class Proxy::ContainerGateway::ContainerGatewayMain

Attributes

database[R]

Public Class Methods

new(database:, pulp_endpoint:, pulp_client_ssl_ca:, pulp_client_ssl_cert:, pulp_client_ssl_key:) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 14
def initialize(database:, pulp_endpoint:, pulp_client_ssl_ca:, pulp_client_ssl_cert:, pulp_client_ssl_key:)
  @database = database
  @pulp_endpoint = pulp_endpoint
  @pulp_client_ssl_ca = pulp_client_ssl_ca
  @pulp_client_ssl_cert = OpenSSL::X509::Certificate.new(File.read(pulp_client_ssl_cert))
  @pulp_client_ssl_key = OpenSSL::PKey::RSA.new(
    File.read(pulp_client_ssl_key)
  )
end

Public Instance Methods

authorized_for_repo?(repo_name, user_token_is_valid, username = nil) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 163
def authorized_for_repo?(repo_name, user_token_is_valid, username = nil)
  repository = database.connection[:repositories][{ name: repo_name }]

  # Repository doesn't exist
  return false if repository.nil?

  # Repository doesn't require auth
  return true unless repository[:auth_required]

  if username && user_token_is_valid
    # User is logged in and has access to the repository
    return !database.connection[:repositories_users].where(
      repository_id: repository[:id], user_id: database.connection[:users].first(name: username)[:id]
    ).empty?
  end

  false
end
blobs(repository, digest, headers) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 52
def blobs(repository, digest, headers)
  uri = URI.parse(
    "#{@pulp_endpoint}/pulpcore_registry/v2/#{repository}/blobs/#{digest}"
  )
  pulp_registry_request(uri, headers)
end
catalog(user = nil) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 90
def catalog(user = nil)
  if user.nil?
    unauthenticated_repos
  else
    database.connection[:repositories].
      left_join(:repositories_users, repository_id: :id).
      left_join(:users, ::Sequel[:users][:id] => :user_id).where(user_id: user[:id]).
      or(Sequel[:repositories][:auth_required] => false).order(::Sequel[:repositories][:name])
  end
end
insert_token(username, token, expire_at_string, clear_expired_tokens: true) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 194
def insert_token(username, token, expire_at_string, clear_expired_tokens: true)
  checksum = Digest::SHA256.hexdigest(token)
  user = Sequel::Model(database.connection[:users]).find_or_create(name: username)

  database.connection.transaction(isolation: :serializable, retry_on: [Sequel::SerializationFailure]) do
    database.connection[:authentication_tokens].where(:token_checksum => checksum).delete
    Sequel::Model(database.connection[:authentication_tokens]).
      create(token_checksum: checksum, expire_at: expire_at_string.to_s, user_id: user.id)
    return unless clear_expired_tokens

    database.connection[:authentication_tokens].where { expire_at < Sequel::CURRENT_TIMESTAMP }.delete
  end
end
manifests(repository, tag, headers) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 45
def manifests(repository, tag, headers)
  uri = URI.parse(
    "#{@pulp_endpoint}/pulpcore_registry/v2/#{repository}/manifests/#{tag}"
  )
  pulp_registry_request(uri, headers)
end
ping(headers) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 40
def ping(headers)
  uri = URI.parse("#{@pulp_endpoint}/pulpcore_registry/v2/")
  pulp_registry_request(uri, headers)
end
pulp_registry_request(uri, headers) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 24
def pulp_registry_request(uri, headers)
  http_client = Net::HTTP.new(uri.host, uri.port)
  http_client.ca_file = @pulp_client_ssl_ca
  http_client.cert = @pulp_client_ssl_cert
  http_client.key = @pulp_client_ssl_key
  http_client.use_ssl = true

  http_client.start do |http|
    request = Net::HTTP::Get.new uri
    headers.each do |key, value|
      request[key] = value
    end
    http.request request
  end
end
tags(repository, headers, params = {}) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 59
def tags(repository, headers, params = {})
  query = "?"
  unless params[:n].nil? || params[:n] == ""
    query = "#{query}n=#{params[:n]}"
    query = "#{query}&" unless params[:last].nil?
  end
  query = "#{query}last=#{params[:last]}" unless params[:last].nil? || params[:last] == ""

  uri = URI.parse(
    "#{@pulp_endpoint}/pulpcore_registry/v2/#{repository}/tags/list#{query}"
  )
  pulp_registry_request(uri, headers)
end
token_user(token) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 182
def token_user(token)
  database.connection[:users][{
    id: database.connection[:authentication_tokens].where(token_checksum: checksum(token)).select(:user_id)
  }]
end
unauthenticated_repos() click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 101
def unauthenticated_repos
  database.connection[:repositories].where(auth_required: false).order(:name)
end
update_repository_list(repo_list) click to toggle source

Replaces the entire list of repositories

# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 106
def update_repository_list(repo_list)
  # repositories_users cascades on deleting repositories (or users)
  database.connection.transaction(isolation: :serializable, retry_on: [Sequel::SerializationFailure]) do
    repository = database.connection[:repositories]
    repository.delete

    repository.import(
      %i[name auth_required],
      repo_list.map { |repo| [repo['repository'], repo['auth_required'].to_s.downcase == "true"] }
    )
  end
end
update_user_repo_mapping(user_repo_maps) click to toggle source

Replaces the entire user-repo mapping for all logged-in users

# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 120
def update_user_repo_mapping(user_repo_maps)
  # Get hash map of all users and their repositories
  # Ex: {"users"=> [{"admin"=>[{"repository"=>"repo", "auth_required"=>"true"}]}]}
  # Go through list of repositories and add them to the DB
  repositories = database.connection[:repositories]

  entries = user_repo_maps['users'].flat_map do |user_repo_map|
    user_repo_map.filter_map do |username, repos|
      user_repo_names = repos.filter { |repo| repo['auth_required'].to_s.downcase == "true" }.map do |repo|
        repo['repository']
      end
      user = database.connection[:users][{ name: username }]
      repositories.where(name: user_repo_names, auth_required: true).select(:id).map { |repo| [repo[:id], user[:id]] }
    end
  end
  entries.flatten!(1)

  repositories_users = database.connection[:repositories_users]
  database.connection.transaction(isolation: :serializable, retry_on: [Sequel::SerializationFailure]) do
    repositories_users.delete
    repositories_users.import(%i[repository_id user_id], entries)
  end
end
update_user_repositories(username, repositories) click to toggle source

Replaces the user-repo mapping for a single user

# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 145
def update_user_repositories(username, repositories)
  user = database.connection[:users][{ name: username }]

  user_repositories = database.connection[:repositories_users]
  database.connection.transaction(isolation: :serializable,
                                  retry_on: [Sequel::SerializationFailure],
                                  num_retries: 10) do
    user_repositories.where(user_id: user[:id]).delete

    user_repositories.import(
      %i[repository_id user_id],
      database.connection[:repositories].where(name: repositories, auth_required: true).select(:id).map do |repo|
        [repo[:id], user[:id]]
      end
    )
  end
end
valid_token?(token) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 188
def valid_token?(token)
  !database.connection[:authentication_tokens].where(token_checksum: checksum(token)).where do
    expire_at > Sequel::CURRENT_TIMESTAMP
  end.empty?
end

Private Instance Methods

checksum(token) click to toggle source
# File lib/smart_proxy_container_gateway/container_gateway_main.rb, line 210
def checksum(token)
  Digest::SHA256.hexdigest(token)
end