def _check_image(self): if self._new_charts_image is None: return False address = self._new_charts_image.split("/") if len(address) != 3: logger.error("The format of the image %s can not be converted" % self._new_charts_image) return False try: ip, namespace, repository, tag = address[0], address[1], address[ 2].split(":")[0], address[2].split(":")[1] except Exception as e: logger.error("The format of the image %s can not be converted" % self._new_charts_image) return False try: client = DockerRegistryClient("https://" + ip, verify_ssl=False) charts_repo = client.repository(repository, namespace) charts_tags = charts_repo.tags() if tag in charts_tags: logger.info("Find image: " + self._new_charts_image) return True else: logger.error("Could not find image: " + self._new_charts_image) return False except Exception as e: logger.error("Image query failed: {}".format( self._new_charts_image)) return False
def get_tags(repository): if '/' in sys.argv[1]: registry, repository = repository.split('/', 1) else: registry, repository = \ 'docker.io', 'library/{}'.format(repository) if 'docker.io' in registry: # XXX: more magic hackery from six.moves.urllib.parse import urlsplit REGISTRY_SERVICE_URL = "https://registry.docker.io" HOST_SERVICE_URL = "https://registry-1.docker.io" AUTH_SERVICE_URL = "https://auth.docker.io" client = DockerRegistryClient(HOST_SERVICE_URL, api_version=2, auth_service_url=AUTH_SERVICE_URL) client._base_client.auth.registry = urlsplit( REGISTRY_SERVICE_URL).netloc else: client = DockerRegistryClient("https://{}".format(registry), api_version=2) repo = client.repository(repository) tags = repo.tags() # sort tags = ['.'.join(tag) for tag in sorted([tag.split('.') for tag in tags])] return tags
def scan_registry(registry_url): """Scan the docker registry and import the layers into Neo4J.""" client = DockerRegistryClient(registry_url) try: repositories = client.repositories() except requests.HTTPError as e: if e.response.status_code == requests.codes.not_found: print("Catalog/Search not supported") else: raise else: print("Repositories:") for repository in repositories: repo = client.repository(repository) for tag in repo.tags(): print("%s/%s:%s" % (registry_url, repository, tag)) assert client.api_version in [1, 2] if client.api_version == 2: manifest, digest = repo.manifest(tag) layers = list(map(get_hash, manifest["fsLayers"])) else: image = repo.image(tag) image_json = image.get_json() layers = list(map(get_hash, image_json["fsLayers"])) layer_fingerprint = "".join(layers) with neo4j.session() as session: session.run( "MERGE ( i:Image {url: '%s', repo: '%s', tag: '%s'}) SET i.fingerprint='%s' " % (registry_url, repository, tag, layer_fingerprint))
def test_repositories(self, version, namespace): url = mock_registry(version) client = DockerRegistryClient(url) repositories = client.repositories(TEST_NAMESPACE) assert len(repositories) == 1 assert TEST_NAME in repositories repository = repositories[TEST_NAME] assert repository.name == "%s/%s" % (TEST_NAMESPACE, TEST_REPO)
def test_repository_tags(self, version): url = mock_registry(version) client = DockerRegistryClient(url) repositories = client.repositories(TEST_NAMESPACE) assert TEST_NAME in repositories repository = repositories[TEST_NAME] tags = repository.tags() assert len(tags) == 1 assert TEST_TAG in tags
def test_api_version(self, client_api_version, registry_api_version, should_succeed): url = mock_registry(registry_api_version) if should_succeed: client = DockerRegistryClient(url, api_version=client_api_version) assert client.api_version == client_api_version else: with pytest.raises(HTTPError): client = DockerRegistryClient(url, api_version=client_api_version) client.refresh()
def get_docker_image_labels(image): """ Get labels from docker image :param image: docker image :type image: str :return: dict[str, Any] -- image labels """ LOGGER.info('Getting labels for {} image'.format(image)) image_attributes = parse_docker_image_url(image) # Get nexus registry host from ENV or image url try: if image_attributes.host == os.getenv('MODEL_IMAGES_REGISTRY_HOST'): registry_host = os.getenv(legion.config.NEXUS_DOCKER_REGISTRY[0]) else: if urllib3.util.parse_url(image_attributes.host).port == 443: registry_host = 'https://{}'.format(image_attributes.host) else: registry_host = 'http://{}'.format(image_attributes.host) except Exception as err: LOGGER.error( 'Can\'t get registry host neither from ENV nor from image URL: {}'. format(err)) raise err try: registry_client = DockerRegistryClient( host=registry_host, username=os.getenv(*legion.config.DOCKER_REGISTRY_USER), password=os.getenv(*legion.config.DOCKER_REGISTRY_PASSWORD), api_version=2) manifest = registry_client.repository(image_attributes.repo).manifest( image_attributes.ref) labels = json.loads(manifest[0]["history"][0] ["v1Compatibility"])["container_config"]["Labels"] except Exception as err: raise Exception('Can\'t get image labels for {} image: {}'.format( image, err)) required_headers = [ legion.containers.headers.DOMAIN_MODEL_ID, legion.containers.headers.DOMAIN_MODEL_VERSION, legion.containers.headers.DOMAIN_CONTAINER_TYPE ] if any(header not in labels for header in required_headers): raise Exception( 'Missed one of %s labels. Available labels: %s' % (', '.join(required_headers), ', '.join(tuple(labels.keys())))) return labels
def run(self): args = self.parser.parse_args() basic_config_args = {} if args.verbose: basic_config_args['level'] = logging.DEBUG elif args.quiet: basic_config_args['level'] = logging.WARNING logging.basicConfig(**basic_config_args) kwargs = { 'username': args.username, 'password': args.password, } if args.api_version: kwargs['api_version'] = args.api_version client = DockerRegistryClient( args.registry[0], auth_service_url=args.authorization_service, verify_ssl=args.verify_ssl, **kwargs) if args.repository: if args.ref: self.show_manifest(client, args.repository, args.ref) else: self.show_tags(client, args.repository) else: self.show_repositories(client)
def __init__(self, **kwargs): self.address = kwargs.get('address', 'http://127.0.0.1:5000/') self.verify_ssl = kwargs.get('verify_ssl', True) self.api_version = kwargs.get('api_version', 2) self.credentials = kwargs.get('credentials', '') self._client = DockerRegistryClient(self.address, verify_ssl=self.verify_ssl, api_version=self.api_version)
def get_client(registry, user, pw): # auth_service_url_full = f'{registry}/v2/token' cl = DockerRegistryClient( host=registry, api_version=1, username=user, password=pw, ) # cl._base_client.check_status() return cl
def get_tags(self, image): params = {} for (k, v) in self.config.items(): if v == '' or v is None: continue # FOR AWS ECR User if k == 'username' and v == 'AWS': # get password region_name = self._get_aws_region_from_host(self.config['host']) password = self._get_aws_ecr_token(region_name) if password: params.update({'password': password}) params.update({k: v}) try: client = DockerRegistryClient(**params) r = client.repository(image) tags = r.tags() # return sorted list return tags except Exception as e: # Hard to determine backend problems _LOGGER.error(f"Error to get container tags: {e}") raise ERROR_REPOSITORY_BACKEND(host=params['host'])
src_registry_url = config['source_registry']['url'] dst_registry_url = config['destination_registry']['url'] src_username = None if 'username' not in config[ 'source_registry'] else str(config['source_registry']['username']) src_password = determine_password(config, 'src') dst_username = None if 'username' not in config[ 'destination_registry'] else str( config['destination_registry']['username']) dst_password = determine_password(config, 'dst') src_client = DockerRegistryClient(src_registry_url, username=src_username, password=src_password, verify_ssl=False) dst_client = DockerRegistryClient(dst_registry_url, username=dst_username, password=dst_password, verify_ssl=False) docker_client = docker.from_env() docker_client.login(registry=src_registry_url, username=src_username, password=src_password) docker_client.login(registry=dst_registry_url, username=dst_username, password=dst_password)
src_registry_url = config['source_registry']['url'] dst_registry_url = config['destination_registry']['url'] src_username = None if 'username' not in config[ 'source_registry'] else str(config['source_registry']['username']) src_password = determine_password(config, 'src') dst_username = None if 'username' not in config[ 'destination_registry'] else str( config['destination_registry']['username']) dst_password = determine_password(config, 'dst') src_client = DockerRegistryClient(src_registry_url, username=src_username, password=src_password) dst_client = DockerRegistryClient(dst_registry_url, username=dst_username, password=dst_password) docker_client = docker.from_env() docker_client.login(registry=src_registry_url, username=src_username, password=src_password) docker_client.login(registry=dst_registry_url, username=dst_username, password=dst_password)
from docker_registry_client import DockerRegistryClient import docker client = DockerRegistryClient("http://127.0.0.1:5000") print client.repositories() r = client.repository("busybox") tags = r.tags() print tags docker_client = docker.from_env() reg = docker_client.containers.get("registry") print reg docker_client.login(registry="http://127.0.0.1:5000", username="", password="") docker_client.images.pull("127.0.0.1:5000/busybox")
def test_repository_manifest(self): url = mock_v2_registry() client = DockerRegistryClient(url) repository = client.repositories()[TEST_NAME] manifest, digest = repository.manifest(TEST_TAG) repository.delete_manifest(digest)
import os from laceworksdk import LaceworkClient from docker_registry_client import DockerRegistryClient lw = LaceworkClient(account=os.getenv('LW_ACCOUNT'), api_key=os.getenv('LW_API_KEY'), api_secret=os.getenv('LW_API_SECRET')) registry = os.getenv('REGISTRY') nexus = DockerRegistryClient(f"https://{registry}", verify_ssl=False, username=os.getenv('REGISTRY_USER'), password=os.getenv('REGISTRY_PASSWORD')) repos = nexus.repositories() for name, repo in repos.items(): tags = repo.tags() for tag in tags: scan_request = lw.vulnerabilities.initiate_container_scan( registry, name, tag) print( f"INITIATING SCAN FOR -> REGISTRY[{registry}] IMAGE[{name}] TAG[{tag}] -> RequestId [{scan_request['data']['RequestId']}]" )
def test_repository_namespace_incorrect(self, version): url = mock_registry(version) client = DockerRegistryClient(url) with pytest.raises(RuntimeError): client.repository('{0}/{1}'.format(TEST_NAMESPACE, TEST_REPO), namespace=TEST_NAMESPACE)
def test_repository(self, version, repository, namespace): url = mock_registry(version) client = DockerRegistryClient(url) repository = client.repository(repository, namespace=namespace) assert isinstance(repository, BaseRepository)
def test_namespaces(self, version): url = mock_registry(version) client = DockerRegistryClient(url) assert client.namespaces() == [TEST_NAMESPACE]
def test_api_version_in_use(self, version): url = mock_registry(version) client = DockerRegistryClient(url) assert client.api_version == version
import docker from requests.exceptions import HTTPError import yaml import os import io import tarfile from docker_registry_client import DockerRegistryClient target_directory = 'sample_lain_yaml' try: os.mkdir(target_directory) except FileExistsError: pass client = docker.from_env(version='auto') registry_host = 'registry.lain.ein.plus' registry = DockerRegistryClient(f'http://{registry_host}') repos = registry.repositories() print(repos) for repo in repos.values(): try: tags = repo.tags() except HTTPError: continue if not tags: continue try: latest_meta_tag = max(t for t in tags if t.startswith('meta-')) except ValueError: continue image_name = f'{registry_host}/{repo.name}:{latest_meta_tag}'