Merge pull request #2849 from Shawnpku/master

support Alibaba Cloud CDN storage middleware

cmd/registry/main.go

@@ -12,6 +12,7 @@ import (
 	_ "github.com/docker/distribution/registry/storage/driver/filesystem"
 	_ "github.com/docker/distribution/registry/storage/driver/gcs"
 	_ "github.com/docker/distribution/registry/storage/driver/inmemory"
+	_ "github.com/docker/distribution/registry/storage/driver/middleware/alicdn"
 	_ "github.com/docker/distribution/registry/storage/driver/middleware/cloudfront"
 	_ "github.com/docker/distribution/registry/storage/driver/middleware/redirect"
 	_ "github.com/docker/distribution/registry/storage/driver/oss"

docs/configuration.md

@@ -720,6 +720,17 @@ Value of `ipfilteredby` can be:
 | `aws`       | IP from AWS goes to S3 directly    |
 | `awsregion` | IP from certain AWS regions goes to S3 directly, use together with `awsregion`. |
 
+### `alicdn`
+
+`alicdn` storage middleware allows the registry to serve layers via a content delivery network provided by Alibaba Cloud. Alicdn requires the OSS storage driver.
+
+| Parameter    | Required | Description                                                             |
+|--------------|----------|-------------------------------------------------------------------------|
+| `baseurl`    | yes      | The `SCHEME://HOST` at which Alicdn is served.                          |
+| `authtype`   | yes      | The URL authentication type for Alicdn, which should be `a`, `b` or `c`. See the [Authentication configuration](https://www.alibabacloud.com/help/doc-detail/85117.htm).|
+| `privatekey` | yes      | The URL authentication key for Alicdn.                                  |
+| `duration`   | no       | An integer and unit for the duration of the Alicdn session. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, or `h`.|
+
 ### `redirect`
 
 You can use the `redirect` storage middleware to specify a custom URL to a

registry/storage/driver/middleware/alicdn/middleware.go

@@ -0,0 +1,116 @@
+package alicdn
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	dcontext "github.com/docker/distribution/context"
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	storagemiddleware "github.com/docker/distribution/registry/storage/driver/middleware"
+
+	"github.com/denverdino/aliyungo/cdn/auth"
+)
+
+// aliCDNStorageMiddleware provides a simple implementation of layerHandler that
+// constructs temporary signed AliCDN URLs from the storagedriver layer URL,
+// then issues HTTP Temporary Redirects to this AliCDN content URL.
+type aliCDNStorageMiddleware struct {
+	storagedriver.StorageDriver
+	baseURL   string
+	urlSigner *auth.URLSigner
+	duration  time.Duration
+}
+
+var _ storagedriver.StorageDriver = &aliCDNStorageMiddleware{}
+
+// newAliCDNStorageMiddleware constructs and returns a new AliCDN
+// StorageDriver implementation.
+// Required options: baseurl, authtype, privatekey
+// Optional options: duration
+func newAliCDNStorageMiddleware(storageDriver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error) {
+	// parse baseurl
+	base, ok := options["baseurl"]
+	if !ok {
+		return nil, fmt.Errorf("no baseurl provided")
+	}
+	baseURL, ok := base.(string)
+	if !ok {
+		return nil, fmt.Errorf("baseurl must be a string")
+	}
+	if !strings.Contains(baseURL, "://") {
+		baseURL = "https://" + baseURL
+	}
+	if _, err := url.Parse(baseURL); err != nil {
+		return nil, fmt.Errorf("invalid baseurl: %v", err)
+	}
+
+	// parse authtype
+	at, ok := options["authtype"]
+	if !ok {
+		return nil, fmt.Errorf("no authtype provided")
+	}
+	authType, ok := at.(string)
+	if !ok {
+		return nil, fmt.Errorf("authtype must be a string")
+	}
+	if authType != "a" && authType != "b" && authType != "c" {
+		return nil, fmt.Errorf("invalid authentication type")
+	}
+
+	// parse privatekey
+	pk, ok := options["privatekey"]
+	if !ok {
+		return nil, fmt.Errorf("no privatekey provided")
+	}
+	privateKey, ok := pk.(string)
+	if !ok {
+		return nil, fmt.Errorf("privatekey must be a string")
+	}
+
+	urlSigner := auth.NewURLSigner(authType, privateKey)
+
+	// parse duration
+	duration := 20 * time.Minute
+	d, ok := options["duration"]
+	if ok {
+		switch d := d.(type) {
+		case time.Duration:
+			duration = d
+		case string:
+			dur, err := time.ParseDuration(d)
+			if err != nil {
+				return nil, fmt.Errorf("invalid duration: %s", err)
+			}
+			duration = dur
+		}
+	}
+
+	return &aliCDNStorageMiddleware{
+		StorageDriver: storageDriver,
+		baseURL:       baseURL,
+		urlSigner:     urlSigner,
+		duration:      duration,
+	}, nil
+}
+
+// URLFor attempts to find a url which may be used to retrieve the file at the given path.
+func (ac *aliCDNStorageMiddleware) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+
+	if ac.StorageDriver.Name() != "oss" {
+		dcontext.GetLogger(ctx).Warn("the AliCDN middleware does not support this backend storage driver")
+		return ac.StorageDriver.URLFor(ctx, path, options)
+	}
+	acURL, err := ac.urlSigner.Sign(ac.baseURL+path, time.Now().Add(ac.duration))
+	if err != nil {
+		return "", err
+	}
+	return acURL, nil
+}
+
+// init registers the alicdn layerHandler backend.
+func init() {
+	storagemiddleware.Register("alicdn", storagemiddleware.InitFunc(newAliCDNStorageMiddleware))
+}

vendor.conf

@@ -7,7 +7,7 @@ github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
 github.com/bugsnag/bugsnag-go b1d153021fcd90ca3f080db36bec96dc690fb274
 github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702
 github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782
-github.com/denverdino/aliyungo 6df11717a253d9c7d4141f9af4deaa7c580cd531
+github.com/denverdino/aliyungo a747050bb1baf06cdd65de7cddc281a2b1c2fde5
 github.com/dgrijalva/jwt-go a601269ab70c205d26370c16f7c81e9017c14e04
 github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab
 github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21