Skip to content

WIP: Follow redirects for blobs in S3-backed container registry

If the registry is run with the S3 storage driver on AWS S3, the API will return a 307 with a signed url to the requested object on S3.

The blob method in the clinet currently ignores the 307 return code, so it fails to fetch for example the container creation data on the registry tab in gitab, which lead to exception to to trying to parse a nil reponse body as JSON in the tag model.

Example Request:

GET /v2/bito/bito-cms/blobs/sha256:$sha HTTP/1.1
Authorization: Bearer $token

Response:

HTTP/1.1 307 Temporary Redirect
Content-Type: application/octet-stream
Docker-Distribution-Api-Version: registry/2.0
Location: https://$bucket.$endpoint.amazonaws.com/docker/registry/v2/blobs/sha256/$sha[0..1]/$sha/data\
  ?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=$accesskey&…

Without this change, the registry client tries to parse the empty body of the redirect as JSON, which fails with a TypeError exception, because JSON.parse expects a string and not nil.

We cannot simply use the FaradayMiddleware::FollowRedirects middleware, because we need to drop the authorization headers before following the redirect. If we forward the Bearer token to S3 it will

Does this MR meet the acceptance criteria?

Merge request reports

Loading