zot/pkg/extensions/config/config.go

package config

import (
	"time"

	"zotregistry.dev/zot/pkg/extensions/config/sync"
)

// BaseConfig has params applicable to all extensions.
type BaseConfig struct {
	Enable *bool `mapstructure:",omitempty"`
}

type ExtensionConfig struct {
	Search  *SearchConfig
	Sync    *sync.Config
	Metrics *MetricsConfig
	Scrub   *ScrubConfig
	Lint    *LintConfig
	UI      *UIConfig
	Mgmt    *MgmtConfig
	APIKey  *APIKeyConfig
	Trust   *ImageTrustConfig
}

type ImageTrustConfig struct {
	BaseConfig `mapstructure:",squash"`
	Cosign     bool
	Notation   bool
}

type APIKeyConfig struct {
	BaseConfig `mapstructure:",squash"`
}

type MgmtConfig struct {
	BaseConfig `mapstructure:",squash"`
}

type LintConfig struct {
	BaseConfig           `mapstructure:",squash"`
	MandatoryAnnotations []string
}

type SearchConfig struct {
	BaseConfig `mapstructure:",squash"`
	// CVE search
	CVE *CVEConfig
}

type CVEConfig struct {
	UpdateInterval time.Duration // should be 2 hours or more, if not specified default be kept as 24 hours
	Trivy          *TrivyConfig
}

type TrivyConfig struct {
	DBRepository     string // default is "ghcr.io/aquasecurity/trivy-db"
	JavaDBRepository string // default is "ghcr.io/aquasecurity/trivy-java-db"
}

type MetricsConfig struct {
	BaseConfig `mapstructure:",squash"`
	Prometheus *PrometheusConfig
}

type PrometheusConfig struct {
	Path string // default is "/metrics"
}

type ScrubConfig struct {
	BaseConfig `mapstructure:",squash"`
	Interval   time.Duration
}

type UIConfig struct {
	BaseConfig `mapstructure:",squash"`
}
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`package config`
build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`import (`
			`"time"`

refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot (#2187) Signed-off-by: Andrei Aaron <aaaron@luxoft.com> 2024-01-31 23:34:07 -05:00			`"zotregistry.dev/zot/pkg/extensions/config/sync"`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`)`
build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00
fix(config): make all extension config consistent (#888) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-10-21 07:33:54 -05:00			`// BaseConfig has params applicable to all extensions.`
			`type BaseConfig struct {`
			Enable *bool `mapstructure:",omitempty"`
			`}`

build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00			`type ExtensionConfig struct {`
Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00			`Search *SearchConfig`
			`Sync *sync.Config`
			`Metrics *MetricsConfig`
make scrub inline and periodic Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com> 2022-03-04 02:37:06 -05:00			`Scrub *ScrubConfig`
image level lint: enforce manifest mandatory annotations closes #536 Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com> 2022-06-24 08:08:47 -05:00			`Lint *LintConfig`
feat(ui): package zui within zot binary (#1161) (cherry picked from commit d557da0baba819b7cd7e6b5941528776e125ac6d) build(ui): fix stacker builds (cherry picked from commit ba25daf02b4a9bc7ee1cb6f84b7a6b096ca7d61f) build(ui): various fixes - Fix metrics endpoint - Fix unit tests unit tests - Make the ui build optional in the makefile before the linter lint runs in the golangci-lint workflow - Do not attempt to include UI routes if search is enabled - Fix authorization for search endpoint fix: use zot tag in ui make target (cherry picked from commit 2a6882fa23f06b2d68c6c299773a6ff50bf90e78) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com> Signed-off-by: Andrei Aaron <aaaron@luxoft.com> Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com> 2023-02-10 17:52:54 -05:00			`UI *UIConfig`
feat(mgmt): added mgmt extension which returns current zot configuration (#1198) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-03-09 13:43:26 -05:00			`Mgmt *MgmtConfig`
feat: integrate openID auth logic and user profile management (#1381) This change introduces OpenID authn by using providers such as Github, Gitlab, Google and Dex. User sessions are now used for web clients to identify and persist an authenticated users session, thus not requiring every request to use credentials. Another change is apikey feature, users can create/revoke their api keys and use them to authenticate when using cli clients such as skopeo. eg: login: /auth/login?provider=github /auth/login?provider=gitlab and so on logout: /auth/logout redirectURL: /auth/callback/github /auth/callback/gitlab and so on If network policy doesn't allow inbound connections, this callback wont work! for more info read documentation added in this commit. Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro> Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro> 2023-07-07 11:27:10 -05:00			`APIKey *APIKeyConfig`
refactor(extensions)!: refactor the extensions URLs and errors (#1636) BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below BREAKING CHANGE: The API keys endpoint has been moved - see details below BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey mgmt and imagetrust extensions: - separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign - signature verification logic is in a separate `imagetrust` extension - better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors) - add authz on signature uploads (and add a new middleware in common for this purpose) - remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled userprefs estension: - userprefs are enabled if both search and ui extensions are enabled (as opposed to just search) apikey extension is removed and logic moved into the api folder - Move apikeys code out of pkg/extensions and into pkg/api - Remove apikey configuration options from the extensions configuration and move it inside the http auth section - remove the build label apikeys other changes: - move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files. - add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys - add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions - more clear methods for verifying specific extensions are enabled - fix http methods paired with the UI handlers - rebuild swagger docs Signed-off-by: Andrei Aaron <aaaron@luxoft.com> 2023-08-02 13:58:34 -05:00			`Trust *ImageTrustConfig`
			`}`

			`type ImageTrustConfig struct {`
			BaseConfig `mapstructure:",squash"`
			`Cosign bool`
			`Notation bool`
feat: integrate openID auth logic and user profile management (#1381) This change introduces OpenID authn by using providers such as Github, Gitlab, Google and Dex. User sessions are now used for web clients to identify and persist an authenticated users session, thus not requiring every request to use credentials. Another change is apikey feature, users can create/revoke their api keys and use them to authenticate when using cli clients such as skopeo. eg: login: /auth/login?provider=github /auth/login?provider=gitlab and so on logout: /auth/logout redirectURL: /auth/callback/github /auth/callback/gitlab and so on If network policy doesn't allow inbound connections, this callback wont work! for more info read documentation added in this commit. Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro> Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro> 2023-07-07 11:27:10 -05:00			`}`

			`type APIKeyConfig struct {`
			BaseConfig `mapstructure:",squash"`
feat(mgmt): added mgmt extension which returns current zot configuration (#1198) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-03-09 13:43:26 -05:00			`}`

			`type MgmtConfig struct {`
			BaseConfig `mapstructure:",squash"`
image level lint: enforce manifest mandatory annotations closes #536 Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com> 2022-06-24 08:08:47 -05:00			`}`

			`type LintConfig struct {`
fix(config): make all extension config consistent (#888) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-10-21 07:33:54 -05:00			BaseConfig `mapstructure:",squash"`
image level lint: enforce manifest mandatory annotations closes #536 Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com> 2022-06-24 08:08:47 -05:00			`MandatoryAnnotations []string`
build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00			`}`

			`type SearchConfig struct {`
fix(config): make all extension config consistent (#888) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-10-21 07:33:54 -05:00			BaseConfig `mapstructure:",squash"`
build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00			`// CVE search`
fix(config): make all extension config consistent (#888) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-10-21 07:33:54 -05:00			`CVE *CVEConfig`
build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00			`}`

			`type CVEConfig struct {`
			`UpdateInterval time.Duration // should be 2 hours or more, if not specified default be kept as 24 hours`
fix(ci): do not use "ghcr.io/aquasecurity/trivy-db" for ci (#1107) Signed-off-by: Andrei Aaron <aaaron@luxoft.com> 2023-01-18 17:18:03 -05:00			`Trivy *TrivyConfig`
			`}`

			`type TrivyConfig struct {`
fix(cve): Fix CVE scanning in images containing Jar files (#1475) 2023-05-31 16:37:46 -05:00			`DBRepository string // default is "ghcr.io/aquasecurity/trivy-db"`
			`JavaDBRepository string // default is "ghcr.io/aquasecurity/trivy-java-db"`
build: add build tags to create customizable binaries 2020-10-14 16:47:20 -05:00			`}`
Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00
			`type MetricsConfig struct {`
fix(config): make all extension config consistent (#888) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-10-21 07:33:54 -05:00			BaseConfig `mapstructure:",squash"`
Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00			`Prometheus *PrometheusConfig`
			`}`

			`type PrometheusConfig struct {`
			`Path string // default is "/metrics"`
			`}`
make scrub inline and periodic Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com> 2022-03-04 02:37:06 -05:00
			`type ScrubConfig struct {`
fix(config): make all extension config consistent (#888) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-10-21 07:33:54 -05:00			BaseConfig `mapstructure:",squash"`
			`Interval time.Duration`
make scrub inline and periodic Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com> 2022-03-04 02:37:06 -05:00			`}`
feat(ui): package zui within zot binary (#1161) (cherry picked from commit d557da0baba819b7cd7e6b5941528776e125ac6d) build(ui): fix stacker builds (cherry picked from commit ba25daf02b4a9bc7ee1cb6f84b7a6b096ca7d61f) build(ui): various fixes - Fix metrics endpoint - Fix unit tests unit tests - Make the ui build optional in the makefile before the linter lint runs in the golangci-lint workflow - Do not attempt to include UI routes if search is enabled - Fix authorization for search endpoint fix: use zot tag in ui make target (cherry picked from commit 2a6882fa23f06b2d68c6c299773a6ff50bf90e78) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com> Signed-off-by: Andrei Aaron <aaaron@luxoft.com> Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com> 2023-02-10 17:52:54 -05:00
			`type UIConfig struct {`
			BaseConfig `mapstructure:",squash"`
			`}`