2021-06-08 15:11:18 -05:00
|
|
|
package config
|
2019-06-20 18:36:40 -05:00
|
|
|
|
|
|
|
import (
|
2022-08-10 17:28:52 -05:00
|
|
|
"os"
|
2022-02-09 19:51:35 -05:00
|
|
|
"time"
|
2021-05-13 13:59:12 -05:00
|
|
|
|
2019-08-15 11:34:54 -05:00
|
|
|
"github.com/getlantern/deepcopy"
|
2021-05-21 15:47:28 -05:00
|
|
|
distspec "github.com/opencontainers/distribution-spec/specs-go"
|
2022-10-20 11:39:20 -05:00
|
|
|
|
2021-12-03 22:50:58 -05:00
|
|
|
extconf "zotregistry.io/zot/pkg/extensions/config"
|
2022-02-09 19:51:35 -05:00
|
|
|
"zotregistry.io/zot/pkg/storage"
|
2019-06-20 18:36:40 -05:00
|
|
|
)
|
|
|
|
|
2021-02-12 19:52:02 -05:00
|
|
|
var (
|
2022-10-05 05:21:14 -05:00
|
|
|
Commit string //nolint: gochecknoglobals
|
2022-10-11 11:01:59 -05:00
|
|
|
ReleaseTag string //nolint: gochecknoglobals
|
2022-10-05 05:21:14 -05:00
|
|
|
BinaryType string //nolint: gochecknoglobals
|
|
|
|
GoVersion string //nolint: gochecknoglobals
|
2021-02-12 19:52:02 -05:00
|
|
|
)
|
2019-09-16 13:01:59 -05:00
|
|
|
|
2019-06-20 18:36:40 -05:00
|
|
|
type StorageConfig struct {
|
|
|
|
RootDirectory string
|
2020-04-15 18:24:05 -05:00
|
|
|
Dedupe bool
|
2022-11-02 17:53:08 -05:00
|
|
|
RemoteCache bool
|
|
|
|
GC bool
|
2022-01-20 23:11:44 -05:00
|
|
|
Commit bool
|
2022-02-09 19:51:35 -05:00
|
|
|
GCDelay time.Duration
|
2022-03-21 13:40:37 -05:00
|
|
|
GCInterval time.Duration
|
2021-07-16 22:53:05 -05:00
|
|
|
StorageDriver map[string]interface{} `mapstructure:",omitempty"`
|
2022-11-22 13:29:57 -05:00
|
|
|
CacheDriver map[string]interface{} `mapstructure:",omitempty"`
|
2019-06-20 18:36:40 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
type TLSConfig struct {
|
|
|
|
Cert string
|
|
|
|
Key string
|
|
|
|
CACert string
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthHTPasswd struct {
|
|
|
|
Path string
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthConfig struct {
|
|
|
|
FailDelay int
|
|
|
|
HTPasswd AuthHTPasswd
|
2019-08-15 11:34:54 -05:00
|
|
|
LDAP *LDAPConfig
|
2020-01-24 16:32:38 -05:00
|
|
|
Bearer *BearerConfig
|
|
|
|
}
|
|
|
|
|
|
|
|
type BearerConfig struct {
|
|
|
|
Realm string
|
|
|
|
Service string
|
|
|
|
Cert string
|
2019-06-20 18:36:40 -05:00
|
|
|
}
|
|
|
|
|
2022-01-21 15:30:09 -05:00
|
|
|
type MethodRatelimitConfig struct {
|
|
|
|
Method string
|
|
|
|
Rate int
|
|
|
|
}
|
|
|
|
|
|
|
|
type RatelimitConfig struct {
|
|
|
|
Rate *int // requests per second
|
|
|
|
Methods []MethodRatelimitConfig `mapstructure:",omitempty"`
|
|
|
|
}
|
|
|
|
|
2019-06-20 18:36:40 -05:00
|
|
|
type HTTPConfig struct {
|
2023-03-08 14:47:15 -05:00
|
|
|
Address string
|
|
|
|
Port string
|
|
|
|
AllowOrigin string // comma separated
|
|
|
|
TLS *TLSConfig
|
|
|
|
Auth *AuthConfig
|
2023-03-09 13:43:26 -05:00
|
|
|
AccessControl *AccessControlConfig `mapstructure:"accessControl,omitempty"`
|
2023-03-08 14:47:15 -05:00
|
|
|
Realm string
|
|
|
|
Ratelimit *RatelimitConfig `mapstructure:",omitempty"`
|
2019-06-20 18:36:40 -05:00
|
|
|
}
|
|
|
|
|
2019-08-15 11:34:54 -05:00
|
|
|
type LDAPConfig struct {
|
2023-03-08 14:47:15 -05:00
|
|
|
Port int
|
|
|
|
Insecure bool
|
|
|
|
StartTLS bool // if !Insecure, then StartTLS or LDAPs
|
|
|
|
SkipVerify bool
|
|
|
|
SubtreeSearch bool
|
|
|
|
Address string
|
|
|
|
BindDN string
|
|
|
|
UserGroupAttribute string
|
|
|
|
BindPassword string
|
|
|
|
BaseDN string
|
|
|
|
UserAttribute string
|
|
|
|
CACert string
|
2019-08-15 11:34:54 -05:00
|
|
|
}
|
|
|
|
|
2019-06-20 18:36:40 -05:00
|
|
|
type LogConfig struct {
|
|
|
|
Level string
|
|
|
|
Output string
|
2021-05-25 03:38:21 -05:00
|
|
|
Audit string
|
2019-06-20 18:36:40 -05:00
|
|
|
}
|
|
|
|
|
2021-04-05 19:40:33 -05:00
|
|
|
type GlobalStorageConfig struct {
|
2022-11-02 17:53:08 -05:00
|
|
|
StorageConfig `mapstructure:",squash"`
|
2021-04-05 19:40:33 -05:00
|
|
|
SubPaths map[string]StorageConfig
|
|
|
|
}
|
|
|
|
|
2021-06-08 15:11:18 -05:00
|
|
|
type AccessControlConfig struct {
|
2023-03-08 14:47:15 -05:00
|
|
|
Repositories Repositories `json:"repositories" mapstructure:"repositories"`
|
2021-06-08 15:11:18 -05:00
|
|
|
AdminPolicy Policy
|
2023-03-08 14:47:15 -05:00
|
|
|
Groups Groups
|
2021-06-08 15:11:18 -05:00
|
|
|
}
|
|
|
|
|
2023-03-08 14:47:15 -05:00
|
|
|
type (
|
|
|
|
Repositories map[string]PolicyGroup
|
|
|
|
Groups map[string]Group
|
|
|
|
)
|
|
|
|
|
|
|
|
type Group struct {
|
|
|
|
Users []string
|
|
|
|
}
|
2021-06-08 15:11:18 -05:00
|
|
|
|
|
|
|
type PolicyGroup struct {
|
2022-07-14 10:13:46 -05:00
|
|
|
Policies []Policy
|
|
|
|
DefaultPolicy []string
|
|
|
|
AnonymousPolicy []string
|
2021-06-08 15:11:18 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
type Policy struct {
|
|
|
|
Users []string
|
|
|
|
Actions []string
|
2023-03-08 14:47:15 -05:00
|
|
|
Groups []string
|
2021-06-08 15:11:18 -05:00
|
|
|
}
|
|
|
|
|
2019-06-20 18:36:40 -05:00
|
|
|
type Config struct {
|
2022-03-07 07:50:15 -05:00
|
|
|
DistSpecVersion string `json:"distSpecVersion" mapstructure:"distSpecVersion"`
|
|
|
|
GoVersion string
|
|
|
|
Commit string
|
2022-10-11 11:01:59 -05:00
|
|
|
ReleaseTag string
|
2022-03-07 07:50:15 -05:00
|
|
|
BinaryType string
|
|
|
|
Storage GlobalStorageConfig
|
|
|
|
HTTP HTTPConfig
|
|
|
|
Log *LogConfig
|
|
|
|
Extensions *extconf.ExtensionConfig
|
2019-06-20 18:36:40 -05:00
|
|
|
}
|
|
|
|
|
2021-06-08 15:11:18 -05:00
|
|
|
func New() *Config {
|
2019-06-20 18:36:40 -05:00
|
|
|
return &Config{
|
2022-03-07 07:50:15 -05:00
|
|
|
DistSpecVersion: distspec.Version,
|
|
|
|
GoVersion: GoVersion,
|
|
|
|
Commit: Commit,
|
2022-10-11 11:01:59 -05:00
|
|
|
ReleaseTag: ReleaseTag,
|
2022-03-07 07:50:15 -05:00
|
|
|
BinaryType: BinaryType,
|
2022-11-02 17:53:08 -05:00
|
|
|
Storage: GlobalStorageConfig{
|
|
|
|
StorageConfig: StorageConfig{GC: true, GCDelay: storage.DefaultGCDelay, Dedupe: true},
|
|
|
|
},
|
|
|
|
HTTP: HTTPConfig{Address: "127.0.0.1", Port: "8080", Auth: &AuthConfig{FailDelay: 0}},
|
|
|
|
Log: &LogConfig{Level: "debug"},
|
2019-08-15 11:34:54 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-10 17:28:52 -05:00
|
|
|
func (expConfig StorageConfig) ParamsEqual(actConfig StorageConfig) bool {
|
|
|
|
return expConfig.GC == actConfig.GC && expConfig.Dedupe == actConfig.Dedupe &&
|
|
|
|
expConfig.GCDelay == actConfig.GCDelay && expConfig.GCInterval == actConfig.GCInterval
|
|
|
|
}
|
|
|
|
|
|
|
|
// SameFile compare two files.
|
|
|
|
// This method will first do the stat of two file and compare using os.SameFile method.
|
|
|
|
func SameFile(str1, str2 string) (bool, error) {
|
|
|
|
sFile, err := os.Stat(str1)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
tFile, err := os.Stat(str2)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return os.SameFile(sFile, tFile), nil
|
|
|
|
}
|
|
|
|
|
2020-05-11 17:13:24 -05:00
|
|
|
// Sanitize makes a sanitized copy of the config removing any secrets.
|
2019-08-15 11:34:54 -05:00
|
|
|
func (c *Config) Sanitize() *Config {
|
2021-12-13 14:23:31 -05:00
|
|
|
sanitizedConfig := &Config{}
|
|
|
|
if err := deepcopy.Copy(sanitizedConfig, c); err != nil {
|
2021-06-08 15:11:18 -05:00
|
|
|
panic(err)
|
|
|
|
}
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2021-06-08 15:11:18 -05:00
|
|
|
if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil && c.HTTP.Auth.LDAP.BindPassword != "" {
|
2021-12-13 14:23:31 -05:00
|
|
|
sanitizedConfig.HTTP.Auth.LDAP = &LDAPConfig{}
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2021-12-13 14:23:31 -05:00
|
|
|
if err := deepcopy.Copy(sanitizedConfig.HTTP.Auth.LDAP, c.HTTP.Auth.LDAP); err != nil {
|
2019-08-15 11:34:54 -05:00
|
|
|
panic(err)
|
|
|
|
}
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2021-12-13 14:23:31 -05:00
|
|
|
sanitizedConfig.HTTP.Auth.LDAP.BindPassword = "******"
|
2019-08-15 11:34:54 -05:00
|
|
|
}
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2021-12-13 14:23:31 -05:00
|
|
|
return sanitizedConfig
|
2019-08-15 11:34:54 -05:00
|
|
|
}
|