From 792e82cbdfb218f13256ece73ecf9ee8c47438a1 Mon Sep 17 00:00:00 2001
From: Andrei Aaron <andaaron@cisco.com>
Date: Tue, 8 Jun 2021 21:37:31 +0300
Subject: [PATCH] Add an 'enable' flag in the server configuration to enable
 gql-based searches

    "extensions": {
        "search": {
            "enable": true
        }
    }
---
 examples/config-cve.json                    |  1 +
 examples/config-multiple-cve.json           |  1 +
 pkg/api/routes.go                           |  2 +-
 pkg/cli/cve_cmd_test.go                     |  3 +-
 pkg/cli/image_cmd_test.go                   |  2 +-
 pkg/extensions/config.go                    |  3 +-
 pkg/extensions/extensions.go                | 16 ++++---
 pkg/extensions/minimal.go                   |  2 +-
 pkg/extensions/search/cve/cve_test.go       |  3 +-
 pkg/extensions/search/digest/digest_test.go | 49 ++++++++++++++++++++-
 10 files changed, 69 insertions(+), 13 deletions(-)

diff --git a/examples/config-cve.json b/examples/config-cve.json
index 6e272a58..d55c6813 100644
--- a/examples/config-cve.json
+++ b/examples/config-cve.json
@@ -12,6 +12,7 @@
     },
     "extensions": {
         "search": {
+            "enable": true,
             "cve": {
                 "updateInterval": "24h"
             }
diff --git a/examples/config-multiple-cve.json b/examples/config-multiple-cve.json
index a1b55759..f3c58820 100644
--- a/examples/config-multiple-cve.json
+++ b/examples/config-multiple-cve.json
@@ -29,6 +29,7 @@
     },
     "extensions": {
         "search": {
+            "enable": true,
             "cve": {
                 "updateInterval": "24h"
             }
diff --git a/pkg/api/routes.go b/pkg/api/routes.go
index 2d35d8ab..48b56731 100644
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@@ -91,7 +91,7 @@ func (rh *RouteHandler) SetupRoutes() {
 	rh.c.Router.PathPrefix("/swagger/v2/").Methods("GET").Handler(httpSwagger.WrapHandler)
 	// Setup Extensions Routes
 	if rh.c.Config != nil && rh.c.Config.Extensions != nil {
-		ext.SetupRoutes(rh.c.Router, rh.c.StoreController, rh.c.Log)
+		ext.SetupRoutes(rh.c.Config.Extensions, rh.c.Router, rh.c.StoreController, rh.c.Log)
 	}
 }
 
diff --git a/pkg/cli/cve_cmd_test.go b/pkg/cli/cve_cmd_test.go
index 61450ce6..609a1785 100644
--- a/pkg/cli/cve_cmd_test.go
+++ b/pkg/cli/cve_cmd_test.go
@@ -308,7 +308,8 @@ func TestServerCVEResponse(t *testing.T) {
 		UpdateInterval: 2,
 	}
 	searchConfig := &ext.SearchConfig{
-		CVE: cveConfig,
+		CVE:    cveConfig,
+		Enable: true,
 	}
 	c.Config.Extensions = &ext.ExtensionConfig{
 		Search: searchConfig,
diff --git a/pkg/cli/image_cmd_test.go b/pkg/cli/image_cmd_test.go
index 98c2d66d..0cf1ebb4 100644
--- a/pkg/cli/image_cmd_test.go
+++ b/pkg/cli/image_cmd_test.go
@@ -287,7 +287,7 @@ func TestServerResponse(t *testing.T) {
 		config := api.NewConfig()
 		config.HTTP.Port = port
 		config.Extensions = &extensions.ExtensionConfig{
-			Search: &extensions.SearchConfig{},
+			Search: &extensions.SearchConfig{Enable: true},
 		}
 		c := api.NewController(config)
 		dir, err := ioutil.TempDir("", "oci-repo-test")
diff --git a/pkg/extensions/config.go b/pkg/extensions/config.go
index f01ba1e6..730b2e3e 100644
--- a/pkg/extensions/config.go
+++ b/pkg/extensions/config.go
@@ -8,7 +8,8 @@ type ExtensionConfig struct {
 
 type SearchConfig struct {
 	// CVE search
-	CVE *CVEConfig
+	CVE    *CVEConfig
+	Enable bool
 }
 
 type CVEConfig struct {
diff --git a/pkg/extensions/extensions.go b/pkg/extensions/extensions.go
index cc7436e9..ca357d89 100644
--- a/pkg/extensions/extensions.go
+++ b/pkg/extensions/extensions.go
@@ -33,7 +33,7 @@ func downloadTrivyDB(dbDir string, log log.Logger, updateInterval time.Duration)
 
 // EnableExtensions ...
 func EnableExtensions(extension *ExtensionConfig, log log.Logger, rootDir string) {
-	if extension.Search != nil && extension.Search.CVE != nil {
+	if extension.Search != nil && extension.Search.Enable && extension.Search.CVE != nil {
 		defaultUpdateInterval, _ := time.ParseDuration("2h")
 
 		if extension.Search.CVE.UpdateInterval < defaultUpdateInterval {
@@ -46,7 +46,7 @@ func EnableExtensions(extension *ExtensionConfig, log log.Logger, rootDir string
 			err := downloadTrivyDB(rootDir, log,
 				extension.Search.CVE.UpdateInterval)
 			if err != nil {
-				panic(err)
+				log.Error().Err(err).Msg("error while downloading TrivyDB")
 			}
 		}()
 	} else {
@@ -55,9 +55,13 @@ func EnableExtensions(extension *ExtensionConfig, log log.Logger, rootDir string
 }
 
 // SetupRoutes ...
-func SetupRoutes(router *mux.Router, storeController storage.StoreController, log log.Logger) {
+func SetupRoutes(extension *ExtensionConfig, router *mux.Router, storeController storage.StoreController,
+	log log.Logger) {
 	log.Info().Msg("setting up extensions routes")
-	resConfig := search.GetResolverConfig(log, storeController)
-	router.PathPrefix("/query").Methods("GET", "POST").
-		Handler(gqlHandler.NewDefaultServer(search.NewExecutableSchema(resConfig)))
+
+	if extension.Search != nil && extension.Search.Enable {
+		resConfig := search.GetResolverConfig(log, storeController)
+		router.PathPrefix("/query").Methods("GET", "POST").
+			Handler(gqlHandler.NewDefaultServer(search.NewExecutableSchema(resConfig)))
+	}
 }
diff --git a/pkg/extensions/minimal.go b/pkg/extensions/minimal.go
index 257d727b..2101f978 100644
--- a/pkg/extensions/minimal.go
+++ b/pkg/extensions/minimal.go
@@ -21,6 +21,6 @@ func EnableExtensions(extension *ExtensionConfig, log log.Logger, rootDir string
 }
 
 // SetupRoutes ...
-func SetupRoutes(router *mux.Router, storeController storage.StoreController, log log.Logger) {
+func SetupRoutes(extension *ExtensionConfig, router *mux.Router, storeController storage.StoreController, log log.Logger) {
 	log.Warn().Msg("skipping setting up extensions routes because given zot binary doesn't support any extensions, please build zot full binary for this feature")
 }
diff --git a/pkg/extensions/search/cve/cve_test.go b/pkg/extensions/search/cve/cve_test.go
index 50f8e4c8..e1bfab37 100644
--- a/pkg/extensions/search/cve/cve_test.go
+++ b/pkg/extensions/search/cve/cve_test.go
@@ -547,7 +547,8 @@ func TestCVESearch(t *testing.T) {
 			UpdateInterval: updateDuration,
 		}
 		searchConfig := &ext.SearchConfig{
-			CVE: cveConfig,
+			CVE:    cveConfig,
+			Enable: true,
 		}
 		c.Config.Extensions = &ext.ExtensionConfig{
 			Search: searchConfig,
diff --git a/pkg/extensions/search/digest/digest_test.go b/pkg/extensions/search/digest/digest_test.go
index 5198efea..f9fc67be 100644
--- a/pkg/extensions/search/digest/digest_test.go
+++ b/pkg/extensions/search/digest/digest_test.go
@@ -169,7 +169,7 @@ func TestDigestSearchHTTP(t *testing.T) {
 		config.HTTP.Port = Port1
 		config.Storage.RootDirectory = rootDir
 		config.Extensions = &ext.ExtensionConfig{
-			Search: &ext.SearchConfig{},
+			Search: &ext.SearchConfig{Enable: true},
 		}
 
 		c := api.NewController(config)
@@ -288,3 +288,50 @@ func TestDigestSearchHTTP(t *testing.T) {
 		So(len(responseStruct.Errors), ShouldEqual, 1)
 	})
 }
+
+func TestDigestSearchDisabled(t *testing.T) {
+	Convey("Test disabling image search", t, func() {
+		dir, err := ioutil.TempDir("", "digest_test")
+		So(err, ShouldBeNil)
+		config := api.NewConfig()
+		config.HTTP.Port = Port1
+		config.Storage.RootDirectory = dir
+		config.Extensions = &ext.ExtensionConfig{
+			Search: &ext.SearchConfig{Enable: false},
+		}
+
+		c := api.NewController(config)
+
+		go func() {
+			// this blocks
+			if err := c.Run(); err != nil {
+				return
+			}
+		}()
+
+		// wait till ready
+		for {
+			_, err := resty.R().Get(BaseURL1)
+			if err == nil {
+				break
+			}
+			time.Sleep(100 * time.Millisecond)
+		}
+
+		// shut down server
+		defer func() {
+			ctx := context.Background()
+			_ = c.Server.Shutdown(ctx)
+		}()
+
+		resp, err := resty.R().Get(BaseURL1 + "/v2/")
+		So(resp, ShouldNotBeNil)
+		So(err, ShouldBeNil)
+		So(resp.StatusCode(), ShouldEqual, 200)
+
+		resp, err = resty.R().Get(BaseURL1 + "/query")
+		So(resp, ShouldNotBeNil)
+		So(err, ShouldBeNil)
+		So(resp.StatusCode(), ShouldEqual, 404)
+	})
+}