Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #38015 - Enable org and CVE scoping for flatpak content #11251

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+23 −1
Open

Fixes #38015 - Enable org and CVE scoping for flatpak content #11251

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion app/controllers/katello/api/registry/registry_proxies_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ class Api::Registry::RegistryProxiesController < Api::V2::ApiController
before_action :confirm_settings
skip_before_action :authorize
before_action :optional_authorize, only: [:token, :catalog]
before_action :registry_authorize, except: [:token, :v1_search, :catalog]
before_action :registry_authorize, except: [:token, :v1_search, :catalog, :static_index]
before_action :authorize_repository_read, only: [:pull_manifest, :tags_list, :check_blob, :pull_blob]
before_action :container_push_prop_validation, only: [:start_upload_blob, :upload_blob, :finish_upload_blob, :push_manifest]
before_action :create_container_repo_if_needed, only: [:start_upload_blob, :upload_blob, :finish_upload_blob, :push_manifest]
Expand Down Expand Up @@ -806,5 +806,25 @@ def render_podman_error(code, message, status = :bad_request)
def item_not_found(item)
render_podman_error("NAME_UNKNOWN", _("%s was not found!") % item, :not_found)
end

def static_index
host_ip = request.remote_ip
host = ::Host.joins(:primary_interface).where(nics: { ip: host_ip }).first
flatpak_index = (redirect_client { Resources::Registry::Proxy.get(@_request.fullpath, headers) })
flatpak_index_json = JSON.parse(flatpak_index)
# Filter out repositories if it's a registered host
if host&.content_view_environments&.any?
# host.update(flatpak_index: flatpak_index) Will this help??
repos = host.content_view_environments.flat_map do |cve|
cve.content_view_version.repositories
end
available_container_repo_names = repos.map(&:container_repository_name)
flatpak_index_json['Results'] = flatpak_index_json['Results'].select do |result|
available_container_repo_names.include?(result['Name'])
end
end
# Otherwise just return unfiltered pulp flatpak index
render json: flatpak_index_json
end
end
end
1 change: 1 addition & 0 deletions config/routes/api/registry.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ class ActionDispatch::Routing::Mapper
match '/v2' => 'registry_proxies#ping', :via => :get
match '/v1/_ping' => 'registry_proxies#v1_ping', :via => :get
match '/v1/search' => 'registry_proxies#v1_search', :via => :get
match '/index/static' => 'registry_proxies#static_index', :via => :get
end
end
end
1 change: 1 addition & 0 deletions lib/katello/permissions/registry_permissions.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,5 @@
'katello/api/registry/registry_proxies/start_upload_blob',
'katello/api/registry/registry_proxies/upload_blob',
'katello/api/registry/registry_proxies/finish_upload_blob',
'katello/api/registry/registry_proxies/static_index',
]
Loading