class Proxy::ContainerGateway::ContainerGatewayMain
Attributes
database[R]
Public Class Methods
new(database:, pulp_endpoint:, pulp_client_ssl_ca:, pulp_client_ssl_cert:, pulp_client_ssl_key:)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 14 def initialize(database:, pulp_endpoint:, pulp_client_ssl_ca:, pulp_client_ssl_cert:, pulp_client_ssl_key:) @database = database @pulp_endpoint = pulp_endpoint @pulp_client_ssl_ca = pulp_client_ssl_ca @pulp_client_ssl_cert = OpenSSL::X509::Certificate.new(File.read(pulp_client_ssl_cert)) @pulp_client_ssl_key = OpenSSL::PKey::RSA.new( File.read(pulp_client_ssl_key) ) end
Public Instance Methods
blobs(repository, digest, headers)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 52 def blobs(repository, digest, headers) uri = URI.parse( "#{@pulp_endpoint}/pulpcore_registry/v2/#{repository}/blobs/#{digest}" ) pulp_registry_request(uri, headers) end
catalog(user = nil)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 90 def catalog(user = nil) if user.nil? unauthenticated_repos else database.connection[:repositories]. left_join(:repositories_users, repository_id: :id). left_join(:users, ::Sequel[:users][:id] => :user_id).where(user_id: user[:id]). or(Sequel[:repositories][:auth_required] => false).order(::Sequel[:repositories][:name]) end end
insert_token(username, token, expire_at_string, clear_expired_tokens: true)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 194 def insert_token(username, token, expire_at_string, clear_expired_tokens: true) checksum = Digest::SHA256.hexdigest(token) user = Sequel::Model(database.connection[:users]).find_or_create(name: username) database.connection.transaction(isolation: :serializable, retry_on: [Sequel::SerializationFailure]) do database.connection[:authentication_tokens].where(:token_checksum => checksum).delete Sequel::Model(database.connection[:authentication_tokens]). create(token_checksum: checksum, expire_at: expire_at_string.to_s, user_id: user.id) return unless clear_expired_tokens database.connection[:authentication_tokens].where { expire_at < Sequel::CURRENT_TIMESTAMP }.delete end end
manifests(repository, tag, headers)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 45 def manifests(repository, tag, headers) uri = URI.parse( "#{@pulp_endpoint}/pulpcore_registry/v2/#{repository}/manifests/#{tag}" ) pulp_registry_request(uri, headers) end
ping(headers)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 40 def ping(headers) uri = URI.parse("#{@pulp_endpoint}/pulpcore_registry/v2/") pulp_registry_request(uri, headers) end
pulp_registry_request(uri, headers)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 24 def pulp_registry_request(uri, headers) http_client = Net::HTTP.new(uri.host, uri.port) http_client.ca_file = @pulp_client_ssl_ca http_client.cert = @pulp_client_ssl_cert http_client.key = @pulp_client_ssl_key http_client.use_ssl = true http_client.start do |http| request = Net::HTTP::Get.new uri headers.each do |key, value| request[key] = value end http.request request end end
token_user(token)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 182 def token_user(token) database.connection[:users][{ id: database.connection[:authentication_tokens].where(token_checksum: checksum(token)).select(:user_id) }] end
unauthenticated_repos()
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 101 def unauthenticated_repos database.connection[:repositories].where(auth_required: false).order(:name) end
update_repository_list(repo_list)
click to toggle source
Replaces the entire list of repositories
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 106 def update_repository_list(repo_list) # repositories_users cascades on deleting repositories (or users) database.connection.transaction(isolation: :serializable, retry_on: [Sequel::SerializationFailure]) do repository = database.connection[:repositories] repository.delete repository.import( %i[name auth_required], repo_list.map { |repo| [repo['repository'], repo['auth_required'].to_s.downcase == "true"] } ) end end
update_user_repo_mapping(user_repo_maps)
click to toggle source
Replaces the entire user-repo mapping for all logged-in users
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 120 def update_user_repo_mapping(user_repo_maps) # Get hash map of all users and their repositories # Ex: {"users"=> [{"admin"=>[{"repository"=>"repo", "auth_required"=>"true"}]}]} # Go through list of repositories and add them to the DB repositories = database.connection[:repositories] entries = user_repo_maps['users'].flat_map do |user_repo_map| user_repo_map.filter_map do |username, repos| user_repo_names = repos.filter { |repo| repo['auth_required'].to_s.downcase == "true" }.map do |repo| repo['repository'] end user = database.connection[:users][{ name: username }] repositories.where(name: user_repo_names, auth_required: true).select(:id).map { |repo| [repo[:id], user[:id]] } end end entries.flatten!(1) repositories_users = database.connection[:repositories_users] database.connection.transaction(isolation: :serializable, retry_on: [Sequel::SerializationFailure]) do repositories_users.delete repositories_users.import(%i[repository_id user_id], entries) end end
update_user_repositories(username, repositories)
click to toggle source
Replaces the user-repo mapping for a single user
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 145 def update_user_repositories(username, repositories) user = database.connection[:users][{ name: username }] user_repositories = database.connection[:repositories_users] database.connection.transaction(isolation: :serializable, retry_on: [Sequel::SerializationFailure], num_retries: 10) do user_repositories.where(user_id: user[:id]).delete user_repositories.import( %i[repository_id user_id], database.connection[:repositories].where(name: repositories, auth_required: true).select(:id).map do |repo| [repo[:id], user[:id]] end ) end end
v1_search(params = {})
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 73 def v1_search(params = {}) if params[:n].nil? || params[:n] == "" limit = 25 else limit = params[:n].to_i end return [] unless limit.positive? query = params[:q] query = nil if query == '' user = params[:user].nil? ? nil : database.connection[:users][{ name: params[:user] }] repositories = query ? catalog(user).grep(:name, "%#{query}%") : catalog(user) repositories.limit(limit).select_map(::Sequel[:repositories][:name]) end
valid_token?(token)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 188 def valid_token?(token) !database.connection[:authentication_tokens].where(token_checksum: checksum(token)).where do expire_at > Sequel::CURRENT_TIMESTAMP end.empty? end
Private Instance Methods
checksum(token)
click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 210 def checksum(token) Digest::SHA256.hexdigest(token) end