# Docker Registry via NGINX JSON logs -> Prometheus metrics (mtail)

# -------- Metrics (comma-separated labels)
counter registry_requests_total by method, path_class, status, repo, user, node
counter registry_pull_blob_bytes_total by repo, user, node
counter registry_pull_blob_seconds_total by repo, user, node
counter registry_push_upload_bytes_total by repo, user, node
counter registry_push_upload_seconds_total by repo, user, node

# -------- Field extraction (order-independent)
# Strings
/"method":"([A-Z]+)"/ {
  method = $1
}
/"path":"([^"]+)"/ {
  path = $1
}
/"remote_address":"([^"]*)"/ {
  node = $1
}
/"remote_user":"([^"]*)"/ {
  user = $1
}
/"docker_upload_uuid":"([^"]*)"/ {
  upload_uuid = $1
}
/"docker_content_digest":"([^"]*)"/ {
  digest = $1
}
/"upstream_range":"([^"]*)"/ {
  up_range = $1
}

# Numbers
/"status":([0-9]{3})/ {
  status = $1
  status_s = string(status)
}
/"request_time":([0-9.]+)/ {
  request_time = $1
}
/"body_bytes_sent":([0-9]+)/ {
  body_bytes_sent = $1
}

# Repo (supports namespaces) — capture everything after /v2/ up to common sections
/"path":"\/v2\/(.+?)\/(blobs|manifests|tags|_catalog)/ {
  repo = $1
}

# Defaults per line (expression-style conditionals)
/$/ {
  repo == "" { repo = "unknown" }
  user == "" { user = "anonymous" }
  node == "" { node = "unknown" }
}

# Parse upstream_range "a-b" => bytes = b+1 (exact uploaded bytes)
/"upstream_range":"([0-9]+)-([0-9]+)"/ {
  uploaded_bytes = int($2) + 1
}

# -------- Classify & emit

# PULL: GET /v2/<repo>/blobs/sha256:<digest>
/"method":"GET".*"\/v2\/.+\/blobs\/sha256:[a-f0-9]+"/ {
  registry_pull_blob_bytes_total[repo][user][node] += body_bytes_sent
  registry_pull_blob_seconds_total[repo][user][node] += request_time
  registry_requests_total[method]["pull_blob"][status_s][repo][user][node]++
}

# PUSH upload (data transfer): PATCH /v2/<repo>/blobs/uploads/<uuid> 202
/"method":"PATCH".*"\/v2\/.+\/blobs\/uploads\/[a-f0-9-]+"/ {
  uploaded_bytes > 0 {
    registry_push_upload_bytes_total[repo][user][node] += uploaded_bytes
  }
  registry_push_upload_seconds_total[repo][user][node] += request_time
  registry_requests_total[method]["push_upload"][status_s][repo][user][node]++
  uploaded_bytes = 0
}

# PUSH start/end bookkeeping
/"method":"POST".*"\/v2\/.+\/blobs\/uploads\/"/ {
  registry_requests_total[method]["push_start"][status_s][repo][user][node]++
}
/"method":"PUT".*"\/v2\/.+\/blobs\/uploads\/[a-f0-9-]+"/ {
  registry_requests_total[method]["push_commit"][status_s][repo][user][node]++
}

# Manifest pulls
/"method":"GET".*"\/v2\/.+\/manifests\/[^"]+"/ {
  registry_requests_total[method]["pull_manifest"][status_s][repo][user][node]++
}

# Manifest writes
/"method":"PUT".*"\/v2\/.+\/manifests\/[^"]+"/ {
  registry_requests_total[method]["push_manifest"][status_s][repo][user][node]++
}

# /v2/ probe (auth challenge etc.)
/"path":"\/v2\/"/ {
  registry_requests_total[method]["v2_root"][status_s]["none"][user][node]++
}