Project

Profile

Help

Story #3857

closed

As a user, i want Crane to be able to serve Docker registry content directly as well as be alble to use redirects

Added by dag over 5 years ago. Updated almost 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
2.18.0
Target Release - Crane:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Problem

Pulp allows to distribute Docker content via rsync to a remote server. There is a possible scenario where a Crane instance is running on this remote server to provide a local Docker registry.

Currently in this scenario Crane would serve 302 redirects to the actual files served by a web server on the same machine.

This creates a problem when trying to restrict access to these files:

  • The Docker client is able to handle basic authentication, when accessing a registry. However when the Docker client follows a redirect it seems to forget any authentication data. Thus with Crane it is possible to restrict access to the 302 redirects but not to the actual files.

Solution

  • Add an option to Crane to either serve Files locally or provide redirects.
  • Use "X-Sendfile" support of flask when serving locally.
  • Support V1 and V2 Docker API versions

Also available in: Atom PDF