Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-20 22:52:51 -05:00
Code Issues Activity
zot/pkg/extensions/extension_search.go

118 lines
3.7 KiB
Go
Raw Normal View History

build(tags): remove redundant build tag ui_base (#857) It was not used for UI, it had become a CLI dependency with the same functionality as search Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-10 15:05:55 +03:00
//go:build search
// +build search
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
package extensions
import (
"time"
gqlHandler "github.com/99designs/gqlgen/graphql/handler"
Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-10-15 18:05:00 +03:00
"github.com/gorilla/mux"
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-02-24 12:31:36 -08:00
distext "github.com/opencontainers/distribution-spec/specs-go/v1/extensions"
chore(lint): gci to separate zot from other imports (#870) Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-20 19:39:20 +03:00
move references to zotregistry.io and project-zot Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-04 03:50:58 +00:00
"zotregistry.io/zot/pkg/api/config"
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-02-24 12:31:36 -08:00
"zotregistry.io/zot/pkg/api/constants"
move references to zotregistry.io and project-zot Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-04 03:50:58 +00:00
"zotregistry.io/zot/pkg/extensions/search"
cveinfo "zotregistry.io/zot/pkg/extensions/search/cve"
Update to graphql 1.17.13 We encountered some problems with using the existing folder structure, but it looks like running the tooling with the latest versions works after we regenerated the project using 'gql init' and refactoring to separate the login previously in resolvers.go. - the autogenerated code is now under the gql_generated folder - the file resolvers.go now contains only the code which is not rewritten by the gqlgen framework - the file schema.resolvers.go is rewritten when gqlgen runs, and we'll only keep there the actual resolvers matching query names Changes we observed to schema.resolvers.go when gqlgen runs include reordering methods, and renaming function parameters to match the names used in schema.graphql - we now have a gqlgen.yaml config file which governs the behavior of gqlgen (can be tweaked to restructure the folder structure of the generated code in the future) Looks like the new graphql server has better validation 1 Returns 422 instead of 200 for missing query string - had to update tests 2 Correctly uncovered an error in a test for a bad `%` in query string. As as result of 2, a `masked` bug was found in the way we check if images are signed with Notary, the signatures were reasched for with the media type of the image manifest itself instead of the media type for notation. Fixed this bug, and improved error messages. This bug would have also been reproducible with main branch if the bad `%` in the test would have fixed. Updated the linter to ignore some issues with the code which is always rewritten when running: `go run github.com/99designs/gqlgen@v0.17.13 generate` Add a workflow to test gqlgen works and has no uncommitted changes Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-15 11:10:51 +00:00
"zotregistry.io/zot/pkg/extensions/search/gql_generated"
move references to zotregistry.io and project-zot Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-04 03:50:58 +00:00
"zotregistry.io/zot/pkg/log"
"zotregistry.io/zot/pkg/storage"
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
)
Include image vulnerability information in ImageSummary (#798) Return this data as part of GlobalSearch and RepoListWithNewestImage query results. This commit also includes refactoring of the CVE scanning logic in order to better encapsulate trivy specific logic, remove CVE scanning logic from the graphql resolver. Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-09-28 21:39:54 +03:00
// We need this object to be a singleton as read/writes in the CVE DB may
// occur at any time via DB downloads as well as during scanning.
// The library doesn't seem to handle concurrency very well internally.
Update go version to 1.19 (#829) * ci: Update go version to 1.19 Signed-off-by: Nicol Draghici <idraghic@cisco.com> * ci: Fix lint issues Signed-off-by: Nicol Draghici <idraghic@cisco.com> * ci: Added needprivileges to lint, made needprivileges pass lint Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com> Signed-off-by: Nicol Draghici <idraghic@cisco.com> Signed-off-by: Nicol Draghici <idraghic@cisco.com> Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com> Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-05 13:21:14 +03:00
var cveInfo cveinfo.CveInfo //nolint:gochecknoglobals
Include image vulnerability information in ImageSummary (#798) Return this data as part of GlobalSearch and RepoListWithNewestImage query results. This commit also includes refactoring of the CVE scanning logic in order to better encapsulate trivy specific logic, remove CVE scanning logic from the graphql resolver. Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-09-28 21:39:54 +03:00
func EnableSearchExtension(config *config.Config, log log.Logger, storeController storage.StoreController) {
Added config enable=true/false for extensions with default value as enabled closes #258 Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-12-28 15:29:30 +02:00
if config.Extensions.Search != nil && *config.Extensions.Search.Enable && config.Extensions.Search.CVE != nil {
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
defaultUpdateInterval, _ := time.ParseDuration("2h")
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-06-08 23:11:18 +03:00
if config.Extensions.Search.CVE.UpdateInterval < defaultUpdateInterval {
config.Extensions.Search.CVE.UpdateInterval = defaultUpdateInterval
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
Fix problems signaled by new linter version v1.45.2 PR (linter: upgrade linter version #405) triggered lint job which failed with many errors generated by various linters. Configurations were added to golangcilint.yaml and several refactorings were made in order to improve the results of the linter. maintidx linter disabled Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-03-21 17:37:23 +00:00
log.Warn().Msg("CVE update interval set to too-short interval < 2h, changing update duration to 2 hours and continuing.") //nolint:lll // gofumpt conflicts with lll
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
}
Include image vulnerability information in ImageSummary (#798) Return this data as part of GlobalSearch and RepoListWithNewestImage query results. This commit also includes refactoring of the CVE scanning logic in order to better encapsulate trivy specific logic, remove CVE scanning logic from the graphql resolver. Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-09-28 21:39:54 +03:00
cveInfo = cveinfo.NewCVEInfo(storeController, log)
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
go func() {
Include image vulnerability information in ImageSummary (#798) Return this data as part of GlobalSearch and RepoListWithNewestImage query results. This commit also includes refactoring of the CVE scanning logic in order to better encapsulate trivy specific logic, remove CVE scanning logic from the graphql resolver. Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-09-28 21:39:54 +03:00
err := downloadTrivyDB(log, config.Extensions.Search.CVE.UpdateInterval)
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
if err != nil {
Add an 'enable' flag in the server configuration to enable gql-based searches "extensions": { "search": { "enable": true } }
2021-06-08 21:37:31 +03:00
log.Error().Err(err).Msg("error while downloading TrivyDB")
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
}
}()
} else {
build: increase wait timeout for travis bazel build process
2020-10-22 17:31:16 -07:00
log.Info().Msg("CVE config not provided, skipping CVE update")
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
}
Manage builds with different combinations of extensions Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:00:20 +03:00
}
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-06-08 23:11:18 +03:00
Include image vulnerability information in ImageSummary (#798) Return this data as part of GlobalSearch and RepoListWithNewestImage query results. This commit also includes refactoring of the CVE scanning logic in order to better encapsulate trivy specific logic, remove CVE scanning logic from the graphql resolver. Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-09-28 21:39:54 +03:00
func downloadTrivyDB(log log.Logger, updateInterval time.Duration) error {
Manage builds with different combinations of extensions Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:00:20 +03:00
for {
log.Info().Msg("updating the CVE database")
Changed sync behaviour, it used to copy images over http interface now it copies to a local cache and then it copies over storage APIs - accept all images with or without signatures - disable sync writing to stdout - added more logs - fixed switch statement in routes - fixed enabling sync multiple times for storage subpaths closes #266 Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-28 12:10:01 +03:00
Include image vulnerability information in ImageSummary (#798) Return this data as part of GlobalSearch and RepoListWithNewestImage query results. This commit also includes refactoring of the CVE scanning logic in order to better encapsulate trivy specific logic, remove CVE scanning logic from the graphql resolver. Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-09-28 21:39:54 +03:00
err := cveInfo.UpdateDB()
Manage builds with different combinations of extensions Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:00:20 +03:00
if err != nil {
return err
Changed sync behaviour, it used to copy images over http interface now it copies to a local cache and then it copies over storage APIs - accept all images with or without signatures - disable sync writing to stdout - added more logs - fixed switch statement in routes - fixed enabling sync multiple times for storage subpaths closes #266 Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-28 12:10:01 +03:00
}
Manage builds with different combinations of extensions Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:00:20 +03:00
log.Info().Str("DB update completed, next update scheduled after", updateInterval.String()).Msg("")
time.Sleep(updateInterval)
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-06-08 23:11:18 +03:00
}
build: add build tags to create customizable binaries
2020-10-14 14:47:20 -07:00
}
Manage builds with different combinations of extensions Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:00:20 +03:00
func SetupSearchRoutes(config *config.Config, router *mux.Router, storeController storage.StoreController,
Remove forking logger (#825) - no longer needed, the race conditions were fixed Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2022-09-29 23:28:39 +03:00
log log.Logger,
Manage builds with different combinations of extensions Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:00:20 +03:00
) {
log.Info().Msg("setting up search routes")
make scrub inline and periodic Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-03-04 09:37:06 +02:00
Manage builds with different combinations of extensions Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:00:20 +03:00
if config.Extensions.Search != nil && *config.Extensions.Search.Enable {
Update to graphql 1.17.13 We encountered some problems with using the existing folder structure, but it looks like running the tooling with the latest versions works after we regenerated the project using 'gql init' and refactoring to separate the login previously in resolvers.go. - the autogenerated code is now under the gql_generated folder - the file resolvers.go now contains only the code which is not rewritten by the gqlgen framework - the file schema.resolvers.go is rewritten when gqlgen runs, and we'll only keep there the actual resolvers matching query names Changes we observed to schema.resolvers.go when gqlgen runs include reordering methods, and renaming function parameters to match the names used in schema.graphql - we now have a gqlgen.yaml config file which governs the behavior of gqlgen (can be tweaked to restructure the folder structure of the generated code in the future) Looks like the new graphql server has better validation 1 Returns 422 instead of 200 for missing query string - had to update tests 2 Correctly uncovered an error in a test for a bad `%` in query string. As as result of 2, a `masked` bug was found in the way we check if images are signed with Notary, the signatures were reasched for with the media type of the image manifest itself instead of the media type for notation. Fixed this bug, and improved error messages. This bug would have also been reproducible with main branch if the bad `%` in the test would have fixed. Updated the linter to ignore some issues with the code which is always rewritten when running: `go run github.com/99designs/gqlgen@v0.17.13 generate` Add a workflow to test gqlgen works and has no uncommitted changes Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-15 11:10:51 +00:00
var resConfig gql_generated.Config
make scrub inline and periodic Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-03-04 09:37:06 +02:00
Manage builds with different combinations of extensions Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:00:20 +03:00
if config.Extensions.Search.CVE != nil {
Include image vulnerability information in ImageSummary (#798) Return this data as part of GlobalSearch and RepoListWithNewestImage query results. This commit also includes refactoring of the CVE scanning logic in order to better encapsulate trivy specific logic, remove CVE scanning logic from the graphql resolver. Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-09-28 21:39:54 +03:00
// cveinfo should already be initialized by this time
// as EnableSearchExtension is supposed to be called earlier, but let's be sure
if cveInfo == nil {
cveInfo = cveinfo.NewCVEInfo(storeController, log)
}
resConfig = search.GetResolverConfig(log, storeController, cveInfo)
fix periodic background tasks - gc and scrub Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-05-10 01:30:11 +03:00
} else {
Include image vulnerability information in ImageSummary (#798) Return this data as part of GlobalSearch and RepoListWithNewestImage query results. This commit also includes refactoring of the CVE scanning logic in order to better encapsulate trivy specific logic, remove CVE scanning logic from the graphql resolver. Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-09-28 21:39:54 +03:00
resConfig = search.GetResolverConfig(log, storeController, nil)
fix periodic background tasks - gc and scrub Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-05-10 01:30:11 +03:00
}
Manage builds with different combinations of extensions Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:00:20 +03:00
chore: rename search route prefix (#887) * chore: rename search route prefix * chore: use builtin time.Duration.Truncate() on latencies Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-19 06:46:06 +03:00
graphqlPrefix := router.PathPrefix(constants.FullSearchPrefix).Methods("OPTIONS", "GET", "POST")
graphql: Apply authorization on /_search endpoint - AccessControlContext now resides in a separate package from where it can be imported, along with the contextKey that will be used to set and retrieve this context value. - AccessControlContext has a new field called Username, that will be of use for future implementations in graphQL resolvers. - GlobalSearch resolver now uses this context to filter repos available to the logged user. - moved logic for uploading images in tests so that it can be used in every package - tests were added for multiple request scenarios, when zot-server requires authz on specific repos - added tests with injected errors for extended coverage - added tests for status code error injection utilities Closes https://github.com/project-zot/zot/issues/615 Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-08-16 11:57:09 +03:00
graphqlPrefix.Handler(gqlHandler.NewDefaultServer(gql_generated.NewExecutableSchema(resConfig)))
make scrub inline and periodic Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-03-04 09:37:06 +02:00
}
}
use zot as an extension name, ext as a component and search as a module add endpoints field in ext discover api distribution spec extension discover api has endpoints field required. https://github.com/opencontainers/distribution-spec/blob/main/extensions/_oci.md#extensions-property-descriptions Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-05-23 19:22:52 +00:00
func getExtension(name, url, description string, endpoints []string) distext.Extension {
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-02-24 12:31:36 -08:00
return distext.Extension{
Name: name,
URL: url,
Description: description,
use zot as an extension name, ext as a component and search as a module add endpoints field in ext discover api distribution spec extension discover api has endpoints field required. https://github.com/opencontainers/distribution-spec/blob/main/extensions/_oci.md#extensions-property-descriptions Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-05-23 19:22:52 +00:00
Endpoints: endpoints,
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-02-24 12:31:36 -08:00
}
}
func GetExtensions(config *config.Config) distext.ExtensionList {
extensionList := distext.ExtensionList{}
extensions := make([]distext.Extension, 0)
if config.Extensions != nil && config.Extensions.Search != nil {
chore: rename search route prefix (#887) * chore: rename search route prefix * chore: use builtin time.Duration.Truncate() on latencies Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-19 06:46:06 +03:00
endpoints := []string{constants.FullSearchPrefix}
fix extension endpoints Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-05-25 17:49:22 +00:00
searchExt := getExtension("_zot",
build: add commit hash to Config at build for proper discovery readme (#854) * build: add commit hash to Config at build for proper discovery readme link * fix: use tag instead of commit hash, add to release build Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-11 19:01:59 +03:00
"https://github.com/project-zot/zot/blob/"+config.ReleaseTag+"/pkg/extensions/_zot.md",
"zot registry extensions",
fix extension endpoints Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-05-25 17:49:22 +00:00
endpoints)
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-02-24 12:31:36 -08:00
extensions = append(extensions, searchExt)
}
extensionList.Extensions = extensions
return extensionList
}
Reference in a new issue Copy permalink