chore: update docker and k8s

vendor/github.com/docker/distribution/registry/api/errcode/handler.go

@@ -36,9 +36,5 @@ func ServeJSON(w http.ResponseWriter, err error) error {
 
 	w.WriteHeader(sc)
 
-	if err := json.NewEncoder(w).Encode(err); err != nil {
-		return err
-	}
-
-	return nil
+	return json.NewEncoder(w).Encode(err)
 }

vendor/github.com/docker/distribution/registry/api/v2/routes.go

@@ -14,15 +14,6 @@ const (
 	RouteNameCatalog         = "catalog"
 )
 
-var allEndpoints = []string{
-	RouteNameManifest,
-	RouteNameCatalog,
-	RouteNameTags,
-	RouteNameBlob,
-	RouteNameBlobUpload,
-	RouteNameBlobUploadChunk,
-}
-
 // Router builds a gorilla router with named routes for the various API
 // methods. This can be used directly by both server implementations and
 // clients.

vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go

@@ -45,13 +45,13 @@ type Manager interface {
 // to a backend.
 func NewSimpleManager() Manager {
 	return &simpleManager{
-		Challanges: make(map[string][]Challenge),
+		Challenges: make(map[string][]Challenge),
 	}
 }
 
 type simpleManager struct {
 	sync.RWMutex
-	Challanges map[string][]Challenge
+	Challenges map[string][]Challenge
 }
 
 func normalizeURL(endpoint *url.URL) {
@@ -64,7 +64,7 @@ func (m *simpleManager) GetChallenges(endpoint url.URL) ([]Challenge, error) {
 
 	m.RLock()
 	defer m.RUnlock()
-	challenges := m.Challanges[endpoint.String()]
+	challenges := m.Challenges[endpoint.String()]
 	return challenges, nil
 }
 
@@ -82,7 +82,7 @@ func (m *simpleManager) AddResponse(resp *http.Response) error {
 
 	m.Lock()
 	defer m.Unlock()
-	m.Challanges[urlCopy.String()] = challenges
+	m.Challenges[urlCopy.String()] = challenges
 	return nil
 }
 

vendor/github.com/docker/distribution/registry/client/auth/session.go

@@ -13,7 +13,6 @@ import (
 	"github.com/docker/distribution/registry/client"
 	"github.com/docker/distribution/registry/client/auth/challenge"
 	"github.com/docker/distribution/registry/client/transport"
-	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -69,7 +68,6 @@ func NewAuthorizer(manager challenge.Manager, handlers ...AuthenticationHandler)
 type endpointAuthorizer struct {
 	challenges challenge.Manager
 	handlers   []AuthenticationHandler
-	transport  http.RoundTripper
 }
 
 func (ea *endpointAuthorizer) ModifyRequest(req *http.Request) error {
@@ -122,7 +120,6 @@ type clock interface {
 }
 
 type tokenHandler struct {
-	header    http.Header
 	creds     CredentialStore
 	transport http.RoundTripper
 	clock     clock
@@ -135,6 +132,8 @@ type tokenHandler struct {
 	tokenLock       sync.Mutex
 	tokenCache      string
 	tokenExpiration time.Time
+
+	logger Logger
 }
 
 // Scope is a type which is serializable to a string
@@ -176,6 +175,18 @@ func (rs RegistryScope) String() string {
 	return fmt.Sprintf("registry:%s:%s", rs.Name, strings.Join(rs.Actions, ","))
 }
 
+// Logger defines the injectable logging interface, used on TokenHandlers.
+type Logger interface {
+	Debugf(format string, args ...interface{})
+}
+
+func logDebugf(logger Logger, format string, args ...interface{}) {
+	if logger == nil {
+		return
+	}
+	logger.Debugf(format, args...)
+}
+
 // TokenHandlerOptions is used to configure a new token handler
 type TokenHandlerOptions struct {
 	Transport   http.RoundTripper
@@ -185,6 +196,7 @@ type TokenHandlerOptions struct {
 	ForceOAuth    bool
 	ClientID      string
 	Scopes        []Scope
+	Logger        Logger
 }
 
 // An implementation of clock for providing real time data.
@@ -220,6 +232,7 @@ func NewTokenHandlerWithOptions(options TokenHandlerOptions) AuthenticationHandl
 		clientID:      options.ClientID,
 		scopes:        options.Scopes,
 		clock:         realClock{},
+		logger:        options.Logger,
 	}
 
 	return handler
@@ -264,6 +277,9 @@ func (th *tokenHandler) getToken(params map[string]string, additionalScopes ...s
 	}
 	var addedScopes bool
 	for _, scope := range additionalScopes {
+		if hasScope(scopes, scope) {
+			continue
+		}
 		scopes = append(scopes, scope)
 		addedScopes = true
 	}
@@ -287,6 +303,15 @@ func (th *tokenHandler) getToken(params map[string]string, additionalScopes ...s
 	return th.tokenCache, nil
 }
 
+func hasScope(scopes []string, scope string) bool {
+	for _, s := range scopes {
+		if s == scope {
+			return true
+		}
+	}
+	return false
+}
+
 type postTokenResponse struct {
 	AccessToken  string    `json:"access_token"`
 	RefreshToken string    `json:"refresh_token"`
@@ -348,7 +373,7 @@ func (th *tokenHandler) fetchTokenWithOAuth(realm *url.URL, refreshToken, servic
 	if tr.ExpiresIn < minimumTokenLifetimeSeconds {
 		// The default/minimum lifetime.
 		tr.ExpiresIn = minimumTokenLifetimeSeconds
-		logrus.Debugf("Increasing token expiration to: %d seconds", tr.ExpiresIn)
+		logDebugf(th.logger, "Increasing token expiration to: %d seconds", tr.ExpiresIn)
 	}
 
 	if tr.IssuedAt.IsZero() {
@@ -439,7 +464,7 @@ func (th *tokenHandler) fetchTokenWithBasicAuth(realm *url.URL, service string,
 	if tr.ExpiresIn < minimumTokenLifetimeSeconds {
 		// The default/minimum lifetime.
 		tr.ExpiresIn = minimumTokenLifetimeSeconds
-		logrus.Debugf("Increasing token expiration to: %d seconds", tr.ExpiresIn)
+		logDebugf(th.logger, "Increasing token expiration to: %d seconds", tr.ExpiresIn)
 	}
 
 	if tr.IssuedAt.IsZero() {

vendor/github.com/docker/distribution/registry/client/blob_writer.go

@@ -2,6 +2,7 @@ package client
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -9,7 +10,6 @@ import (
 	"time"
 
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
 )
 
 type httpBlobUpload struct {

vendor/github.com/docker/distribution/registry/client/repository.go

@@ -2,6 +2,7 @@ package client
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -14,7 +15,6 @@ import (
 	"time"
 
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/api/v2"
 	"github.com/docker/distribution/registry/client/transport"
@@ -62,7 +62,7 @@ func checkHTTPRedirect(req *http.Request, via []*http.Request) error {
 }
 
 // NewRegistry creates a registry namespace which can be used to get a listing of repositories
-func NewRegistry(ctx context.Context, baseURL string, transport http.RoundTripper) (Registry, error) {
+func NewRegistry(baseURL string, transport http.RoundTripper) (Registry, error) {
 	ub, err := v2.NewURLBuilderFromString(baseURL, false)
 	if err != nil {
 		return nil, err
@@ -75,16 +75,14 @@ func NewRegistry(ctx context.Context, baseURL string, transport http.RoundTrippe
 	}
 
 	return &registry{
-		client:  client,
-		ub:      ub,
-		context: ctx,
+		client: client,
+		ub:     ub,
 	}, nil
 }
 
 type registry struct {
-	client  *http.Client
-	ub      *v2.URLBuilder
-	context context.Context
+	client *http.Client
+	ub     *v2.URLBuilder
 }
 
 // Repositories returns a lexigraphically sorted catalog given a base URL.  The 'entries' slice will be filled up to the size
@@ -133,7 +131,7 @@ func (r *registry) Repositories(ctx context.Context, entries []string, last stri
 }
 
 // NewRepository creates a new Repository for the given repository name and base URL.
-func NewRepository(ctx context.Context, name reference.Named, baseURL string, transport http.RoundTripper) (distribution.Repository, error) {
+func NewRepository(name reference.Named, baseURL string, transport http.RoundTripper) (distribution.Repository, error) {
 	ub, err := v2.NewURLBuilderFromString(baseURL, false)
 	if err != nil {
 		return nil, err
@@ -146,18 +144,16 @@ func NewRepository(ctx context.Context, name reference.Named, baseURL string, tr
 	}
 
 	return &repository{
-		client:  client,
-		ub:      ub,
-		name:    name,
-		context: ctx,
+		client: client,
+		ub:     ub,
+		name:   name,
 	}, nil
 }
 
 type repository struct {
-	client  *http.Client
-	ub      *v2.URLBuilder
-	context context.Context
-	name    reference.Named
+	client *http.Client
+	ub     *v2.URLBuilder
+	name   reference.Named
 }
 
 func (r *repository) Named() reference.Named {
@@ -190,32 +186,35 @@ func (r *repository) Manifests(ctx context.Context, options ...distribution.Mani
 
 func (r *repository) Tags(ctx context.Context) distribution.TagService {
 	return &tags{
-		client:  r.client,
-		ub:      r.ub,
-		context: r.context,
-		name:    r.Named(),
+		client: r.client,
+		ub:     r.ub,
+		name:   r.Named(),
 	}
 }
 
 // tags implements remote tagging operations.
 type tags struct {
-	client  *http.Client
-	ub      *v2.URLBuilder
-	context context.Context
-	name    reference.Named
+	client *http.Client
+	ub     *v2.URLBuilder
+	name   reference.Named
 }
 
 // All returns all tags
 func (t *tags) All(ctx context.Context) ([]string, error) {
 	var tags []string
 
-	u, err := t.ub.BuildTagsURL(t.name)
+	listURLStr, err := t.ub.BuildTagsURL(t.name)
+	if err != nil {
+		return tags, err
+	}
+
+	listURL, err := url.Parse(listURLStr)
 	if err != nil {
 		return tags, err
 	}
 
 	for {
-		resp, err := t.client.Get(u)
+		resp, err := t.client.Get(listURL.String())
 		if err != nil {
 			return tags, err
 		}
@@ -235,7 +234,13 @@ func (t *tags) All(ctx context.Context) ([]string, error) {
 			}
 			tags = append(tags, tagsResponse.Tags...)
 			if link := resp.Header.Get("Link"); link != "" {
-				u = strings.Trim(strings.Split(link, ";")[0], "<>")
+				linkURLStr := strings.Trim(strings.Split(link, ";")[0], "<>")
+				linkURL, err := url.Parse(linkURLStr)
+				if err != nil {
+					return tags, err
+				}
+
+				listURL = listURL.ResolveReference(linkURL)
 			} else {
 				return tags, nil
 			}
@@ -321,7 +326,8 @@ func (t *tags) Get(ctx context.Context, tag string) (distribution.Descriptor, er
 	defer resp.Body.Close()
 
 	switch {
-	case resp.StatusCode >= 200 && resp.StatusCode < 400:
+	case resp.StatusCode >= 200 && resp.StatusCode < 400 && len(resp.Header.Get("Docker-Content-Digest")) > 0:
+		// if the response is a success AND a Docker-Content-Digest can be retrieved from the headers
 		return descriptorFromResponse(resp)
 	default:
 		// if the response is an error - there will be no body to decode.
@@ -421,18 +427,22 @@ func (ms *manifests) Get(ctx context.Context, dgst digest.Digest, options ...dis
 		ref         reference.Named
 		err         error
 		contentDgst *digest.Digest
+		mediaTypes  []string
 	)
 
 	for _, option := range options {
-		if opt, ok := option.(distribution.WithTagOption); ok {
+		switch opt := option.(type) {
+		case distribution.WithTagOption:
 			digestOrTag = opt.Tag
 			ref, err = reference.WithTag(ms.name, opt.Tag)
 			if err != nil {
 				return nil, err
 			}
-		} else if opt, ok := option.(contentDigestOption); ok {
+		case contentDigestOption:
 			contentDgst = opt.digest
-		} else {
+		case distribution.WithManifestMediaTypesOption:
+			mediaTypes = opt.MediaTypes
+		default:
 			err := option.Apply(ms)
 			if err != nil {
 				return nil, err
@@ -448,6 +458,10 @@ func (ms *manifests) Get(ctx context.Context, dgst digest.Digest, options ...dis
 		}
 	}
 
+	if len(mediaTypes) == 0 {
+		mediaTypes = distribution.ManifestMediaTypes()
+	}
+
 	u, err := ms.ub.BuildManifestURL(ref)
 	if err != nil {
 		return nil, err
@@ -458,7 +472,7 @@ func (ms *manifests) Get(ctx context.Context, dgst digest.Digest, options ...dis
 		return nil, err
 	}
 
-	for _, t := range distribution.ManifestMediaTypes() {
+	for _, t := range mediaTypes {
 		req.Header.Add("Accept", t)
 	}
 

vendor/github.com/docker/distribution/registry/client/transport/http_reader.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"os"
 	"regexp"
 	"strconv"
 )
@@ -97,7 +96,7 @@ func (hrs *httpReadSeeker) Seek(offset int64, whence int) (int64, error) {
 
 	lastReaderOffset := hrs.readerOffset
 
-	if whence == os.SEEK_SET && hrs.rc == nil {
+	if whence == io.SeekStart && hrs.rc == nil {
 		// If no request has been made yet, and we are seeking to an
 		// absolute position, set the read offset as well to avoid an
 		// unnecessary request.
@@ -113,14 +112,14 @@ func (hrs *httpReadSeeker) Seek(offset int64, whence int) (int64, error) {
 	newOffset := hrs.seekOffset
 
 	switch whence {
-	case os.SEEK_CUR:
+	case io.SeekCurrent:
 		newOffset += offset
-	case os.SEEK_END:
+	case io.SeekEnd:
 		if hrs.size < 0 {
 			return 0, errors.New("content length not known")
 		}
 		newOffset = hrs.size + offset
-	case os.SEEK_SET:
+	case io.SeekStart:
 		newOffset = offset
 	}
 

vendor/github.com/docker/distribution/registry/storage/cache/cachedblobdescriptorstore.go

@@ -1,10 +1,11 @@
 package cache
 
 import (
-	"github.com/docker/distribution/context"
-	"github.com/opencontainers/go-digest"
+	"context"
 
 	"github.com/docker/distribution"
+	prometheus "github.com/docker/distribution/metrics"
+	"github.com/opencontainers/go-digest"
 )
 
 // Metrics is used to hold metric counters
@@ -16,12 +17,20 @@ type Metrics struct {
 	Misses   uint64
 }
 
+// Logger can be provided on the MetricsTracker to log errors.
+//
+// Usually, this is just a proxy to dcontext.GetLogger.
+type Logger interface {
+	Errorf(format string, args ...interface{})
+}
+
 // MetricsTracker represents a metric tracker
 // which simply counts the number of hits and misses.
 type MetricsTracker interface {
 	Hit()
 	Miss()
 	Metrics() Metrics
+	Logger(context.Context) Logger
 }
 
 type cachedBlobStatter struct {
@@ -30,6 +39,11 @@ type cachedBlobStatter struct {
 	tracker MetricsTracker
 }
 
+var (
+	// cacheCount is the number of total cache request received/hits/misses
+	cacheCount = prometheus.StorageNamespace.NewLabeledCounter("cache", "The number of cache request received", "type")
+)
+
 // NewCachedBlobStatter creates a new statter which prefers a cache and
 // falls back to a backend.
 func NewCachedBlobStatter(cache distribution.BlobDescriptorService, backend distribution.BlobDescriptorService) distribution.BlobDescriptorService {
@@ -50,20 +64,22 @@ func NewCachedBlobStatterWithMetrics(cache distribution.BlobDescriptorService, b
 }
 
 func (cbds *cachedBlobStatter) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
+	cacheCount.WithValues("Request").Inc(1)
 	desc, err := cbds.cache.Stat(ctx, dgst)
 	if err != nil {
 		if err != distribution.ErrBlobUnknown {
-			context.GetLogger(ctx).Errorf("error retrieving descriptor from cache: %v", err)
+			logErrorf(ctx, cbds.tracker, "error retrieving descriptor from cache: %v", err)
 		}
 
 		goto fallback
 	}
-
+	cacheCount.WithValues("Hit").Inc(1)
 	if cbds.tracker != nil {
 		cbds.tracker.Hit()
 	}
 	return desc, nil
 fallback:
+	cacheCount.WithValues("Miss").Inc(1)
 	if cbds.tracker != nil {
 		cbds.tracker.Miss()
 	}
@@ -73,7 +89,7 @@ fallback:
 	}
 
 	if err := cbds.cache.SetDescriptor(ctx, dgst, desc); err != nil {
-		context.GetLogger(ctx).Errorf("error adding descriptor %v to cache: %v", desc.Digest, err)
+		logErrorf(ctx, cbds.tracker, "error adding descriptor %v to cache: %v", desc.Digest, err)
 	}
 
 	return desc, err
@@ -95,7 +111,19 @@ func (cbds *cachedBlobStatter) Clear(ctx context.Context, dgst digest.Digest) er
 
 func (cbds *cachedBlobStatter) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
 	if err := cbds.cache.SetDescriptor(ctx, dgst, desc); err != nil {
-		context.GetLogger(ctx).Errorf("error adding descriptor %v to cache: %v", desc.Digest, err)
+		logErrorf(ctx, cbds.tracker, "error adding descriptor %v to cache: %v", desc.Digest, err)
 	}
 	return nil
 }
+
+func logErrorf(ctx context.Context, tracker MetricsTracker, format string, args ...interface{}) {
+	if tracker == nil {
+		return
+	}
+
+	logger := tracker.Logger(ctx)
+	if logger == nil {
+		return
+	}
+	logger.Errorf(format, args...)
+}

vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go

@@ -1,10 +1,10 @@
 package memory
 
 import (
+	"context"
 	"sync"
 
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/storage/cache"
 	"github.com/opencontainers/go-digest"