zot/pkg/api/constants/consts.go

package constants

import "time"

const (
	ArtifactSpecRoutePrefix      = "/oras/artifacts/v1"
	RoutePrefix                  = "/v2"
	Blobs                        = "blobs"
	Uploads                      = "uploads"
	DistAPIVersion               = "Docker-Distribution-API-Version"
	DistContentDigestKey         = "Docker-Content-Digest"
	SubjectDigestKey             = "OCI-Subject"
	BlobUploadUUID               = "Blob-Upload-UUID"
	DefaultMediaType             = "application/json"
	BinaryMediaType              = "application/octet-stream"
	DefaultMetricsExtensionRoute = "/metrics"
	CallbackBasePath             = "/auth/callback"
	LoginPath                    = "/auth/login"
	LogoutPath                   = "/auth/logout"
	APIKeyPath                   = "/auth/apikey" //nolint: gosec
	SessionClientHeaderName      = "X-ZOT-API-CLIENT"
	SessionClientHeaderValue     = "zot-ui"
	APIKeysPrefix                = "zak_"
	CallbackUIQueryParam         = "callback_ui"
	APIKeyTimeFormat             = time.RFC3339
	// authz permissions.
	// method actions.
	CreatePermission = "create"
	ReadPermission   = "read"
	UpdatePermission = "update"
	DeletePermission = "delete"
	// behaviour actions.
	DetectManifestCollisionPermission = "detectManifestCollision"
)
Move api constants in separate 'constants' package to avoid circular imports Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2022-03-24 07:25:14 -05:00			`package constants`

feat(apikey): added route to list user api keys (#1708) adding api key expiration date Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-08-29 11:38:38 -05:00			`import "time"`

Move api constants in separate 'constants' package to avoid circular imports Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2022-03-24 07:25:14 -05:00			`const (`
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-02-24 15:31:36 -05:00			`ArtifactSpecRoutePrefix = "/oras/artifacts/v1"`
			`RoutePrefix = "/v2"`
routes: strip query parameter from request URL reuqest url also contains query parameter due to this in some scenarios location header is setting up incorrectly, strip query parameter from request url to correctly setup location header. Closes #573 #575 Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-06-02 15:54:42 -05:00			`Blobs = "blobs"`
			`Uploads = "uploads"`
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-02-24 15:31:36 -05:00			`DistAPIVersion = "Docker-Distribution-API-Version"`
			`DistContentDigestKey = "Docker-Content-Digest"`
feat(api): added oci-subject header when pushing an image with subject field (#1415) - as requested by the latest version of the oci distribution spec Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> 2023-05-12 11:32:01 -05:00			`SubjectDigestKey = "OCI-Subject"`
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-02-24 15:31:36 -05:00			`BlobUploadUUID = "Blob-Upload-UUID"`
			`DefaultMediaType = "application/json"`
			`BinaryMediaType = "application/octet-stream"`
			`DefaultMetricsExtensionRoute = "/metrics"`
feat: integrate openID auth logic and user profile management (#1381) This change introduces OpenID authn by using providers such as Github, Gitlab, Google and Dex. User sessions are now used for web clients to identify and persist an authenticated users session, thus not requiring every request to use credentials. Another change is apikey feature, users can create/revoke their api keys and use them to authenticate when using cli clients such as skopeo. eg: login: /auth/login?provider=github /auth/login?provider=gitlab and so on logout: /auth/logout redirectURL: /auth/callback/github /auth/callback/gitlab and so on If network policy doesn't allow inbound connections, this callback wont work! for more info read documentation added in this commit. Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro> Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro> 2023-07-07 11:27:10 -05:00			`CallbackBasePath = "/auth/callback"`
			`LoginPath = "/auth/login"`
			`LogoutPath = "/auth/logout"`
refactor(extensions)!: refactor the extensions URLs and errors (#1636) BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below BREAKING CHANGE: The API keys endpoint has been moved - see details below BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey mgmt and imagetrust extensions: - separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign - signature verification logic is in a separate `imagetrust` extension - better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors) - add authz on signature uploads (and add a new middleware in common for this purpose) - remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled userprefs estension: - userprefs are enabled if both search and ui extensions are enabled (as opposed to just search) apikey extension is removed and logic moved into the api folder - Move apikeys code out of pkg/extensions and into pkg/api - Remove apikey configuration options from the extensions configuration and move it inside the http auth section - remove the build label apikeys other changes: - move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files. - add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys - add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions - more clear methods for verifying specific extensions are enabled - fix http methods paired with the UI handlers - rebuild swagger docs Signed-off-by: Andrei Aaron <aaaron@luxoft.com> 2023-08-02 13:58:34 -05:00			`APIKeyPath = "/auth/apikey" //nolint: gosec`
feat: integrate openID auth logic and user profile management (#1381) This change introduces OpenID authn by using providers such as Github, Gitlab, Google and Dex. User sessions are now used for web clients to identify and persist an authenticated users session, thus not requiring every request to use credentials. Another change is apikey feature, users can create/revoke their api keys and use them to authenticate when using cli clients such as skopeo. eg: login: /auth/login?provider=github /auth/login?provider=gitlab and so on logout: /auth/logout redirectURL: /auth/callback/github /auth/callback/gitlab and so on If network policy doesn't allow inbound connections, this callback wont work! for more info read documentation added in this commit. Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro> Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro> 2023-07-07 11:27:10 -05:00			`SessionClientHeaderName = "X-ZOT-API-CLIENT"`
			`SessionClientHeaderValue = "zot-ui"`
			`APIKeysPrefix = "zak_"`
			`CallbackUIQueryParam = "callback_ui"`
feat(apikey): added route to list user api keys (#1708) adding api key expiration date Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-08-29 11:38:38 -05:00			`APIKeyTimeFormat = time.RFC3339`
refactor(authz): use a struct for user access control info operations (#1682) fix(authz): fix isAdmin not using groups to determine if a user is admin. fix(authz): return 401 instead of 403 403 is correct as per HTTP spec However authz is not part of dist-spec and clients know only about 401 So this is a compromise. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-01 13:13:53 -05:00			`// authz permissions.`
			`// method actions.`
			`CreatePermission = "create"`
			`ReadPermission = "read"`
			`UpdatePermission = "update"`
			`DeletePermission = "delete"`
			`// behaviour actions.`
			`DetectManifestCollisionPermission = "detectManifestCollision"`
Move api constants in separate 'constants' package to avoid circular imports Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2022-03-24 07:25:14 -05:00			`)`