[libvirt] [PATCH sandbox] docker: don't assume X-Docker-Token is set
The Red Hat docker registry (registry.access.redhat.com) does not set any X-Docker-Token HTTP header in its responses. Change the code so it only passes around this header if it is actually present. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- libvirt-sandbox/image/sources/DockerSource.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libvirt-sandbox/image/sources/DockerSource.py b/libvirt-sandbox/image/sources/DockerSource.py index f367c8f..78b2a53 100644 --- a/libvirt-sandbox/image/sources/DockerSource.py +++ b/libvirt-sandbox/image/sources/DockerSource.py @@ -83,10 +83,14 @@ class DockerSource(Source): checksums = {} for layer in data: pass + + headers = {} + if token is not None: + headers["Authorization"] = "Token" + token (data, res) = self._get_json(template, registryendpoint, "/v1/repositories" + template.path + "/tags", - { "Authorization": "Token " + token }) + headers) cookie = res.info().getheader('Set-Cookie') @@ -98,7 +102,7 @@ class DockerSource(Source): (data, res) = self._get_json(template, registryendpoint, "/v1/images/" + imagetagid + "/ancestry", - { "Authorization": "Token "+ token }) + headers) if data[0] != imagetagid: raise ValueError(["Expected first layer id '%s' to match image id '%s'", @@ -121,7 +125,7 @@ class DockerSource(Source): res = self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/json", - { "Authorization": "Token " + token }, + headers, jsonfile) createdFiles.append(jsonfile) @@ -134,7 +138,7 @@ class DockerSource(Source): self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/layer", - { "Authorization": "Token "+token }, + headers, datafile, datacsum, layersize) createdFiles.append(datafile) -- 2.4.3
On Mon, 2015-09-21 at 15:12 +0100, Daniel P. Berrange wrote:
The Red Hat docker registry (registry.access.redhat.com) does not set any X-Docker-Token HTTP header in its responses. Change the code so it only passes around this header if it is actually present.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- libvirt-sandbox/image/sources/DockerSource.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libvirt-sandbox/image/sources/DockerSource.py b/libvirt-sandbox/image/sources/DockerSource.py index f367c8f..78b2a53 100644 --- a/libvirt-sandbox/image/sources/DockerSource.py +++ b/libvirt-sandbox/image/sources/DockerSource.py @@ -83,10 +83,14 @@ class DockerSource(Source): checksums = {} for layer in data: pass + + headers = {} + if token is not None: + headers["Authorization"] = "Token" + token (data, res) = self._get_json(template, registryendpoint, "/v1/repositories" + template.path + "/tags", - { "Authorization": "Token " + token }) + headers)
cookie = res.info().getheader('Set-Cookie')
@@ -98,7 +102,7 @@ class DockerSource(Source): (data, res) = self._get_json(template, registryendpoint, "/v1/images/" + imagetagid + "/ancestry", - { "Authorization": "Token "+ token }) + headers)
if data[0] != imagetagid: raise ValueError(["Expected first layer id '%s' to match image id '%s'", @@ -121,7 +125,7 @@ class DockerSource(Source): res = self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/json", - { "Authorization": "Token " + token }, + headers, jsonfile) createdFiles.append(jsonfile)
@@ -134,7 +138,7 @@ class DockerSource(Source): self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/layer", - { "Authorization": "Token "+token }, + headers, datafile, datacsum, layersize) createdFiles.append(datafile)
ACK -- Cedric
On Mon, 2015-09-21 at 22:12 +0200, Cedric Bosdonnat wrote:
On Mon, 2015-09-21 at 15:12 +0100, Daniel P. Berrange wrote:
The Red Hat docker registry (registry.access.redhat.com) does not set any X-Docker-Token HTTP header in its responses. Change the code so it only passes around this header if it is actually present.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- libvirt-sandbox/image/sources/DockerSource.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libvirt-sandbox/image/sources/DockerSource.py b/libvirt-sandbox/image/sources/DockerSource.py index f367c8f..78b2a53 100644 --- a/libvirt-sandbox/image/sources/DockerSource.py +++ b/libvirt-sandbox/image/sources/DockerSource.py @@ -83,10 +83,14 @@ class DockerSource(Source): checksums = {} for layer in data: pass + + headers = {} + if token is not None: + headers["Authorization"] = "Token" + token (data, res) = self._get_json(template, registryendpoint, "/v1/repositories" + template.path + "/tags", - { "Authorization": "Token " + token }) + headers)
cookie = res.info().getheader('Set-Cookie')
@@ -98,7 +102,7 @@ class DockerSource(Source): (data, res) = self._get_json(template, registryendpoint, "/v1/images/" + imagetagid + "/ancestry", - { "Authorization": "Token "+ token }) + headers)
if data[0] != imagetagid: raise ValueError(["Expected first layer id '%s' to match image id '%s'", @@ -121,7 +125,7 @@ class DockerSource(Source): res = self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/json", - { "Authorization": "Token " + token }, + headers, jsonfile) createdFiles.append(jsonfile)
@@ -134,7 +138,7 @@ class DockerSource(Source): self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/layer", - { "Authorization": "Token "+token }, + headers, datafile, datacsum, layersize) createdFiles.append(datafile)
ACK
Hum, after some real life testing, I'm getting an error from the default docker registry with this patch: Fetching https://registry-1.docker.io/v1/repositories/opensuse/tags...FAIL HTTP Error 401: UNAUTHORIZED -- Cedric
On Tue, Sep 22, 2015 at 09:10:48AM +0200, Cedric Bosdonnat wrote:
On Mon, 2015-09-21 at 22:12 +0200, Cedric Bosdonnat wrote:
On Mon, 2015-09-21 at 15:12 +0100, Daniel P. Berrange wrote:
The Red Hat docker registry (registry.access.redhat.com) does not set any X-Docker-Token HTTP header in its responses. Change the code so it only passes around this header if it is actually present.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- libvirt-sandbox/image/sources/DockerSource.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libvirt-sandbox/image/sources/DockerSource.py b/libvirt-sandbox/image/sources/DockerSource.py index f367c8f..78b2a53 100644 --- a/libvirt-sandbox/image/sources/DockerSource.py +++ b/libvirt-sandbox/image/sources/DockerSource.py @@ -83,10 +83,14 @@ class DockerSource(Source): checksums = {} for layer in data: pass + + headers = {} + if token is not None: + headers["Authorization"] = "Token" + token (data, res) = self._get_json(template, registryendpoint, "/v1/repositories" + template.path + "/tags", - { "Authorization": "Token " + token }) + headers)
cookie = res.info().getheader('Set-Cookie')
@@ -98,7 +102,7 @@ class DockerSource(Source): (data, res) = self._get_json(template, registryendpoint, "/v1/images/" + imagetagid + "/ancestry", - { "Authorization": "Token "+ token }) + headers)
if data[0] != imagetagid: raise ValueError(["Expected first layer id '%s' to match image id '%s'", @@ -121,7 +125,7 @@ class DockerSource(Source): res = self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/json", - { "Authorization": "Token " + token }, + headers, jsonfile) createdFiles.append(jsonfile)
@@ -134,7 +138,7 @@ class DockerSource(Source): self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/layer", - { "Authorization": "Token "+token }, + headers, datafile, datacsum, layersize) createdFiles.append(datafile)
ACK
Hum, after some real life testing, I'm getting an error from the default docker registry with this patch:
Fetching https://registry-1.docker.io/v1/repositories/opensuse/tags...FAIL HTTP Error 401: UNAUTHORIZED
Hmm, that's peculiar, I'll investigate, but I don't see what I screwed up so far.... Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On Tue, Sep 22, 2015 at 09:10:48AM +0200, Cedric Bosdonnat wrote:
On Mon, 2015-09-21 at 22:12 +0200, Cedric Bosdonnat wrote:
On Mon, 2015-09-21 at 15:12 +0100, Daniel P. Berrange wrote:
The Red Hat docker registry (registry.access.redhat.com) does not set any X-Docker-Token HTTP header in its responses. Change the code so it only passes around this header if it is actually present.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- libvirt-sandbox/image/sources/DockerSource.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libvirt-sandbox/image/sources/DockerSource.py b/libvirt-sandbox/image/sources/DockerSource.py index f367c8f..78b2a53 100644 --- a/libvirt-sandbox/image/sources/DockerSource.py +++ b/libvirt-sandbox/image/sources/DockerSource.py @@ -83,10 +83,14 @@ class DockerSource(Source): checksums = {} for layer in data: pass + + headers = {} + if token is not None: + headers["Authorization"] = "Token" + token
I accidentally lost the trailing space after the word "Token"
(data, res) = self._get_json(template, registryendpoint, "/v1/repositories" + template.path + "/tags", - { "Authorization": "Token " + token }) + headers)
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Cedric Bosdonnat -
Daniel P. Berrange