Topics
- Using the
PREFERRED_URL_SCHEME
configuration option caused failure in Galaxy v3 due to its inapplicability to relative URLs. This now works correctly by not applying the preferred scheme to relative URLs, since they do not need to know the current scheme (#122, #123).
- Requests for collections that were not already present in artifactory resulted in a 500 internal server error (#112, #116).
- Requests proxied to a v2 upstream endpoint that supports pagination caused a 400 error from the upstream due to the inclusion of the v3
limit
query string parameter (#113).
Galactory finally supports the Galaxy v3 API. If you're using the upstream proxy functionality with galaxy.ansible.com then this will be required since they made the switch to galaxy_ng which no longer supports API v2.
This release contains a lot of changes, but because support for v3 is so important due to the recent galaxy change, I've tried hard to introduce no breaking changes. Deprecations scheduled for this release have been postponed to the next one.
This release should be a drop-in replacement if you're up-to-date on the previous release, without requiring any configuration changes. The v3 support and other new features and bugfixes are active in the default configuration and should have no breakages, but options are included to turn off some of those features.
- Galactory now supports v3 of the Galaxy API, both as a server, and as a client for upstream proxying (#23, #104).
- Added the
API_VERSION
multi-valued config option to control which version(s) of the galaxy API are supported for the running instance (#104). - Requests that are proxied to an upstream now override the query string to always request 100 results. This is a slight, partial mitigation for our current lack of true pagination suppport (#99, #104).
- The
download
endpoint now supports a query string parametergalactory_upstream_url
. When this parameter is set, and the requested artifact does not already exist in artifactory, this exact URL will be used as the upstream location for this file. If the parameter is not set, it uses the previous proxying behavior for downloads, which is to append the route to the configured upstream to determine its URL. API responses from galactory that contain adownload_url
field will automatically generate proper URLs with this parameter set, and it does not require additional configuration or user concern (#104). - The option
UPLOAD_FORMAT
has been added to control the behavior of upload format detection. Auto-detection is attempted when the option is not set or set toauto
. Set it tobase64
to only accept base64-encoded content, or set it toraw
to only accept unencoded content (#109).
- The
PREFER_CONFIGURED_KEY
configuration option has been replaced byPREFER_CONFIGURED_AUTH
and the old name will be removed inv0.12.0
(#77). - The
PUBLISH_SKIP_CONFIGURED_KEY
configuration option has been replaced byPUBLISH_SKIP_CONFIGURED_AUTH
and the old name will be removed inv0.12.0
(#77). - The
USE_GALAXY_KEY
configuration option has been replaced byUSE_GALAXY_AUTH
and the old name will be removed inv0.12.0
(#77). - The default value of the new
GALAXY_AUTH_TYPE
configuration option, added in this release, will change fromapi_key
toaccess_token
inv0.12.0
(#77).
- The
href
field of several API responses was incorrect, pointing back at the URL requested instead of pointing at the collection endpoint (#103). - The collection publish endpoint required the file data to be base64 encoded. This worked for
ansible-core>=2.10
but did not work with Ansible 2.9 or other clients that were not aware of the need. Galactory can now detect and accept both raw bytes and base64 encoded content (#105).
- Galactory does not support proper paginated responses or proxying. This has always been the case and is not new to this release, but this bug is now tracked (#99).
- Upstream proxying does not support translation of requests between API versions. While galactory can serve both v2 and v3 simultaneously, an individual request will be proxied to the upstream as is, so the configured upstream must support the version of the request (#104).
- A collection that had only prereleases would cause a 500 error when visiting certain endpoints due to a lack of a
latest_version
key. The latest version is now the latest stable (non-prerelease) version if any exist, which is the same behavior as before, but if only prereleases exist, thenlatest_version
will refer to the latest prerelease (#87).
This release adds support for Artifactory Access Tokens (bearer auth), and fixes a bug that resulted in malformed collection metadata.
- Add support for Artifactory Access Tokens (bearer auth) in both configured auth and galaxy requests, via the new
ARTIFACTORY_ACCESS_TOKEN
andGALAXY_AUTH_TYPE
configuration options (#77). - the minimum required version of
dohq-artifactory
is nowv0.9.0
(#72).
- The
PREFER_CONFIGURED_KEY
configuration option has been replaced byPREFER_CONFIGURED_AUTH
and the old name will be removed inv0.11.0
(#77). - The
PUBLISH_SKIP_CONFIGURED_KEY
configuration option has been replaced byPUBLISH_SKIP_CONFIGURED_AUTH
and the old name will be removed inv0.11.0
(#77). - The
USE_GALAXY_KEY
configuration option has been replaced byUSE_GALAXY_AUTH
and the old name will be removed inv0.11.0
(#77). - The default value of the new
GALAXY_AUTH_TYPE
configuration option, added in this release, will change fromapi_key
toaccess_token
inv0.11.0
(#77).
- traceback when publishing or retrieving a previously published collection (even by proxying) whose metadata contains certain characters that need to be URL quoted (#58, #52).
- any collections already published with malformed metadata due to the bug in
collection_info
will not be fixed and will need to be re-published or have their collection info repaired (#72).
This release adds basic support for ProxyFix
.
- factory methods - add basic support for
ProxyFix
to thecreate_configured_app
factory method (#48).
Another bugfix for upstream, this time for scheme rewriting in generated URLs.
- site root - the root URL now has a response, just some plain text at this time but may be expanded later (#46).
- upstream proxying - upstream URLs are not rewritten using the preferred scheme (#45).
This patch release fixes the broken upstream proxying I released previously.
- containers - published container images have been updated from Python 3.10 to Python 3.11 (#41).
- upstream proxying - a previous change to remove deprecated JSON encoder usage in Flask inadvertently broke upstream proxying due a bad import (#42).
This version is full of new features and bugfixes, and our first external contributor!
There's a new factory method that lets you re-use the same config system in place as the CLI without starting the internal web server, for use with a custom WSGI server, support for Brotli compression in upstreams, proper use of proxy environment variables, a new parameter to set a preferred URL scheme to help with reverse proxy use, and the first health check endpoint.
This release also removes use of a deprecated Flask feature (not user facing) and fixed the tests to work with Python 3.10 and 3.11, which we now test in CI.
- WSGI support - in addition to the bare
create_app
factory function, there is now acreate_configurd_app
factory function, which uses the same argument parsing as running from the CLI; this allows for using an external WSGI server while taking advantage of the environment variables and configuration file support to set the configuration (#28). - healthchecks - the first health check endpoint has been added, which can be used for load balancers, reverse proxies, smart DNS, and more (#30).
- upstream proxying - merge the
requests
environment for proxied requests so that environment variables such asREQUESTS_CA_BUNDLE
are used appropriately (#25).
- generated URLs had no way to set the scheme for use reverse proxies or load balancers (#27).
- the
/api/
endpoint did not define a route that didn't end in/
, which caused Flask to issue a redirect, however the redirect does not use the preferred scheme (#29). - the
href
field in responses did not use the new support for schemes (#29). - the bare
collections/
endpoint was not using authorization and would have failed if authentication was required to read from Artifactory (#29). - upstream proxying - proxied requests used the
Accept:
header of the request, sometimes resulting in HTML from the upstream and a resulting 500 error since the response was not JSON (#31). - upstream proxying - proxied requests with an
Accept-Encoding: br
(brotli compression) header would fail decoding because of the lack of a brotli decoder (#32).
Property setting is now done at upload time, which removes another piece of Pro license code, but may cause issues with certain reverse proxy configurations. A new fallback option is introduced to use the old behavior, but it may be removed in a future version.
- property setting - by default properties are now set on the initial upload of a collection to Artifactory. This removes an additional roundtrip to the server, and removes another API call that requires a Pro license of Artifactory. However, some reverse proxy configurations will not work with this. A new parameter
USE_PROPERTY_FALLBACK
has been added which will use the old behavior of setting properties in a second request, but this will still require a Pro license to use. This option may be removed in a future version. See (#19).
With this release we've added the ability to block the use of a configured API key with the publish endpoint, preventing clients from publishing anonymously.
- manifest loading - galactory no longer uses Artifactory's "Archive Entry Download" endpoint, removing one piece of code that requires a pro license or greater (#5, #16).
- publish endpoint - add
PUBLISH_SKIP_CONFIGURED_KEY
option which disallows using a configured API key on thepublish
endpoint (#14).
This release contains cache control options. This enables more scenarios for proxying, such as proxying with no Artifactory API key, or one without write permission. The cache expiry time can now be configured, and it can be set independently in different galactory instances pointed at the same cache in artifactory.
- proxy cache - finer control over when and what gets cached when proxying upstream, allowing for proxy configurations with less permission in artifactory (#4, #13).
This release adds much improved configuration support.
- configuration - all options can now be configured via environment variables, direct in CLI, or in config files (#12).
ARM64 containers are now part of the release process. The meaning of the latest
tag for containers now refers to the build from the latest git tag rather than the latest commit.
Containers are now also tagged with the branch name to correspond to the latest commit in a specific branch, for example ghcr.io/briantist/galactory:main
.
There are no functional changes in this release.
Some big reliability and performance enhancements included in ths release.
- connections - retries are now done automatically both on proxied upstream requests and on requests to Artifactory (#7, #8).
- performance - optimizations when iterating collections allow a huge reduction in the number of requests to artifactory needed (#9).
Adds a new option to control the server name in generated links.
- Allow server name to be configurable via the
--server-name
CLI option (#3).
The first release of Galactory, with support for upstream proxying.