@@ -3,7 +3,6 @@ package dockerregistry

 import (

 	"crypto/tls"

 	"crypto/x509"

-	"encoding/json"

 	"fmt"

 	"io"

 	"io/ioutil"

@@ -13,174 +12,15 @@ import (

 	log "github.com/Sirupsen/logrus"

 	"github.com/docker/distribution/configuration"

 	"github.com/docker/distribution/context"

-	"github.com/docker/distribution/health"

+	"github.com/docker/distribution/registry/auth"

 	"github.com/docker/distribution/registry/handlers"

 	_ "github.com/docker/distribution/registry/storage/driver/filesystem"

 	_ "github.com/docker/distribution/registry/storage/driver/s3"

 	"github.com/docker/distribution/version"

 	gorillahandlers "github.com/gorilla/handlers"

-	"github.com/gorilla/mux"

-	_ "github.com/openshift/origin/pkg/dockerregistry/server"

+	"github.com/openshift/origin/pkg/dockerregistry/server"

 )

-func newOpenShiftHandler(app *handlers.App) http.Handler {

-	router := mux.NewRouter()

-	router.HandleFunc("/healthz", health.StatusHandler)

-	// TODO add https scheme

-	router.HandleFunc("/admin/layers", deleteLayerFunc(app)).Methods("DELETE")

-	//router.HandleFunc("/admin/manifests", deleteManifestFunc(app)).Methods("DELETE")

-	// delegate to the registry if it's not 1 of the OpenShift routes

-	router.NotFoundHandler = app

-

-	return router

-}

-

-// DeleteLayersRequest is a mapping from layers to the image repositories that

-// reference them. Below is a sample request:

-//

-// {

-//   "layer1": ["repo1", "repo2"],

-// 	 "layer2": ["repo1", "repo3"],

-// 	 ...

-// }

-type DeleteLayersRequest map[string][]string

-

-// AddLayer adds a layer to the request if it doesn't already exist.

-func (r DeleteLayersRequest) AddLayer(layer string) {

-	if _, ok := r[layer]; !ok {

-		r[layer] = []string{}

-	}

-}

-

-// AddStream adds an image stream reference to the layer.

-func (r DeleteLayersRequest) AddStream(layer, stream string) {

-	r[layer] = append(r[layer], stream)

-}

-

-type DeleteLayersResponse struct {

-	Result string

-	Errors map[string][]string

-}

-

-// deleteLayerFunc returns an http.HandlerFunc that is able to fully delete a

-// layer from storage.

-func deleteLayerFunc(app *handlers.App) http.HandlerFunc {

-	return func(w http.ResponseWriter, req *http.Request) {

-		defer req.Body.Close()

-		log.Infof("deleteLayerFunc invoked")

-

-		//TODO verify auth

-

-		body, err := ioutil.ReadAll(req.Body)

-		if err != nil {

-			//TODO

-			log.Errorf("Error reading body: %v", err)

-			w.WriteHeader(http.StatusInternalServerError)

-			return

-		}

-

-		deletions := DeleteLayersRequest{}

-		err = json.Unmarshal(body, &deletions)

-		if err != nil {

-			//TODO

-			log.Errorf("Error unmarshaling body: %v", err)

-			w.WriteHeader(http.StatusInternalServerError)

-			return

-		}

-

-		adminService := app.Registry().AdminService()

-		errs := map[string][]error{}

-		for layer, repos := range deletions {

-			log.Infof("Deleting layer=%q, repos=%v", layer, repos)

-			errs[layer] = adminService.DeleteLayer(layer, repos)

-		}

-

-		log.Infof("errs=%v", errs)

-

-		var result string

-		switch len(errs) {

-		case 0:

-			result = "success"

-		default:

-			result = "failure"

-		}

-

-		response := DeleteLayersResponse{

-			Result: result,

-			Errors: map[string][]string{},

-		}

-

-		for layer, layerErrors := range errs {

-			response.Errors[layer] = []string{}

-			for _, err := range layerErrors {

-				response.Errors[layer] = append(response.Errors[layer], err.Error())

-			}

-		}

-

-		buf, err := json.Marshal(&response)

-		if err != nil {

-			w.Write([]byte(fmt.Sprintf("Error marshaling response: %v", err)))

-			w.WriteHeader(http.StatusInternalServerError)

-			return

-		}

-

-		w.Write(buf)

-		w.WriteHeader(http.StatusOK)

-	}

-}

-

-/*

-type DeleteManifestsRequest map[string][]string

-

-func (r *DeleteManifestsRequest) AddManifest(revision string) {

-	if _, ok := r[revision]; !ok {

-		r[revision] = []string{}

-	}

-}

-

-func (r *DeleteManifestsRequest) AddStream(revision, stream string) {

-	r[revision] = append(r[revision], stream)

-}

-

-func deleteManifestsFunc(app *handlers.App) http.HandlerFunc {

-	return func(w http.ResponseWriter, req *http.Request) {

-		defer req.Body.Close()

-

-		//TODO verify auth

-

-		body, err := ioutil.ReadAll(req.Body)

-		if err != nil {

-			//TODO

-			log.Errorf("Error reading body: %v", err)

-			w.WriteHeader(http.StatusInternalServerError)

-			return

-		}

-

-		deletions := DeleteManifestsRequest{}

-		err = json.Unmarshal(body, &deletions)

-		if err != nil {

-			//TODO

-			log.Errorf("Error unmarshaling body: %v", err)

-			w.WriteHeader(http.StatusInternalServerError)

-			return

-		}

-

-		adminService := app.Registry().AdminService()

-		errs := []error{}

-		for revision, repos := range deletions {

-			log.Infof("Deleting manifest revision=%q, repos=%v", revision, repos)

-			manifestErrs := adminService.DeleteManifest(revision, repos)

-			errs = append(errs, manifestErrs...)

-		}

-

-		log.Infof("errs=%v", errs)

-

-		//TODO write response

-		w.WriteHeader(http.StatusOK)

-	}

-}

-*/

-

 // Execute runs the Docker registry.

 func Execute(configFile io.Reader) {

 	config, err := configuration.Parse(configFile)

@@ -199,8 +39,49 @@ func Execute(configFile io.Reader) {

 	ctx := context.Background()

 	app := handlers.NewApp(ctx, *config)

-	handler := newOpenShiftHandler(app)

-	handler = gorillahandlers.CombinedLoggingHandler(os.Stdout, handler)

+

+	// register OpenShift routes

+	app.RegisterRoute(app.NewRoute().Path("/healthz"), server.HealthzHandler, handlers.NameNotRequired, handlers.NoCustomAccessRecords)

+

+	// TODO add https scheme

+	adminRouter := app.NewRoute().PathPrefix("/admin/").Subrouter()

+

+	pruneAccessRecords := func(*http.Request) []auth.Access {

+		return []auth.Access{

+			{

+				Resource: auth.Resource{

+					Type: "admin",

+				},

+				Action: "prune",

+			},

+		}

+	}

+

+	app.RegisterRoute(

+		// DELETE /admin/layers

+		adminRouter.Path("/layers").Methods("DELETE"),

+		// handler

+		server.DeleteLayersHandler(app.Registry().AdminService()),

+		// repo name not required in url

+		handlers.NameNotRequired,

+		// custom access records

+		pruneAccessRecords,

+	)

+

+	app.RegisterRoute(

+		// DELETE /admin/manifests

+		adminRouter.Path("/manifests").Methods("DELETE"),

+		// handler

+		server.DeleteManifestsHandler(app.Registry().AdminService()),

+		// repo name not required in url

+		handlers.NameNotRequired,

+		// custom access records

+		pruneAccessRecords,

+	)

+

+	//app.RegisterRoute(app.NewRoute().Path("/admin/repositories/{repository}/").Methods("DELETE"), server.DeleteRepositoryHandler(app.Registry().AdminService()), func(*http.Request) bool { return true })

+

+	handler := gorillahandlers.CombinedLoggingHandler(os.Stdout, app)

 	if config.HTTP.TLS.Certificate == "" {

 		context.GetLogger(app).Infof("listening on %v", config.HTTP.Addr)

@@ -4,13 +4,14 @@ import (

 	"fmt"

 	"io"

 	"net/http"

+	"time"

 	"github.com/golang/glog"

+	"github.com/openshift/origin/pkg/dockerregistry/server"

 	imageapi "github.com/openshift/origin/pkg/image/api"

 	"github.com/openshift/origin/pkg/image/prune"

 	"github.com/spf13/cobra"

-	"github.com/openshift/origin/pkg/cmd/dockerregistry"

 	"github.com/openshift/origin/pkg/cmd/util/clientcmd"

 )

@@ -18,16 +19,16 @@ const longDesc = `

 `

 type config struct {

-	DryRun                    bool

-	MinimumResourcePruningAge int

-	TagRevisionsToKeep        int

+	DryRun             bool

+	KeepYoungerThan    time.Duration

+	TagRevisionsToKeep int

 }

 func NewCmdPruneImages(f *clientcmd.Factory, parentName, name string, out io.Writer) *cobra.Command {

 	cfg := &config{

-		DryRun: true,

-		MinimumResourcePruningAge: 60,

-		TagRevisionsToKeep:        3,

+		DryRun:             true,

+		KeepYoungerThan:    60 * time.Minute,

+		TagRevisionsToKeep: 3,

 	}

 	cmd := &cobra.Command{

@@ -45,7 +46,7 @@ func NewCmdPruneImages(f *clientcmd.Factory, parentName, name string, out io.Wri

 				glog.Fatalf("Error getting client: %v", err)

 			}

-			pruner, err := prune.NewImagePruner(cfg.MinimumResourcePruningAge, cfg.TagRevisionsToKeep, osClient, osClient, kClient, kClient, osClient, osClient, osClient)

+			pruner, err := prune.NewImagePruner(cfg.KeepYoungerThan, cfg.TagRevisionsToKeep, osClient, osClient, kClient, kClient, osClient, osClient, osClient)

 			if err != nil {

 				glog.Fatalf("Error creating image pruner: %v", err)

 			}

@@ -64,7 +65,7 @@ func NewCmdPruneImages(f *clientcmd.Factory, parentName, name string, out io.Wri

 					prune.DescribingImagePruneFunc(out)(image, referencedStreams)

 					return prune.DeletingImagePruneFunc(osClient.Images(), osClient)(image, referencedStreams)

 				}

-				layerPruneFunc = func(registryURL string, req dockerregistry.DeleteLayersRequest) (error, map[string][]error) {

+				layerPruneFunc = func(registryURL string, req server.DeleteLayersRequest) (error, map[string][]error) {

 					prune.DescribingLayerPruneFunc(out)(registryURL, req)

 					return prune.DeletingLayerPruneFunc(http.DefaultClient)(registryURL, req)

 				}

@@ -79,7 +80,7 @@ func NewCmdPruneImages(f *clientcmd.Factory, parentName, name string, out io.Wri

 	}

 	cmd.Flags().BoolVar(&cfg.DryRun, "dry-run", cfg.DryRun, "Perform an image pruning dry-run, displaying what would be deleted but not actually deleting anything (default=true).")

-	cmd.Flags().IntVar(&cfg.MinimumResourcePruningAge, "older-than", cfg.MinimumResourcePruningAge, "Specify the minimum age for an image to be prunable, as well as the minimum age for an image stream or pod that references an image to be prunable.")

+	cmd.Flags().DurationVar(&cfg.KeepYoungerThan, "keep-younger-than", cfg.KeepYoungerThan, "Specify the minimum age for an image to be prunable, as well as the minimum age for an image stream or pod that references an image to be prunable.")

 	cmd.Flags().IntVar(&cfg.TagRevisionsToKeep, "keep-tag-revisions", cfg.TagRevisionsToKeep, "Specify the number of image revisions for a tag in an image stream that will be preserved.")

 	return cmd

new file mode 100644

@@ -0,0 +1,188 @@

+package server

+

+import (

+	"encoding/json"

+	"fmt"

+	"net/http"

+

+	log "github.com/Sirupsen/logrus"

+	"github.com/docker/distribution"

+	"github.com/docker/distribution/digest"

+	"github.com/docker/distribution/registry/handlers"

+)

+

+// DeleteLayersRequest is a mapping from layers to the image repositories that

+// reference them. Below is a sample request:

+//

+// {

+//   "layer1": ["repo1", "repo2"],

+//   "layer2": ["repo1", "repo3"],

+//   ...

+// }

+type DeleteLayersRequest map[string][]string

+

+// AddLayer adds a layer to the request if it doesn't already exist.

+func (r DeleteLayersRequest) AddLayer(layer string) {

+	if _, ok := r[layer]; !ok {

+		r[layer] = []string{}

+	}

+}

+

+// AddStream adds an image stream reference to the layer.

+func (r DeleteLayersRequest) AddStream(layer, stream string) {

+	r[layer] = append(r[layer], stream)

+}

+

+type DeleteLayersResponse struct {

+	Result string

+	Errors map[string][]string

+}

+

+// deleteLayerFunc returns an http.HandlerFunc that is able to fully delete a

+// layer from storage.

+func DeleteLayersHandler(adminService distribution.AdminService) func(ctx *handlers.Context, r *http.Request) http.Handler {

+	return func(ctx *handlers.Context, r *http.Request) http.Handler {

+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {

+			defer req.Body.Close()

+			log.Infof("deleteLayerFunc invoked")

+

+			decoder := json.NewDecoder(req.Body)

+			deletions := DeleteLayersRequest{}

+			if err := decoder.Decode(&deletions); err != nil {

+				//TODO

+				log.Errorf("Error unmarshaling body: %v", err)

+				w.WriteHeader(http.StatusInternalServerError)

+				return

+			}

+

+			errs := map[string][]error{}

+			for layer, repos := range deletions {

+				log.Infof("Deleting layer=%q, repos=%v", layer, repos)

+				errs[layer] = adminService.DeleteLayer(layer, repos)

+			}

+

+			log.Infof("errs=%v", errs)

+

+			var result string

+			switch len(errs) {

+			case 0:

+				result = "success"

+			default:

+				result = "failure"

+			}

+

+			response := DeleteLayersResponse{

+				Result: result,

+				Errors: map[string][]string{},

+			}

+

+			for layer, layerErrors := range errs {

+				response.Errors[layer] = []string{}

+				for _, err := range layerErrors {

+					response.Errors[layer] = append(response.Errors[layer], err.Error())

+				}

+			}

+

+			w.Header().Set("Content-Type", "application/json; charset=utf-8")

+			encoder := json.NewEncoder(w)

+			if err := encoder.Encode(&response); err != nil {

+				w.Write([]byte(fmt.Sprintf("Error marshaling response: %v", err)))

+				w.WriteHeader(http.StatusInternalServerError)

+				return

+			}

+

+			w.WriteHeader(http.StatusOK)

+		})

+	}

+}

+

+type DeleteManifestsRequest map[string][]string

+

+func (r DeleteManifestsRequest) AddManifest(revision string) {

+	if _, ok := r[revision]; !ok {

+		r[revision] = []string{}

+	}

+}

+

+func (r DeleteManifestsRequest) AddStream(revision, stream string) {

+	r[revision] = append(r[revision], stream)

+}

+

+type DeleteManifestsResponse struct {

+	Result string

+	Errors map[string][]string

+}

+

+func DeleteManifestsHandler(adminService distribution.AdminService) func(ctx *handlers.Context, r *http.Request) http.Handler {

+	return func(ctx *handlers.Context, r *http.Request) http.Handler {

+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {

+			defer req.Body.Close()

+

+			decoder := json.NewDecoder(req.Body)

+			deletions := DeleteManifestsRequest{}

+			if err := decoder.Decode(&deletions); err != nil {

+				//TODO

+				log.Errorf("Error unmarshaling body: %v", err)

+				w.WriteHeader(http.StatusInternalServerError)

+				return

+			}

+

+			errs := map[string][]error{}

+			for revision, repos := range deletions {

+				log.Infof("Deleting manifest revision=%q, repos=%v", revision, repos)

+				dgst, err := digest.ParseDigest(revision)

+				if err != nil {

+					errs[revision] = []error{fmt.Errorf("Error parsing revision %q: %v", revision, err)}

+					continue

+				}

+				errs[revision] = adminService.DeleteManifest(dgst, repos)

+			}

+

+			log.Infof("errs=%v", errs)

+

+			var result string

+			switch len(errs) {

+			case 0:

+				result = "success"

+			default:

+				result = "failure"

+			}

+

+			response := DeleteManifestsResponse{

+				Result: result,

+				Errors: map[string][]string{},

+			}

+

+			for revision, revisionErrors := range errs {

+				response.Errors[revision] = []string{}

+				for _, err := range revisionErrors {

+					response.Errors[revision] = append(response.Errors[revision], err.Error())

+				}

+			}

+

+			w.Header().Set("Content-Type", "application/json; charset=utf-8")

+			encoder := json.NewEncoder(w)

+			if err := encoder.Encode(&response); err != nil {

+				w.Write([]byte(fmt.Sprintf("Error marshaling response: %v", err)))

+				w.WriteHeader(http.StatusInternalServerError)

+				return

+			}

+

+			w.WriteHeader(http.StatusOK)

+		})

+	}

+}

+

+func DeleteRepositoryHandler(adminService distribution.AdminService) func(ctx *handlers.Context, r *http.Request) http.Handler {

+	return func(ctx *handlers.Context, r *http.Request) http.Handler {

+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {

+			defer req.Body.Close()

+

+			if err := adminService.DeleteRepository(ctx.Repository.Name()); err != nil {

+				w.Write([]byte(fmt.Sprintf("Error deleting repository %q: %v", ctx.Repository.Name(), err)))

+			}

+

+			w.WriteHeader(http.StatusNoContent)

+		})

+	}

+}

@@ -132,7 +132,7 @@ func (ac *AccessController) Authorized(ctx context.Context, accessRecords ...reg

 		// In case of docker login, hits endpoint /v2

 		if len(accessRecords) == 0 {

-			err = VerifyOpenShiftUser(user, client)

+			err = verifyOpenShiftUser(user, client)

 			if err != nil {

 				challenge.err = err

 				return nil, challenge

@@ -143,37 +143,46 @@ func (ac *AccessController) Authorized(ctx context.Context, accessRecords ...reg

 	for _, access := range accessRecords {

 		log.Debugf("%s:%s:%s", access.Resource.Type, access.Resource.Name, access.Action)

-		if access.Resource.Type != "repository" {

-			continue

-		}

-

-		repoParts := strings.SplitN(access.Resource.Name, "/", 2)

-		if len(repoParts) != 2 {

-			challenge.err = ErrNamespaceRequired

-			return nil, challenge

-		}

+		switch access.Resource.Type {

+		case "repository":

+			repoParts := strings.SplitN(access.Resource.Name, "/", 2)

+			if len(repoParts) != 2 {

+				challenge.err = ErrNamespaceRequired

+				return nil, challenge

+			}

-		verb := ""

-		switch access.Action {

-		case "push":

-			verb = "update"

-		case "pull":

-			verb = "get"

-		default:

-			challenge.err = fmt.Errorf("Unknown action: %s", access.Action)

-			return nil, challenge

-		}

+			verb := ""

+			switch access.Action {

+			case "push":

+				verb = "update"

+			case "pull":

+				verb = "get"

+			default:

+				challenge.err = fmt.Errorf("Unknown action: %s", access.Action)

+				return nil, challenge

+			}

-		err = VerifyOpenShiftAccess(repoParts[0], repoParts[1], verb, client)

-		if err != nil {

-			challenge.err = err

-			return nil, challenge

+			if err := verifyImageStreamAccess(repoParts[0], repoParts[1], verb, client); err != nil {

+				challenge.err = err

+				return nil, challenge

+			}

+		case "admin":

+			switch access.Action {

+			case "prune":

+				if err := verifyPruneAccess(client); err != nil {

+					challenge.err = err

+					return nil, challenge

+				}

+			default:

+				challenge.err = fmt.Errorf("Unknown action: %s", access.Action)

+				return nil, challenge

+			}

 		}

 	}

 	return WithUserClient(ctx, client), nil

 }

-func VerifyOpenShiftUser(user string, client *client.Client) error {

+func verifyOpenShiftUser(user string, client *client.Client) error {

 	userObj, err := client.Users().Get("~")

 	if err != nil {

 		log.Errorf("Get user failed with error: %s", err)

@@ -186,7 +195,7 @@ func VerifyOpenShiftUser(user string, client *client.Client) error {

 	return nil

 }

-func VerifyOpenShiftAccess(namespace, imageRepo, verb string, client *client.Client) error {

+func verifyImageStreamAccess(namespace, imageRepo, verb string, client *client.Client) error {

 	sar := authorizationapi.SubjectAccessReview{

 		Verb:         verb,

 		Resource:     "imageStreams",

@@ -203,3 +212,20 @@ func VerifyOpenShiftAccess(namespace, imageRepo, verb string, client *client.Cli

 	}

 	return nil

 }

+

+func verifyPruneAccess(client *client.Client) error {

+	sar := authorizationapi.SubjectAccessReview{

+		Verb:     "delete",

+		Resource: "images",

+	}

+	response, err := client.ClusterSubjectAccessReviews().Create(&sar)

+	if err != nil {

+		log.Errorf("OpenShift client error: %s", err)

+		return ErrOpenShiftAccessDenied

+	}

+	if !response.Allowed {

+		log.Errorf("OpenShift access denied: %s", response.Reason)

+		return ErrOpenShiftAccessDenied

+	}

+	return nil

+}

new file mode 100644

@@ -0,0 +1,12 @@

+package server

+

+import (

+	"net/http"

+

+	"github.com/docker/distribution/health"

+	"github.com/docker/distribution/registry/handlers"

+)

+

+func HealthzHandler(ctx *handlers.Context, r *http.Request) http.Handler {

+	return http.HandlerFunc(health.StatusHandler)

+}

@@ -8,6 +8,7 @@ import (

 	"io"

 	"io/ioutil"

 	"net/http"

+	"time"

 	kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api"

 	kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client"

@@ -20,8 +21,8 @@ import (

 	buildapi "github.com/openshift/origin/pkg/build/api"

 	buildutil "github.com/openshift/origin/pkg/build/util"

 	"github.com/openshift/origin/pkg/client"

-	"github.com/openshift/origin/pkg/cmd/dockerregistry"

 	deployapi "github.com/openshift/origin/pkg/deploy/api"

+	"github.com/openshift/origin/pkg/dockerregistry/server"

 	imageapi "github.com/openshift/origin/pkg/image/api"

 	"github.com/openshift/origin/pkg/image/registry/imagestreamimage"

 )

@@ -29,8 +30,8 @@ import (

 // pruneAlgorithm contains the various settings to use when evaluating images

 // and layers for pruning.

 type pruneAlgorithm struct {

-	minimumAgeInMinutesToPrune int

-	tagRevisionsToKeep         int

+	keepYoungerThan    time.Duration

+	tagRevisionsToKeep int

 }

 // ImagePruneFunc is a function that is invoked for each image that is

@@ -40,7 +41,7 @@ type ImagePruneFunc func(image *imageapi.Image, streams []*imageapi.ImageStream)

 // LayerPruneFunc is a function that is invoked for each registry, along with

 // a DeleteLayersRequest that contains the layers that can be pruned and the

 // image stream names that reference each layer.

-type LayerPruneFunc func(registryURL string, req dockerregistry.DeleteLayersRequest) (requestError error, layerErrors map[string][]error)

+type LayerPruneFunc func(registryURL string, req server.DeleteLayersRequest) (requestError error, layerErrors map[string][]error)

 // ImagePruner knows how to prune images and layers.

 type ImagePruner interface {

@@ -59,10 +60,10 @@ var _ ImagePruner = &imagePruner{}

 /*

 NewImagePruner creates a new ImagePruner.

-minimumAgeInMinutesToPrune is the minimum age, in minutes, that a resource

-must be in order for the image it references (or an image itself) to be a

-candidate for pruning. For example, if minimumAgeInMinutesToPrune is 60, and

-an ImageStream is only 59 minutes old, none of the images it references are

+Images younger than keepYoungerThan and images referenced by image streams

+and/or pods younger than keepYoungerThan are preserved. All other images are

+candidates for pruning. For example, if keepYoungerThan is 60m, and an

+ImageStream is only 59 minutes old, none of the images it references are

 eligible for pruning.

 tagRevisionsToKeep is the number of revisions per tag in an image stream's

@@ -92,7 +93,7 @@ ImageStreams having a reference to the image in `status.tags`.

 Also automatically remove any image layer that is no longer referenced by any

 images.

 */

-func NewImagePruner(minimumAgeInMinutesToPrune int, tagRevisionsToKeep int, images client.ImagesInterfacer, streams client.ImageStreamsNamespacer, pods kclient.PodsNamespacer, rcs kclient.ReplicationControllersNamespacer, bcs client.BuildConfigsNamespacer, builds client.BuildsNamespacer, dcs client.DeploymentConfigsNamespacer) (ImagePruner, error) {

+func NewImagePruner(keepYoungerThan time.Duration, tagRevisionsToKeep int, images client.ImagesInterfacer, streams client.ImageStreamsNamespacer, pods kclient.PodsNamespacer, rcs kclient.ReplicationControllersNamespacer, bcs client.BuildConfigsNamespacer, builds client.BuildsNamespacer, dcs client.DeploymentConfigsNamespacer) (ImagePruner, error) {

 	allImages, err := images.Images().List(labels.Everything(), fields.Everything())

 	if err != nil {

 		return nil, fmt.Errorf("Error listing images: %v", err)

@@ -128,18 +129,18 @@ func NewImagePruner(minimumAgeInMinutesToPrune int, tagRevisionsToKeep int, imag

 		return nil, fmt.Errorf("Error listing deployment configs: %v", err)

 	}

-	return newImagePruner(minimumAgeInMinutesToPrune, tagRevisionsToKeep, allImages, allStreams, allPods, allRCs, allBCs, allBuilds, allDCs), nil

+	return newImagePruner(keepYoungerThan, tagRevisionsToKeep, allImages, allStreams, allPods, allRCs, allBCs, allBuilds, allDCs), nil

 }

 // newImagePruner creates a new ImagePruner.

-func newImagePruner(minimumAgeInMinutesToPrune int, tagRevisionsToKeep int, images *imageapi.ImageList, streams *imageapi.ImageStreamList, pods *kapi.PodList, rcs *kapi.ReplicationControllerList, bcs *buildapi.BuildConfigList, builds *buildapi.BuildList, dcs *deployapi.DeploymentConfigList) ImagePruner {

+func newImagePruner(keepYoungerThan time.Duration, tagRevisionsToKeep int, images *imageapi.ImageList, streams *imageapi.ImageStreamList, pods *kapi.PodList, rcs *kapi.ReplicationControllerList, bcs *buildapi.BuildConfigList, builds *buildapi.BuildList, dcs *deployapi.DeploymentConfigList) ImagePruner {

 	g := graph.New()

-	glog.V(1).Infof("Creating image pruner with minimumAgeInMinutesToPrune=%d, tagRevisionsToKeep=%d", minimumAgeInMinutesToPrune, tagRevisionsToKeep)

+	glog.V(1).Infof("Creating image pruner with keepYoungerThan=%v, tagRevisionsToKeep=%d", keepYoungerThan, tagRevisionsToKeep)

 	algorithm := pruneAlgorithm{

-		minimumAgeInMinutesToPrune: minimumAgeInMinutesToPrune,

-		tagRevisionsToKeep:         tagRevisionsToKeep,

+		keepYoungerThan:    keepYoungerThan,

+		tagRevisionsToKeep: tagRevisionsToKeep,

 	}

 	addImagesToGraph(g, images, algorithm)

@@ -176,9 +177,8 @@ func addImagesToGraph(g graph.Graph, images *imageapi.ImageList, algorithm prune

 		}

 		age := util.Now().Sub(image.CreationTimestamp.Time)

-		ageInMinutes := int(age.Minutes())

-		if ageInMinutes < algorithm.minimumAgeInMinutesToPrune {

-			glog.V(4).Infof("Image %q is younger than minimum pruning age, skipping (age=%d)", image.Name, ageInMinutes)

+		if age < algorithm.keepYoungerThan {

+			glog.V(4).Infof("Image %q is younger than minimum pruning age, skipping (age=%v)", image.Name, age)

 			continue

 		}

@@ -218,7 +218,7 @@ func addImageStreamsToGraph(g graph.Graph, streams *imageapi.ImageStreamList, al

 		oldImageRevisionReferenceKind := graph.WeakReferencedImageGraphEdgeKind

 		age := util.Now().Sub(stream.CreationTimestamp.Time)

-		if int(age.Minutes()) < algorithm.minimumAgeInMinutesToPrune {

+		if age < algorithm.keepYoungerThan {

 			// stream's age is below threshold - use a strong reference for old image revisions instead

 			glog.V(4).Infof("Stream %s/%s is below age threshold - none of its images are eligible for pruning", stream.Namespace, stream.Name)

 			oldImageRevisionReferenceKind = graph.ReferencedImageGraphEdgeKind

@@ -277,7 +277,7 @@ func addPodsToGraph(g graph.Graph, pods *kapi.PodList, algorithm pruneAlgorithm)

 		if pod.Status.Phase != kapi.PodRunning && pod.Status.Phase != kapi.PodPending {

 			age := util.Now().Sub(pod.CreationTimestamp.Time)

-			if int(age.Minutes()) >= algorithm.minimumAgeInMinutesToPrune {

+			if age >= algorithm.keepYoungerThan {

 				glog.V(4).Infof("Pod %s/%s is not running or pending and age is at least minimum pruning age - skipping", pod.Namespace, pod.Name)

 				// not pending or running, age is at least minimum pruning age, skip

 				continue

@@ -538,10 +538,10 @@ func streamLayerReferences(g graph.Graph, layerNode *graph.ImageLayerNode) []*gr

 }

 // pruneLayers creates a mapping of registryURLs to

-// dockerregistry.DeleteLayersRequest objects, invoking layerPruneFunc for each

+// server.DeleteLayersRequest objects, invoking layerPruneFunc for each

 // registryURL and request.

 func pruneLayers(g graph.Graph, layerNodes []*graph.ImageLayerNode, layerPruneFunc LayerPruneFunc) {

-	registryDeletionRequests := map[string]dockerregistry.DeleteLayersRequest{}

+	registryDeletionRequests := map[string]server.DeleteLayersRequest{}

 	for _, layerNode := range layerNodes {

 		glog.V(4).Infof("Examining layer %q", layerNode.Layer)

@@ -571,7 +571,7 @@ func pruneLayers(g graph.Graph, layerNodes []*graph.ImageLayerNode, layerPruneFu

 			deletionRequest, ok := registryDeletionRequests[ref.Registry]

 			if !ok {

 				glog.V(4).Infof("Request not found - creating new one")

-				deletionRequest = dockerregistry.DeleteLayersRequest{}

+				deletionRequest = server.DeleteLayersRequest{}

 				registryDeletionRequests[ref.Registry] = deletionRequest

 			}

@@ -648,7 +648,7 @@ func DeletingImagePruneFunc(images client.ImageInterface, streams client.ImageSt

 // DescribingLayerPruneFunc returns a LayerPruneFunc that writes information

 // about the layers that are eligible for pruning to out.

 func DescribingLayerPruneFunc(out io.Writer) LayerPruneFunc {

-	return func(registryURL string, deletions dockerregistry.DeleteLayersRequest) (error, map[string][]error) {

+	return func(registryURL string, deletions server.DeleteLayersRequest) (error, map[string][]error) {

 		result := map[string][]error{}

 		fmt.Fprintf(out, "Pruning from registry %q\n", registryURL)

@@ -676,7 +676,7 @@ func DescribingLayerPruneFunc(out io.Writer) LayerPruneFunc {

 // key being a layer, and each value being a list of Docker image repository

 // names referenced by the layer.

 func DeletingLayerPruneFunc(registryClient *http.Client) LayerPruneFunc {

-	return func(registryURL string, deletions dockerregistry.DeleteLayersRequest) (requestError error, layerErrors map[string][]error) {

+	return func(registryURL string, deletions server.DeleteLayersRequest) (requestError error, layerErrors map[string][]error) {

 		glog.V(4).Infof("Starting pruning of layers from %q, req %#v", registryURL, deletions)

 		body, err := json.Marshal(&deletions)

 		if err != nil {

@@ -710,7 +710,7 @@ func DeletingLayerPruneFunc(registryClient *http.Client) LayerPruneFunc {

 			return fmt.Errorf("Unexpected status code %d in response %s", resp.StatusCode, buf), nil

 		}

-		var deleteResponse dockerregistry.DeleteLayersResponse

+		var deleteResponse server.DeleteLayersResponse

 		if err := json.Unmarshal(buf, &deleteResponse); err != nil {

 			glog.Errorf("Error unmarshaling response: %v", err)

 			return fmt.Errorf("Error unmarshaling response: %v", err), nil

@@ -4,7 +4,7 @@ import (

 	"fmt"

 	"io"

-	"github.com/openshift/origin/pkg/cmd/dockerregistry"

+	"github.com/openshift/origin/pkg/dockerregistry/server"

 	imageapi "github.com/openshift/origin/pkg/image/api"

 )

@@ -93,7 +93,7 @@ func (p *summarizingPruner) imagePruneFunc(base ImagePruneFunc) ImagePruneFunc {

 }

 func (p *summarizingPruner) layerPruneFunc(base LayerPruneFunc) LayerPruneFunc {

-	return func(registryURL string, req dockerregistry.DeleteLayersRequest) (error, map[string][]error) {

+	return func(registryURL string, req server.DeleteLayersRequest) (error, map[string][]error) {

 		requestError, layerErrors := base(registryURL, req)

 		p.registryResults[registryURL] = registryResult{

 			requestError: requestError,