Introduce and use resto for registry operations. Remove save and ls.

[mnottale]

Signed-off-by: Matthieu Nottale matthieu.nottale@docker.com

- What I did

Use our own image-backing mechanism to handle registry interactions.
We win windows support, but we loose ls and save as the local docker daemon is bypassed entirely.
Compatibility is preserved with images pushed prior to this patch.

- How I did it

Introduce pkg/resto with registry operations, use it in place of the old system.

- How to verify it

e2e test suite should cover us.

- Description for the changelog

Windows users can now use the push operation, and use applications hosted on a registry.

- A picture of a cute animal (not mandatory but encouraged)

[codecov]

Codecov Report

Merging #314 into master will decrease coverage by 9.55%.
The diff coverage is 48.41%.

@@            Coverage Diff             @@
##           master     #314      +/-   ##
==========================================
- Coverage   62.87%   53.31%   -9.56%     
==========================================
  Files          61       49      -12     
  Lines        3189     2757     -432     
==========================================
- Hits         2005     1470     -535     
- Misses        944     1046     +102     
- Partials      240      241       +1

Impacted Files	Coverage Δ
cmd/docker-app/root.go	76.47% <ø> (-0.32%)	⬇️
internal/image/image.go	0% <ø> (-25.65%)	⬇️
cmd/docker-app/pull.go	0% <0%> (ø)	⬆️
pkg/resto/registry.go	32.18% <32.18%> (ø)
pkg/resto/resto.go	51.15% <51.15%> (ø)
internal/packager/extract.go	55.3% <60%> (-11.37%)	⬇️
internal/packager/registry.go	64.44% <70.27%> (-16.01%)	⬇️
internal/packager/init.go	51.23% <0%> (-14.71%)	⬇️
internal/helm/helm.go	55.32% <0%> (-7.43%)	⬇️
... and 35 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b83fb00...b939b8b. Read the comment docs.

[chris-crone]

Should we outright remove this now that we don't have push?

[mnottale]

We have push. Pull is in experimental for now.

[chris-crone]

Since there's a chance we miss an error from this function, would be good to make a Credentials struct and return that with an error or return string, string, error.

[chris-crone]

endpoint string -> endpoint

[chris-crone]

reponame string -> repoName

[chris-crone]

repoTag string -> repoTag

[chris-crone]

repoTag string -> repoTag

[chris-crone]

payload string, repoTag string -> payload, repoTag

[chris-crone]

repoTag string -> repoTag

[chris-crone]

Must also handle other errors here otherwise we never leave this loop.

[chris-crone]

Would be good to separate out the legacy and new modes into functions so that this is easier to follow

[vdemeester]

We should use a simpler signature for PullConfigMulti, with the required element as argument (like repotag above) and a config object for the rest.

func PullConfigMulti(ctx context.Context, reference string, options PullOptions) …

[vdemeester]

I really isn't clear what we're testing here (worst case scenario would be to extract this into a well named function)

[vdemeester]

🤔

[vdemeester]

The target will be in the *wrapped` error, so we don't need to add it to the message

errors.Wrap(err, "failed to write output file")

[vdemeester]

Could be simplified with

errors.Wrap(ioutil.WriteFile(target, []byte(v), 0644), "failed to write output file"))

(errors.Wrap will return nil if the err is nil)

[vdemeester]

That part too should be handled somewhere in the docker cli, we should use that.

[mnottale]

git-grepped for registry-1.docker.io, could not find the relevant bit

[vdemeester]

Couldn't we use what docker/docker provide and uses (i.e. pkg/archive) and what's done in docker/docker/distribution for pushing code.

[mnottale]

Won't make things any simpler from what I see of docker/docker/distribution's interface

[vdemeester]

Why ignoring the error here ?

[mnottale]

Because failure to obtain credentials is not an error. One might not need them if pushing to a plain registry.

[vdemeester]

Why do we do that ? 🤔

[mnottale]

because repotag does not contain the protocol to use

[vdemeester]

Same comment as Pull…

[thaJeztah]

This looks fishy; something failed (we don't know what), so leak credentials over plain http://?

[mnottale]

I changed it so that it drops credentials by default when fallbacking to http, and so that it fallbacks only if the error suggests we should.

[vdemeester]

Also, there is no unit tests at all for pkg/resto 😭

[thaJeztah]

This looks to be global configuration, which means that Docker Hub can be MITM'd; For comparison, the docker daemon requires each registry that is allowed to be accessed insecurely to be configured (through the --insecure-registry option).

For the cli, connecting to an insecure registry, there should be an option to set it for each action (e.g., similar to how docker manifest inspect has an --insecure flag)

[mnottale]

We are not a daemon though. By default docker-app/resto won't transmit credentials over an insecure channel unless this override environment variable is used.

[thaJeztah]

So, what will happen is that someone sets RESTO_INSECURE_AUTH=1 to test against a local registry, but now opens a major security hole by allowing insecure access all registries

[mnottale]

That seems an unlikely scenario.

[thaJeztah]

So is people doing chmod 777 /var/run/docker.sock, or sudo rm -rf /var/lib/docker

[mnottale]

I don't particularly intend to document this env variable, I see it more as an escape hatch in the unlikely scenario one user end up needing it. If that ever happens we will make sure to emphasis the advice to pass it directly on the command line and not to export it or god forbid add it to a .rc file.

[thaJeztah]

It's not an unlikely scenario moby/moby#8887, and it will happen; add this escape hatch, and there'll be no turning back

[justincormack]

Do not use InsecureSkipVerify. This should never be the default.

[mnottale]

It's not the default. It's disabled by default, and enabled by a cli argument.

[silvin-lubecki]

nit: missing end of line

[silvin-lubecki]

Related to @thaJeztah comment

[silvin-lubecki]

This 5 following lines should be extracted to a sub function, and should be tested

func getRepo(repotag string) string{
    repoComps := strings.Split(repotag, ":")
    // handle the case where a port was specified in the domain part of repotag
    if len(repoComps) == 3 || (len(repoComps) == 2 && strings.Contains(repoComps[1], "/")) {
        return repoComps[1]
    }
    return repoComps[0]
}

[vdemeester]

Not that distribution/reference might probably handle that case already 👼

[silvin-lubecki]

Use Mkdirall instead?

[mnottale]

Certainly not. I want an error if the path already exists, And I want an error if outputDir was not already created.

[silvin-lubecki]

Ok!

[silvin-lubecki]

At least log something instead of dropping it silently?

[silvin-lubecki]

Extract the following code to a subfunction ?

[mnottale]

20 lines called only once.

[silvin-lubecki]

It's more a matter of readability (or even reviewability 😄 )

[silvin-lubecki]

content := &bytes.Buffer{}

[mnottale]

That was voted the "least future-proof one-liner of the century" by an independent research team.

[silvin-lubecki]

Just reading the golang doc https://golang.org/pkg/bytes/#NewBuffer

In most cases, new(Buffer) (or just declaring a Buffer variable) is sufficient to initialize a Buffer.`

[mnottale]

They say it's sufficient, not that it's recommended.

[silvin-lubecki]

Why dropping the error?

[mnottale]

same as above, creds failure, not fatal

[silvin-lubecki]

At least log it in debug?

[silvin-lubecki]

Invert the conditions? It will be more readable:

if strings.Contains(err.Error(), "manifest invalid") || strings.Contains(err.Error(), "manifest Unknown") {
    return "", unsupportedMediaType{}
}
return "", err

Or even a switch could be nice:

switch{
case strings.Contains(err.Error(), "manifest invalid"):
    return "", unsupportedMediaType{}
case strings.Contains(err.Error(), "manifest Unknown"):
    return "", unsupportedMediaType{}
default:
    return "", err
}

[silvin-lubecki]

I don't understand this comment

[silvin-lubecki]

Please rebase 😇

[silvin-lubecki]

Also, there is no unit tests at all for pkg/resto 😭

+1

[vdemeester]

Not that distribution/reference might probably handle that case already 👼

[vdemeester]

Looking at some existing media type, this one should be something like application/vnd.docker.app.config.tar

[mnottale]

It's not app-specific, the aim is to target arbitrary config files with resto, and it's not a tarball.

[vdemeester]

then application/vnd.docker.config.tar (my point was mainly about the tar part)

[mnottale]

It's not a tar!

[vdemeester]

Also …

e2e test suite should cover us.

This is not really the case as the registry we use (either a local registry or the hub) do not seem to support the new media-type… so we're not really testing the new implementation, just the legacy behavior…

[mnottale]

Yes, short of spawning patched registries there is no way to test the 'mediatype' implementation. And there is no unit tests because the only thing resto does is pushing/pulling to registries, and I'm not spawning a registry in an unit test.

[silvin-lubecki]

Rename to ListRegistries (as you called the other one ListTags).

[silvin-lubecki]

LGTM

👼