2019-06-20 16:36:40 -07:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2021-05-13 21:59:12 +03:00
|
|
|
"fmt"
|
|
|
|
|
2019-08-15 09:34:54 -07:00
|
|
|
"github.com/anuvu/zot/errors"
|
2020-10-14 14:47:20 -07:00
|
|
|
ext "github.com/anuvu/zot/pkg/extensions"
|
2019-11-25 14:33:58 -08:00
|
|
|
"github.com/anuvu/zot/pkg/log"
|
2019-08-15 09:34:54 -07:00
|
|
|
"github.com/getlantern/deepcopy"
|
2021-05-21 20:47:28 +00:00
|
|
|
distspec "github.com/opencontainers/distribution-spec/specs-go"
|
2021-05-13 21:59:12 +03:00
|
|
|
"github.com/spf13/viper"
|
2019-06-20 16:36:40 -07:00
|
|
|
)
|
|
|
|
|
2021-02-12 16:52:02 -08:00
|
|
|
var (
|
|
|
|
Commit string // nolint: gochecknoglobals
|
|
|
|
BinaryType string // nolint: gochecknoglobals
|
|
|
|
)
|
2019-09-16 11:01:59 -07:00
|
|
|
|
2019-06-20 16:36:40 -07:00
|
|
|
type StorageConfig struct {
|
|
|
|
RootDirectory string
|
2020-04-15 16:24:05 -07:00
|
|
|
GC bool
|
|
|
|
Dedupe bool
|
2019-06-20 16:36:40 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
type TLSConfig struct {
|
|
|
|
Cert string
|
|
|
|
Key string
|
|
|
|
CACert string
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthHTPasswd struct {
|
|
|
|
Path string
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthConfig struct {
|
|
|
|
FailDelay int
|
|
|
|
HTPasswd AuthHTPasswd
|
2019-08-15 09:34:54 -07:00
|
|
|
LDAP *LDAPConfig
|
2020-01-24 15:32:38 -06:00
|
|
|
Bearer *BearerConfig
|
|
|
|
}
|
|
|
|
|
|
|
|
type BearerConfig struct {
|
|
|
|
Realm string
|
|
|
|
Service string
|
|
|
|
Cert string
|
2019-06-20 16:36:40 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
type HTTPConfig struct {
|
2021-05-13 21:59:12 +03:00
|
|
|
Address string
|
|
|
|
Port string
|
|
|
|
TLS *TLSConfig
|
|
|
|
Auth *AuthConfig
|
|
|
|
RawAccessControl map[string]interface{} `mapstructure:"accessControl,omitempty"`
|
|
|
|
Realm string
|
|
|
|
AllowReadAccess bool `mapstructure:",omitempty"`
|
|
|
|
ReadOnly bool `mapstructure:",omitempty"`
|
2019-06-20 16:36:40 -07:00
|
|
|
}
|
|
|
|
|
2019-08-15 09:34:54 -07:00
|
|
|
type LDAPConfig struct {
|
|
|
|
Port int
|
|
|
|
Insecure bool
|
|
|
|
StartTLS bool // if !Insecure, then StartTLS or LDAPs
|
|
|
|
SkipVerify bool
|
|
|
|
SubtreeSearch bool
|
|
|
|
Address string
|
|
|
|
BindDN string
|
|
|
|
BindPassword string
|
|
|
|
BaseDN string
|
|
|
|
UserAttribute string
|
|
|
|
CACert string
|
|
|
|
}
|
|
|
|
|
2019-06-20 16:36:40 -07:00
|
|
|
type LogConfig struct {
|
|
|
|
Level string
|
|
|
|
Output string
|
2021-05-25 11:38:21 +03:00
|
|
|
Audit string
|
2019-06-20 16:36:40 -07:00
|
|
|
}
|
|
|
|
|
2021-04-05 17:40:33 -07:00
|
|
|
type GlobalStorageConfig struct {
|
|
|
|
RootDirectory string
|
|
|
|
Dedupe bool
|
|
|
|
GC bool
|
|
|
|
SubPaths map[string]StorageConfig
|
|
|
|
}
|
|
|
|
|
2019-06-20 16:36:40 -07:00
|
|
|
type Config struct {
|
2021-05-13 21:59:12 +03:00
|
|
|
Version string
|
|
|
|
Commit string
|
|
|
|
BinaryType string
|
|
|
|
AccessControl *AccessControlConfig
|
|
|
|
Storage GlobalStorageConfig
|
|
|
|
HTTP HTTPConfig
|
|
|
|
Log *LogConfig
|
|
|
|
Extensions *ext.ExtensionConfig
|
2019-06-20 16:36:40 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
func NewConfig() *Config {
|
|
|
|
return &Config{
|
2021-05-21 20:47:28 +00:00
|
|
|
Version: distspec.Version,
|
2021-02-12 16:52:02 -08:00
|
|
|
Commit: Commit,
|
|
|
|
BinaryType: BinaryType,
|
2021-04-05 17:40:33 -07:00
|
|
|
Storage: GlobalStorageConfig{GC: true, Dedupe: true},
|
2021-02-12 16:52:02 -08:00
|
|
|
HTTP: HTTPConfig{Address: "127.0.0.1", Port: "8080"},
|
|
|
|
Log: &LogConfig{Level: "debug"},
|
2019-08-15 09:34:54 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-11 15:13:24 -07:00
|
|
|
// Sanitize makes a sanitized copy of the config removing any secrets.
|
2019-08-15 09:34:54 -07:00
|
|
|
func (c *Config) Sanitize() *Config {
|
|
|
|
if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil && c.HTTP.Auth.LDAP.BindPassword != "" {
|
|
|
|
s := &Config{}
|
|
|
|
if err := deepcopy.Copy(s, c); err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2019-08-15 09:34:54 -07:00
|
|
|
s.HTTP.Auth.LDAP = &LDAPConfig{}
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2019-08-15 09:34:54 -07:00
|
|
|
if err := deepcopy.Copy(s.HTTP.Auth.LDAP, c.HTTP.Auth.LDAP); err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2019-08-15 09:34:54 -07:00
|
|
|
s.HTTP.Auth.LDAP.BindPassword = "******"
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2019-08-15 09:34:54 -07:00
|
|
|
return s
|
|
|
|
}
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2019-08-15 09:34:54 -07:00
|
|
|
return c
|
|
|
|
}
|
|
|
|
|
2019-11-25 14:33:58 -08:00
|
|
|
func (c *Config) Validate(log log.Logger) error {
|
2019-08-15 09:34:54 -07:00
|
|
|
// LDAP configuration
|
|
|
|
if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil {
|
|
|
|
l := c.HTTP.Auth.LDAP
|
|
|
|
if l.UserAttribute == "" {
|
|
|
|
log.Error().Str("userAttribute", l.UserAttribute).Msg("invalid LDAP configuration")
|
|
|
|
return errors.ErrLDAPConfig
|
|
|
|
}
|
2019-06-20 16:36:40 -07:00
|
|
|
}
|
2019-12-13 00:53:18 -05:00
|
|
|
|
2019-08-15 09:34:54 -07:00
|
|
|
return nil
|
2019-06-20 16:36:40 -07:00
|
|
|
}
|
2021-05-13 21:59:12 +03:00
|
|
|
|
|
|
|
// LoadAccessControlConfig populates config.AccessControl struct with values from config.
|
|
|
|
func (c *Config) LoadAccessControlConfig() error {
|
|
|
|
if c.HTTP.RawAccessControl == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
c.AccessControl = &AccessControlConfig{}
|
|
|
|
c.AccessControl.Repositories = make(map[string]PolicyGroup)
|
|
|
|
|
|
|
|
for k := range c.HTTP.RawAccessControl {
|
|
|
|
var policies []Policy
|
|
|
|
|
|
|
|
var policyGroup PolicyGroup
|
|
|
|
|
|
|
|
if k == "adminpolicy" {
|
|
|
|
adminPolicy := viper.GetStringMapStringSlice("http.accessControl.adminPolicy")
|
|
|
|
c.AccessControl.AdminPolicy.Actions = adminPolicy["actions"]
|
|
|
|
c.AccessControl.AdminPolicy.Users = adminPolicy["users"]
|
|
|
|
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
err := viper.UnmarshalKey(fmt.Sprintf("http.accessControl.%s.policies", k), &policies)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
defaultPolicy := viper.GetStringSlice(fmt.Sprintf("http.accessControl.%s.defaultPolicy", k))
|
|
|
|
policyGroup.Policies = policies
|
|
|
|
policyGroup.DefaultPolicy = defaultPolicy
|
|
|
|
c.AccessControl.Repositories[k] = policyGroup
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|