Merge pull request #2889 from linxiulei/isolated_content

metadata: define content sharing policy

services/server/config/config.go

@@ -83,6 +83,44 @@ type ProxyPlugin struct {
 	Address string `toml:"address"`
 }
 
+// BoltConfig defines the configuration values for the bolt plugin, which is
+// loaded here, rather than back registered in the metadata package.
+type BoltConfig struct {
+	// ContentSharingPolicy sets the sharing policy for content between
+	// namespaces.
+	//
+	// The default mode "shared" will make blobs available in all
+	// namespaces once it is pulled into any namespace. The blob will be pulled
+	// into the namespace if a writer is opened with the "Expected" digest that
+	// is already present in the backend.
+	//
+	// The alternative mode, "isolated" requires that clients prove they have
+	// access to the content by providing all of the content to the ingest
+	// before the blob is added to the namespace.
+	//
+	// Both modes share backing data, while "shared" will reduce total
+	// bandwidth across namespaces, at the cost of allowing access to any blob
+	// just by knowing its digest.
+	ContentSharingPolicy string `toml:"content_sharing_policy"`
+}
+
+const (
+	// SharingPolicyShared represents the "shared" sharing policy
+	SharingPolicyShared = "shared"
+	// SharingPolicyIsolated represents the "isolated" sharing policy
+	SharingPolicyIsolated = "isolated"
+)
+
+// Validate validates if BoltConfig is valid
+func (bc *BoltConfig) Validate() error {
+	switch bc.ContentSharingPolicy {
+	case SharingPolicyShared, SharingPolicyIsolated:
+		return nil
+	default:
+		return errors.Wrapf(errdefs.ErrInvalidArgument, "unknown policy: %s", bc.ContentSharingPolicy)
+	}
+}
+
 // Decode unmarshals a plugin specific configuration by plugin id
 func (c *Config) Decode(id string, v interface{}) (interface{}, error) {
 	data, ok := c.Plugins[id]

services/server/server.go

@@ -238,6 +238,9 @@ func LoadPlugins(ctx context.Context, config *srvconfig.Config) ([]*plugin.Regis
 			plugin.ContentPlugin,
 			plugin.SnapshotPlugin,
 		},
+		Config: &srvconfig.BoltConfig{
+			ContentSharingPolicy: srvconfig.SharingPolicyShared,
+		},
 		InitFn: func(ic *plugin.InitContext) (interface{}, error) {
 			if err := os.MkdirAll(ic.Root, 0711); err != nil {
 				return nil, err
@@ -265,6 +268,22 @@ func LoadPlugins(ctx context.Context, config *srvconfig.Config) ([]*plugin.Regis
 				snapshotters[name] = sn.(snapshots.Snapshotter)
 			}
 
+			shared := true
+			ic.Meta.Exports["policy"] = srvconfig.SharingPolicyShared
+			if cfg, ok := ic.Config.(*srvconfig.BoltConfig); ok {
+				if cfg.ContentSharingPolicy != "" {
+					if err := cfg.Validate(); err != nil {
+						return nil, err
+					}
+					if cfg.ContentSharingPolicy == srvconfig.SharingPolicyIsolated {
+						ic.Meta.Exports["policy"] = srvconfig.SharingPolicyIsolated
+						shared = false
+					}
+
+					log.L.WithField("policy", cfg.ContentSharingPolicy).Info("metadata content store policy set")
+				}
+			}
+
 			path := filepath.Join(ic.Root, "meta.db")
 			ic.Meta.Exports["path"] = path
 
@@ -272,7 +291,12 @@ func LoadPlugins(ctx context.Context, config *srvconfig.Config) ([]*plugin.Regis
 			if err != nil {
 				return nil, err
 			}
-			mdb := metadata.NewDB(db, cs.(content.Store), snapshotters)
+
+			var dbopts []metadata.DBOpt
+			if !shared {
+				dbopts = append(dbopts, metadata.WithPolicyIsolated)
+			}
+			mdb := metadata.NewDB(db, cs.(content.Store), snapshotters, dbopts...)
 			if err := mdb.Init(ic.Context); err != nil {
 				return nil, err
 			}