feature: registry mirror support direct param.

zcc35357949 · zcc35357949 · commit d7a832392f85 · 2019-11-13T19:31:42.000+08:00
Signed-off-by: zhouchencheng &lt;zhouchencheng@bilibili.com&gt;
diff --git a/dfdaemon/config/config.go b/dfdaemon/config/config.go
@@ -52,6 +52,8 @@ var fs = afero.NewOsFs()
 //       insecure: false
 //       # optional certificates if the remote server uses self-signed certificates
 //       certs: []
+//       # whether to request the remote registry directly
+//       direct: false
 //
 //     proxies:
 //     # proxy all http image layer download requests with dfget
@@ -174,6 +176,9 @@ type RegistryMirror struct {
 
 	// Whether to ignore certificates errors for the registry
 	Insecure bool `yaml:"insecure" json:"insecure"`
+
+	// Request the remote registry directly.
+	Direct bool `yaml:"direct" json:"direct"`
 }
 
 // TLSConfig returns the tls.Config used to communicate with the mirror
diff --git a/dfdaemon/proxy/proxy.go b/dfdaemon/proxy/proxy.go
@@ -179,6 +179,7 @@ func (proxy *Proxy) mirrorRegistry(w http.ResponseWriter, r *http.Request) {
 	t, err := transport.New(
 		transport.WithDownloader(proxy.downloadFactory()),
 		transport.WithTLS(proxy.registry.TLSConfig()),
+		transport.WithCondition(proxy.shouldUseDfgetForMirror),
 	)
 	if err != nil {
 		http.Error(w, fmt.Sprintf("failed to get transport: %v", err), http.StatusInternalServerError)
@@ -264,6 +265,12 @@ func (proxy *Proxy) shouldUseDfget(req *http.Request) bool {
 	return false
 }
 
+// shouldUseDfgetForMirror returns whether we should use dfget to proxy a request
+// when we use registry mirror.
+func (proxy *Proxy) shouldUseDfgetForMirror(req *http.Request) bool {
+	return proxy.registry != nil && !proxy.registry.Direct && transport.NeedUseGetter(req)
+}
+
 // tunnelHTTPS handles a CONNECT request and proxy an https request through an
 // http tunnel.
 func tunnelHTTPS(w http.ResponseWriter, r *http.Request) {
diff --git a/dfdaemon/proxy/proxy_test.go b/dfdaemon/proxy/proxy_test.go
@@ -32,9 +32,10 @@ type testItem struct {
 }
 
 type testCase struct {
-	Error error
-	Rules []*config.Proxy
-	Items []testItem
+	Error          error
+	Rules          []*config.Proxy
+	RegistryMirror *config.RegistryMirror
+	Items          []testItem
 }
 
 func newTestCase() *testCase {
@@ -52,6 +53,20 @@ func (tc *testCase) WithRule(regx string, direct bool, useHTTPS bool) *testCase
 	return tc
 }
 
+func (tc *testCase) WithRegistryMirror(url string, direct bool) *testCase {
+	if tc.Error != nil {
+		return tc
+	}
+
+	var remote *config.URL
+	remote, tc.Error = config.NewURL(url)
+	tc.RegistryMirror = &config.RegistryMirror{
+		Remote: remote,
+		Direct: direct,
+	}
+	return tc
+}
+
 func (tc *testCase) WithTest(url string, direct bool, useHTTPS bool) *testCase {
 	tc.Items = append(tc.Items, testItem{url, direct, useHTTPS})
 	return tc
@@ -82,6 +97,26 @@ func (tc *testCase) Test(t *testing.T) {
 	}
 }
 
+func (tc *testCase) TestMirror(t *testing.T) {
+	a := assert.New(t)
+	if !a.Nil(tc.Error) {
+		return
+	}
+	tp, err := New(WithRegistryMirror(tc.RegistryMirror))
+	if !a.Nil(err) {
+		return
+	}
+	for _, item := range tc.Items {
+		req, err := http.NewRequest("GET", item.URL, nil)
+		if !a.Nil(err) {
+			continue
+		}
+		if !a.Equal(tp.shouldUseDfgetForMirror(req), !item.Direct) {
+			fmt.Println(item.URL)
+		}
+	}
+}
+
 func TestMatch(t *testing.T) {
 	newTestCase().
 		WithRule("/blobs/sha256/", false, false).
@@ -101,4 +136,23 @@ func TestMatch(t *testing.T) {
 		WithTest("http://h/a/d", false, true).  // should match /a/d and use https
 		WithTest("http://h/a/e", false, false). // should match /a, not /a/e
 		Test(t)
+
+	newTestCase().
+		WithTest("http://h/a", true, false).
+		TestMirror(t)
+
+	newTestCase().
+		WithRegistryMirror("http://index.docker.io", false).
+		WithTest("http://h/a", true, false).
+		TestMirror(t)
+
+	newTestCase().
+		WithRegistryMirror("http://index.docker.io", false).
+		WithTest("http://index.docker.io/v2/blobs/sha256/xxx", false, false).
+		TestMirror(t)
+
+	newTestCase().
+		WithRegistryMirror("http://index.docker.io", true).
+		WithTest("http://index.docker.io/v2/blobs/sha256/xxx", true, false).
+		TestMirror(t)
 }
diff --git a/dfdaemon/transport/transport.go b/dfdaemon/transport/transport.go
@@ -52,7 +52,7 @@ func New(opts ...Option) (*DFRoundTripper, error) {
 	rt := &DFRoundTripper{
 		Round:          defaultHTTPTransport(nil),
 		Round2:         http.NewFileTransport(http.Dir("/")),
-		ShouldUseDfget: needUseGetter,
+		ShouldUseDfget: NeedUseGetter,
 	}
 
 	for _, opt := range opts {
@@ -162,6 +162,6 @@ func (roundTripper *DFRoundTripper) downloadByGetter(url string, header map[stri
 
 // needUseGetter is the default value for ShouldUseDfget, which downloads all
 // images layers with dfget.
-func needUseGetter(req *http.Request) bool {
+func NeedUseGetter(req *http.Request) bool {
 	return req.Method == http.MethodGet && layerReg.MatchString(req.URL.Path)
 }

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ func New(opts ...Option) (*DFRoundTripper, error) {`
`52`	`52`	`rt := &DFRoundTripper{`
`53`	`53`	`Round: defaultHTTPTransport(nil),`
`54`	`54`	`Round2: http.NewFileTransport(http.Dir("/")),`
`55`		`- ShouldUseDfget: needUseGetter,`
	`55`	`+ ShouldUseDfget: NeedUseGetter,`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`for _, opt := range opts {`
`@@ -162,6 +162,6 @@ func (roundTripper *DFRoundTripper) downloadByGetter(url string, header map[stri`
`162`	`162`
`163`	`163`	`// needUseGetter is the default value for ShouldUseDfget, which downloads all`
`164`	`164`	`// images layers with dfget.`
`165`		`-func needUseGetter(req *http.Request) bool {`
	`165`	`+func NeedUseGetter(req *http.Request) bool {`
`166`	`166`	`return req.Method == http.MethodGet && layerReg.MatchString(req.URL.Path)`
`167`	`167`	`}`