-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
144 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package imageserver | ||
|
||
import ( | ||
docker "github.com/fsouza/go-dockerclient" | ||
) | ||
|
||
// ImageServer abstracts the serving of image information. | ||
type ImageServer interface { | ||
// ServeImage Serves the image | ||
ServeImage(imageMetadata *docker.Image) error | ||
} | ||
|
||
// APIVersions holds a slice of supported API versions. | ||
type APIVersions struct { | ||
// Versions is the supported API versions | ||
Versions []string `json:"versions"` | ||
} | ||
|
||
// ImageServerOptions is used to configure an image server. | ||
type ImageServerOptions struct { | ||
// ServePath is the root path/port of serving. ex 0.0.0.0:8080 | ||
ServePath string | ||
// HealthzURL is the relative url of the health check. ex /healthz | ||
HealthzURL string | ||
// APIURL is the relative url where the api will be served. ex /api | ||
APIURL string | ||
// APIVersions are the supported API versions. | ||
APIVersions APIVersions | ||
// MetadataURL is the relative url of the metadata content. ex /api/v1/metadata | ||
MetadataURL string | ||
// ContentURL is the relative url of the content. ex /api/v1/content/ | ||
ContentURL string | ||
// ImageServeURL is the location that the image is being served from. | ||
// NOTE: if the image server supports a chroot the server implementation will perform | ||
// the chroot based on this URL. | ||
ImageServeURL string | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
package imageserver | ||
|
||
import ( | ||
"fmt" | ||
"log" | ||
"syscall" | ||
"net/http" | ||
"encoding/json" | ||
|
||
"golang.org/x/net/webdav" | ||
|
||
docker "github.com/fsouza/go-dockerclient" | ||
) | ||
|
||
const ( | ||
// CHROOT_SERVE_PATH is the path to server if we are performing a chroot | ||
// this probably does not belong here. | ||
CHROOT_SERVE_PATH = "/" | ||
) | ||
|
||
// webdavImageServer implements ImageServer. | ||
type webdavImageServer struct { | ||
opts ImageServerOptions | ||
chroot bool | ||
} | ||
|
||
// ensures this always implements the interface or fail compilation. | ||
var _ ImageServer = &webdavImageServer{} | ||
|
||
// NewWebdavImageServer creates a new webdav image server. | ||
func NewWebdavImageServer(opts ImageServerOptions, chroot bool) ImageServer { | ||
return &webdavImageServer{ | ||
opts: opts, | ||
chroot: chroot, | ||
} | ||
} | ||
|
||
// ServeImage Serves the image. | ||
func (s *webdavImageServer) ServeImage(imageMetadata *docker.Image) error { | ||
servePath := s.opts.ImageServeURL | ||
if s.chroot { | ||
if err := syscall.Chroot(s.opts.ImageServeURL); err != nil { | ||
return fmt.Errorf("Unable to chroot into %s: %v\n", s.opts.ImageServeURL, err) | ||
} | ||
servePath = CHROOT_SERVE_PATH | ||
} else { | ||
log.Printf("!!!WARNING!!! It is insecure to serve the image content without changing") | ||
log.Printf("root (--chroot). Absolute-path symlinks in the image can lead to disclose") | ||
log.Printf("information of the hosting system.") | ||
} | ||
|
||
log.Printf("Serving image content %s on webdav://%s%s", s.opts.ImageServeURL, s.opts.ServePath, s.opts.ContentURL) | ||
|
||
http.HandleFunc(s.opts.HealthzURL, func(w http.ResponseWriter, r *http.Request) { | ||
w.Write([]byte("ok\n")) | ||
}) | ||
|
||
http.HandleFunc(s.opts.APIURL, func(w http.ResponseWriter, r *http.Request) { | ||
body, err := json.MarshalIndent(s.opts.APIVersions, "", " ") | ||
if err != nil { | ||
http.Error(w, err.Error(), http.StatusInternalServerError) | ||
return | ||
} | ||
w.Write(body) | ||
}) | ||
|
||
http.HandleFunc(s.opts.MetadataURL, func(w http.ResponseWriter, r *http.Request) { | ||
body, err := json.MarshalIndent(imageMetadata, "", " ") | ||
if err != nil { | ||
http.Error(w, err.Error(), http.StatusInternalServerError) | ||
return | ||
} | ||
w.Write(body) | ||
}) | ||
|
||
http.Handle(s.opts.ContentURL, &webdav.Handler{ | ||
Prefix: s.opts.ContentURL, | ||
FileSystem: webdav.Dir(servePath), | ||
LockSystem: webdav.NewMemLS(), | ||
}) | ||
|
||
return http.ListenAndServe(s.opts.ServePath, nil) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters