Commit 53727c9c authored by David Fernandez's avatar David Fernandez

Avoid a container registry ping

on #supports_tag_delete?, we can early return true if we know
that we are .com and the current container registry features in
the settings includes the registry tag delete feature.
parent be72766d
---
title: Improve the container registry client tags delete method
merge_request: 46989
author:
type: changed
...@@ -15,6 +15,7 @@ module ContainerRegistry ...@@ -15,6 +15,7 @@ module ContainerRegistry
CONTAINER_IMAGE_V1_TYPE = 'application/vnd.docker.container.image.v1+json' CONTAINER_IMAGE_V1_TYPE = 'application/vnd.docker.container.image.v1+json'
REGISTRY_VERSION_HEADER = 'gitlab-container-registry-version' REGISTRY_VERSION_HEADER = 'gitlab-container-registry-version'
REGISTRY_FEATURES_HEADER = 'gitlab-container-registry-features' REGISTRY_FEATURES_HEADER = 'gitlab-container-registry-features'
REGISTRY_TAG_DELETE_FEATURE = 'tag_delete'
ACCEPTED_TYPES = [DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE, OCI_MANIFEST_V1_TYPE].freeze ACCEPTED_TYPES = [DOCKER_DISTRIBUTION_MANIFEST_V2_TYPE, OCI_MANIFEST_V1_TYPE].freeze
...@@ -25,8 +26,6 @@ module ContainerRegistry ...@@ -25,8 +26,6 @@ module ContainerRegistry
registry_config = Gitlab.config.registry registry_config = Gitlab.config.registry
return false unless registry_config.enabled && registry_config.api_url.present? return false unless registry_config.enabled && registry_config.api_url.present?
return true if ::Gitlab.com?
token = Auth::ContainerRegistryAuthenticationService.access_token([], []) token = Auth::ContainerRegistryAuthenticationService.access_token([], [])
client = new(registry_config.api_url, token: token) client = new(registry_config.api_url, token: token)
client.supports_tag_delete? client.supports_tag_delete?
...@@ -81,6 +80,9 @@ module ContainerRegistry ...@@ -81,6 +80,9 @@ module ContainerRegistry
# the DELETE method in the Allow header. Others reply with an 404 Not Found. # the DELETE method in the Allow header. Others reply with an 404 Not Found.
def supports_tag_delete? def supports_tag_delete?
strong_memoize(:supports_tag_delete) do strong_memoize(:supports_tag_delete) do
registry_features = Gitlab::CurrentSettings.container_registry_features || []
next true if ::Gitlab.com? && registry_features.include?(REGISTRY_TAG_DELETE_FEATURE)
response = faraday.run_request(:options, '/v2/name/tags/reference/tag', '', {}) response = faraday.run_request(:options, '/v2/name/tags/reference/tag', '', {})
response.success? && response.headers['allow']&.include?('DELETE') response.success? && response.headers['allow']&.include?('DELETE')
end end
......
...@@ -3,9 +3,12 @@ ...@@ -3,9 +3,12 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe ContainerRegistry::Client do RSpec.describe ContainerRegistry::Client do
using RSpec::Parameterized::TableSyntax
let(:token) { '12345' } let(:token) { '12345' }
let(:options) { { token: token } } let(:options) { { token: token } }
let(:client) { described_class.new("http://container-registry", options) } let(:registry_api_url) { 'http://container-registry' }
let(:client) { described_class.new(registry_api_url, options) }
let(:push_blob_headers) do let(:push_blob_headers) do
{ {
'Accept' => 'application/vnd.docker.distribution.manifest.v2+json, application/vnd.oci.image.manifest.v1+json', 'Accept' => 'application/vnd.docker.distribution.manifest.v2+json, application/vnd.oci.image.manifest.v1+json',
...@@ -101,16 +104,6 @@ RSpec.describe ContainerRegistry::Client do ...@@ -101,16 +104,6 @@ RSpec.describe ContainerRegistry::Client do
end end
end end
def stub_upload(path, content, digest, status = 200)
stub_request(:post, "http://container-registry/v2/#{path}/blobs/uploads/")
.with(headers: headers_with_accept_types)
.to_return(status: status, body: "", headers: { 'location' => 'http://container-registry/next_upload?id=someid' })
stub_request(:put, "http://container-registry/next_upload?digest=#{digest}&id=someid")
.with(body: content, headers: push_blob_headers)
.to_return(status: status, body: "", headers: {})
end
describe '#upload_blob' do describe '#upload_blob' do
subject { client.upload_blob('path', 'content', 'sha256:123') } subject { client.upload_blob('path', 'content', 'sha256:123') }
...@@ -221,28 +214,36 @@ RSpec.describe ContainerRegistry::Client do ...@@ -221,28 +214,36 @@ RSpec.describe ContainerRegistry::Client do
describe '#supports_tag_delete?' do describe '#supports_tag_delete?' do
subject { client.supports_tag_delete? } subject { client.supports_tag_delete? }
context 'when the server supports tag deletion' do where(:registry_tags_support_enabled, :is_on_dot_com, :container_registry_features, :expect_registry_to_be_pinged, :expected_result) do
before do true | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | true
stub_request(:options, "http://container-registry/v2/name/tags/reference/tag") true | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | true | true
.to_return(status: 200, body: "", headers: { 'Allow' => 'DELETE' }) true | true | [] | true | true
end true | false | [] | true | true
false | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | true
it { is_expected.to be_truthy } false | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | true | false
false | true | [] | true | false
false | false | [] | true | false
end end
context 'when the server does not support tag deletion' do with_them do
before do before do
stub_request(:options, "http://container-registry/v2/name/tags/reference/tag") allow(::Gitlab).to receive(:com?).and_return(is_on_dot_com)
.to_return(status: 404, body: "") stub_registry_tags_support(registry_tags_support_enabled)
stub_application_setting(container_registry_features: container_registry_features)
end end
it { is_expected.to be_falsey } it 'returns the expected result' do
end if expect_registry_to_be_pinged
end expect_next_instance_of(Faraday::Connection) do |connection|
expect(connection).to receive(:run_request).and_call_original
end
else
expect(Faraday::Connection).not_to receive(:new)
end
def stub_registry_info(headers: {}, status: 200) expect(subject).to be expected_result
stub_request(:get, 'http://container-registry/v2/') end
.to_return(status: status, body: "", headers: headers) end
end end
describe '#registry_info' do describe '#registry_info' do
...@@ -291,55 +292,87 @@ RSpec.describe ContainerRegistry::Client do ...@@ -291,55 +292,87 @@ RSpec.describe ContainerRegistry::Client do
end end
describe '.supports_tag_delete?' do describe '.supports_tag_delete?' do
let(:registry_enabled) { true }
let(:registry_api_url) { 'http://sandbox.local' }
let(:registry_tags_support_enabled) { true }
let(:is_on_dot_com) { false }
subject { described_class.supports_tag_delete? } subject { described_class.supports_tag_delete? }
before do where(:registry_api_url, :registry_enabled, :registry_tags_support_enabled, :is_on_dot_com, :container_registry_features, :expect_registry_to_be_pinged, :expected_result) do
allow(::Gitlab).to receive(:com?).and_return(is_on_dot_com) 'http://sandbox.local' | true | true | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | true
stub_container_registry_config(enabled: registry_enabled, api_url: registry_api_url, key: 'spec/fixtures/x509_certificate_pk.key') 'http://sandbox.local' | true | true | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | true | true
stub_registry_tags_support(registry_tags_support_enabled) 'http://sandbox.local' | true | false | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | true
'http://sandbox.local' | true | false | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | true | false
'http://sandbox.local' | false | true | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'http://sandbox.local' | false | true | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'http://sandbox.local' | false | false | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'http://sandbox.local' | false | false | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'http://sandbox.local' | true | true | true | [] | true | true
'http://sandbox.local' | true | true | false | [] | true | true
'http://sandbox.local' | true | false | true | [] | true | false
'http://sandbox.local' | true | false | false | [] | true | false
'http://sandbox.local' | false | true | true | [] | false | false
'http://sandbox.local' | false | true | false | [] | false | false
'http://sandbox.local' | false | false | true | [] | false | false
'http://sandbox.local' | false | false | false | [] | false | false
'' | true | true | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'' | true | true | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'' | true | false | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'' | true | false | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'' | false | true | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'' | false | true | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'' | false | false | true | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'' | false | false | false | [ContainerRegistry::Client::REGISTRY_TAG_DELETE_FEATURE] | false | false
'' | true | true | true | [] | false | false
'' | true | true | false | [] | false | false
'' | true | false | true | [] | false | false
'' | true | false | false | [] | false | false
'' | false | true | true | [] | false | false
'' | false | true | false | [] | false | false
'' | false | false | true | [] | false | false
'' | false | false | false | [] | false | false
end end
context 'with the registry enabled' do with_them do
it { is_expected.to be true } before do
allow(::Gitlab).to receive(:com?).and_return(is_on_dot_com)
context 'without an api url' do stub_container_registry_config(enabled: registry_enabled, api_url: registry_api_url, key: 'spec/fixtures/x509_certificate_pk.key')
let(:registry_api_url) { '' } stub_registry_tags_support(registry_tags_support_enabled)
stub_application_setting(container_registry_features: container_registry_features)
it { is_expected.to be false }
end
context 'on .com' do
let(:is_on_dot_com) { true }
it { is_expected.to be true }
end end
context 'when registry server does not support tag deletion' do it 'returns the expected result' do
let(:registry_tags_support_enabled) { false } if expect_registry_to_be_pinged
expect_next_instance_of(Faraday::Connection) do |connection|
expect(connection).to receive(:run_request).and_call_original
end
else
expect(Faraday::Connection).not_to receive(:new)
end
it { is_expected.to be false } expect(subject).to be expected_result
end end
end end
end
def stub_upload(path, content, digest, status = 200)
stub_request(:post, "#{registry_api_url}/v2/#{path}/blobs/uploads/")
.with(headers: headers_with_accept_types)
.to_return(status: status, body: "", headers: { 'location' => "#{registry_api_url}/next_upload?id=someid" })
context 'with the registry disabled' do stub_request(:put, "#{registry_api_url}/next_upload?digest=#{digest}&id=someid")
let(:registry_enabled) { false } .with(body: content, headers: push_blob_headers)
.to_return(status: status, body: "", headers: {})
end
it { is_expected.to be false } def stub_registry_info(headers: {}, status: 200)
end stub_request(:get, "#{registry_api_url}/v2/")
.to_return(status: status, body: "", headers: headers)
end
def stub_registry_tags_support(supported = true) def stub_registry_tags_support(supported = true)
status_code = supported ? 200 : 404 status_code = supported ? 200 : 404
stub_request(:options, "#{registry_api_url}/v2/name/tags/reference/tag") stub_request(:options, "#{registry_api_url}/v2/name/tags/reference/tag")
.to_return( .to_return(
status: status_code, status: status_code,
body: '', body: '',
headers: { 'Allow' => 'DELETE' } headers: { 'Allow' => 'DELETE' }
) )
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment