0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00

Merge pull request #62 from rchincha/compl

cli: deprecate "compliance" command
This commit is contained in:
Tycho Andersen 2020-01-16 17:46:47 -08:00 committed by GitHub
commit 10d8a8650f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 83 deletions

View file

@ -3,16 +3,17 @@
**zot** is a vendor-neutral OCI image repository server purely based on **zot** is a vendor-neutral OCI image repository server purely based on
[OCI Distribution Specification](https://github.com/opencontainers/distribution-spec). [OCI Distribution Specification](https://github.com/opencontainers/distribution-spec).
* Conforms to [OCI distribution spec](https://github.com/opencontainers/distribution-spec) APIs * Conforms to [OCI distribution spec](https://github.com/opencontainers/distribution-spec) APIs [![zot](https://github.com/bloodorangeio/oci-distribution-conformance-results/workflows/zot/badge.svg)](https://oci.bloodorange.io/results/report-zot.html) [![zot w. auth](https://github.com/bloodorangeio/oci-distribution-conformance-results/workflows/zot-auth/badge.svg)](https://oci.bloodorange.io/results/report-zot-auth.html)
* Uses [OCI storage layout](https://github.com/opencontainers/image-spec/blob/master/image-layout.md) for storage layout * Uses [OCI storage layout](https://github.com/opencontainers/image-spec/blob/master/image-layout.md) for storage layout
* Currently suitable for on-prem deployments (e.g. colocated with Kubernetes)
* TLS support * TLS support
* Authentication via TLS mutual authentication and HTTP *BASIC* (local _htpasswd_ and LDAP) * Authentication via TLS mutual authentication and HTTP *BASIC* (local _htpasswd_ and LDAP)
* Doesn't require _root_ privileges * Doesn't require _root_ privileges
* Swagger based documentation * Swagger based documentation
* Can run compliance checks against registries
* Released under Apache 2.0 License * Released under Apache 2.0 License
* ```go get -u github.com/anuvu/zot/cmd/zot``` * ```go get -u github.com/anuvu/zot/cmd/zot```
# Presentations # Presentations
* [OCI Weekly Discussion - Oct 2, 2019](https://hackmd.io/El8Dd2xrTlCaCG59ns5cwg#October-2-2019) * [OCI Weekly Discussion - Oct 2, 2019](https://hackmd.io/El8Dd2xrTlCaCG59ns5cwg#October-2-2019)
@ -53,40 +54,6 @@ bin/zot serve _config-file_
Examples of config files are available in [examples/](examples/) dir. Examples of config files are available in [examples/](examples/) dir.
# Compliance checks
```
bin/zot compliance -H hostIP -P port [-V "all"] [--json]
```
Compliance is important for the following reasons:
1. A standards-based client code can be implemented that can then interact with
compliant registries.
2. Customers benefit from the ability to move and locate their images across
compliant registries.
## Methodology
* A _positive_ compliance means the registry is compliant and meaningful work
can be accomplished when interacting with that registry.
* A _negative_ compliance means the registry is compliant, however, it only
returns errors that are compliant and no meaningful work can be performed when
interacting with that registry.
The focus of compliance tests is _positive_ compliance.
## Compliance Reports
Registry | Version Tested | Notes
---------|----------------|-------
zot | [v0.3.8](https://github.com/anuvu/zot/tree/v0.3.8) | <ul><li>[Mount Blob](https://github.com/opencontainers/distribution-spec/blob/master/spec.md#mount-blob) is not implemented contingent upon [Issue #51](https://github.com/anuvu/zot/issues/51)</li></ul>
docker | [v2.7.1](https://github.com/docker/distribution/releases/tag/v2.7.1) | <ul><li>[Patch Blob Upload](https://github.com/opencontainers/distribution-spec/blob/master/spec.md#patch-blob-upload) is not [implemented](https://github.com/docker/distribution/blob/master/registry/handlers/blobupload.go#L136)</li><li>Repository names cannot be mixed case due to [Issue #2771](https://github.com/docker/distribution/issues/2771)</li></ul>
quay | | TODO, [opensourced recently] (https://www.redhat.com/en/blog/red-hat-introduces-open-source-project-quay-container-registry)
# Ecosystem # Ecosystem
Since we couldn't find clients or client libraries that are stictly compliant to Since we couldn't find clients or client libraries that are stictly compliant to

View file

@ -1,20 +1,14 @@
package cli package cli
import ( import (
"os"
"testing"
"github.com/anuvu/zot/errors" "github.com/anuvu/zot/errors"
"github.com/anuvu/zot/pkg/api" "github.com/anuvu/zot/pkg/api"
"github.com/anuvu/zot/pkg/compliance"
"github.com/anuvu/zot/pkg/storage" "github.com/anuvu/zot/pkg/storage"
"github.com/mitchellh/mapstructure" "github.com/mitchellh/mapstructure"
dspec "github.com/opencontainers/distribution-spec" dspec "github.com/opencontainers/distribution-spec"
"github.com/rs/zerolog/log" "github.com/rs/zerolog/log"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/spf13/viper" "github.com/spf13/viper"
"github.com/anuvu/zot/pkg/compliance/v1_0_0"
) )
// metadataConfig reports metadata after parsing, which we use to track // metadataConfig reports metadata after parsing, which we use to track
@ -88,46 +82,6 @@ func NewRootCmd() *cobra.Command {
gcCmd.Flags().BoolVarP(&gcDryRun, "dry-run", "d", false, gcCmd.Flags().BoolVarP(&gcDryRun, "dry-run", "d", false,
"do everything except remove the blobs") "do everything except remove the blobs")
// "compliance"
complianceConfig := compliance.NewConfig()
complianceCmd := &cobra.Command{
Use: "compliance",
Aliases: []string{"co"},
Short: "`compliance` checks compliance with respect to OCI distribution-spec",
Long: "`compliance` checks compliance with respect to OCI distribution-spec",
Run: func(cmd *cobra.Command, args []string) {
t := &testing.T{}
switch complianceConfig.Version {
case "all":
fallthrough
default:
v1_0_0.CheckWorkflows(t, complianceConfig)
}
if t.Failed() {
os.Exit(1)
}
},
}
complianceCmd.Flags().StringVarP(&complianceConfig.Address, "address", "H", "",
"Registry server address")
if err := complianceCmd.MarkFlagRequired("address"); err != nil {
panic(err)
}
complianceCmd.Flags().StringVarP(&complianceConfig.Port, "port", "P", "",
"Registry server port")
if err := complianceCmd.MarkFlagRequired("port"); err != nil {
panic(err)
}
complianceCmd.Flags().StringVarP(&complianceConfig.Version, "version", "V", "all",
"OCI dist-spec version to check")
complianceCmd.Flags().BoolVarP(&complianceConfig.OutputJSON, "json", "j", false,
"output test results as JSON")
rootCmd := &cobra.Command{ rootCmd := &cobra.Command{
Use: "zot", Use: "zot",
Short: "`zot`", Short: "`zot`",
@ -142,7 +96,6 @@ func NewRootCmd() *cobra.Command {
rootCmd.AddCommand(serveCmd) rootCmd.AddCommand(serveCmd)
rootCmd.AddCommand(gcCmd) rootCmd.AddCommand(gcCmd)
rootCmd.AddCommand(complianceCmd)
rootCmd.Flags().BoolVarP(&showVersion, "version", "v", false, "show the version and exit") rootCmd.Flags().BoolVarP(&showVersion, "version", "v", false, "show the version and exit")
return rootCmd return rootCmd