zot/pkg/cli/root.go

package cli

import (
	"github.com/anuvu/zot/errors"
	"github.com/anuvu/zot/pkg/api"
	"github.com/anuvu/zot/pkg/api/config"
	"github.com/anuvu/zot/pkg/storage"
	"github.com/fsnotify/fsnotify"
	"github.com/mitchellh/mapstructure"
	distspec "github.com/opencontainers/distribution-spec/specs-go"
	"github.com/rs/zerolog/log"
	"github.com/spf13/cobra"
	"github.com/spf13/viper"
)

// metadataConfig reports metadata after parsing, which we use to track
// errors.
func metadataConfig(md *mapstructure.Metadata) viper.DecoderConfigOption {
	return func(c *mapstructure.DecoderConfig) {
		c.Metadata = md
	}
}

func NewRootCmd() *cobra.Command {
	showVersion := false
	conf := config.New()

	// "serve"
	serveCmd := &cobra.Command{
		Use:     "serve <config>",
		Aliases: []string{"serve"},
		Short:   "`serve` stores and distributes OCI images",
		Long:    "`serve` stores and distributes OCI images",
		Run: func(cmd *cobra.Command, args []string) {
			if len(args) > 0 {
				LoadConfiguration(conf, args[0])
			}
			c := api.NewController(conf)

			// creates a new file watcher
			watcher, err := fsnotify.NewWatcher()
			if err != nil {
				panic(err)
			}
			defer watcher.Close()

			done := make(chan bool)
			// run watcher
			go func() {
				go func() {
					for {
						select {
						// watch for events
						case event := <-watcher.Events:
							if event.Op == fsnotify.Write {
								log.Info().Msg("Config file changed, trying to reload accessControl config")
								newConfig := config.New()
								LoadConfiguration(newConfig, args[0])
								c.Config.AccessControl = newConfig.AccessControl
							}
						// watch for errors
						case err := <-watcher.Errors:
							log.Error().Err(err).Msgf("FsNotify error while watching config %s", args[0])
							panic(err)
						}
					}
				}()

				if err := watcher.Add(args[0]); err != nil {
					log.Error().Err(err).Msgf("Error adding config file %s to FsNotify watcher", args[0])
					panic(err)
				}
				<-done
			}()

			if err := c.Run(); err != nil {
				panic(err)
			}
		},
	}

	verifyCmd := &cobra.Command{
		Use:     "verify <config>",
		Aliases: []string{"verify"},
		Short:   "`verify` validates a zot config file",
		Long:    "`verify` validates a zot config file",
		Run: func(cmd *cobra.Command, args []string) {
			if len(args) > 0 {
				config := config.New()
				LoadConfiguration(config, args[0])
				log.Info().Msgf("Config file %s is valid", args[0])
			}
		},
	}

	// "garbage-collect"
	gcDelUntagged := false
	gcDryRun := false

	gcCmd := &cobra.Command{
		Use:     "garbage-collect <config>",
		Aliases: []string{"gc"},
		Short:   "`garbage-collect` deletes layers not referenced by any manifests",
		Long:    "`garbage-collect` deletes layers not referenced by any manifests",
		Run: func(cmd *cobra.Command, args []string) {
			log.Info().Interface("values", conf).Msg("configuration settings")
			if conf.Storage.RootDirectory != "" {
				if err := storage.Scrub(conf.Storage.RootDirectory, gcDryRun); err != nil {
					panic(err)
				}
			}
		},
	}

	gcCmd.Flags().StringVarP(&conf.Storage.RootDirectory, "storage-root-dir", "r", "",
		"Use specified directory for filestore backing image data")

	_ = gcCmd.MarkFlagRequired("storage-root-dir")
	gcCmd.Flags().BoolVarP(&gcDelUntagged, "delete-untagged", "m", false,
		"delete manifests that are not currently referenced via tag")
	gcCmd.Flags().BoolVarP(&gcDryRun, "dry-run", "d", false,
		"do everything except remove the blobs")

	rootCmd := &cobra.Command{
		Use:   "zot",
		Short: "`zot`",
		Long:  "`zot`",
		Run: func(cmd *cobra.Command, args []string) {
			if showVersion {
				log.Info().Str("distribution-spec", distspec.Version).Str("commit", config.Commit).
					Str("binary-type", config.BinaryType).Msg("version")
			}
			_ = cmd.Usage()
			cmd.SilenceErrors = false
		},
	}

	rootCmd.AddCommand(serveCmd)
	rootCmd.AddCommand(gcCmd)
	rootCmd.AddCommand(verifyCmd)

	enableCli(rootCmd)

	rootCmd.Flags().BoolVarP(&showVersion, "version", "v", false, "show the version and exit")

	return rootCmd
}

func LoadConfiguration(config *config.Config, configPath string) {
	viper.SetConfigFile(configPath)

	if err := viper.ReadInConfig(); err != nil {
		log.Error().Err(err).Msg("Error while reading configuration")
		panic(err)
	}

	md := &mapstructure.Metadata{}
	if err := viper.Unmarshal(&config, metadataConfig(md)); err != nil {
		log.Error().Err(err).Msg("Error while unmarshalling new config")
		panic(err)
	}

	if len(md.Keys) == 0 || len(md.Unused) > 0 {
		log.Error().Err(errors.ErrBadConfig).Msg("Bad configuration, retry writing it")
		panic(errors.ErrBadConfig)
	}

	// check authorization config, it should have basic auth enabled or ldap
	if config.HTTP.RawAccessControl != nil {
		if config.HTTP.Auth == nil || (config.HTTP.Auth.HTPasswd.Path == "" && config.HTTP.Auth.LDAP == nil) {
			log.Error().Err(errors.ErrBadConfig).
				Msg("access control config requires httpasswd or ldap authentication to be enabled")
			panic(errors.ErrBadConfig)
		}
	}

	err := config.LoadAccessControlConfig()
	if err != nil {
		log.Error().Err(errors.ErrBadConfig).Msg("Unable to unmarshal http.accessControl.key.policies")
		panic(err)
	}

	// defaults
	defualtTLSVerify := true

	if config.Extensions != nil && config.Extensions.Sync != nil {
		for id, regCfg := range config.Extensions.Sync.Registries {
			if regCfg.TLSVerify == nil {
				config.Extensions.Sync.Registries[id].TLSVerify = &defualtTLSVerify
			}
		}
	}
}
zot: initial commit 2019-06-20 18:36:40 -05:00			`package cli`

			`import (`
			`"github.com/anuvu/zot/errors"`
			`"github.com/anuvu/zot/pkg/api"`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`"github.com/anuvu/zot/pkg/api/config"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`"github.com/anuvu/zot/pkg/storage"`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`"github.com/fsnotify/fsnotify"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`"github.com/mitchellh/mapstructure"`
go.mod: update modules 2021-05-21 15:47:28 -05:00			`distspec "github.com/opencontainers/distribution-spec/specs-go"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`"github.com/rs/zerolog/log"`
			`"github.com/spf13/cobra"`
			`"github.com/spf13/viper"`
			`)`

			`// metadataConfig reports metadata after parsing, which we use to track`
Upgraded build pipeline Go version changed to 1.14.4 Golangci-lint changed to 1.26.0 Bazel version changed to 3.0.0 Bazel rules_go version changed to 0.23.3 Bazel gazelle version changed to v0.21.0 Bazel build tools version changed to 0.25.1 Bazel skylib version changed to 1.0.2 2020-05-11 17:13:24 -05:00			`// errors.`
zot: initial commit 2019-06-20 18:36:40 -05:00			`func metadataConfig(md *mapstructure.Metadata) viper.DecoderConfigOption {`
			`return func(c *mapstructure.DecoderConfig) {`
			`c.Metadata = md`
			`}`
			`}`

cli: move client-only code out of the server flow earlier, some of the client exclusive code was being run on zot server instance too. cli: fix the bug: spinner is not stopped with -o 2020-07-14 12:11:01 -05:00			`func NewRootCmd() *cobra.Command {`
zot: initial commit 2019-06-20 18:36:40 -05:00			`showVersion := false`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`conf := config.New()`
zot: initial commit 2019-06-20 18:36:40 -05:00
compliance: initial commit 2019-10-09 13:50:10 -05:00			`// "serve"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`serveCmd := &cobra.Command{`
			`Use: "serve <config>",`
			`Aliases: []string{"serve"},`
			Short: "`serve` stores and distributes OCI images",
			Long: "`serve` stores and distributes OCI images",
			`Run: func(cmd *cobra.Command, args []string) {`
			`if len(args) > 0 {`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`LoadConfiguration(conf, args[0])`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`}`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`c := api.NewController(conf)`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00
			`// creates a new file watcher`
			`watcher, err := fsnotify.NewWatcher()`
			`if err != nil {`
			`panic(err)`
			`}`
			`defer watcher.Close()`
zot: initial commit 2019-06-20 18:36:40 -05:00
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`done := make(chan bool)`
			`// run watcher`
			`go func() {`
			`go func() {`
			`for {`
			`select {`
			`// watch for events`
			`case event := <-watcher.Events:`
			`if event.Op == fsnotify.Write {`
			`log.Info().Msg("Config file changed, trying to reload accessControl config")`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`newConfig := config.New()`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`LoadConfiguration(newConfig, args[0])`
			`c.Config.AccessControl = newConfig.AccessControl`
			`}`
			`// watch for errors`
			`case err := <-watcher.Errors:`
			`log.Error().Err(err).Msgf("FsNotify error while watching config %s", args[0])`
			`panic(err)`
			`}`
			`}`
			`}()`

			`if err := watcher.Add(args[0]); err != nil {`
			`log.Error().Err(err).Msgf("Error adding config file %s to FsNotify watcher", args[0])`
zot: initial commit 2019-06-20 18:36:40 -05:00			`panic(err)`
			`}`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`<-done`
			`}()`
zot: initial commit 2019-06-20 18:36:40 -05:00
			`if err := c.Run(); err != nil {`
			`panic(err)`
			`}`
			`},`
			`}`

Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`verifyCmd := &cobra.Command{`
			`Use: "verify <config>",`
			`Aliases: []string{"verify"},`
			Short: "`verify` validates a zot config file",
			Long: "`verify` validates a zot config file",
			`Run: func(cmd *cobra.Command, args []string) {`
			`if len(args) > 0 {`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`config := config.New()`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`LoadConfiguration(config, args[0])`
			`log.Info().Msgf("Config file %s is valid", args[0])`
			`}`
			`},`
			`}`

compliance: initial commit 2019-10-09 13:50:10 -05:00			`// "garbage-collect"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`gcDelUntagged := false`
			`gcDryRun := false`

			`gcCmd := &cobra.Command{`
			`Use: "garbage-collect <config>",`
			`Aliases: []string{"gc"},`
			Short: "`garbage-collect` deletes layers not referenced by any manifests",
			Long: "`garbage-collect` deletes layers not referenced by any manifests",
			`Run: func(cmd *cobra.Command, args []string) {`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`log.Info().Interface("values", conf).Msg("configuration settings")`
			`if conf.Storage.RootDirectory != "" {`
			`if err := storage.Scrub(conf.Storage.RootDirectory, gcDryRun); err != nil {`
zot: initial commit 2019-06-20 18:36:40 -05:00			`panic(err)`
			`}`
			`}`
			`},`
			`}`

Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`gcCmd.Flags().StringVarP(&conf.Storage.RootDirectory, "storage-root-dir", "r", "",`
zot: initial commit 2019-06-20 18:36:40 -05:00			`"Use specified directory for filestore backing image data")`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
zot: initial commit 2019-06-20 18:36:40 -05:00			`_ = gcCmd.MarkFlagRequired("storage-root-dir")`
			`gcCmd.Flags().BoolVarP(&gcDelUntagged, "delete-untagged", "m", false,`
			`"delete manifests that are not currently referenced via tag")`
			`gcCmd.Flags().BoolVarP(&gcDryRun, "dry-run", "d", false,`
			`"do everything except remove the blobs")`

			`rootCmd := &cobra.Command{`
			`Use: "zot",`
			Short: "`zot`",
			Long: "`zot`",
			`Run: func(cmd *cobra.Command, args []string) {`
			`if showVersion {`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`log.Info().Str("distribution-spec", distspec.Version).Str("commit", config.Commit).`
			`Str("binary-type", config.BinaryType).Msg("version")`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`
			`_ = cmd.Usage()`
go.mod: update modules 2021-05-21 15:47:28 -05:00			`cmd.SilenceErrors = false`
zot: initial commit 2019-06-20 18:36:40 -05:00			`},`
			`}`

			`rootCmd.AddCommand(serveCmd)`
			`rootCmd.AddCommand(gcCmd)`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`rootCmd.AddCommand(verifyCmd)`
cli: add config and images command Extends the existing zot CLI to add commands for listing all images and their details on a zot server. Listing all images introduces the need for configurations. Each configuration has a name and URL at the least. Check 'zot config -h' for more details. The user can specify the URL of zot server explicitly while running the command or configure a URL and pass it directly. Adding a configuration: zot config add aci-zot <zot-url> Run 'zot config --help' for more. Listing all images: zot images --url <zot-url> Pass a config instead of the url: zot images <config-name> Filter the list of images by image name: zot images <config-name> --name <image-name> Run 'zot images --help' for all details - Stores configurations in '$HOME/.zot' file Add CLI README 2020-06-16 20:52:40 -05:00
build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00			`enableCli(rootCmd)`
cli: add config and images command Extends the existing zot CLI to add commands for listing all images and their details on a zot server. Listing all images introduces the need for configurations. Each configuration has a name and URL at the least. Check 'zot config -h' for more details. The user can specify the URL of zot server explicitly while running the command or configure a URL and pass it directly. Adding a configuration: zot config add aci-zot <zot-url> Run 'zot config --help' for more. Listing all images: zot images --url <zot-url> Pass a config instead of the url: zot images <config-name> Filter the list of images by image name: zot images <config-name> --name <image-name> Run 'zot images --help' for all details - Stores configurations in '$HOME/.zot' file Add CLI README 2020-06-16 20:52:40 -05:00
zot: initial commit 2019-06-20 18:36:40 -05:00			`rootCmd.Flags().BoolVarP(&showVersion, "version", "v", false, "show the version and exit")`

			`return rootCmd`
			`}`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`func LoadConfiguration(config *config.Config, configPath string) {`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`viper.SetConfigFile(configPath)`

			`if err := viper.ReadInConfig(); err != nil {`
			`log.Error().Err(err).Msg("Error while reading configuration")`
			`panic(err)`
			`}`

			`md := &mapstructure.Metadata{}`
			`if err := viper.Unmarshal(&config, metadataConfig(md)); err != nil {`
			`log.Error().Err(err).Msg("Error while unmarshalling new config")`
			`panic(err)`
			`}`

			`if len(md.Keys) == 0 \|\| len(md.Unused) > 0 {`
			`log.Error().Err(errors.ErrBadConfig).Msg("Bad configuration, retry writing it")`
			`panic(errors.ErrBadConfig)`
			`}`

Check if auth config is provided when using access control 2021-09-01 04:15:00 -05:00			`// check authorization config, it should have basic auth enabled or ldap`
			`if config.HTTP.RawAccessControl != nil {`
			`if config.HTTP.Auth == nil \|\| (config.HTTP.Auth.HTPasswd.Path == "" && config.HTTP.Auth.LDAP == nil) {`
			`log.Error().Err(errors.ErrBadConfig).`
			`Msg("access control config requires httpasswd or ldap authentication to be enabled")`
			`panic(errors.ErrBadConfig)`
			`}`
			`}`

Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`err := config.LoadAccessControlConfig()`
			`if err != nil {`
			`log.Error().Err(errors.ErrBadConfig).Msg("Unable to unmarshal http.accessControl.key.policies")`
			`panic(err)`
			`}`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00
			`// defaults`
			`defualtTLSVerify := true`

			`if config.Extensions != nil && config.Extensions.Sync != nil {`
			`for id, regCfg := range config.Extensions.Sync.Registries {`
			`if regCfg.TLSVerify == nil {`
			`config.Extensions.Sync.Registries[id].TLSVerify = &defualtTLSVerify`
			`}`
			`}`
			`}`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`}`