Merge pull request #1676 from reasonerjt/deletion-control

DELETE /api/repository returns 412 if the tag is signed in notary
2024-10-01 23:07:39 +02:00 · 2017-03-21 10:55:45 +08:00 · 2017-03-21 10:55:45 +08:00 · 127bd09c59
commit 127bd09c59
parent c33df95c6f aa769dbfa8
1 changed files with 34 additions and 12 deletions
--- a/src/ui/api/repository.go
+++ b/src/ui/api/repository.go
@ -227,6 +227,24 @@ func (ra *RepositoryAPI) Delete() {
 		}
 	}

+	if config.WithNotary() {
+		signedTags := make(map[string]struct{})
+		targets, err := getNotaryTargets(user, repoName)
+		if err != nil {
+			log.Errorf("Failed to get Notary targets for repository: %s, error: %v", repoName, err)
+			log.Warningf("Failed to check signature status of repository: %s for deletion, there maybe orphaned targets in Notary.", repoName)
+		}
+		for _, tgt := range targets {
+			signedTags[tgt.Tag] = struct{}{}
+		}
+		for _, t := range tags {
+			if _, ok = signedTags[t]; ok {
+				log.Errorf("Found signed tag, repostory: %s, tag: %s, deletion will be canceled", repoName, t)
+				ra.CustomAbort(http.StatusPreconditionFailed, fmt.Sprintf("tag %s is signed", t))
+			}
+		}
+	}
+
 	for _, t := range tags {
 		if err = rc.DeleteTag(t); err != nil {
 			if regErr, ok := err.(*registry_error.Error); ok {
@ -565,22 +583,15 @@ func (ra *RepositoryAPI) GetTopRepos() {
 func (ra *RepositoryAPI) GetSignatures() {
 	//use this func to init session.
 	ra.GetUserIDForRequest()
-	repoName := ra.GetString("repo_name")
-	if len(repoName) == 0 {
-		ra.CustomAbort(http.StatusBadRequest, "repo_name is nil")
-	}
-	ext, err := config.ExtEndpoint()
-	if err != nil {
-		log.Errorf("Error while reading external endpoint: %v", err)
-		ra.CustomAbort(http.StatusInternalServerError, "internal error")
-	}
-	endpoint := strings.Split(ext, "//")[1]
-	fqRepo := path.Join(endpoint, repoName)
 	username, err := ra.getUsername()
 	if err != nil {
 		log.Warningf("Error when getting username: %v", err)
 	}
-	targets, err := notary.GetTargets(config.InternalNotaryEndpoint(), username, fqRepo)
+	repoName := ra.GetString("repo_name")
+	if len(repoName) == 0 {
+		ra.CustomAbort(http.StatusBadRequest, "repo_name is nil")
+	}
+	targets, err := getNotaryTargets(username, repoName)
 	if err != nil {
 		log.Errorf("Error while fetching signature from notary: %v", err)
 		ra.CustomAbort(http.StatusInternalServerError, "internal error")
@ -589,6 +600,17 @@ func (ra *RepositoryAPI) GetSignatures() {
 	ra.ServeJSON()
 }

+func getNotaryTargets(username string, repo string) ([]notary.Target, error) {
+	ext, err := config.ExtEndpoint()
+	if err != nil {
+		log.Errorf("Error while reading external endpoint: %v", err)
+		return nil, err
+	}
+	endpoint := strings.Split(ext, "//")[1]
+	fqRepo := path.Join(endpoint, repo)
+	return notary.GetTargets(config.InternalNotaryEndpoint(), username, fqRepo)
+}
+
 func newRepositoryClient(endpoint string, insecure bool, username, password, repository, scopeType, scopeName string,
 	scopeActions ...string) (*registry.Repository, error) {