Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-30 22:34:13 -05:00
Code Issues Activity

feat: use the "zot" namespace for the authentication url (#1947)

Browse source 
Some other minor fixes for swaggo comments (indentation and a bad description)

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
This commit is contained in:
Andrei Aaron 2023-10-20 15:30:56 +03:00 committed by GitHub
parent a345ba0823
commit 7ce5a74598
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 476 additions and 475 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -24,7 +24,7 @@ CRICTL := $(TOOLSDIR)/bin/crictl
CRICTL_VERSION := v1.26.1 CRICTL_VERSION := v1.26.1
ACTION_VALIDATOR := $(TOOLSDIR)/bin/action-validator ACTION_VALIDATOR := $(TOOLSDIR)/bin/action-validator
ACTION_VALIDATOR_VERSION := v0.5.3 ACTION_VALIDATOR_VERSION := v0.5.3
ZUI_VERSION := commit-19e366e ZUI_VERSION := commit-fad5572
SWAGGER_VERSION := v1.8.12 SWAGGER_VERSION := v1.8.12
STACKER := $(TOOLSDIR)/bin/stacker STACKER := $(TOOLSDIR)/bin/stacker
BATS := $(TOOLSDIR)/bin/bats BATS := $(TOOLSDIR)/bin/bats

26
examples/README.md
View file

@ -209,13 +209,13 @@ zot can be configured to use the above providers with:
} }
``` ```
To login with either provider use http://127.0.0.1:8080/auth/login?provider=\<provider\>&callback_ui=http://127.0.0.1:8080/home To login with either provider use http://127.0.0.1:8080/zot/auth/login?provider=\<provider\>&callback_ui=http://127.0.0.1:8080/home
for example to login with github use http://127.0.0.1:8080/auth/login?provider=github&callback_ui=http://127.0.0.1:8080/home for example to login with github use http://127.0.0.1:8080/zot/auth/login?provider=github&callback_ui=http://127.0.0.1:8080/home
callback_ui query parameter is used by zot to redirect to UI after a successful openid/oauth2 authentication callback_ui query parameter is used by zot to redirect to UI after a successful openid/oauth2 authentication
The callback url which should be used when making oauth2 provider setup is http://127.0.0.1:8080/auth/callback/\<provider\> The callback url which should be used when making oauth2 provider setup is http://127.0.0.1:8080/zot/auth/callback/\<provider\>
for example github callback url would be http://127.0.0.1:8080/auth/callback/github for example github callback url would be http://127.0.0.1:8080/zot/auth/callback/github
If network policy doesn't allow inbound connections, this callback wont work! If network policy doesn't allow inbound connections, this callback wont work!
@ -228,7 +228,7 @@ To configure zot as a client in dex (assuming zot is hosted at 127.0.0.1:8080),
staticClients: staticClients:
- id: zot-client - id: zot-client
redirectURIs: redirectURIs:
- 'http://127.0.0.1:8080/auth/callback/oidc' - 'http://127.0.0.1:8080/zot/auth/callback/oidc'
name: 'zot' name: 'zot'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0 secret: ZXhhbXBsZS1hcHAtc2VjcmV0
``` ```
@ -254,7 +254,7 @@ zot can be configured to use dex with:
} }
``` ```
To login using openid dex provider use http://127.0.0.1:8080/auth/login?provider=oidc To login using openid dex provider use http://127.0.0.1:8080/zot/auth/login?provider=oidc
NOTE: Social login is not supported by command line tools, or other software responsible for pushing/pulling NOTE: Social login is not supported by command line tools, or other software responsible for pushing/pulling
images to/from zot. images to/from zot.
@ -323,14 +323,14 @@ To activate API keys use:
Create an API key for the current user using the REST API Create an API key for the current user using the REST API
**Usage**: POST /auth/apikey **Usage**: POST /zot/auth/apikey
**Produces**: application/json **Produces**: application/json
**Sample input**: **Sample input**:
``` ```
POST /auth/apikey POST /zot/auth/apikey
Body: {"label": "git", "scopes": ["repo1", "repo2"], "expirationDate": "2023-08-28T17:10:05+03:00"}' Body: {"label": "git", "scopes": ["repo1", "repo2"], "expirationDate": "2023-08-28T17:10:05+03:00"}'
``` ```
@ -339,7 +339,7 @@ The time format of expirationDate is RFC1123Z.
**Example cURL without expiration date** **Example cURL without expiration date**
```bash ```bash
curl -u user:password -X POST http://localhost:8080/auth/apikey -d '{"label": "git", "scopes": ["repo1", "repo2"]}' curl -u user:password -X POST http://localhost:8080/zot/auth/apikey -d '{"label": "git", "scopes": ["repo1", "repo2"]}'
``` ```
**Sample output**: **Sample output**:
@ -365,7 +365,7 @@ curl -u user:password -X POST http://localhost:8080/auth/apikey -d '{"label": "g
**Example cURL with expiration date** **Example cURL with expiration date**
```bash ```bash
curl -u user:password -X POST http://localhost:8080/auth/apikey -d '{"label": "myAPIKEY", "expirationDate": "2023-08-28T17:10:05+03:00"}' curl -u user:password -X POST http://localhost:8080/zot/auth/apikey -d '{"label": "myAPIKEY", "expirationDate": "2023-08-28T17:10:05+03:00"}'
``` ```
**Sample output**: **Sample output**:
@ -389,7 +389,7 @@ curl -u user:password -X POST http://localhost:8080/auth/apikey -d '{"label": "m
Get list of API keys for the current user using the REST API Get list of API keys for the current user using the REST API
**Usage**: GET /auth/apikey **Usage**: GET /zot/auth/apikey
**Produces**: application/json **Produces**: application/json
@ -448,14 +448,14 @@ Other command line tools will similarly accept the API key instead of a password
How to revoke an API key for the current user How to revoke an API key for the current user
**Usage**: DELETE /auth/apikey?id=$uuid **Usage**: DELETE /zot/auth/apikey?id=$uuid
**Produces**: application/json **Produces**: application/json
**Example cURL** **Example cURL**
```bash ```bash
curl -u user:password -X DELETE http://localhost:8080/v2/auth/apikey?id=46a45ce7-5d92-498a-a9cb-9654b1da3da1 curl -u user:password -X DELETE http://localhost:8080/zot/auth/apikey?id=46a45ce7-5d92-498a-a9cb-9654b1da3da1
``` ```
#### Authentication Failures #### Authentication Failures

9
pkg/api/constants/consts.go
View file

@ -14,10 +14,11 @@ const (
DefaultMediaType = "application/json" DefaultMediaType = "application/json"
BinaryMediaType = "application/octet-stream" BinaryMediaType = "application/octet-stream"
DefaultMetricsExtensionRoute = "/metrics" DefaultMetricsExtensionRoute = "/metrics"
CallbackBasePath = "/auth/callback" AppNamespacePath = "/zot"
LoginPath = "/auth/login" CallbackBasePath = AppNamespacePath + "/auth/callback"
LogoutPath = "/auth/logout" LoginPath = AppNamespacePath + "/auth/login"
APIKeyPath = "/auth/apikey" //nolint: gosec LogoutPath = AppNamespacePath + "/auth/logout"
APIKeyPath = AppNamespacePath + "/auth/apikey"
SessionClientHeaderName = "X-ZOT-API-CLIENT" SessionClientHeaderName = "X-ZOT-API-CLIENT"
SessionClientHeaderValue = "zot-ui" SessionClientHeaderValue = "zot-ui"
APIKeysPrefix = "zak_" APIKeysPrefix = "zak_"

10
pkg/api/routes.go
View file

@ -258,7 +258,7 @@ func (rh *RouteHandler) CheckVersionSupport(response http.ResponseWriter, reques
// @Router /v2/{name}/tags/list [get] // @Router /v2/{name}/tags/list [get]
// @Accept json // @Accept json
// @Produce json // @Produce json
// @Param name path string true "test" // @Param name path string true "repository name"
// @Param n query integer true "limit entries for pagination" // @Param n query integer true "limit entries for pagination"
// @Param last query string true "last tag value for pagination" // @Param last query string true "last tag value for pagination"
// @Success 200 {object} common.ImageTags // @Success 200 {object} common.ImageTags
@ -1746,7 +1746,7 @@ func (rh *RouteHandler) ListExtensions(w http.ResponseWriter, r *http.Request) {
// Logout godoc // Logout godoc
// @Summary Logout by removing current session // @Summary Logout by removing current session
// @Description Logout by removing current session // @Description Logout by removing current session
// @Router /auth/logout [post] // @Router /zot/auth/logout [post]
// @Accept json // @Accept json
// @Produce json // @Produce json
// @Success 200 {string} string "ok". // @Success 200 {string} string "ok".
@ -2035,7 +2035,7 @@ type APIKeyPayload struct { //nolint:revive
// @Success 200 {string} string "ok" // @Success 200 {string} string "ok"
// @Failure 401 {string} string "unauthorized" // @Failure 401 {string} string "unauthorized"
// @Failure 500 {string} string "internal server error" // @Failure 500 {string} string "internal server error"
// @Router /auth/apikey [get]. // @Router /zot/auth/apikey [get].
func (rh *RouteHandler) GetAPIKeys(resp http.ResponseWriter, req *http.Request) { func (rh *RouteHandler) GetAPIKeys(resp http.ResponseWriter, req *http.Request) {
apiKeys, err := rh.c.MetaDB.GetUserAPIKeys(req.Context()) apiKeys, err := rh.c.MetaDB.GetUserAPIKeys(req.Context())
if err != nil { if err != nil {
@ -2077,7 +2077,7 @@ func (rh *RouteHandler) GetAPIKeys(resp http.ResponseWriter, req *http.Request)
// @Failure 400 {string} string "bad request" // @Failure 400 {string} string "bad request"
// @Failure 401 {string} string "unauthorized" // @Failure 401 {string} string "unauthorized"
// @Failure 500 {string} string "internal server error" // @Failure 500 {string} string "internal server error"
// @Router /auth/apikey [post]. // @Router /zot/auth/apikey [post].
func (rh *RouteHandler) CreateAPIKey(resp http.ResponseWriter, req *http.Request) { func (rh *RouteHandler) CreateAPIKey(resp http.ResponseWriter, req *http.Request) {
var payload APIKeyPayload var payload APIKeyPayload
@ -2178,7 +2178,7 @@ func (rh *RouteHandler) CreateAPIKey(resp http.ResponseWriter, req *http.Request
// @Failure 500 {string} string "internal server error" // @Failure 500 {string} string "internal server error"
// @Failure 401 {string} string "unauthorized" // @Failure 401 {string} string "unauthorized"
// @Failure 400 {string} string "bad request" // @Failure 400 {string} string "bad request"
// @Router /auth/apikey [delete]. // @Router /zot/auth/apikey [delete].
func (rh *RouteHandler) RevokeAPIKey(resp http.ResponseWriter, req *http.Request) { func (rh *RouteHandler) RevokeAPIKey(resp http.ResponseWriter, req *http.Request) {
ids, ok := req.URL.Query()["id"] ids, ok := req.URL.Query()["id"]
if !ok || len(ids) != 1 { if !ok || len(ids) != 1 {

302
swagger/docs.go
View file

@ -20,156 +20,6 @@ const docTemplate = `{
"host": "{{.Host}}", "host": "{{.Host}}",
"basePath": "{{.BasePath}}", "basePath": "{{.BasePath}}",
"paths": { "paths": {
"/auth/apikey": {
"get": {
"description": "Get list of all API keys for a logged in user",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Get list of API keys for the current user",
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
},
"post": {
"description": "Can create an api key for a logged in user, based on the provided label and scopes.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Create an API key for the current user",
"parameters": [
{
"description": "api token id (UUID)",
"name": "id",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/api.APIKeyPayload"
}
}
],
"responses": {
"201": {
"description": "created",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
},
"delete": {
"description": "Revokes one current user API key based on given key ID",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Revokes one current user API key",
"parameters": [
{
"type": "string",
"description": "api token id (UUID)",
"name": "id",
"in": "query",
"required": true
}
],
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
}
},
"/auth/logout": {
"post": {
"description": "Logout by removing current session",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Logout by removing current session",
"responses": {
"200": {
"description": "ok\".",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error\".",
"schema": {
"type": "string"
}
}
}
}
},
"/oras/artifacts/v1/{name}/manifests/{digest}/referrers": { "/oras/artifacts/v1/{name}/manifests/{digest}/referrers": {
"get": { "get": {
"description": "Get references for an image given a digest and artifact type", "description": "Get references for an image given a digest and artifact type",
@ -1122,7 +972,7 @@ const docTemplate = `{
"parameters": [ "parameters": [
{ {
"type": "string", "type": "string",
"description": "test", "description": "repository name",
"name": "name", "name": "name",
"in": "path", "in": "path",
"required": true "required": true
@ -1163,6 +1013,156 @@ const docTemplate = `{
} }
} }
} }
},
"/zot/auth/apikey": {
"get": {
"description": "Get list of all API keys for a logged in user",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Get list of API keys for the current user",
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
},
"post": {
"description": "Can create an api key for a logged in user, based on the provided label and scopes.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Create an API key for the current user",
"parameters": [
{
"description": "api token id (UUID)",
"name": "id",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/api.APIKeyPayload"
}
}
],
"responses": {
"201": {
"description": "created",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
},
"delete": {
"description": "Revokes one current user API key based on given key ID",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Revokes one current user API key",
"parameters": [
{
"type": "string",
"description": "api token id (UUID)",
"name": "id",
"in": "query",
"required": true
}
],
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
}
},
"/zot/auth/logout": {
"post": {
"description": "Logout by removing current session",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Logout by removing current session",
"responses": {
"200": {
"description": "ok\".",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error\".",
"schema": {
"type": "string"
}
}
}
}
} }
}, },
"definitions": { "definitions": {

302
swagger/swagger.json
View file

@ -11,156 +11,6 @@
"version": "v1.1.0-dev" "version": "v1.1.0-dev"
}, },
"paths": { "paths": {
"/auth/apikey": {
"get": {
"description": "Get list of all API keys for a logged in user",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Get list of API keys for the current user",
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
},
"post": {
"description": "Can create an api key for a logged in user, based on the provided label and scopes.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Create an API key for the current user",
"parameters": [
{
"description": "api token id (UUID)",
"name": "id",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/api.APIKeyPayload"
}
}
],
"responses": {
"201": {
"description": "created",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
},
"delete": {
"description": "Revokes one current user API key based on given key ID",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Revokes one current user API key",
"parameters": [
{
"type": "string",
"description": "api token id (UUID)",
"name": "id",
"in": "query",
"required": true
}
],
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
}
},
"/auth/logout": {
"post": {
"description": "Logout by removing current session",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Logout by removing current session",
"responses": {
"200": {
"description": "ok\".",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error\".",
"schema": {
"type": "string"
}
}
}
}
},
"/oras/artifacts/v1/{name}/manifests/{digest}/referrers": { "/oras/artifacts/v1/{name}/manifests/{digest}/referrers": {
"get": { "get": {
"description": "Get references for an image given a digest and artifact type", "description": "Get references for an image given a digest and artifact type",
@ -1113,7 +963,7 @@
"parameters": [ "parameters": [
{ {
"type": "string", "type": "string",
"description": "test", "description": "repository name",
"name": "name", "name": "name",
"in": "path", "in": "path",
"required": true "required": true
@ -1154,6 +1004,156 @@
} }
} }
} }
},
"/zot/auth/apikey": {
"get": {
"description": "Get list of all API keys for a logged in user",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Get list of API keys for the current user",
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
},
"post": {
"description": "Can create an api key for a logged in user, based on the provided label and scopes.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Create an API key for the current user",
"parameters": [
{
"description": "api token id (UUID)",
"name": "id",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/api.APIKeyPayload"
}
}
],
"responses": {
"201": {
"description": "created",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
},
"delete": {
"description": "Revokes one current user API key based on given key ID",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Revokes one current user API key",
"parameters": [
{
"type": "string",
"description": "api token id (UUID)",
"name": "id",
"in": "query",
"required": true
}
],
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
}
},
"/zot/auth/logout": {
"post": {
"description": "Logout by removing current session",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Logout by removing current session",
"responses": {
"200": {
"description": "ok\".",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error\".",
"schema": {
"type": "string"
}
}
}
}
} }
}, },
"definitions": { "definitions": {

202
swagger/swagger.yaml
View file

@ -241,106 +241,6 @@ info:
title: Open Container Initiative Distribution Specification title: Open Container Initiative Distribution Specification
version: v1.1.0-dev version: v1.1.0-dev
paths: paths:
/auth/apikey:
delete:
consumes:
- application/json
description: Revokes one current user API key based on given key ID
parameters:
- description: api token id (UUID)
in: query
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: ok
schema:
type: string
"400":
description: bad request
schema:
type: string
"401":
description: unauthorized
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Revokes one current user API key
get:
consumes:
- application/json
description: Get list of all API keys for a logged in user
produces:
- application/json
responses:
"200":
description: ok
schema:
type: string
"401":
description: unauthorized
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Get list of API keys for the current user
post:
consumes:
- application/json
description: Can create an api key for a logged in user, based on the provided
label and scopes.
parameters:
- description: api token id (UUID)
in: body
name: id
required: true
schema:
$ref: '#/definitions/api.APIKeyPayload'
produces:
- application/json
responses:
"201":
description: created
schema:
type: string
"400":
description: bad request
schema:
type: string
"401":
description: unauthorized
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Create an API key for the current user
/auth/logout:
post:
consumes:
- application/json
description: Logout by removing current session
produces:
- application/json
responses:
"200":
description: ok".
schema:
type: string
"500":
description: internal server error".
schema:
type: string
summary: Logout by removing current session
/oras/artifacts/v1/{name}/manifests/{digest}/referrers: /oras/artifacts/v1/{name}/manifests/{digest}/referrers:
get: get:
consumes: consumes:
@ -973,7 +873,7 @@ paths:
- application/json - application/json
description: List all image tags in a repository description: List all image tags in a repository
parameters: parameters:
- description: test - description: repository name
in: path in: path
name: name name: name
required: true required: true
@ -1004,4 +904,104 @@ paths:
schema: schema:
type: string type: string
summary: List image tags summary: List image tags
/zot/auth/apikey:
delete:
consumes:
- application/json
description: Revokes one current user API key based on given key ID
parameters:
- description: api token id (UUID)
in: query
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: ok
schema:
type: string
"400":
description: bad request
schema:
type: string
"401":
description: unauthorized
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Revokes one current user API key
get:
consumes:
- application/json
description: Get list of all API keys for a logged in user
produces:
- application/json
responses:
"200":
description: ok
schema:
type: string
"401":
description: unauthorized
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Get list of API keys for the current user
post:
consumes:
- application/json
description: Can create an api key for a logged in user, based on the provided
label and scopes.
parameters:
- description: api token id (UUID)
in: body
name: id
required: true
schema:
$ref: '#/definitions/api.APIKeyPayload'
produces:
- application/json
responses:
"201":
description: created
schema:
type: string
"400":
description: bad request
schema:
type: string
"401":
description: unauthorized
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Create an API key for the current user
/zot/auth/logout:
post:
consumes:
- application/json
description: Logout by removing current session
produces:
- application/json
responses:
"200":
description: ok".
schema:
type: string
"500":
description: internal server error".
schema:
type: string
summary: Logout by removing current session
swagger: "2.0" swagger: "2.0"

4
test/blackbox/cloud_only.bats
View file

@ -108,9 +108,9 @@ function teardown() {
} }
dex_session () { dex_session () {
STATE=$(curl -L -f -s http://localhost:8080/openid/auth/login?provider=oidc | grep -m 1 -oP '(?<=state=)[^ ]*"' | cut -d \" -f1) STATE=$(curl -L -f -s http://localhost:8080/zot/auth/login?provider=oidc | grep -m 1 -oP '(?<=state=)[^ ]*"' | cut -d \" -f1)
echo $STATE >&3 echo $STATE >&3
curl -L -f -s "http://127.0.0.1:5556/dex/auth/mock?client_id=zot-client&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Fopenid%2Fauth%2Fcallback%2Foidc&response_type=code&scope=profile+email+groups+openid&state=$STATE" curl -L -f -s "http://127.0.0.1:5556/dex/auth/mock?client_id=zot-client&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Fzot%2Fauth%2Fcallback%2Foidc&response_type=code&scope=profile+email+groups+openid&state=$STATE"
} }
@test "check dex is working" { @test "check dex is working" {

2
test/dex/config-dev.yaml
View file

@ -17,7 +17,7 @@ grpc:
staticClients: staticClients:
- id: zot-client - id: zot-client
redirectURIs: redirectURIs:
- 'http://127.0.0.1:8080/openid/auth/callback/oidc' - 'http://127.0.0.1:8080/zot/auth/callback/oidc'
name: 'zot' name: 'zot'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0 secret: ZXhhbXBsZS1hcHAtc2VjcmV0