded-For information as a comma+space
|
|
||||||
// separated list and fold multiple headers into one.
|
|
||||||
if prior, ok := outreq.Header["X-Forwarded-For"]; ok {
|
|
||||||
clientIP = strings.Join(prior, ", ") + ", " + clientIP
|
|
||||||
}
|
|
||||||
outreq.Header.Set("X-Forwarded-For", clientIP)
|
|
||||||
}
|
|
||||||
|
|
||||||
res, err := transport.RoundTrip(outreq)
|
|
||||||
if err != nil {
|
|
||||||
logrus.Errorf("http: proxy error: %v", err)
|
|
||||||
rw.WriteHeader(http.StatusInternalServerError)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
defer res.Body.Close()
|
|
||||||
|
|
||||||
for _, filterFn := range p.Filters {
|
|
||||||
filterFn(req, res)
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, h := range hopHeaders {
|
|
||||||
res.Header.Del(h)
|
|
||||||
}
|
|
||||||
|
|
||||||
copyHeader(rw.Header(), res.Header)
|
|
||||||
|
|
||||||
rw.WriteHeader(res.StatusCode)
|
|
||||||
p.copyResponse(rw, res.Body)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *ReverseProxy) copyResponse(dst io.Writer, src io.Reader) {
|
|
||||||
if p.FlushInterval != 0 {
|
|
||||||
if wf, ok := dst.(writeFlusher); ok {
|
|
||||||
mlw := &maxLatencyWriter{
|
|
||||||
dst: wf,
|
|
||||||
latency: p.FlushInterval,
|
|
||||||
done: make(chan bool),
|
|
||||||
}
|
|
||||||
go mlw.flushLoop()
|
|
||||||
defer mlw.stop()
|
|
||||||
dst = mlw
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
io.Copy(dst, src)
|
|
||||||
}
|
|
||||||
|
|
||||||
type writeFlusher interface {
|
|
||||||
io.Writer
|
|
||||||
http.Flusher
|
|
||||||
}
|
|
||||||
|
|
||||||
type maxLatencyWriter struct {
|
|
||||||
dst writeFlusher
|
|
||||||
latency time.Duration
|
|
||||||
|
|
||||||
lk sync.Mutex // protects Write + Flush
|
|
||||||
done chan bool
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *maxLatencyWriter) Write(p []byte) (int, error) {
|
|
||||||
m.lk.Lock()
|
|
||||||
defer m.lk.Unlock()
|
|
||||||
return m.dst.Write(p)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *maxLatencyWriter) flushLoop() {
|
|
||||||
t := time.NewTicker(m.latency)
|
|
||||||
defer t.Stop()
|
|
||||||
for {
|
|
||||||
select {
|
|
||||||
case <-m.done:
|
|
||||||
if onExitFlushLoop != nil {
|
|
||||||
onExitFlushLoop()
|
|
||||||
}
|
|
||||||
return
|
|
||||||
case <-t.C:
|
|
||||||
m.lk.Lock()
|
|
||||||
m.dst.Flush()
|
|
||||||
m.lk.Unlock()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *maxLatencyWriter) stop() { m.done <- true }
|
|
||||||
|
|
||||||
// NewReverseProxy returns a new ReverseProxy that load-balances the proxy requests between multiple hosts defined by the RegistryMapping in the database
|
|
||||||
// It also allows to define a chain of filter functions to process the outgoing response(s)
|
|
||||||
func NewReverseProxy(filters []FilterFunc) *ReverseProxy {
|
|
||||||
director := func(request *http.Request) {
|
|
||||||
|
|
||||||
inr := context.Get(request, "in_req").(*http.Request)
|
|
||||||
host, _ := database.GetRegistryMapping(mux.Vars(inr)["digest"])
|
|
||||||
out, _ := url.Parse(host)
|
|
||||||
request.URL.Scheme = out.Scheme
|
|
||||||
request.URL.Host = out.Host
|
|
||||||
client := httpclient.Get()
|
|
||||||
req, _ := http.NewRequest("HEAD", request.URL.String(), nil)
|
|
||||||
resp, err := client.Do(req)
|
|
||||||
if err != nil {
|
|
||||||
logrus.Errorf("response error: %v", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if resp.StatusCode == http.StatusUnauthorized {
|
|
||||||
logrus.Info("pull from clair is unauthorized")
|
|
||||||
docker.AuthenticateResponse(resp, request)
|
|
||||||
}
|
|
||||||
|
|
||||||
r, _ := http.NewRequest("GET", request.URL.String(), nil)
|
|
||||||
r.Header.Set("Authorization", request.Header.Get("Authorization"))
|
|
||||||
r.Header.Set("Accept-Encoding", request.Header.Get("Accept-Encoding"))
|
|
||||||
*request = *r
|
|
||||||
}
|
|
||||||
|
|
||||||
return &ReverseProxy{
|
|
||||||
Transport: moxy.NewTransport(),
|
|
||||||
Director: director,
|
|
||||||
Filters: filters,
|
|
||||||
}
|
|
||||||
}
|
|
@ -3,47 +3,27 @@ package server
|
|||||||
import (
|
import (
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/http/httputil"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/Sirupsen/logrus"
|
"github.com/Sirupsen/logrus"
|
||||||
"github.com/coreos/clair/cmd/clairctl/docker"
|
"github.com/coreos/clair/cmd/clairctl/docker"
|
||||||
"github.com/coreos/clair/cmd/clairctl/server/reverseProxy"
|
"github.com/coreos/clair/cmd/clairctl/docker/httpclient"
|
||||||
"github.com/gorilla/mux"
|
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
)
|
)
|
||||||
|
|
||||||
type handler func(rw http.ResponseWriter, req *http.Request) error
|
|
||||||
|
|
||||||
var router *mux.Router
|
|
||||||
|
|
||||||
//Serve run a local server with the fileserver and the reverse proxy
|
//Serve run a local server with the fileserver and the reverse proxy
|
||||||
func Serve(sURL string) error {
|
func Serve(sURL string) error {
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
restrictedFileServer := func(path string) http.Handler {
|
http.Handle("/v2/", newSingleHostReverseProxy())
|
||||||
if _, err := os.Stat(path); os.IsNotExist(err) {
|
http.Handle("/local/", http.StripPrefix("/local", restrictedFileServer(docker.TmpLocal())))
|
||||||
os.Mkdir(path, 0777)
|
|
||||||
}
|
|
||||||
|
|
||||||
fc := func(w http.ResponseWriter, r *http.Request) {
|
listener := tcpListener(sURL)
|
||||||
http.FileServer(http.Dir(path)).ServeHTTP(w, r)
|
|
||||||
}
|
|
||||||
return http.HandlerFunc(fc)
|
|
||||||
}
|
|
||||||
|
|
||||||
router.PathPrefix("/v2/local").Handler(http.StripPrefix("/v2/local", restrictedFileServer(docker.TmpLocal()))).Methods("GET")
|
|
||||||
listener, err := net.Listen("tcp", sURL)
|
|
||||||
if err != nil {
|
|
||||||
logrus.Fatalf("cannot instanciate listener: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if viper.GetInt("hyperclair.port") == 0 {
|
|
||||||
port := strings.Split(listener.Addr().String(), ":")[1]
|
|
||||||
logrus.Debugf("Update local server port from %q to %q", "0", port)
|
|
||||||
viper.Set("hyperclair.port", port)
|
|
||||||
}
|
|
||||||
logrus.Info("Starting Server on ", listener.Addr())
|
logrus.Info("Starting Server on ", listener.Addr())
|
||||||
|
|
||||||
if err := http.Serve(listener, nil); err != nil {
|
if err := http.Serve(listener, nil); err != nil {
|
||||||
@ -55,15 +35,65 @@ func Serve(sURL string) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func reverseRegistryHandler() http.HandlerFunc {
|
func tcpListener(sURL string) (listener net.Listener) {
|
||||||
filters := []reverseProxy.FilterFunc{}
|
listener, err := net.Listen("tcp", sURL)
|
||||||
proxy := reverseProxy.NewReverseProxy(filters)
|
if err != nil {
|
||||||
return proxy.ServeHTTP
|
logrus.Fatalf("cannot instanciate listener: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if viper.GetInt("hyperclair.port") == 0 {
|
||||||
|
port := strings.Split(listener.Addr().String(), ":")[1]
|
||||||
|
logrus.Debugf("Update local server port from %q to %q", "0", port)
|
||||||
|
viper.Set("hyperclair.port", port)
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func restrictedFileServer(path string) http.Handler {
|
||||||
|
if _, err := os.Stat(path); os.IsNotExist(err) {
|
||||||
|
os.Mkdir(path, 0777)
|
||||||
|
}
|
||||||
|
|
||||||
router = mux.NewRouter()
|
fc := func(w http.ResponseWriter, r *http.Request) {
|
||||||
router.PathPrefix("/v2").Path("/{repository}/{name}/blobs/{digest}").HandlerFunc(reverseRegistryHandler())
|
http.FileServer(http.Dir(path)).ServeHTTP(w, r)
|
||||||
http.Handle("/", router)
|
}
|
||||||
|
return http.HandlerFunc(fc)
|
||||||
|
}
|
||||||
|
|
||||||
|
func newSingleHostReverseProxy() *httputil.ReverseProxy {
|
||||||
|
director := func(request *http.Request) {
|
||||||
|
|
||||||
|
var validID = regexp.MustCompile(`.*/blobs/(.*)$`)
|
||||||
|
u := request.URL.Path
|
||||||
|
logrus.Debugf("request url: %v", u)
|
||||||
|
if !validID.MatchString(u) {
|
||||||
|
logrus.Errorf("cannot parse url: %v", u)
|
||||||
|
}
|
||||||
|
|
||||||
|
host, _ := docker.GetRegistryMapping(validID.FindStringSubmatch(u)[1])
|
||||||
|
out, _ := url.Parse(host)
|
||||||
|
request.URL.Scheme = out.Scheme
|
||||||
|
request.URL.Host = out.Host
|
||||||
|
client := httpclient.Get()
|
||||||
|
req, _ := http.NewRequest("HEAD", request.URL.String(), nil)
|
||||||
|
resp, err := client.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Errorf("response error: %v", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if resp.StatusCode == http.StatusUnauthorized {
|
||||||
|
logrus.Info("pull from clair is unauthorized")
|
||||||
|
docker.AuthenticateResponse(resp, request)
|
||||||
|
}
|
||||||
|
|
||||||
|
r, _ := http.NewRequest("GET", request.URL.String(), nil)
|
||||||
|
r.Header.Set("Authorization", request.Header.Get("Authorization"))
|
||||||
|
r.Header.Set("Accept-Encoding", request.Header.Get("Accept-Encoding"))
|
||||||
|
*request = *r
|
||||||
|
}
|
||||||
|
return &httputil.ReverseProxy{
|
||||||
|
Director: director,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user