From c8563d8672fbe341beb04544bdce38b5d7194959 Mon Sep 17 00:00:00 2001
From: Ramkumar Chinchani <rchincha@cisco.com>
Date: Fri, 20 Dec 2019 10:37:41 -0800
Subject: [PATCH] routes: handle "mount blob" to remain compliant

"mount blob" was the only feature we didn't handle.
We don't fully support it yet because we don't have access control
support, but at least handle it and return something sane to remain
compliant.
---
 pkg/api/routes.go              | 12 ++++++++++++
 pkg/compliance/v1_0_0/check.go |  8 ++++++++
 2 files changed, 20 insertions(+)

diff --git a/pkg/api/routes.go b/pkg/api/routes.go
index bc1d9054..99bb69af 100644
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@@ -505,6 +505,18 @@ func (rh *RouteHandler) CreateBlobUpload(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
+	// blob mounts not allowed since we don't have access control yet, and this
+	// may be a uncommon use case, but remain compliant
+	if _, ok := r.URL.Query()["mount"]; ok {
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		return
+	}
+
+	if _, ok := r.URL.Query()["from"]; ok {
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		return
+	}
+
 	u, err := rh.c.ImageStore.NewBlobUpload(name)
 	if err != nil {
 		switch err {
diff --git a/pkg/compliance/v1_0_0/check.go b/pkg/compliance/v1_0_0/check.go
index a367d8c5..2458ea1f 100644
--- a/pkg/compliance/v1_0_0/check.go
+++ b/pkg/compliance/v1_0_0/check.go
@@ -377,6 +377,14 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			So(resp.Header().Get("Content-Length"), ShouldEqual, "0")
 		})
 
+		Convey("Mount blobs", func() {
+			Print("\nMount blobs from another repository")
+			// create a upload
+			resp, err := resty.R().Post(baseURL + "/v2/repo/blobs/uploads/?digest=\"abc\"&&from=\"xyz\"")
+			So(err, ShouldBeNil)
+			So(resp.StatusCode(), ShouldEqual, 405)
+		})
+
 		Convey("Manifests", func() {
 			Print("\nManifests")
 			// create a blob/layer