From 7ce5a74598940cbfbf41843690c2c2956f1a56cb Mon Sep 17 00:00:00 2001 From: Andrei Aaron Date: Fri, 20 Oct 2023 15:30:56 +0300 Subject: [PATCH] feat: use the "zot" namespace for the authentication url (#1947) Some other minor fixes for swaggo comments (indentation and a bad description) Signed-off-by: Andrei Aaron --- Makefile | 2 +- examples/README.md | 26 +-- pkg/api/constants/consts.go | 9 +- pkg/api/routes.go | 102 ++++++------ swagger/docs.go | 302 +++++++++++++++++----------------- swagger/swagger.json | 302 +++++++++++++++++----------------- swagger/swagger.yaml | 202 +++++++++++------------ test/blackbox/cloud_only.bats | 4 +- test/dex/config-dev.yaml | 2 +- 9 files changed, 476 insertions(+), 475 deletions(-) diff --git a/Makefile b/Makefile index c14fe89a..bac013ab 100644 --- a/Makefile +++ b/Makefile @@ -24,7 +24,7 @@ CRICTL := $(TOOLSDIR)/bin/crictl CRICTL_VERSION := v1.26.1 ACTION_VALIDATOR := $(TOOLSDIR)/bin/action-validator ACTION_VALIDATOR_VERSION := v0.5.3 -ZUI_VERSION := commit-19e366e +ZUI_VERSION := commit-fad5572 SWAGGER_VERSION := v1.8.12 STACKER := $(TOOLSDIR)/bin/stacker BATS := $(TOOLSDIR)/bin/bats diff --git a/examples/README.md b/examples/README.md index eebe14a5..2cf41bc9 100644 --- a/examples/README.md +++ b/examples/README.md @@ -209,13 +209,13 @@ zot can be configured to use the above providers with: } ``` -To login with either provider use http://127.0.0.1:8080/auth/login?provider=\&callback_ui=http://127.0.0.1:8080/home -for example to login with github use http://127.0.0.1:8080/auth/login?provider=github&callback_ui=http://127.0.0.1:8080/home +To login with either provider use http://127.0.0.1:8080/zot/auth/login?provider=\&callback_ui=http://127.0.0.1:8080/home +for example to login with github use http://127.0.0.1:8080/zot/auth/login?provider=github&callback_ui=http://127.0.0.1:8080/home callback_ui query parameter is used by zot to redirect to UI after a successful openid/oauth2 authentication -The callback url which should be used when making oauth2 provider setup is http://127.0.0.1:8080/auth/callback/\ -for example github callback url would be http://127.0.0.1:8080/auth/callback/github +The callback url which should be used when making oauth2 provider setup is http://127.0.0.1:8080/zot/auth/callback/\ +for example github callback url would be http://127.0.0.1:8080/zot/auth/callback/github If network policy doesn't allow inbound connections, this callback wont work! @@ -228,7 +228,7 @@ To configure zot as a client in dex (assuming zot is hosted at 127.0.0.1:8080), staticClients: - id: zot-client redirectURIs: - - 'http://127.0.0.1:8080/auth/callback/oidc' + - 'http://127.0.0.1:8080/zot/auth/callback/oidc' name: 'zot' secret: ZXhhbXBsZS1hcHAtc2VjcmV0 ``` @@ -254,7 +254,7 @@ zot can be configured to use dex with: } ``` -To login using openid dex provider use http://127.0.0.1:8080/auth/login?provider=oidc +To login using openid dex provider use http://127.0.0.1:8080/zot/auth/login?provider=oidc NOTE: Social login is not supported by command line tools, or other software responsible for pushing/pulling images to/from zot. @@ -323,14 +323,14 @@ To activate API keys use: Create an API key for the current user using the REST API -**Usage**: POST /auth/apikey +**Usage**: POST /zot/auth/apikey **Produces**: application/json **Sample input**: ``` -POST /auth/apikey +POST /zot/auth/apikey Body: {"label": "git", "scopes": ["repo1", "repo2"], "expirationDate": "2023-08-28T17:10:05+03:00"}' ``` @@ -339,7 +339,7 @@ The time format of expirationDate is RFC1123Z. **Example cURL without expiration date** ```bash -curl -u user:password -X POST http://localhost:8080/auth/apikey -d '{"label": "git", "scopes": ["repo1", "repo2"]}' +curl -u user:password -X POST http://localhost:8080/zot/auth/apikey -d '{"label": "git", "scopes": ["repo1", "repo2"]}' ``` **Sample output**: @@ -365,7 +365,7 @@ curl -u user:password -X POST http://localhost:8080/auth/apikey -d '{"label": "g **Example cURL with expiration date** ```bash -curl -u user:password -X POST http://localhost:8080/auth/apikey -d '{"label": "myAPIKEY", "expirationDate": "2023-08-28T17:10:05+03:00"}' +curl -u user:password -X POST http://localhost:8080/zot/auth/apikey -d '{"label": "myAPIKEY", "expirationDate": "2023-08-28T17:10:05+03:00"}' ``` **Sample output**: @@ -389,7 +389,7 @@ curl -u user:password -X POST http://localhost:8080/auth/apikey -d '{"label": "m Get list of API keys for the current user using the REST API -**Usage**: GET /auth/apikey +**Usage**: GET /zot/auth/apikey **Produces**: application/json @@ -448,14 +448,14 @@ Other command line tools will similarly accept the API key instead of a password How to revoke an API key for the current user -**Usage**: DELETE /auth/apikey?id=$uuid +**Usage**: DELETE /zot/auth/apikey?id=$uuid **Produces**: application/json **Example cURL** ```bash -curl -u user:password -X DELETE http://localhost:8080/v2/auth/apikey?id=46a45ce7-5d92-498a-a9cb-9654b1da3da1 +curl -u user:password -X DELETE http://localhost:8080/zot/auth/apikey?id=46a45ce7-5d92-498a-a9cb-9654b1da3da1 ``` #### Authentication Failures diff --git a/pkg/api/constants/consts.go b/pkg/api/constants/consts.go index 93202eff..7f9e9a2c 100644 --- a/pkg/api/constants/consts.go +++ b/pkg/api/constants/consts.go @@ -14,10 +14,11 @@ const ( DefaultMediaType = "application/json" BinaryMediaType = "application/octet-stream" DefaultMetricsExtensionRoute = "/metrics" - CallbackBasePath = "/auth/callback" - LoginPath = "/auth/login" - LogoutPath = "/auth/logout" - APIKeyPath = "/auth/apikey" //nolint: gosec + AppNamespacePath = "/zot" + CallbackBasePath = AppNamespacePath + "/auth/callback" + LoginPath = AppNamespacePath + "/auth/login" + LogoutPath = AppNamespacePath + "/auth/logout" + APIKeyPath = AppNamespacePath + "/auth/apikey" SessionClientHeaderName = "X-ZOT-API-CLIENT" SessionClientHeaderValue = "zot-ui" APIKeysPrefix = "zak_" diff --git a/pkg/api/routes.go b/pkg/api/routes.go index 6cd5d9a7..9272da45 100644 --- a/pkg/api/routes.go +++ b/pkg/api/routes.go @@ -226,10 +226,10 @@ func getUIHeadersHandler(config *config.Config, allowedMethods ...string) func(h // CheckVersionSupport godoc // @Summary Check API support // @Description Check if this API version is supported -// @Router /v2/ [get] +// @Router /v2/ [get] // @Accept json // @Produce json -// @Success 200 {string} string "ok". +// @Success 200 {string} string "ok". func (rh *RouteHandler) CheckVersionSupport(response http.ResponseWriter, request *http.Request) { if request.Method == http.MethodOptions { return @@ -255,15 +255,15 @@ func (rh *RouteHandler) CheckVersionSupport(response http.ResponseWriter, reques // ListTags godoc // @Summary List image tags // @Description List all image tags in a repository -// @Router /v2/{name}/tags/list [get] +// @Router /v2/{name}/tags/list [get] // @Accept json // @Produce json -// @Param name path string true "test" -// @Param n query integer true "limit entries for pagination" -// @Param last query string true "last tag value for pagination" -// @Success 200 {object} common.ImageTags -// @Failure 404 {string} string "not found" -// @Failure 400 {string} string "bad request". +// @Param name path string true "repository name" +// @Param n query integer true "limit entries for pagination" +// @Param last query string true "last tag value for pagination" +// @Success 200 {object} common.ImageTags +// @Failure 404 {string} string "not found" +// @Failure 400 {string} string "bad request". func (rh *RouteHandler) ListTags(response http.ResponseWriter, request *http.Request) { if request.Method == http.MethodOptions { return @@ -389,12 +389,12 @@ func (rh *RouteHandler) ListTags(response http.ResponseWriter, request *http.Req // CheckManifest godoc // @Summary Check image manifest // @Description Check an image's manifest given a reference or a digest -// @Router /v2/{name}/manifests/{reference} [head] +// @Router /v2/{name}/manifests/{reference} [head] // @Accept json // @Produce json -// @Param name path string true "repository name" +// @Param name path string true "repository name" // @Param reference path string true "image reference or digest" -// @Success 200 {string} string "ok" +// @Success 200 {string} string "ok" // @Header 200 {object} constants.DistContentDigestKey // @Failure 404 {string} string "not found" // @Failure 500 {string} string "internal server error". @@ -461,9 +461,9 @@ type ExtensionList struct { // @Description Get an image's manifest given a reference or a digest // @Accept json // @Produce application/vnd.oci.image.manifest.v1+json -// @Param name path string true "repository name" -// @Param reference path string true "image reference or digest" -// @Success 200 {object} api.ImageManifest +// @Param name path string true "repository name" +// @Param reference path string true "image reference or digest" +// @Success 200 {object} api.ImageManifest // @Header 200 {object} constants.DistContentDigestKey // @Failure 404 {string} string "not found" // @Failure 500 {string} string "internal server error" @@ -562,10 +562,10 @@ func getReferrers(ctx context.Context, routeHandler *RouteHandler, // @Description Get referrers given a digest // @Accept json // @Produce application/vnd.oci.image.index.v1+json -// @Param name path string true "repository name" +// @Param name path string true "repository name" // @Param digest path string true "digest" // @Param artifactType query string false "artifact type" -// @Success 200 {object} api.ImageIndex +// @Success 200 {object} api.ImageIndex // @Failure 404 {string} string "not found" // @Failure 500 {string} string "internal server error" // @Router /v2/{name}/referrers/{digest} [get]. @@ -633,10 +633,10 @@ func (rh *RouteHandler) GetReferrers(response http.ResponseWriter, request *http // @Description Update an image's manifest given a reference or a digest // @Accept json // @Produce json -// @Param name path string true "repository name" -// @Param reference path string true "image reference or digest" +// @Param name path string true "repository name" +// @Param reference path string true "image reference or digest" // @Header 201 {object} constants.DistContentDigestKey -// @Success 201 {string} string "created" +// @Success 201 {string} string "created" // @Failure 400 {string} string "bad request" // @Failure 404 {string} string "not found" // @Failure 500 {string} string "internal server error" @@ -744,9 +744,9 @@ func (rh *RouteHandler) UpdateManifest(response http.ResponseWriter, request *ht // @Description Delete an image's manifest given a reference or a digest // @Accept json // @Produce json -// @Param name path string true "repository name" +// @Param name path string true "repository name" // @Param reference path string true "image reference or digest" -// @Success 200 {string} string "ok" +// @Success 200 {string} string "ok" // @Router /v2/{name}/manifests/{reference} [delete]. func (rh *RouteHandler) DeleteManifest(response http.ResponseWriter, request *http.Request) { vars := mux.Vars(request) @@ -853,8 +853,8 @@ func (rh *RouteHandler) DeleteManifest(response http.ResponseWriter, request *ht // @Description Check an image's blob/layer given a digest // @Accept json // @Produce json -// @Param name path string true "repository name" -// @Param digest path string true "blob/layer digest" +// @Param name path string true "repository name" +// @Param digest path string true "blob/layer digest" // @Success 200 {object} api.ImageManifest // @Header 200 {object} constants.DistContentDigestKey // @Router /v2/{name}/blobs/{digest} [head]. @@ -967,8 +967,8 @@ func parseRangeHeader(contentRange string) (int64, int64, error) { // @Description Get an image's blob/layer given a digest // @Accept json // @Produce application/vnd.oci.image.layer.v1.tar+gzip -// @Param name path string true "repository name" -// @Param digest path string true "blob/layer digest" +// @Param name path string true "repository name" +// @Param digest path string true "blob/layer digest" // @Header 200 {object} constants.DistContentDigestKey // @Success 200 {object} api.ImageManifest // @Router /v2/{name}/blobs/{digest} [get]. @@ -1077,8 +1077,8 @@ func (rh *RouteHandler) GetBlob(response http.ResponseWriter, request *http.Requ // @Description Delete an image's blob/layer given a digest // @Accept json // @Produce json -// @Param name path string true "repository name" -// @Param digest path string true "blob/layer digest" +// @Param name path string true "repository name" +// @Param digest path string true "blob/layer digest" // @Success 202 {string} string "accepted" // @Router /v2/{name}/blobs/{digest} [delete]. func (rh *RouteHandler) DeleteBlob(response http.ResponseWriter, request *http.Request) { @@ -1137,8 +1137,8 @@ func (rh *RouteHandler) DeleteBlob(response http.ResponseWriter, request *http.R // @Description Create a new image blob/layer upload // @Accept json // @Produce json -// @Param name path string true "repository name" -// @Success 202 {string} string "accepted" +// @Param name path string true "repository name" +// @Success 202 {string} string "accepted" // @Header 202 {string} Location "/v2/{name}/blobs/uploads/{session_id}" // @Header 202 {string} Range "0-0" // @Failure 401 {string} string "unauthorized" @@ -1292,8 +1292,8 @@ func (rh *RouteHandler) CreateBlobUpload(response http.ResponseWriter, request * // @Description Get an image's blob/layer upload given a session_id // @Accept json // @Produce json -// @Param name path string true "repository name" -// @Param session_id path string true "upload session_id" +// @Param name path string true "repository name" +// @Param session_id path string true "upload session_id" // @Success 204 {string} string "no content" // @Header 202 {string} Location "/v2/{name}/blobs/uploads/{session_id}" // @Header 202 {string} Range "0-128" @@ -1353,9 +1353,9 @@ func (rh *RouteHandler) GetBlobUpload(response http.ResponseWriter, request *htt // @Description Resume an image's blob/layer upload given an session_id // @Accept json // @Produce json -// @Param name path string true "repository name" -// @Param session_id path string true "upload session_id" -// @Success 202 {string} string "accepted" +// @Param name path string true "repository name" +// @Param session_id path string true "upload session_id" +// @Success 202 {string} string "accepted" // @Header 202 {string} Location "/v2/{name}/blobs/uploads/{session_id}" // @Header 202 {string} Range "0-128" // @Header 200 {object} api.BlobUploadUUID @@ -1452,10 +1452,10 @@ func (rh *RouteHandler) PatchBlobUpload(response http.ResponseWriter, request *h // @Description Update and finish an image's blob/layer upload given a digest // @Accept json // @Produce json -// @Param name path string true "repository name" -// @Param session_id path string true "upload session_id" -// @Param digest query string true "blob/layer digest" -// @Success 201 {string} string "created" +// @Param name path string true "repository name" +// @Param session_id path string true "upload session_id" +// @Param digest query string true "blob/layer digest" +// @Success 201 {string} string "created" // @Header 202 {string} Location "/v2/{name}/blobs/uploads/{digest}" // @Header 200 {object} constants.DistContentDigestKey // @Failure 404 {string} string "not found" @@ -1610,8 +1610,8 @@ finish: // @Description Delete an image's blob/layer given a digest // @Accept json // @Produce json -// @Param name path string true "repository name" -// @Param session_id path string true "upload session_id" +// @Param name path string true "repository name" +// @Param session_id path string true "upload session_id" // @Success 200 {string} string "ok" // @Failure 404 {string} string "not found" // @Failure 500 {string} string "internal server error" @@ -1665,7 +1665,7 @@ type RepositoryList struct { // @Description List all image repositories // @Accept json // @Produce json -// @Success 200 {object} api.RepositoryList +// @Success 200 {object} api.RepositoryList // @Failure 500 {string} string "internal server error" // @Router /v2/_catalog [get]. func (rh *RouteHandler) ListRepositories(response http.ResponseWriter, request *http.Request) { @@ -1729,7 +1729,7 @@ func (rh *RouteHandler) ListRepositories(response http.ResponseWriter, request * // @Description List all extensions present on registry // @Accept json // @Produce json -// @Success 200 {object} api.ExtensionList +// @Success 200 {object} api.ExtensionList // @Router /v2/_oci/ext/discover [get]. func (rh *RouteHandler) ListExtensions(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodOptions { @@ -1746,10 +1746,10 @@ func (rh *RouteHandler) ListExtensions(w http.ResponseWriter, r *http.Request) { // Logout godoc // @Summary Logout by removing current session // @Description Logout by removing current session -// @Router /auth/logout [post] +// @Router /zot/auth/logout [post] // @Accept json // @Produce json -// @Success 200 {string} string "ok". +// @Success 200 {string} string "ok". // @Failure 500 {string} string "internal server error". func (rh *RouteHandler) Logout(response http.ResponseWriter, request *http.Request) { if request.Method == http.MethodOptions { @@ -1958,9 +1958,9 @@ type ReferenceList struct { // @Description Get references for an image given a digest and artifact type // @Accept json // @Produce json -// @Param name path string true "repository name" -// @Param digest path string true "image digest" -// @Param artifactType query string true "artifact type" +// @Param name path string true "repository name" +// @Param digest path string true "image digest" +// @Param artifactType query string true "artifact type" // @Success 200 {string} string "ok" // @Failure 404 {string} string "not found" // @Failure 500 {string} string "internal server error" @@ -2035,7 +2035,7 @@ type APIKeyPayload struct { //nolint:revive // @Success 200 {string} string "ok" // @Failure 401 {string} string "unauthorized" // @Failure 500 {string} string "internal server error" -// @Router /auth/apikey [get]. +// @Router /zot/auth/apikey [get]. func (rh *RouteHandler) GetAPIKeys(resp http.ResponseWriter, req *http.Request) { apiKeys, err := rh.c.MetaDB.GetUserAPIKeys(req.Context()) if err != nil { @@ -2077,7 +2077,7 @@ func (rh *RouteHandler) GetAPIKeys(resp http.ResponseWriter, req *http.Request) // @Failure 400 {string} string "bad request" // @Failure 401 {string} string "unauthorized" // @Failure 500 {string} string "internal server error" -// @Router /auth/apikey [post]. +// @Router /zot/auth/apikey [post]. func (rh *RouteHandler) CreateAPIKey(resp http.ResponseWriter, req *http.Request) { var payload APIKeyPayload @@ -2178,7 +2178,7 @@ func (rh *RouteHandler) CreateAPIKey(resp http.ResponseWriter, req *http.Request // @Failure 500 {string} string "internal server error" // @Failure 401 {string} string "unauthorized" // @Failure 400 {string} string "bad request" -// @Router /auth/apikey [delete]. +// @Router /zot/auth/apikey [delete]. func (rh *RouteHandler) RevokeAPIKey(resp http.ResponseWriter, req *http.Request) { ids, ok := req.URL.Query()["id"] if !ok || len(ids) != 1 { diff --git a/swagger/docs.go b/swagger/docs.go index a53de872..fbc20677 100644 --- a/swagger/docs.go +++ b/swagger/docs.go @@ -20,156 +20,6 @@ const docTemplate = `{ "host": "{{.Host}}", "basePath": "{{.BasePath}}", "paths": { - "/auth/apikey": { - "get": { - "description": "Get list of all API keys for a logged in user", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "summary": "Get list of API keys for the current user", - "responses": { - "200": { - "description": "ok", - "schema": { - "type": "string" - } - }, - "401": { - "description": "unauthorized", - "schema": { - "type": "string" - } - }, - "500": { - "description": "internal server error", - "schema": { - "type": "string" - } - } - } - }, - "post": { - "description": "Can create an api key for a logged in user, based on the provided label and scopes.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "summary": "Create an API key for the current user", - "parameters": [ - { - "description": "api token id (UUID)", - "name": "id", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/api.APIKeyPayload" - } - } - ], - "responses": { - "201": { - "description": "created", - "schema": { - "type": "string" - } - }, - "400": { - "description": "bad request", - "schema": { - "type": "string" - } - }, - "401": { - "description": "unauthorized", - "schema": { - "type": "string" - } - }, - "500": { - "description": "internal server error", - "schema": { - "type": "string" - } - } - } - }, - "delete": { - "description": "Revokes one current user API key based on given key ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "summary": "Revokes one current user API key", - "parameters": [ - { - "type": "string", - "description": "api token id (UUID)", - "name": "id", - "in": "query", - "required": true - } - ], - "responses": { - "200": { - "description": "ok", - "schema": { - "type": "string" - } - }, - "400": { - "description": "bad request", - "schema": { - "type": "string" - } - }, - "401": { - "description": "unauthorized", - "schema": { - "type": "string" - } - }, - "500": { - "description": "internal server error", - "schema": { - "type": "string" - } - } - } - } - }, - "/auth/logout": { - "post": { - "description": "Logout by removing current session", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "summary": "Logout by removing current session", - "responses": { - "200": { - "description": "ok\".", - "schema": { - "type": "string" - } - }, - "500": { - "description": "internal server error\".", - "schema": { - "type": "string" - } - } - } - } - }, "/oras/artifacts/v1/{name}/manifests/{digest}/referrers": { "get": { "description": "Get references for an image given a digest and artifact type", @@ -1122,7 +972,7 @@ const docTemplate = `{ "parameters": [ { "type": "string", - "description": "test", + "description": "repository name", "name": "name", "in": "path", "required": true @@ -1163,6 +1013,156 @@ const docTemplate = `{ } } } + }, + "/zot/auth/apikey": { + "get": { + "description": "Get list of all API keys for a logged in user", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Get list of API keys for the current user", + "responses": { + "200": { + "description": "ok", + "schema": { + "type": "string" + } + }, + "401": { + "description": "unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "internal server error", + "schema": { + "type": "string" + } + } + } + }, + "post": { + "description": "Can create an api key for a logged in user, based on the provided label and scopes.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Create an API key for the current user", + "parameters": [ + { + "description": "api token id (UUID)", + "name": "id", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/api.APIKeyPayload" + } + } + ], + "responses": { + "201": { + "description": "created", + "schema": { + "type": "string" + } + }, + "400": { + "description": "bad request", + "schema": { + "type": "string" + } + }, + "401": { + "description": "unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "internal server error", + "schema": { + "type": "string" + } + } + } + }, + "delete": { + "description": "Revokes one current user API key based on given key ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Revokes one current user API key", + "parameters": [ + { + "type": "string", + "description": "api token id (UUID)", + "name": "id", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "ok", + "schema": { + "type": "string" + } + }, + "400": { + "description": "bad request", + "schema": { + "type": "string" + } + }, + "401": { + "description": "unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "internal server error", + "schema": { + "type": "string" + } + } + } + } + }, + "/zot/auth/logout": { + "post": { + "description": "Logout by removing current session", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Logout by removing current session", + "responses": { + "200": { + "description": "ok\".", + "schema": { + "type": "string" + } + }, + "500": { + "description": "internal server error\".", + "schema": { + "type": "string" + } + } + } + } } }, "definitions": { diff --git a/swagger/swagger.json b/swagger/swagger.json index f8a7d0ed..50e77cbc 100644 --- a/swagger/swagger.json +++ b/swagger/swagger.json @@ -11,156 +11,6 @@ "version": "v1.1.0-dev" }, "paths": { - "/auth/apikey": { - "get": { - "description": "Get list of all API keys for a logged in user", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "summary": "Get list of API keys for the current user", - "responses": { - "200": { - "description": "ok", - "schema": { - "type": "string" - } - }, - "401": { - "description": "unauthorized", - "schema": { - "type": "string" - } - }, - "500": { - "description": "internal server error", - "schema": { - "type": "string" - } - } - } - }, - "post": { - "description": "Can create an api key for a logged in user, based on the provided label and scopes.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "summary": "Create an API key for the current user", - "parameters": [ - { - "description": "api token id (UUID)", - "name": "id", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/api.APIKeyPayload" - } - } - ], - "responses": { - "201": { - "description": "created", - "schema": { - "type": "string" - } - }, - "400": { - "description": "bad request", - "schema": { - "type": "string" - } - }, - "401": { - "description": "unauthorized", - "schema": { - "type": "string" - } - }, - "500": { - "description": "internal server error", - "schema": { - "type": "string" - } - } - } - }, - "delete": { - "description": "Revokes one current user API key based on given key ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "summary": "Revokes one current user API key", - "parameters": [ - { - "type": "string", - "description": "api token id (UUID)", - "name": "id", - "in": "query", - "required": true - } - ], - "responses": { - "200": { - "description": "ok", - "schema": { - "type": "string" - } - }, - "400": { - "description": "bad request", - "schema": { - "type": "string" - } - }, - "401": { - "description": "unauthorized", - "schema": { - "type": "string" - } - }, - "500": { - "description": "internal server error", - "schema": { - "type": "string" - } - } - } - } - }, - "/auth/logout": { - "post": { - "description": "Logout by removing current session", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "summary": "Logout by removing current session", - "responses": { - "200": { - "description": "ok\".", - "schema": { - "type": "string" - } - }, - "500": { - "description": "internal server error\".", - "schema": { - "type": "string" - } - } - } - } - }, "/oras/artifacts/v1/{name}/manifests/{digest}/referrers": { "get": { "description": "Get references for an image given a digest and artifact type", @@ -1113,7 +963,7 @@ "parameters": [ { "type": "string", - "description": "test", + "description": "repository name", "name": "name", "in": "path", "required": true @@ -1154,6 +1004,156 @@ } } } + }, + "/zot/auth/apikey": { + "get": { + "description": "Get list of all API keys for a logged in user", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Get list of API keys for the current user", + "responses": { + "200": { + "description": "ok", + "schema": { + "type": "string" + } + }, + "401": { + "description": "unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "internal server error", + "schema": { + "type": "string" + } + } + } + }, + "post": { + "description": "Can create an api key for a logged in user, based on the provided label and scopes.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Create an API key for the current user", + "parameters": [ + { + "description": "api token id (UUID)", + "name": "id", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/api.APIKeyPayload" + } + } + ], + "responses": { + "201": { + "description": "created", + "schema": { + "type": "string" + } + }, + "400": { + "description": "bad request", + "schema": { + "type": "string" + } + }, + "401": { + "description": "unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "internal server error", + "schema": { + "type": "string" + } + } + } + }, + "delete": { + "description": "Revokes one current user API key based on given key ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Revokes one current user API key", + "parameters": [ + { + "type": "string", + "description": "api token id (UUID)", + "name": "id", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "ok", + "schema": { + "type": "string" + } + }, + "400": { + "description": "bad request", + "schema": { + "type": "string" + } + }, + "401": { + "description": "unauthorized", + "schema": { + "type": "string" + } + }, + "500": { + "description": "internal server error", + "schema": { + "type": "string" + } + } + } + } + }, + "/zot/auth/logout": { + "post": { + "description": "Logout by removing current session", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Logout by removing current session", + "responses": { + "200": { + "description": "ok\".", + "schema": { + "type": "string" + } + }, + "500": { + "description": "internal server error\".", + "schema": { + "type": "string" + } + } + } + } } }, "definitions": { diff --git a/swagger/swagger.yaml b/swagger/swagger.yaml index e97f9d70..c0d0a465 100644 --- a/swagger/swagger.yaml +++ b/swagger/swagger.yaml @@ -241,106 +241,6 @@ info: title: Open Container Initiative Distribution Specification version: v1.1.0-dev paths: - /auth/apikey: - delete: - consumes: - - application/json - description: Revokes one current user API key based on given key ID - parameters: - - description: api token id (UUID) - in: query - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: ok - schema: - type: string - "400": - description: bad request - schema: - type: string - "401": - description: unauthorized - schema: - type: string - "500": - description: internal server error - schema: - type: string - summary: Revokes one current user API key - get: - consumes: - - application/json - description: Get list of all API keys for a logged in user - produces: - - application/json - responses: - "200": - description: ok - schema: - type: string - "401": - description: unauthorized - schema: - type: string - "500": - description: internal server error - schema: - type: string - summary: Get list of API keys for the current user - post: - consumes: - - application/json - description: Can create an api key for a logged in user, based on the provided - label and scopes. - parameters: - - description: api token id (UUID) - in: body - name: id - required: true - schema: - $ref: '#/definitions/api.APIKeyPayload' - produces: - - application/json - responses: - "201": - description: created - schema: - type: string - "400": - description: bad request - schema: - type: string - "401": - description: unauthorized - schema: - type: string - "500": - description: internal server error - schema: - type: string - summary: Create an API key for the current user - /auth/logout: - post: - consumes: - - application/json - description: Logout by removing current session - produces: - - application/json - responses: - "200": - description: ok". - schema: - type: string - "500": - description: internal server error". - schema: - type: string - summary: Logout by removing current session /oras/artifacts/v1/{name}/manifests/{digest}/referrers: get: consumes: @@ -973,7 +873,7 @@ paths: - application/json description: List all image tags in a repository parameters: - - description: test + - description: repository name in: path name: name required: true @@ -1004,4 +904,104 @@ paths: schema: type: string summary: List image tags + /zot/auth/apikey: + delete: + consumes: + - application/json + description: Revokes one current user API key based on given key ID + parameters: + - description: api token id (UUID) + in: query + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: ok + schema: + type: string + "400": + description: bad request + schema: + type: string + "401": + description: unauthorized + schema: + type: string + "500": + description: internal server error + schema: + type: string + summary: Revokes one current user API key + get: + consumes: + - application/json + description: Get list of all API keys for a logged in user + produces: + - application/json + responses: + "200": + description: ok + schema: + type: string + "401": + description: unauthorized + schema: + type: string + "500": + description: internal server error + schema: + type: string + summary: Get list of API keys for the current user + post: + consumes: + - application/json + description: Can create an api key for a logged in user, based on the provided + label and scopes. + parameters: + - description: api token id (UUID) + in: body + name: id + required: true + schema: + $ref: '#/definitions/api.APIKeyPayload' + produces: + - application/json + responses: + "201": + description: created + schema: + type: string + "400": + description: bad request + schema: + type: string + "401": + description: unauthorized + schema: + type: string + "500": + description: internal server error + schema: + type: string + summary: Create an API key for the current user + /zot/auth/logout: + post: + consumes: + - application/json + description: Logout by removing current session + produces: + - application/json + responses: + "200": + description: ok". + schema: + type: string + "500": + description: internal server error". + schema: + type: string + summary: Logout by removing current session swagger: "2.0" diff --git a/test/blackbox/cloud_only.bats b/test/blackbox/cloud_only.bats index 0894b347..5d970ffc 100644 --- a/test/blackbox/cloud_only.bats +++ b/test/blackbox/cloud_only.bats @@ -108,9 +108,9 @@ function teardown() { } dex_session () { - STATE=$(curl -L -f -s http://localhost:8080/openid/auth/login?provider=oidc | grep -m 1 -oP '(?<=state=)[^ ]*"' | cut -d \" -f1) + STATE=$(curl -L -f -s http://localhost:8080/zot/auth/login?provider=oidc | grep -m 1 -oP '(?<=state=)[^ ]*"' | cut -d \" -f1) echo $STATE >&3 - curl -L -f -s "http://127.0.0.1:5556/dex/auth/mock?client_id=zot-client&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Fopenid%2Fauth%2Fcallback%2Foidc&response_type=code&scope=profile+email+groups+openid&state=$STATE" + curl -L -f -s "http://127.0.0.1:5556/dex/auth/mock?client_id=zot-client&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Fzot%2Fauth%2Fcallback%2Foidc&response_type=code&scope=profile+email+groups+openid&state=$STATE" } @test "check dex is working" { diff --git a/test/dex/config-dev.yaml b/test/dex/config-dev.yaml index 9d275a79..e1425cc5 100644 --- a/test/dex/config-dev.yaml +++ b/test/dex/config-dev.yaml @@ -17,7 +17,7 @@ grpc: staticClients: - id: zot-client redirectURIs: - - 'http://127.0.0.1:8080/openid/auth/callback/oidc' + - 'http://127.0.0.1:8080/zot/auth/callback/oidc' name: 'zot' secret: ZXhhbXBsZS1hcHAtc2VjcmV0