mirror of
https://github.com/project-zot/zot.git
synced 2024-12-30 22:34:13 -05:00
api: implement delete by tag
This commit is contained in:
parent
fed5c09b71
commit
c6670b1329
4 changed files with 83 additions and 25 deletions
|
@ -17,6 +17,7 @@ https://anuvu.github.io/zot/
|
||||||
* Uses [OCI image layout](https://github.com/opencontainers/image-spec/blob/master/image-layout.md) for image storage
|
* Uses [OCI image layout](https://github.com/opencontainers/image-spec/blob/master/image-layout.md) for image storage
|
||||||
* Can serve any OCI image layout as a registry
|
* Can serve any OCI image layout as a registry
|
||||||
* Supports [helm charts](https://helm.sh/docs/topics/registries/)
|
* Supports [helm charts](https://helm.sh/docs/topics/registries/)
|
||||||
|
* Supports image deletion by tag
|
||||||
* Currently suitable for on-prem deployments (e.g. colocated with Kubernetes)
|
* Currently suitable for on-prem deployments (e.g. colocated with Kubernetes)
|
||||||
* Compatible with ecosystem tools such as [skopeo](#skopeo) and [cri-o](#cri-o)
|
* Compatible with ecosystem tools such as [skopeo](#skopeo) and [cri-o](#cri-o)
|
||||||
* [Vulnerability scanning of images](#Scanning-images-for-known-vulnerabilities)
|
* [Vulnerability scanning of images](#Scanning-images-for-known-vulnerabilities)
|
||||||
|
|
|
@ -516,6 +516,14 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
|
||||||
So(d, ShouldNotBeEmpty)
|
So(d, ShouldNotBeEmpty)
|
||||||
So(d, ShouldEqual, digest.String())
|
So(d, ShouldEqual, digest.String())
|
||||||
|
|
||||||
|
resp, err = resty.R().SetHeader("Content-Type", "application/vnd.oci.image.manifest.v1+json").
|
||||||
|
SetBody(content).Put(baseURL + "/v2/repo7/manifests/test:1.0.1")
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(resp.StatusCode(), ShouldEqual, 201)
|
||||||
|
d = resp.Header().Get(api.DistContentDigestKey)
|
||||||
|
So(d, ShouldNotBeEmpty)
|
||||||
|
So(d, ShouldEqual, digest.String())
|
||||||
|
|
||||||
content = []byte("this is a blob5")
|
content = []byte("this is a blob5")
|
||||||
digest = godigest.FromBytes(content)
|
digest = godigest.FromBytes(content)
|
||||||
So(digest, ShouldNotBeNil)
|
So(digest, ShouldNotBeNil)
|
||||||
|
@ -565,11 +573,11 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
|
||||||
So(resp.StatusCode(), ShouldEqual, 200)
|
So(resp.StatusCode(), ShouldEqual, 200)
|
||||||
So(resp.Body(), ShouldNotBeEmpty)
|
So(resp.Body(), ShouldNotBeEmpty)
|
||||||
|
|
||||||
// delete manifest by tag should fail
|
// delete manifest by tag should pass
|
||||||
resp, err = resty.R().Delete(baseURL + "/v2/repo7/manifests/test:1.0")
|
resp, err = resty.R().Delete(baseURL + "/v2/repo7/manifests/test:1.0")
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
So(resp.StatusCode(), ShouldEqual, 400)
|
So(resp.StatusCode(), ShouldEqual, 202)
|
||||||
// delete manifest by digest
|
// delete manifest by digest (1.0 deleted but 1.0.1 has same reference)
|
||||||
resp, err = resty.R().Delete(baseURL + "/v2/repo7/manifests/" + digest.String())
|
resp, err = resty.R().Delete(baseURL + "/v2/repo7/manifests/" + digest.String())
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
So(resp.StatusCode(), ShouldEqual, 202)
|
So(resp.StatusCode(), ShouldEqual, 202)
|
||||||
|
@ -880,15 +888,6 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
|
||||||
So(resp.StatusCode(), ShouldEqual, 200)
|
So(resp.StatusCode(), ShouldEqual, 200)
|
||||||
So(resp.Body(), ShouldNotBeEmpty)
|
So(resp.Body(), ShouldNotBeEmpty)
|
||||||
|
|
||||||
// delete manifest by tag should fail
|
|
||||||
resp, err = resty.R().Delete(baseURL + "/v2/firsttest/first/manifests/test:1.0")
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
So(resp.StatusCode(), ShouldEqual, 400)
|
|
||||||
|
|
||||||
resp, err = resty.R().Delete(baseURL + "/v2/secondtest/second/manifests/test:1.0")
|
|
||||||
So(err, ShouldBeNil)
|
|
||||||
So(resp.StatusCode(), ShouldEqual, 400)
|
|
||||||
|
|
||||||
// delete manifest by digest
|
// delete manifest by digest
|
||||||
resp, err = resty.R().Delete(baseURL + "/v2/firsttest/first/manifests/" + digest.String())
|
resp, err = resty.R().Delete(baseURL + "/v2/firsttest/first/manifests/" + digest.String())
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
|
|
|
@ -588,11 +588,14 @@ func (is *ImageStore) DeleteImageManifest(repo string, reference string) error {
|
||||||
return errors.ErrRepoNotFound
|
return errors.ErrRepoNotFound
|
||||||
}
|
}
|
||||||
|
|
||||||
// as per spec "reference" can only be a digest and not a tag
|
isTag := false
|
||||||
|
|
||||||
|
// as per spec "reference" can be a digest and a tag
|
||||||
digest, err := godigest.Parse(reference)
|
digest, err := godigest.Parse(reference)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
is.log.Error().Err(err).Msg("invalid reference")
|
is.log.Debug().Str("invalid digest: ", reference).Msg("storage: assuming tag")
|
||||||
return errors.ErrBadManifest
|
|
||||||
|
isTag = true
|
||||||
}
|
}
|
||||||
|
|
||||||
is.Lock()
|
is.Lock()
|
||||||
|
@ -620,7 +623,19 @@ func (is *ImageStore) DeleteImageManifest(repo string, reference string) error {
|
||||||
outIndex.Manifests = []ispec.Descriptor{}
|
outIndex.Manifests = []ispec.Descriptor{}
|
||||||
|
|
||||||
for _, m = range index.Manifests {
|
for _, m = range index.Manifests {
|
||||||
if reference == m.Digest.String() {
|
if isTag {
|
||||||
|
tag, ok := m.Annotations[ispec.AnnotationRefName]
|
||||||
|
if ok && tag == reference {
|
||||||
|
is.log.Debug().Str("deleting tag", tag).Msg("")
|
||||||
|
|
||||||
|
digest = m.Digest
|
||||||
|
|
||||||
|
found = true
|
||||||
|
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
} else if reference == m.Digest.String() {
|
||||||
|
is.log.Debug().Str("deleting reference", reference).Msg("")
|
||||||
found = true
|
found = true
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -657,9 +672,22 @@ func (is *ImageStore) DeleteImageManifest(repo string, reference string) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
p := path.Join(dir, "blobs", digest.Algorithm().String(), digest.Encoded())
|
// Delete blob only when blob digest not present in manifest entry.
|
||||||
|
// e.g. 1.0.1 & 1.0.2 have same blob digest so if we delete 1.0.1, blob should not be removed.
|
||||||
|
toDelete := true
|
||||||
|
|
||||||
_ = os.Remove(p)
|
for _, m = range outIndex.Manifests {
|
||||||
|
if digest.String() == m.Digest.String() {
|
||||||
|
toDelete = false
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if toDelete {
|
||||||
|
p := path.Join(dir, "blobs", digest.Algorithm().String(), digest.Encoded())
|
||||||
|
|
||||||
|
_ = os.Remove(p)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -129,6 +129,8 @@ func TestAPIs(t *testing.T) {
|
||||||
})
|
})
|
||||||
|
|
||||||
Convey("Good image manifest", func() {
|
Convey("Good image manifest", func() {
|
||||||
|
annotationsMap := make(map[string]string)
|
||||||
|
annotationsMap[ispec.AnnotationRefName] = "1.0"
|
||||||
m := ispec.Manifest{
|
m := ispec.Manifest{
|
||||||
Config: ispec.Descriptor{
|
Config: ispec.Descriptor{
|
||||||
Digest: d,
|
Digest: d,
|
||||||
|
@ -141,29 +143,57 @@ func TestAPIs(t *testing.T) {
|
||||||
Size: int64(l),
|
Size: int64(l),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Annotations: map[string]string{ispec.AnnotationRefName: "1.0"},
|
Annotations: annotationsMap,
|
||||||
}
|
}
|
||||||
|
|
||||||
m.SchemaVersion = 2
|
m.SchemaVersion = 2
|
||||||
mb, _ = json.Marshal(m)
|
mb, _ := json.Marshal(m)
|
||||||
d := godigest.FromBytes(mb)
|
d := godigest.FromBytes(mb)
|
||||||
_, err = il.PutImageManifest("test", d.String(), ispec.MediaTypeImageManifest, mb)
|
_, err = il.PutImageManifest("test", "1.0", ispec.MediaTypeImageManifest, mb)
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
|
|
||||||
_, err = il.GetImageTags("test")
|
_, err = il.PutImageManifest("test", "2.0", ispec.MediaTypeImageManifest, mb)
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
|
|
||||||
|
_, err = il.PutImageManifest("test", "3.0", ispec.MediaTypeImageManifest, mb)
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
|
||||||
|
// total tags should be 3 but they have same reference.
|
||||||
|
tags, err := il.GetImageTags("test")
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(len(tags), ShouldEqual, 3)
|
||||||
|
|
||||||
_, _, _, err = il.GetImageManifest("test", d.String())
|
_, _, _, err = il.GetImageManifest("test", d.String())
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
|
|
||||||
err = il.DeleteImageManifest("test", "1.0")
|
err = il.DeleteImageManifest("test", "1.0")
|
||||||
So(err, ShouldNotBeNil)
|
|
||||||
|
|
||||||
err = il.DeleteBlob("test", blobDigest.String())
|
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
|
|
||||||
|
tags, err = il.GetImageTags("test")
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(len(tags), ShouldEqual, 2)
|
||||||
|
|
||||||
|
// We deleted only one tag, make sure blob should not be removed.
|
||||||
|
hasBlob, _, err := il.CheckBlob("test", d.String())
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(hasBlob, ShouldEqual, true)
|
||||||
|
|
||||||
|
// If we pass reference all manifest with input reference should be deleted.
|
||||||
err = il.DeleteImageManifest("test", d.String())
|
err = il.DeleteImageManifest("test", d.String())
|
||||||
So(err, ShouldBeNil)
|
So(err, ShouldBeNil)
|
||||||
|
|
||||||
|
tags, err = il.GetImageTags("test")
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
So(len(tags), ShouldEqual, 0)
|
||||||
|
|
||||||
|
// All tags/references are deleted, blob should not be present in disk.
|
||||||
|
hasBlob, _, err = il.CheckBlob("test", d.String())
|
||||||
|
So(err, ShouldNotBeNil)
|
||||||
|
So(hasBlob, ShouldEqual, false)
|
||||||
|
|
||||||
|
err = il.DeleteBlob("test", blobDigest.String())
|
||||||
|
So(err, ShouldBeNil)
|
||||||
|
|
||||||
_, _, _, err = il.GetImageManifest("test", d.String())
|
_, _, _, err = il.GetImageManifest("test", d.String())
|
||||||
So(err, ShouldNotBeNil)
|
So(err, ShouldNotBeNil)
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue