zot/pkg/api/controller.go

package api

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"net"
	"net/http"
	"time"

	"github.com/anuvu/zot/errors"
	"github.com/anuvu/zot/pkg/api/config"
	ext "github.com/anuvu/zot/pkg/extensions"
	"github.com/anuvu/zot/pkg/extensions/monitoring"
	"github.com/anuvu/zot/pkg/log"
	"github.com/anuvu/zot/pkg/storage"
	"github.com/anuvu/zot/pkg/storage/s3"
	"github.com/gorilla/handlers"
	"github.com/gorilla/mux"

	"github.com/docker/distribution/registry/storage/driver/factory"
)

const (
	idleTimeout = 120 * time.Second
)

type Controller struct {
	Config          *config.Config
	Router          *mux.Router
	StoreController storage.StoreController
	Log             log.Logger
	Audit           *log.Logger
	Server          *http.Server
	Metrics         monitoring.MetricServer
}

func NewController(config *config.Config) *Controller {
	var controller Controller

	logger := log.NewLogger(config.Log.Level, config.Log.Output)

	controller.Config = config
	controller.Log = logger

	if config.Log.Audit != "" {
		audit := log.NewAuditLogger(config.Log.Level, config.Log.Audit)
		controller.Audit = audit
	}

	return &controller
}

func DefaultHeaders() mux.MiddlewareFunc {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			// CORS
			w.Header().Set("Access-Control-Allow-Origin", "*")
			w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")

			// handle the request
			next.ServeHTTP(w, r)
		})
	}
}

// nolint: gocyclo
func (c *Controller) Run() error {
	// validate configuration
	if err := c.Config.Validate(c.Log); err != nil {
		c.Log.Error().Err(err).Msg("configuration validation failed")
		return err
	}

	// print the current configuration, but strip secrets
	c.Log.Info().Interface("params", c.Config.Sanitize()).Msg("configuration settings")

	engine := mux.NewRouter()
	engine.Use(DefaultHeaders(),
		SessionLogger(c),
		handlers.RecoveryHandler(handlers.RecoveryLogger(c.Log),
			handlers.PrintRecoveryStack(false)))

	if c.Audit != nil {
		engine.Use(SessionAuditLogger(c.Audit))
	}

	c.Router = engine
	c.Router.UseEncodedPath()

	var enabled bool
	if c.Config != nil &&
		c.Config.Extensions != nil &&
		c.Config.Extensions.Metrics != nil &&
		c.Config.Extensions.Metrics.Enable {
		enabled = true
	}

	c.Metrics = monitoring.NewMetricsServer(enabled, c.Log)
	c.StoreController = storage.StoreController{}

	if c.Config.Storage.RootDirectory != "" {
		if c.Config.Storage.Dedupe {
			err := storage.ValidateHardLink(c.Config.Storage.RootDirectory)
			if err != nil {
				c.Log.Warn().Msg("input storage root directory filesystem does not supports hardlinking," +
					"disabling dedupe functionality")

				c.Config.Storage.Dedupe = false
			}
		}

		var defaultStore storage.ImageStore
		if len(c.Config.Storage.StorageDriver) == 0 {
			defaultStore = storage.NewImageStore(c.Config.Storage.RootDirectory,
				c.Config.Storage.GC, c.Config.Storage.Dedupe, c.Log, c.Metrics)
		} else {
			storeName := fmt.Sprintf("%v", c.Config.Storage.StorageDriver["name"])
			if storeName != storage.S3StorageDriverName {
				c.Log.Fatal().Err(errors.ErrBadConfig).Msgf("unsupported storage driver: %s",
					c.Config.Storage.StorageDriver["name"])
			}
			// Init a Storager from connection string.
			store, err := factory.Create(storeName, c.Config.Storage.StorageDriver)
			if err != nil {
				c.Log.Error().Err(err).Str("rootDir", c.Config.Storage.RootDirectory).Msg("unable to create s3 service")
				return err
			}

			defaultStore = s3.NewImageStore(c.Config.Storage.RootDirectory,
				c.Config.Storage.GC, c.Config.Storage.Dedupe, c.Log, c.Metrics, store)
		}

		c.StoreController.DefaultStore = defaultStore

		// Enable extensions if extension config is provided
		if c.Config != nil && c.Config.Extensions != nil {
			ext.EnableExtensions(c.Config, c.Log, c.Config.Storage.RootDirectory)

			if c.Config.Extensions.Sync != nil {
				ext.EnableSyncExtension(c.Config, c.Log, c.StoreController)
			}
		}
	} else {
		// we can't proceed without global storage
		c.Log.Error().Err(errors.ErrImgStoreNotFound).Msg("controller: no storage config provided")

		return errors.ErrImgStoreNotFound
	}

	if c.Config.Storage.SubPaths != nil {
		if len(c.Config.Storage.SubPaths) > 0 {
			subPaths := c.Config.Storage.SubPaths

			subImageStore := make(map[string]storage.ImageStore)

			// creating image store per subpaths
			for route, storageConfig := range subPaths {
				if storageConfig.Dedupe {
					err := storage.ValidateHardLink(storageConfig.RootDirectory)
					if err != nil {
						c.Log.Warn().Msg("input storage root directory filesystem does not supports hardlinking, " +
							"disabling dedupe functionality")

						storageConfig.Dedupe = false
					}
				}

				if len(storageConfig.StorageDriver) == 0 {
					subImageStore[route] = storage.NewImageStore(storageConfig.RootDirectory,
						storageConfig.GC, storageConfig.Dedupe, c.Log, c.Metrics)
				} else {
					storeName := fmt.Sprintf("%v", storageConfig.StorageDriver["name"])
					if storeName != storage.S3StorageDriverName {
						c.Log.Fatal().Err(errors.ErrBadConfig).Msgf("unsupported storage driver: %s", storageConfig.StorageDriver["name"])
					}

					// Init a Storager from connection string.
					store, err := factory.Create(storeName, storageConfig.StorageDriver)
					if err != nil {
						c.Log.Error().Err(err).Str("rootDir", storageConfig.RootDirectory).Msg("Unable to create s3 service")
						return err
					}

					subImageStore[route] = s3.NewImageStore(storageConfig.RootDirectory,
						storageConfig.GC, storageConfig.Dedupe, c.Log, c.Metrics, store)
				}

				// Enable extensions if extension config is provided
				if c.Config != nil && c.Config.Extensions != nil {
					ext.EnableExtensions(c.Config, c.Log, storageConfig.RootDirectory)
				}
			}

			c.StoreController.SubStore = subImageStore
		}
	}

	monitoring.SetServerInfo(c.Metrics, c.Config.Commit, c.Config.BinaryType, c.Config.GoVersion, c.Config.Version)
	_ = NewRouteHandler(c)

	addr := fmt.Sprintf("%s:%s", c.Config.HTTP.Address, c.Config.HTTP.Port)
	server := &http.Server{
		Addr:        addr,
		Handler:     c.Router,
		IdleTimeout: idleTimeout,
	}
	c.Server = server

	// Create the listener
	l, err := net.Listen("tcp", addr)
	if err != nil {
		return err
	}

	if c.Config.HTTP.TLS != nil && c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" {
		if c.Config.HTTP.TLS.CACert != "" {
			clientAuth := tls.VerifyClientCertIfGiven
			if (c.Config.HTTP.Auth == nil || c.Config.HTTP.Auth.HTPasswd.Path == "") && !c.Config.HTTP.AllowReadAccess {
				clientAuth = tls.RequireAndVerifyClientCert
			}

			caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert)
			if err != nil {
				panic(err)
			}

			caCertPool := x509.NewCertPool()

			if !caCertPool.AppendCertsFromPEM(caCert) {
				panic(errors.ErrBadCACert)
			}

			server.TLSConfig = &tls.Config{
				ClientAuth:               clientAuth,
				ClientCAs:                caCertPool,
				PreferServerCipherSuites: true,
				MinVersion:               tls.VersionTLS12,
			}
			server.TLSConfig.BuildNameToCertificate() // nolint: staticcheck
		}

		return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)
	}

	return server.Serve(l)
}
zot: initial commit 2019-06-20 18:36:40 -05:00			`package api`

			`import (`
			`"crypto/tls"`
			`"crypto/x509"`
			`"fmt"`
			`"io/ioutil"`
			`"net"`
			`"net/http"`
server: add idle timeout in http server configuration 2021-04-22 14:18:33 -05:00			`"time"`
zot: initial commit 2019-06-20 18:36:40 -05:00
tls: harden TLS path 2019-08-27 17:01:29 -05:00			`"github.com/anuvu/zot/errors"`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`"github.com/anuvu/zot/pkg/api/config"`
build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00			`ext "github.com/anuvu/zot/pkg/extensions"`
Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00			`"github.com/anuvu/zot/pkg/extensions/monitoring"`
log: improve logging - add a panic recovery handler - add logs on unexpected error paths - use logger's panic method 2019-11-25 17:33:58 -05:00			`"github.com/anuvu/zot/pkg/log"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`"github.com/anuvu/zot/pkg/storage"`
storage: add s3 backend support (without GC and dedupe) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-07-16 22:53:05 -05:00			`"github.com/anuvu/zot/pkg/storage/s3"`
log: improve logging - add a panic recovery handler - add logs on unexpected error paths - use logger's panic method 2019-11-25 17:33:58 -05:00			`"github.com/gorilla/handlers"`
router: move to gorilla/mux to support multiple name path components 2019-07-10 00:23:59 -05:00			`"github.com/gorilla/mux"`
storage: add s3 backend support (without GC and dedupe) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-07-16 22:53:05 -05:00
			`"github.com/docker/distribution/registry/storage/driver/factory"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`)`

server: add idle timeout in http server configuration 2021-04-22 14:18:33 -05:00			`const (`
			`idleTimeout = 120 * time.Second`
			`)`

zot: initial commit 2019-06-20 18:36:40 -05:00			`type Controller struct {`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`Config *config.Config`
config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00			`Router *mux.Router`
			`StoreController storage.StoreController`
			`Log log.Logger`
logs: add an audit log for API calls with unit tests resolves #178 2021-05-25 03:38:21 -05:00			`Audit *log.Logger`
config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00			`Server *http.Server`
Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00			`Metrics monitoring.MetricServer`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`func NewController(config config.Config) Controller {`
logs: add an audit log for API calls with unit tests resolves #178 2021-05-25 03:38:21 -05:00			`var controller Controller`

			`logger := log.NewLogger(config.Log.Level, config.Log.Output)`

			`controller.Config = config`
			`controller.Log = logger`

			`if config.Log.Audit != "" {`
			`audit := log.NewAuditLogger(config.Log.Level, config.Log.Audit)`
			`controller.Audit = audit`
			`}`

			`return &controller`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

controller: add default headers Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-05-05 17:31:56 -05:00			`func DefaultHeaders() mux.MiddlewareFunc {`
			`return func(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`// CORS`
			`w.Header().Set("Access-Control-Allow-Origin", "*")`
			`w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")`

			`// handle the request`
			`next.ServeHTTP(w, r)`
			`})`
			`}`
			`}`

storage: add s3 backend support (without GC and dedupe) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-07-16 22:53:05 -05:00			`// nolint: gocyclo`
zot: initial commit 2019-06-20 18:36:40 -05:00			`func (c *Controller) Run() error {`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`// validate configuration`
			`if err := c.Config.Validate(c.Log); err != nil {`
			`c.Log.Error().Err(err).Msg("configuration validation failed")`
			`return err`
			`}`

			`// print the current configuration, but strip secrets`
			`c.Log.Info().Interface("params", c.Config.Sanitize()).Msg("configuration settings")`

router: move to gorilla/mux to support multiple name path components 2019-07-10 00:23:59 -05:00			`engine := mux.NewRouter()`
controller: add default headers Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-05-05 17:31:56 -05:00			`engine.Use(DefaultHeaders(),`
Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00			`SessionLogger(c),`
controller: add default headers Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-05-05 17:31:56 -05:00			`handlers.RecoveryHandler(handlers.RecoveryLogger(c.Log),`
			`handlers.PrintRecoveryStack(false)))`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
logs: add an audit log for API calls with unit tests resolves #178 2021-05-25 03:38:21 -05:00			`if c.Audit != nil {`
Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00			`engine.Use(SessionAuditLogger(c.Audit))`
logs: add an audit log for API calls with unit tests resolves #178 2021-05-25 03:38:21 -05:00			`}`

config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00			`c.Router = engine`
			`c.Router.UseEncodedPath()`

Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00			`var enabled bool`
			`if c.Config != nil &&`
			`c.Config.Extensions != nil &&`
			`c.Config.Extensions.Metrics != nil &&`
			`c.Config.Extensions.Metrics.Enable {`
			`enabled = true`
			`}`

			`c.Metrics = monitoring.NewMetricsServer(enabled, c.Log)`
config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00			`c.StoreController = storage.StoreController{}`

			`if c.Config.Storage.RootDirectory != "" {`
			`if c.Config.Storage.Dedupe {`
			`err := storage.ValidateHardLink(c.Config.Storage.RootDirectory)`
			`if err != nil {`
			`c.Log.Warn().Msg("input storage root directory filesystem does not supports hardlinking," +`
			`"disabling dedupe functionality")`

			`c.Config.Storage.Dedupe = false`
			`}`
			`}`

storage: add s3 backend support (without GC and dedupe) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-07-16 22:53:05 -05:00			`var defaultStore storage.ImageStore`
			`if len(c.Config.Storage.StorageDriver) == 0 {`
			`defaultStore = storage.NewImageStore(c.Config.Storage.RootDirectory,`
			`c.Config.Storage.GC, c.Config.Storage.Dedupe, c.Log, c.Metrics)`
			`} else {`
			`storeName := fmt.Sprintf("%v", c.Config.Storage.StorageDriver["name"])`
			`if storeName != storage.S3StorageDriverName {`
			`c.Log.Fatal().Err(errors.ErrBadConfig).Msgf("unsupported storage driver: %s",`
			`c.Config.Storage.StorageDriver["name"])`
			`}`
			`// Init a Storager from connection string.`
			`store, err := factory.Create(storeName, c.Config.Storage.StorageDriver)`
			`if err != nil {`
			`c.Log.Error().Err(err).Str("rootDir", c.Config.Storage.RootDirectory).Msg("unable to create s3 service")`
			`return err`
			`}`

			`defaultStore = s3.NewImageStore(c.Config.Storage.RootDirectory,`
			`c.Config.Storage.GC, c.Config.Storage.Dedupe, c.Log, c.Metrics, store)`
			`}`
config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00
			`c.StoreController.DefaultStore = defaultStore`

			`// Enable extensions if extension config is provided`
			`if c.Config != nil && c.Config.Extensions != nil {`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`ext.EnableExtensions(c.Config, c.Log, c.Config.Storage.RootDirectory)`
Changed sync behaviour, it used to copy images over http interface now it copies to a local cache and then it copies over storage APIs - accept all images with or without signatures - disable sync writing to stdout - added more logs - fixed switch statement in routes - fixed enabling sync multiple times for storage subpaths closes #266 Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-10-28 04:10:01 -05:00
			`if c.Config.Extensions.Sync != nil {`
			`ext.EnableSyncExtension(c.Config, c.Log, c.StoreController)`
			`}`
config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00			`}`
			`} else {`
			`// we can't proceed without global storage`
			`c.Log.Error().Err(errors.ErrImgStoreNotFound).Msg("controller: no storage config provided")`

			`return errors.ErrImgStoreNotFound`
dedupe: use hard links to dedupe blobs As the number of repos and layers increases, the greater the probability that layers are duplicated. We dedupe using hard links when content is the same. This is intended to be purely a storage layer optimization. Access control when available is orthogonal this optimization. Add a durable cache to help speed up layer lookups. Update README. Add more unit tests. 2020-02-17 16:57:15 -05:00			`}`

config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00			`if c.Config.Storage.SubPaths != nil {`
			`if len(c.Config.Storage.SubPaths) > 0 {`
			`subPaths := c.Config.Storage.SubPaths`

Added storage interface 2021-09-30 08:27:13 -05:00			`subImageStore := make(map[string]storage.ImageStore)`
config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00
			`// creating image store per subpaths`
			`for route, storageConfig := range subPaths {`
			`if storageConfig.Dedupe {`
			`err := storage.ValidateHardLink(storageConfig.RootDirectory)`
			`if err != nil {`
			`c.Log.Warn().Msg("input storage root directory filesystem does not supports hardlinking, " +`
			`"disabling dedupe functionality")`

			`storageConfig.Dedupe = false`
			`}`
			`}`

storage: add s3 backend support (without GC and dedupe) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-07-16 22:53:05 -05:00			`if len(storageConfig.StorageDriver) == 0 {`
			`subImageStore[route] = storage.NewImageStore(storageConfig.RootDirectory,`
			`storageConfig.GC, storageConfig.Dedupe, c.Log, c.Metrics)`
			`} else {`
			`storeName := fmt.Sprintf("%v", storageConfig.StorageDriver["name"])`
			`if storeName != storage.S3StorageDriverName {`
			`c.Log.Fatal().Err(errors.ErrBadConfig).Msgf("unsupported storage driver: %s", storageConfig.StorageDriver["name"])`
			`}`

			`// Init a Storager from connection string.`
			`store, err := factory.Create(storeName, storageConfig.StorageDriver)`
			`if err != nil {`
			`c.Log.Error().Err(err).Str("rootDir", storageConfig.RootDirectory).Msg("Unable to create s3 service")`
			`return err`
			`}`

			`subImageStore[route] = s3.NewImageStore(storageConfig.RootDirectory,`
			`storageConfig.GC, storageConfig.Dedupe, c.Log, c.Metrics, store)`
			`}`
config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00
			`// Enable extensions if extension config is provided`
			`if c.Config != nil && c.Config.Extensions != nil {`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`ext.EnableExtensions(c.Config, c.Log, storageConfig.RootDirectory)`
config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00			`}`
			`}`

			`c.StoreController.SubStore = subImageStore`
			`}`
Enable trivy db download and update 2020-06-25 03:21:47 -05:00			`}`

Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00			`monitoring.SetServerInfo(c.Metrics, c.Config.Commit, c.Config.BinaryType, c.Config.GoVersion, c.Config.Version)`
zot: initial commit 2019-06-20 18:36:40 -05:00			`_ = NewRouteHandler(c)`

			`addr := fmt.Sprintf("%s:%s", c.Config.HTTP.Address, c.Config.HTTP.Port)`
server: add idle timeout in http server configuration 2021-04-22 14:18:33 -05:00			`server := &http.Server{`
			`Addr: addr,`
			`Handler: c.Router,`
			`IdleTimeout: idleTimeout,`
			`}`
zot: initial commit 2019-06-20 18:36:40 -05:00			`c.Server = server`

			`// Create the listener`
			`l, err := net.Listen("tcp", addr)`
			`if err != nil {`
			`return err`
			`}`

auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`if c.Config.HTTP.TLS != nil && c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" {`
zot: initial commit 2019-06-20 18:36:40 -05:00			`if c.Config.HTTP.TLS.CACert != "" {`
auth: allow for world-readable deployment mode 2019-08-28 16:05:16 -05:00			`clientAuth := tls.VerifyClientCertIfGiven`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`if (c.Config.HTTP.Auth == nil \|\| c.Config.HTTP.Auth.HTPasswd.Path == "") && !c.Config.HTTP.AllowReadAccess {`
auth: allow for world-readable deployment mode 2019-08-28 16:05:16 -05:00			`clientAuth = tls.RequireAndVerifyClientCert`
			`}`

zot: initial commit 2019-06-20 18:36:40 -05:00			`caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert)`
			`if err != nil {`
			`panic(err)`
			`}`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
zot: initial commit 2019-06-20 18:36:40 -05:00			`caCertPool := x509.NewCertPool()`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
tls: harden TLS path 2019-08-27 17:01:29 -05:00			`if !caCertPool.AppendCertsFromPEM(caCert) {`
			`panic(errors.ErrBadCACert)`
			`}`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
zot: initial commit 2019-06-20 18:36:40 -05:00			`server.TLSConfig = &tls.Config{`
tls: harden TLS path 2019-08-27 17:01:29 -05:00			`ClientAuth: clientAuth,`
			`ClientCAs: caCertPool,`
			`PreferServerCipherSuites: true,`
			`MinVersion: tls.VersionTLS12,`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`
Upgraded build pipeline Go version changed to 1.14.4 Golangci-lint changed to 1.26.0 Bazel version changed to 3.0.0 Bazel rules_go version changed to 0.23.3 Bazel gazelle version changed to v0.21.0 Bazel build tools version changed to 0.25.1 Bazel skylib version changed to 1.0.2 2020-05-11 17:13:24 -05:00			`server.TLSConfig.BuildNameToCertificate() // nolint: staticcheck`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

			`return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)`
			`}`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
zot: initial commit 2019-06-20 18:36:40 -05:00			`return server.Serve(l)`
			`}`