Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Code Issues Activity

ci(deps): upgrade golangci-lint (#2556)

Browse source 
* ci(deps): upgrade golangci-lint

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* build(deps): removed disabled linters

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* build(deps): go run github.com/daixiang0/gci@latest write .

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* build(deps): go run golang.org/x/tools/cmd/goimports@latest -l -w .

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* build(deps): go run github.com/bombsimon/wsl/v4/cmd...@latest -strict-append -test=true -fix ./...

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* build(deps): go run github.com/catenacyber/perfsprint@latest -fix ./...

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* build(deps): replace gomnd by mnd

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* build(deps): make gqlgen

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* build: Revert "build(deps): go run github.com/daixiang0/gci@latest write ."

This reverts commit 5bf8c42e1f.

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* build(deps): go run github.com/daixiang0/gci@latest write -s 'standard' -s default -s 'prefix(zotregistry.dev/zot)' .

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* build(deps): make gqlgen

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: wsl issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: check-log issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: gci issues

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* fix: tests

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

---------

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
This commit is contained in:
Jan-Otto Kröpke 2024-07-29 19:32:51 +02:00 committed by GitHub
parent 7d87558b7e
commit f618b1d4ef
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
139 changed files with 2188 additions and 494 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/golangci-lint.yaml vendored
View file

@ -24,7 +24,7 @@ jobs:
uses: golangci/golangci-lint-action@v6
with:
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v1.54.2
version: v1.59.1
# Optional: working directory, useful for monorepos
# working-directory: somedir

2
Makefile
View file

@ -10,7 +10,7 @@ TOOLSDIR := $(shell pwd)/hack/tools
PATH := bin:$(TOOLSDIR)/bin:$(PATH)
STACKER := $(shell which stacker)
GOLINTER := $(TOOLSDIR)/bin/golangci-lint
GOLINTER_VERSION := v1.54.2
GOLINTER_VERSION := v1.59.1
NOTATION := $(TOOLSDIR)/bin/notation
NOTATION_VERSION := 1.0.0
COSIGN := $(TOOLSDIR)/bin/cosign

20
cmd/zb/helper.go
View file

@ -11,6 +11,7 @@ import (
"net/url"
"os"
"path"
"strconv"
"sync"
"time"
@ -368,9 +369,8 @@ func pushMonolithImage(workdir, url, trepo string, repos []string, config testCo
resp, err = client.R().
SetContentLength(true).
SetQueryParam("digest", digest.String()).
SetHeader("Content-Length", fmt.Sprintf("%d", size)).
SetHeader("Content-Length", strconv.Itoa(size)).
SetHeader("Content-Type", "application/octet-stream").SetBody(fhandle).Put(loc)
if err != nil {
return nil, repos, err
}
@ -385,7 +385,6 @@ func pushMonolithImage(workdir, url, trepo string, repos []string, config testCo
// upload image config blob
resp, err = client.R().
Post(fmt.Sprintf("%s/v2/%s/blobs/uploads/", url, repo))
if err != nil {
return nil, repos, err
}
@ -399,14 +398,14 @@ func pushMonolithImage(workdir, url, trepo string, repos []string, config testCo
loc = getLocation(url, resp)
cblob, cdigest := getImageConfig()
resp, err = client.R().
SetContentLength(true).
SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
SetHeader("Content-Length", strconv.Itoa(len(cblob))).
SetHeader("Content-Type", "application/octet-stream").
SetQueryParam("digest", cdigest.String()).
SetBody(cblob).
Put(loc)
if err != nil {
return nil, repos, err
}
@ -450,7 +449,6 @@ func pushMonolithImage(workdir, url, trepo string, repos []string, config testCo
SetHeader("Content-Type", "application/vnd.oci.image.manifest.v1+json").
SetBody(content).
Put(fmt.Sprintf("%s/v2/%s/manifests/%s", url, repo, manifestTag))
if err != nil {
return nil, repos, err
}
@ -551,7 +549,7 @@ func pushMonolithAndCollect(workdir, url, trepo string, count int,
resp, err = client.R().
SetContentLength(true).
SetHeader("Content-Length", fmt.Sprintf("%d", size)).
SetHeader("Content-Length", strconv.Itoa(size)).
SetHeader("Content-Type", "application/octet-stream").
SetQueryParam("digest", digest.String()).
SetBody(fhandle).
@ -597,7 +595,7 @@ func pushMonolithAndCollect(workdir, url, trepo string, count int,
cblob, cdigest := getImageConfig()
resp, err = client.R().
SetContentLength(true).
SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
SetHeader("Content-Length", strconv.Itoa(len(cblob))).
SetHeader("Content-Type", "application/octet-stream").
SetQueryParam("digest", cdigest.String()).
SetBody(cblob).
@ -780,7 +778,7 @@ func pushChunkAndCollect(workdir, url, trepo string, count int,
// finish upload
resp, err = client.R().
SetContentLength(true).
SetHeader("Content-Length", fmt.Sprintf("%d", size)).
SetHeader("Content-Length", strconv.Itoa(size)).
SetHeader("Content-Type", "application/octet-stream").
SetQueryParam("digest", digest.String()).
Put(loc)
@ -823,12 +821,12 @@ func pushChunkAndCollect(workdir, url, trepo string, count int,
loc = getLocation(url, resp)
cblob, cdigest := getImageConfig()
resp, err = client.R().
SetContentLength(true).
SetHeader("Content-Type", "application/octet-stream").
SetBody(fhandle).
Patch(loc)
if err != nil {
isConnFail = true
@ -871,7 +869,7 @@ func pushChunkAndCollect(workdir, url, trepo string, count int,
// finish upload
resp, err = client.R().
SetContentLength(true).
SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
SetHeader("Content-Length", strconv.Itoa(len(cblob))).
SetHeader("Content-Type", "application/octet-stream").
SetQueryParam("digest", cdigest.String()).
Put(loc)

7
cmd/zb/perf.go
View file

@ -466,6 +466,7 @@ func Pull(
} else {
// Push blob given size
var err error
manifestHash, repos, err = pushMonolithImage(workdir, url, trepo, repos, config, client)
if err != nil {
return err
@ -684,6 +685,7 @@ func Perf(
log.Printf("Starting tests ...\n")
var err error
zbError := false
// get host ips from command line to make requests from
@ -724,6 +726,7 @@ func Perf(
}
}()
}
wg.Wait()
summary.total = time.Since(start)
@ -757,7 +760,7 @@ func Perf(
log.Fatal(err) // file closed on exit
}
if err := os.WriteFile(fmt.Sprintf("%s.json", outFmt), jsonOut, defaultFilePerms); err != nil {
if err := os.WriteFile(outFmt+".json", jsonOut, defaultFilePerms); err != nil {
log.Fatal(err)
}
}
@ -788,7 +791,7 @@ func getRandomClientIPs(auth string, url string, ips []string) (*resty.Client, e
ip := ips[nBig.Int64()]
// set ip in transport
localAddr, err := net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:0", ip))
localAddr, err := net.ResolveTCPAddr("tcp", ip+":0")
if err != nil {
return nil, err
}

1
errors/errors.go
View file

@ -36,6 +36,7 @@ func NewError(err error) *Error {
func GetDetails(err error) map[string]string {
var internalErr *Error
details := make(map[string]string)
if errors.As(err, &internalErr) {

51
golangcilint.yaml
View file

@ -1,11 +1,31 @@
run:
deadline: 60m
skip-dirs:
- "internal"
timeout: 60m
linters:
enable-all: true
disable: funlen,gocognit,exhaustivestruct,paralleltest,forbidigo,ireturn,wrapcheck,exhaustive,maintidx,exhaustruct,nosnakecase,interfacer,structcheck,varcheck,deadcode,ifshort,golint,scopelint,maligned,rowserrcheck,sqlclosecheck,revive,musttag,depguard
disable:
- gomnd
- funlen
- gocognit
- paralleltest
- forbidigo
- ireturn
- wrapcheck
- exhaustive
- maintidx
- exhaustruct
- rowserrcheck
- sqlclosecheck
- revive
- musttag
- depguard
- execinquery
- inamedparam
- intrange
- promlinter
- protogetter
- contextcheck # needs to revisit: https://github.com/project-zot/zot/pull/2556
- copyloopvar # needs to revisit: https://github.com/project-zot/zot/pull/2556
linters-settings:
dupl:
@ -41,22 +61,33 @@ linters-settings:
- prefix(zotregistry.dev/zot)
wsl:
allow-assign-and-anything: true
enforce-err-cuddling: true
force-err-cuddling: true
nolintlint:
allow-unused: true
gomnd:
settings:
mnd:
checks: argument,case,condition,operation,return,assign
ignored-numbers: 10,64
mnd:
checks:
- argument
- case
- condition
- operation
- return
- assign
ignored-numbers:
- "10"
- "64"
gomoddirectives:
replace-allow-list:
- github.com/gorilla/mux
- github.com/testcontainers/testcontainers-go
issues:
exclude-dirs:
- "internal"
exclude-rules:
- path: pkg/extensions/search/schema.resolvers.go
linters:
- lll
- varnamelen
- gci
- path: _test\.go
linters:
- dupl

14
pkg/api/authn.go
View file

@ -6,6 +6,7 @@ import (
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"encoding/hex"
"errors"
"fmt"
"net"
@ -434,6 +435,7 @@ func bearerAuthHandler(ctlr *Controller) mux.MiddlewareFunc {
return
}
acCtrlr := NewAccessController(ctlr.Config)
vars := mux.Vars(request)
name := vars["name"]
@ -661,7 +663,7 @@ func getRelyingPartyArgs(cfg *config.Config, provider string, log log.Logger) (
keyPath := cfg.HTTP.Auth.OpenID.Providers[provider].KeyPath
baseURL := net.JoinHostPort(cfg.HTTP.Address, port)
callback := constants.CallbackBasePath + fmt.Sprintf("/%s", provider)
callback := constants.CallbackBasePath + "/" + provider
var redirectURI string
@ -681,7 +683,7 @@ func getRelyingPartyArgs(cfg *config.Config, provider string, log log.Logger) (
rp.WithVerifierOpts(rp.WithIssuedAtOffset(issuedAtOffset)),
}
key := securecookie.GenerateRandomKey(32) //nolint: gomnd
key := securecookie.GenerateRandomKey(32) //nolint:mnd
cookieHandler := httphelper.NewCookieHandler(key, key, httphelper.WithMaxAge(relyingPartyCookieMaxAge))
options = append(options, rp.WithCookieHandler(cookieHandler))
@ -740,7 +742,7 @@ func getUsernamePasswordBasicAuth(request *http.Request) (string, string, error)
return "", "", zerr.ErrParsingAuthHeader
}
splitStr := strings.SplitN(basicAuth, " ", 2) //nolint: gomnd
splitStr := strings.SplitN(basicAuth, " ", 2) //nolint:mnd
if len(splitStr) != 2 || strings.ToLower(splitStr[0]) != "basic" {
return "", "", zerr.ErrParsingAuthHeader
}
@ -750,8 +752,8 @@ func getUsernamePasswordBasicAuth(request *http.Request) (string, string, error)
return "", "", err
}
pair := strings.SplitN(string(decodedStr), ":", 2) //nolint: gomnd
if len(pair) != 2 { //nolint: gomnd
pair := strings.SplitN(string(decodedStr), ":", 2) //nolint:mnd
if len(pair) != 2 { //nolint:mnd
return "", "", zerr.ErrParsingAuthHeader
}
@ -878,7 +880,7 @@ func hashUUID(uuid string) string {
digester := sha256.New()
digester.Write([]byte(uuid))
return godigest.NewDigestFromEncoded(godigest.SHA256, fmt.Sprintf("%x", digester.Sum(nil))).Encoded()
return godigest.NewDigestFromEncoded(godigest.SHA256, hex.EncodeToString(digester.Sum(nil))).Encoded()
}
/*

5
pkg/api/authn_test.go
View file

@ -7,7 +7,6 @@ import (
"context"
"encoding/json"
"errors"
"fmt"
"io/fs"
"net/http"
"net/http/httptest"
@ -91,6 +90,7 @@ func TestAPIKeys(t *testing.T) {
username, seedUser := test.GenerateRandomString()
password, seedPass := test.GenerateRandomString()
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
mockOIDCServer, err := authutils.MockOIDCRun()
@ -847,6 +847,7 @@ func TestAPIKeysOpenDBError(t *testing.T) {
username, seedUser := test.GenerateRandomString()
password, seedPass := test.GenerateRandomString()
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
mockOIDCServer, err := authutils.MockOIDCRun()
@ -1107,7 +1108,7 @@ func (gen *mockUUIDGenerator) NewV4() (
type errReader int
func (errReader) Read(p []byte) (int, error) {
return 0, fmt.Errorf("test error") //nolint:goerr113
return 0, errors.New("test error") //nolint:goerr113
}
type badDirInfo struct {

5
pkg/api/authz.go
View file

@ -230,7 +230,6 @@ func BaseAuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
since we only do READ actions in extensions, this middleware is enough for them because
it populates the context with user relevant data to be processed by each individual extension
*/
if request.Method == http.MethodOptions {
next.ServeHTTP(response, request)
@ -312,9 +311,10 @@ func DistSpecAuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
// if we get a reference (tag)
if ok {
is := ctlr.StoreController.GetImageStore(resource)
tags, err := is.GetImageTags(resource)
// if repo exists and request's tag exists then action is UPDATE
if err == nil && common.Contains(tags, reference) && reference != "latest" {
// if repo exists and request's tag exists then action is UPDATE
action = constants.UpdatePermission
}
}
@ -343,6 +343,7 @@ func MetricsAuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
return
}
if len(ctlr.Config.HTTP.AccessControl.Metrics.Users) == 0 {
log := ctlr.Log
log.Warn().Msg("auth is enabled but no metrics users in accessControl: /metrics is unaccesible")

1
pkg/api/config/config.go
View file

@ -306,6 +306,7 @@ func DeepCopy(src, dst interface{}) error {
if err != nil {
return err
}
err = json.Unmarshal(bytes, dst)
return err

3
pkg/api/config/config_test.go
View file

@ -69,9 +69,12 @@ func TestConfig(t *testing.T) {
Convey("Test DeepCopy() & Sanitize()", t, func() {
conf := config.New()
So(conf, ShouldNotBeNil)
authConfig := &config.AuthConfig{LDAP: (&config.LDAPConfig{}).SetBindPassword("oina")}
conf.HTTP.Auth = authConfig
So(func() { conf.Sanitize() }, ShouldNotPanic)
conf = conf.Sanitize()
So(conf.HTTP.Auth.LDAP.BindPassword(), ShouldEqual, "******")

1
pkg/api/controller.go
View file

@ -96,6 +96,7 @@ func NewController(appConfig *config.Config) *Controller {
Str("clusterMember", memberSocket).
Str("clusterMemberIndex", strconv.Itoa(memberSocketIdx)).Logger()
}
controller.Config = appConfig
controller.Log = logger

579
pkg/api/controller_test.go
View file

File diff suppressed because it is too large Load diff

2
pkg/api/cookiestore.go
View file

@ -147,7 +147,7 @@ func (gen *SessionCleanup) Next() (scheduler.Task, error) {
if len(sessions) == 0 {
gen.done = true
return nil, nil
return nil, nil //nolint:nilnil
}
return &CleanTask{sessions: sessions}, nil

4
pkg/api/ldap.go
View file

@ -66,7 +66,6 @@ func (lc *LDAPClient) Connect() error {
}
err = l.StartTLS(config)
if err != nil {
lc.Log.Error().Err(err).Str("address", address).Msg("failed to establish a TLS connection")
@ -81,8 +80,8 @@ func (lc *LDAPClient) Connect() error {
}
if lc.ClientCertificates != nil && len(lc.ClientCertificates) > 0 {
config.Certificates = lc.ClientCertificates
// config.BuildNameToCertificate()
}
l, err = ldap.DialTLS("tcp", address, config) //nolint:staticcheck
if err != nil {
lc.Log.Error().Err(err).Str("address", address).Msg("failed to establish a TLS connection")
@ -226,6 +225,7 @@ func (lc *LDAPClient) Authenticate(username, password string) (bool, map[string]
userAttributes := search.Entries[0].Attributes[0]
userGroups = userAttributes.Values
}
user := map[string]string{}
for _, attr := range lc.Attributes {

32
pkg/api/routes.go
View file

@ -38,7 +38,7 @@ import (
apiErr "zotregistry.dev/zot/pkg/api/errors"
zcommon "zotregistry.dev/zot/pkg/common"
gqlPlayground "zotregistry.dev/zot/pkg/debug/gqlplayground"
pprof "zotregistry.dev/zot/pkg/debug/pprof"
"zotregistry.dev/zot/pkg/debug/pprof"
debug "zotregistry.dev/zot/pkg/debug/swagger"
ext "zotregistry.dev/zot/pkg/extensions"
syncConstants "zotregistry.dev/zot/pkg/extensions/sync/constants"
@ -76,10 +76,10 @@ func (rh *RouteHandler) SetupRoutes() {
// callback path for openID
for provider, relyingParty := range rh.c.RelyingParties {
if config.IsOauth2Supported(provider) {
rh.c.Router.HandleFunc(constants.CallbackBasePath+fmt.Sprintf("/%s", provider),
rh.c.Router.HandleFunc(constants.CallbackBasePath+"/"+provider,
rp.CodeExchangeHandler(rh.GithubCodeExchangeCallback(), relyingParty))
} else if config.IsOpenIDSupported(provider) {
rh.c.Router.HandleFunc(constants.CallbackBasePath+fmt.Sprintf("/%s", provider),
rh.c.Router.HandleFunc(constants.CallbackBasePath+"/"+provider,
rp.CodeExchangeHandler(rp.UserinfoCallback(rh.OpenIDCodeExchangeCallback()), relyingParty))
}
}
@ -265,9 +265,9 @@ func (rh *RouteHandler) CheckVersionSupport(response http.ResponseWriter, reques
// don't send auth headers if request is coming from UI
if request.Header.Get(constants.SessionClientHeaderName) != constants.SessionClientHeaderValue {
if rh.c.Config.HTTP.Auth.Bearer != nil {
response.Header().Set("WWW-Authenticate", fmt.Sprintf("bearer realm=%s", rh.c.Config.HTTP.Auth.Bearer.Realm))
response.Header().Set("WWW-Authenticate", "bearer realm="+rh.c.Config.HTTP.Auth.Bearer.Realm)
} else {
response.Header().Set("WWW-Authenticate", fmt.Sprintf("basic realm=%s", rh.c.Config.HTTP.Realm))
response.Header().Set("WWW-Authenticate", "basic realm="+rh.c.Config.HTTP.Realm)
}
}
}
@ -458,6 +458,7 @@ func (rh *RouteHandler) CheckManifest(response http.ResponseWriter, request *htt
zcommon.WriteJSON(response, http.StatusNotFound, apiErr.NewErrorList(e))
} else {
rh.c.Log.Error().Err(err).Msg("unexpected error")
e := apiErr.NewError(apiErr.MANIFEST_INVALID).AddDetail(details)
zcommon.WriteJSON(response, http.StatusInternalServerError, apiErr.NewErrorList(e))
}
@ -466,7 +467,7 @@ func (rh *RouteHandler) CheckManifest(response http.ResponseWriter, request *htt
}
response.Header().Set(constants.DistContentDigestKey, digest.String())
response.Header().Set("Content-Length", fmt.Sprintf("%d", len(content)))
response.Header().Set("Content-Length", strconv.Itoa(len(content)))
response.Header().Set("Content-Type", mediaType)
response.WriteHeader(http.StatusOK)
}
@ -548,7 +549,7 @@ func (rh *RouteHandler) GetManifest(response http.ResponseWriter, request *http.
}
response.Header().Set(constants.DistContentDigestKey, digest.String())
response.Header().Set("Content-Length", fmt.Sprintf("%d", len(content)))
response.Header().Set("Content-Length", strconv.Itoa(len(content)))
response.Header().Set("Content-Type", mediaType)
zcommon.WriteData(response, http.StatusOK, mediaType, content)
}
@ -607,8 +608,8 @@ func (rh *RouteHandler) GetReferrers(response http.ResponseWriter, request *http
}
digestStr, ok := vars["digest"]
digest, err := godigest.Parse(digestStr)
digest, err := godigest.Parse(digestStr)
if !ok || digestStr == "" || err != nil {
response.WriteHeader(http.StatusBadRequest)
@ -647,7 +648,7 @@ func (rh *RouteHandler) GetReferrers(response http.ResponseWriter, request *http
if len(artifactTypes) > 0 {
// currently, the only filter supported and on this end-point
response.Header().Set("OCI-Filters-Applied", "artifactType")
response.Header().Set("OCI-Filters-Applied", "artifactType") //nolint:canonicalheader
}
zcommon.WriteData(response, http.StatusOK, ispec.MediaTypeImageIndex, out)
@ -991,7 +992,7 @@ func (rh *RouteHandler) CheckBlob(response http.ResponseWriter, request *http.Re
return
}
response.Header().Set("Content-Length", fmt.Sprintf("%d", blen))
response.Header().Set("Content-Length", strconv.FormatInt(blen, 10))
response.Header().Set("Accept-Ranges", "bytes")
response.Header().Set(constants.DistContentDigestKey, digest.String())
response.WriteHeader(http.StatusOK)
@ -1018,6 +1019,7 @@ func parseRangeHeader(contentRange string) (int64, int64, error) {
}
var from int64
to := int64(-1)
rangeFrom := paramsMap["rangeFrom"]
@ -1135,9 +1137,10 @@ func (rh *RouteHandler) GetBlob(response http.ResponseWriter, request *http.Requ
return
}
defer repo.Close()
response.Header().Set("Content-Length", fmt.Sprintf("%d", blen))
response.Header().Set("Content-Length", strconv.FormatInt(blen, 10))
status := http.StatusOK
@ -1173,8 +1176,8 @@ func (rh *RouteHandler) DeleteBlob(response http.ResponseWriter, request *http.R
}
digestStr, ok := vars["digest"]
digest, err := godigest.Parse(digestStr)
digest, err := godigest.Parse(digestStr)
if !ok || digestStr == "" || err != nil {
response.WriteHeader(http.StatusNotFound)
@ -1330,6 +1333,7 @@ func (rh *RouteHandler) CreateBlobUpload(response http.ResponseWriter, request *
contentLength, err := strconv.ParseInt(request.Header.Get("Content-Length"), 10, 64)
if err != nil || contentLength <= 0 {
rh.c.Log.Warn().Str("actual", request.Header.Get("Content-Length")).Msg("invalid content length")
details := map[string]string{"digest": digest.String()}
if err != nil {
@ -1337,6 +1341,7 @@ func (rh *RouteHandler) CreateBlobUpload(response http.ResponseWriter, request *
} else {
details["Content-Length"] = request.Header.Get("Content-Length")
}
e := apiErr.NewError(apiErr.BLOB_UPLOAD_INVALID).AddDetail(details)
zcommon.WriteJSON(response, http.StatusBadRequest, apiErr.NewErrorList(e))
@ -1491,7 +1496,6 @@ func (rh *RouteHandler) PatchBlobUpload(response http.ResponseWriter, request *h
clen, err = imgStore.PutBlobChunkStreamed(name, sessionID, request.Body)
} else {
// chunked blob upload
var contentLength int64
if contentLength, err = strconv.ParseInt(request.Header.Get("Content-Length"), 10, 64); err != nil {
@ -1533,6 +1537,7 @@ func (rh *RouteHandler) PatchBlobUpload(response http.ResponseWriter, request *h
rh.c.Log.Error().Err(err).Str("blobUpload", sessionID).Str("repository", name).
Msg("couldn't remove blobUpload in repo")
}
response.WriteHeader(http.StatusInternalServerError)
}
@ -1655,6 +1660,7 @@ func (rh *RouteHandler) UpdateBlobUpload(response http.ResponseWriter, request *
rh.c.Log.Error().Err(err).Str("blobUpload", sessionID).Str("repository", name).
Msg("failed to remove blobUpload in repo")
}
response.WriteHeader(http.StatusInternalServerError)
}

3
pkg/api/routes_test.go
View file

@ -47,12 +47,14 @@ func TestRoutes(t *testing.T) {
username, seedUser := test.GenerateRandomString()
password, seedPass := test.GenerateRandomString()
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
mockOIDCServer, err := mockoidc.Run()
if err != nil {
panic(err)
}
defer func() {
err := mockOIDCServer.Shutdown()
if err != nil {
@ -305,6 +307,7 @@ func TestRoutes(t *testing.T) {
ctlr.StoreController.DefaultStore = ism
request, _ := http.NewRequestWithContext(context.Background(), http.MethodDelete, baseURL, nil)
request = mux.SetURLVars(request, urlVars)
for k, v := range headers {
request.Header.Add(k, v)
}

18
pkg/api/session.go
View file

@ -90,25 +90,30 @@ func SessionLogger(ctlr *Controller) mux.MiddlewareFunc {
method := request.Method
headers := map[string][]string{}
log := logger.Info() //nolint: zerologlint // false positive, the Msg call is below
for key, value := range request.Header {
if key == "Authorization" { // anonymize from logs
s := strings.SplitN(value[0], " ", 2) //nolint:gomnd
s := strings.SplitN(value[0], " ", 2) //nolint:mnd
if len(s) == 2 && strings.EqualFold(s[0], "basic") {
b, err := base64.StdEncoding.DecodeString(s[1])
if err == nil {
pair := strings.SplitN(string(b), ":", 2) //nolint:gomnd
//nolint:gomnd
pair := strings.SplitN(string(b), ":", 2) //nolint:mnd
//nolint:mnd
if len(pair) == 2 {
log = log.Str("username", pair[0])
}
}
}
value = []string{"******"}
}
headers[key] = value
}
statusCode := stwr.status
bodySize := stwr.length
if raw != "" {
path = path + "?" + raw
}
@ -151,12 +156,12 @@ func SessionAuditLogger(audit *log.Logger) mux.MiddlewareFunc {
for key, value := range request.Header {
if key == "Authorization" { // anonymize from logs
s := strings.SplitN(value[0], " ", 2) //nolint:gomnd
s := strings.SplitN(value[0], " ", 2) //nolint:mnd
if len(s) == 2 && strings.EqualFold(s[0], "basic") {
b, err := base64.StdEncoding.DecodeString(s[1])
if err == nil {
pair := strings.SplitN(string(b), ":", 2) //nolint:gomnd
if len(pair) == 2 { //nolint:gomnd
pair := strings.SplitN(string(b), ":", 2) //nolint:mnd
if len(pair) == 2 { //nolint:mnd
username = pair[0]
}
}
@ -165,6 +170,7 @@ func SessionAuditLogger(audit *log.Logger) mux.MiddlewareFunc {
}
statusCode := statusWr.status
if raw != "" {
path = path + "?" + raw
}

2
pkg/cli/client/client.go
View file

@ -450,7 +450,7 @@ func fetchManifestStruct(ctx context.Context, repo, manifestReference string, se
layers = append(
layers,
common.LayerSummary{
Size: fmt.Sprintf("%v", entry.Size),
Size: strconv.FormatInt(entry.Size, 10),
Digest: entry.Digest.String(),
},
)

15
pkg/cli/client/client_test.go
View file

@ -47,11 +47,14 @@ func TestTLSWithAuth(t *testing.T) {
caCertPool.AppendCertsFromPEM(caCert)
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
defer func() { resty.SetTLSClientConfig(nil) }()
conf := config.New()
conf.HTTP.Port = SecurePort1
username, seedUser := test.GenerateRandomString()
password, seedPass := test.GenerateRandomString()
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
@ -75,6 +78,7 @@ func TestTLSWithAuth(t *testing.T) {
ctlr := api.NewController(conf)
ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password")
ctlr.Config.Storage.RootDirectory = t.TempDir()
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
@ -101,10 +105,12 @@ func TestTLSWithAuth(t *testing.T) {
So(imageBuff.String(), ShouldContainSubstring, "scheme not provided")
args = []string{"list", "--config", "imagetest"}
configPath = makeConfigFile(
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
defer os.Remove(configPath)
imageCmd = client.NewImageCommand(client.NewSearchService())
imageBuff = bytes.NewBufferString("")
imageCmd.SetOut(imageBuff)
@ -116,10 +122,12 @@ func TestTLSWithAuth(t *testing.T) {
user := fmt.Sprintf("%s:%s", username, password)
args = []string{"-u", user, "--config", "imagetest"}
configPath = makeConfigFile(
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
defer os.Remove(configPath)
imageCmd = client.NewImageCommand(client.NewSearchService())
imageBuff = bytes.NewBufferString("")
imageCmd.SetOut(imageBuff)
@ -139,7 +147,9 @@ func TestTLSWithoutAuth(t *testing.T) {
caCertPool.AppendCertsFromPEM(caCert)
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
defer func() { resty.SetTLSClientConfig(nil) }()
conf := config.New()
conf.HTTP.Port = SecurePort1
conf.HTTP.TLS = &config.TLSConfig{
@ -155,6 +165,7 @@ func TestTLSWithoutAuth(t *testing.T) {
ctlr := api.NewController(conf)
ctlr.Config.Storage.RootDirectory = t.TempDir()
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
@ -189,11 +200,14 @@ func TestTLSBadCerts(t *testing.T) {
Convey("Make a new controller", t, func() {
caCert, err := os.ReadFile(CACert)
So(err, ShouldBeNil)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
defer func() { resty.SetTLSClientConfig(nil) }()
conf := config.New()
conf.HTTP.Port = SecurePort3
conf.HTTP.TLS = &config.TLSConfig{
@ -204,6 +218,7 @@ func TestTLSBadCerts(t *testing.T) {
ctlr := api.NewController(conf)
ctlr.Config.Storage.RootDirectory = t.TempDir()
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()

2
pkg/cli/client/config_cmd.go
View file

@ -223,7 +223,7 @@ func getConfigNames(configPath string) (string, error) {
var builder strings.Builder
writer := tabwriter.NewWriter(&builder, 0, 8, 1, '\t', tabwriter.AlignRight) //nolint:gomnd
writer := tabwriter.NewWriter(&builder, 0, 8, 1, '\t', tabwriter.AlignRight) //nolint:mnd
for _, val := range configs {
configMap, ok := val.(map[string]interface{})

89
pkg/cli/client/config_cmd_test.go
View file

@ -20,26 +20,33 @@ import (
func TestConfigCmdBasics(t *testing.T) {
Convey("Test config help", t, func() {
args := []string{"--help"}
configPath := makeConfigFile("showspinner = false")
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldContainSubstring, "Usage")
So(err, ShouldBeNil)
So(buff.String(), ShouldContainSubstring, "Usage")
Convey("with the shorthand", func() {
args[0] = "-h"
configPath := makeConfigFile("showspinner = false")
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldContainSubstring, "Usage")
So(err, ShouldBeNil)
})
@ -47,14 +54,17 @@ func TestConfigCmdBasics(t *testing.T) {
Convey("Test config no args", t, func() {
args := []string{}
configPath := makeConfigFile("showspinner = false")
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldContainSubstring, "Usage")
So(err, ShouldNotBeNil)
})
@ -63,8 +73,10 @@ func TestConfigCmdBasics(t *testing.T) {
func TestConfigCmdMain(t *testing.T) {
Convey("Test add config", t, func() {
args := []string{"add", "configtest1", "https://test-url.com"}
file := makeConfigFile("")
defer os.Remove(file)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -83,6 +95,7 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test error on home directory", t, func() {
args := []string{"add", "configtest1", "https://test-url.com"}
file := makeConfigFile("")
defer os.Remove(file)
@ -103,6 +116,7 @@ func TestConfigCmdMain(t *testing.T) {
if err != nil {
panic(err)
}
err = os.Setenv("HOME", home)
if err != nil {
log.Fatal(err)
@ -111,6 +125,7 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test error on home directory at new add config", t, func() {
args := []string{"add", "configtest1", "https://test-url.com"}
file := makeConfigFile("")
defer os.Remove(file)
@ -131,6 +146,7 @@ func TestConfigCmdMain(t *testing.T) {
if err != nil {
panic(err)
}
err = os.Setenv("HOME", home)
if err != nil {
log.Fatal(err)
@ -139,8 +155,10 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test add config with invalid format", t, func() {
args := []string{"--list"}
configPath := makeConfigFile(`{"configs":{"_name":"configtest","url":"https://test-url.com","showspinner":false}}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -152,8 +170,10 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test add config with invalid URL", t, func() {
args := []string{"add", "configtest1", "test..com"}
file := makeConfigFile("")
defer os.Remove(file)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -166,8 +186,10 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test remove config entry successfully", t, func() {
args := []string{"remove", "configtest"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -184,8 +206,10 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test remove missing config entry", t, func() {
args := []string{"remove", "configtest"}
configPath := makeConfigFile(`{"configs":[]`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -198,8 +222,10 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test remove bad config file content", t, func() {
args := []string{"remove", "configtest"}
configPath := makeConfigFile(`{"asdf":[]`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -212,8 +238,10 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test remove bad config file entry", t, func() {
args := []string{"remove", "configtest"}
configPath := makeConfigFile(`{"configs":[asdad]`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -227,12 +255,15 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test remove config bad permissions", t, func() {
args := []string{"remove", "configtest"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer func() {
_ = os.Chmod(configPath, 0o600)
os.Remove(configPath)
}()
err := os.Chmod(configPath, 0o400) // Read-only, so we fail only on updating the file, not reading
So(err, ShouldBeNil)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -245,122 +276,154 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test fetch all config", t, func() {
args := []string{"--list"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldContainSubstring, "https://test-url.com")
So(err, ShouldBeNil)
Convey("with the shorthand", func() {
args := []string{"-l"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldContainSubstring, "https://test-url.com")
So(err, ShouldBeNil)
So(buff.String(), ShouldContainSubstring, "https://test-url.com")
})
Convey("From empty file", func() {
args := []string{"-l"}
configPath := makeConfigFile(``)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldBeNil)
So(strings.TrimSpace(buff.String()), ShouldEqual, "")
})
})
Convey("Test fetch a config", t, func() {
args := []string{"configtest", "--list"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldBeNil)
So(buff.String(), ShouldContainSubstring, "url = https://test-url.com")
So(buff.String(), ShouldContainSubstring, "showspinner = false")
So(err, ShouldBeNil)
Convey("with the shorthand", func() {
args := []string{"configtest", "-l"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldBeNil)
So(buff.String(), ShouldContainSubstring, "url = https://test-url.com")
So(buff.String(), ShouldContainSubstring, "showspinner = false")
So(err, ShouldBeNil)
})
Convey("From empty file", func() {
args := []string{"configtest", "-l"}
configPath := makeConfigFile(``)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldBeNil)
So(strings.TrimSpace(buff.String()), ShouldEqual, "")
})
})
Convey("Test fetch a config val", t, func() {
args := []string{"configtest", "url"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldEqual, "https://test-url.com\n")
So(err, ShouldBeNil)
So(buff.String(), ShouldEqual, "https://test-url.com\n")
Convey("From empty file", func() {
args := []string{"configtest", "url"}
configPath := makeConfigFile(``)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldNotBeNil)
So(buff.String(), ShouldContainSubstring, "does not exist")
})
})
Convey("Test add a config val", t, func() {
args := []string{"configtest", "showspinner", "false"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com"}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -380,23 +443,29 @@ func TestConfigCmdMain(t *testing.T) {
Convey("To an empty file", func() {
args := []string{"configtest", "showspinner", "false"}
configPath := makeConfigFile(``)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldNotBeNil)
So(buff.String(), ShouldContainSubstring, "does not exist")
})
})
Convey("Test overwrite a config", t, func() {
args := []string{"configtest", "url", "https://new-url.com"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -418,8 +487,10 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test reset a config val", t, func() {
args := []string{"configtest", "showspinner", "--reset"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -440,29 +511,37 @@ func TestConfigCmdMain(t *testing.T) {
Convey("Test reset a url", t, func() {
args := []string{"configtest", "url", "--reset"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldNotBeNil)
So(buff.String(), ShouldContainSubstring, "cannot reset")
})
Convey("Test add a config with an existing saved name", t, func() {
args := []string{"add", "configtest", "https://test-url.com/new"}
configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := client.NewConfigCommand()
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldNotBeNil)
So(buff.String(), ShouldContainSubstring, "cli config name already added")
})
}

64
pkg/cli/client/cve_cmd_internal_test.go
View file

@ -47,36 +47,44 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE help", t, func() {
args := []string{"--help"}
configPath := makeConfigFile("")
defer os.Remove(configPath)
cmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldContainSubstring, "Usage")
So(err, ShouldBeNil)
})
Convey("Test CVE help - with the shorthand", t, func() {
args := []string{"-h"}
configPath := makeConfigFile("")
defer os.Remove(configPath)
cmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldContainSubstring, "Usage")
So(err, ShouldBeNil)
})
Convey("Test CVE no url", t, func() {
args := []string{"affected", "CVE-cveIdRandom", "--config", "cvetest"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -89,8 +97,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE invalid url", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", "invalidUrl"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewCVECommand(new(searchService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -104,8 +114,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE invalid url port", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", "http://localhost:99999"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewCVECommand(new(searchService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -118,8 +130,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE unreachable", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", "http://localhost:9999"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewCVECommand(new(searchService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -131,8 +145,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE url from config", t, func() {
args := []string{"list", "dummyImageName:tag", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, baseURL))
defer os.Remove(configPath)
cmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -161,8 +177,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test debug flag", t, func() {
args := []string{"list", "dummyImageName:tag", "--debug", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, baseURL))
defer os.Remove(configPath)
cmd := NewCVECommand(new(searchService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -177,8 +195,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE by name and CVE ID - long option", t, func() {
args := []string{"affected", "CVE-CVEID", "--repo", "dummyImageName", "--url", baseURL}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -195,8 +215,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE by name and CVE ID - using shorthand", t, func() {
args := []string{"affected", "CVE-CVEID", "--repo", "dummyImageName", "--url", baseURL}
buff := bytes.NewBufferString("")
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
@ -211,8 +233,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE by image name - in text format", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", baseURL}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -241,8 +265,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE by image name - in text format - in verbose mode", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", baseURL, "--verbose"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -278,8 +304,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE by image name - in json format", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", baseURL, "-f", "json"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -298,8 +326,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test CVE by image name - in yaml format", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", baseURL, "-f", "yaml"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -316,24 +346,30 @@ func TestSearchCVECmd(t *testing.T) {
})
Convey("Test CVE by image name - invalid format", t, func() {
args := []string{"list", "dummyImageName:tag", "--url", baseURL, "-f", "random"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err := cveCmd.Execute()
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
So(err, ShouldNotBeNil)
So(strings.TrimSpace(str), ShouldContainSubstring, zerr.ErrInvalidOutputFormat.Error())
})
Convey("Test images by CVE ID - positive", t, func() {
args := []string{"affected", "CVE-CVEID", "--repo", "anImage", "--url", baseURL}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -342,14 +378,17 @@ func TestSearchCVECmd(t *testing.T) {
err := cveCmd.Execute()
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
So(strings.TrimSpace(str), ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE anImage tag os/arch 6e2f80bf false 123kB") //nolint:lll
So(err, ShouldBeNil)
})
Convey("Test images by CVE ID - positive with retries", t, func() {
args := []string{"affected", "CVE-CVEID", "--repo", "anImage", "--url", baseURL}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
mockService := mockServiceForRetry{succeedOn: 2} // CVE info will be provided in 2nd attempt
cveCmd := NewCVECommand(&mockService)
buff := bytes.NewBufferString("")
@ -369,8 +408,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test images by CVE ID - failed after retries", t, func() {
args := []string{"affected", "CVE-CVEID", "--url", baseURL}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
mockService := mockServiceForRetry{succeedOn: -1} // CVE info will be unavailable on all retries
cveCmd := NewCVECommand(&mockService)
buff := bytes.NewBufferString("")
@ -390,8 +431,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test images by CVE ID - invalid CVE ID", t, func() {
args := []string{"affected", "CVE-invalidCVEID", "--config", "cvetest"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -403,8 +446,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test images by CVE ID - invalid url", t, func() {
args := []string{"affected", "CVE-CVEID", "--url", "invalidURL"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -418,8 +463,10 @@ func TestSearchCVECmd(t *testing.T) {
Convey("Test fixed tags by and image name CVE ID - positive", t, func() {
args := []string{"fixed", "fixedImage", "CVE-CVEID", "--url", baseURL}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(new(mockService))
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -428,14 +475,17 @@ func TestSearchCVECmd(t *testing.T) {
err := cveCmd.Execute()
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
So(err, ShouldBeNil)
So(strings.TrimSpace(str), ShouldEqual, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE fixedImage tag os/arch 6e2f80bf false 123kB") //nolint:lll
})
Convey("Test fixed tags by and image name CVE ID - invalid image name", t, func() {
args := []string{"affected", "CVE-CVEID", "--image", "invalidImageName", "--config", "cvetest"}
configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
defer os.Remove(configPath)
cveCmd := NewCVECommand(NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -487,10 +537,12 @@ func TestCVECommandGQL(t *testing.T) {
Convey("cveid db download wait", func() {
count := 0
args := []string{"affected", "CVE-12345", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`,
baseURL))
args := []string{"affected", "CVE-12345", "--config", "cvetest"}
defer os.Remove(configPath)
cmd := NewCVECommand(mockService{
getTagsForCVEGQLFn: func(ctx context.Context, config SearchConfig, username, password,
imageName, cveID string) (*zcommon.ImagesForCve, error,
@ -534,10 +586,12 @@ func TestCVECommandGQL(t *testing.T) {
Convey("fixed db download wait", func() {
count := 0
args := []string{"fixed", "repo", "CVE-2222", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`,
baseURL))
args := []string{"fixed", "repo", "CVE-2222", "--config", "cvetest"}
defer os.Remove(configPath)
cmd := NewCVECommand(mockService{
getFixedTagsForCVEGQLFn: func(ctx context.Context, config SearchConfig, username, password,
imageName, cveID string) (*zcommon.ImageListWithCVEFixedResponse, error,
@ -571,8 +625,10 @@ func TestCVECommandGQL(t *testing.T) {
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
actual := strings.TrimSpace(str)
@ -582,10 +638,12 @@ func TestCVECommandGQL(t *testing.T) {
Convey("image db download wait", func() {
count := 0
args := []string{"list", "repo:vuln", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`,
baseURL))
args := []string{"list", "repo:vuln", "--config", "cvetest"}
defer os.Remove(configPath)
cmd := NewCVECommand(mockService{
getCveByImageGQLFn: func(ctx context.Context, config SearchConfig, username, password,
imageName, searchedCVE string) (*cveResult, error,

94
pkg/cli/client/cve_cmd_test.go
View file

@ -95,8 +95,10 @@ func TestNegativeServerResponse(t *testing.T) {
Convey("Status Code Not Found", func() {
args := []string{"list", "zot-cve-test:0.0.1", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -186,8 +188,10 @@ func TestNegativeServerResponse(t *testing.T) {
}
args := []string{"fixed", "zot-cve-test", "CVE-2019-9923", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -383,15 +387,19 @@ func TestCVEDiffList(t *testing.T) {
Convey("Test CVE by image name - GQL - positive", t, func() {
args := []string{"diff", "repo:image", "repo:base-image", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err = cveCmd.Execute()
fmt.Println(buff.String())
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
@ -401,9 +409,9 @@ func TestCVEDiffList(t *testing.T) {
})
Convey("Errors", t, func() {
// args := []string{"diff", "repo:image", "repo:base-image", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
Convey("Set wrong number of params", func() {
@ -538,8 +546,10 @@ func TestServerCVEResponse(t *testing.T) {
Convey("Test CVE by image name - GQL - positive", t, func() {
args := []string{"list", "zot-cve-test:0.0.1", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -549,6 +559,7 @@ func TestServerCVEResponse(t *testing.T) {
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldBeNil)
So(str, ShouldContainSubstring, "ID SEVERITY TITLE")
So(str, ShouldContainSubstring, "CVE")
@ -556,8 +567,10 @@ func TestServerCVEResponse(t *testing.T) {
Convey("Test CVE by image name - GQL - search CVE by title in results", t, func() {
args := []string{"list", "zot-cve-test:0.0.1", "--cve-id", "CVE-C1", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -567,6 +580,7 @@ func TestServerCVEResponse(t *testing.T) {
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldBeNil)
So(str, ShouldContainSubstring, "ID SEVERITY TITLE")
So(str, ShouldContainSubstring, "CVE-C1")
@ -575,18 +589,24 @@ func TestServerCVEResponse(t *testing.T) {
Convey("Test CVE by image name - GQL - search CVE by id in results", t, func() {
args := []string{"list", "zot-cve-test:0.0.1", "--cve-id", "CVE-2", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err = cveCmd.Execute()
So(err, ShouldBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldBeNil)
So(str, ShouldContainSubstring, "ID SEVERITY TITLE")
So(str, ShouldContainSubstring, "CVE-2")
So(str, ShouldNotContainSubstring, "CVE-1")
@ -594,8 +614,10 @@ func TestServerCVEResponse(t *testing.T) {
Convey("Test CVE by image name - GQL - search nonexistent CVE", t, func() {
args := []string{"list", "zot-cve-test:0.0.1", "--cve-id", "CVE-100", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -605,14 +627,17 @@ func TestServerCVEResponse(t *testing.T) {
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldBeNil)
So(str, ShouldContainSubstring, "No CVEs found for image")
})
Convey("Test CVE by image name - GQL - invalid image", t, func() {
args := []string{"list", "invalid:0.0.1", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -624,8 +649,10 @@ func TestServerCVEResponse(t *testing.T) {
Convey("Test CVE by image name - GQL - invalid image name and tag", t, func() {
args := []string{"list", "invalid:", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -637,56 +664,71 @@ func TestServerCVEResponse(t *testing.T) {
Convey("Test CVE by image name - GQL - invalid cli output format", t, func() {
args := []string{"list", "zot-cve-test:0.0.1", "-f", "random", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err = cveCmd.Execute()
So(err, ShouldNotBeNil)
So(buff.String(), ShouldContainSubstring, "invalid cli output format")
})
Convey("Test images by CVE ID - GQL - positive", t, func() {
args := []string{"affected", "CVE-2019-9923", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err := cveCmd.Execute()
So(err, ShouldBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldBeNil)
So(str, ShouldEqual, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE zot-cve-test 0.0.1 linux/amd64 db573b01 false 854B")
})
Convey("Test images by CVE ID - GQL - invalid CVE ID", t, func() {
args := []string{"affected", "CVE-invalid", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err := cveCmd.Execute()
So(err, ShouldBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldBeNil)
So(str, ShouldNotContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
})
Convey("Test images by CVE ID - GQL - invalid cli output format", t, func() {
args := []string{"affected", "CVE-2019-9923", "-f", "random", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -699,25 +741,32 @@ func TestServerCVEResponse(t *testing.T) {
Convey("Test fixed tags by image name and CVE ID - GQL - positive", t, func() {
args := []string{"fixed", "zot-cve-test", "CVE-2019-9923", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err := cveCmd.Execute()
So(err, ShouldBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldBeNil)
So(str, ShouldEqual, "")
})
Convey("Test fixed tags by image name and CVE ID - GQL - random cve", t, func() {
args := []string{"fixed", "zot-cve-test", "random", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
@ -727,81 +776,104 @@ func TestServerCVEResponse(t *testing.T) {
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldBeNil)
So(strings.TrimSpace(str), ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
})
Convey("Test fixed tags by image name and CVE ID - GQL - random image", t, func() {
args := []string{"fixed", "zot-cv-test", "CVE-2019-20807", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err := cveCmd.Execute()
So(err, ShouldNotBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldNotBeNil)
So(strings.TrimSpace(str), ShouldNotContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
})
Convey("Test fixed tags by image name and CVE ID - GQL - invalid image", t, func() {
args := []string{"fixed", "zot-cv-test:tag", "CVE-2019-20807", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err := cveCmd.Execute()
So(err, ShouldNotBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
str = strings.TrimSpace(str)
So(err, ShouldNotBeNil)
So(strings.TrimSpace(str), ShouldNotContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
})
Convey("Test CVE by name and CVE ID - GQL - positive", t, func() {
args := []string{"affected", "CVE-2019-9923", "--repo", "zot-cve-test", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err := cveCmd.Execute()
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
So(err, ShouldBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
So(strings.TrimSpace(str), ShouldEqual,
"REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE zot-cve-test 0.0.1 linux/amd64 db573b01 false 854B")
})
Convey("Test CVE by name and CVE ID - GQL - invalid name and CVE ID", t, func() {
args := []string{"affected", "CVE-20807", "--repo", "test", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)
cveCmd.SetErr(buff)
cveCmd.SetArgs(args)
err := cveCmd.Execute()
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
So(err, ShouldBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
So(strings.TrimSpace(str), ShouldNotContainSubstring, "REPOSITORY TAG OS/ARCH SIGNED SIZE")
})
Convey("Test CVE by name and CVE ID - GQL - invalid cli output format", t, func() {
args := []string{"affected", "CVE-2019-9923", "--repo", "zot-cve-test", "-f", "random", "--config", "cvetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cveCmd := client.NewCVECommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cveCmd.SetOut(buff)

10
pkg/cli/client/elevated_test.go
View file

@ -26,6 +26,7 @@ import (
func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
Convey("Privileged certs - Make a new controller", t, func() {
cmd := exec.Command("mkdir", "-p", "/etc/containers/certs.d/127.0.0.1:8089/") //nolint: gosec
_, err := cmd.Output()
if err != nil {
panic(err)
@ -41,6 +42,7 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
for _, file := range clientGlob {
cmd = exec.Command("cp", file, "/etc/containers/certs.d/127.0.0.1:8089/")
res, err := cmd.CombinedOutput()
if err != nil {
panic(string(res))
@ -49,6 +51,7 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
for _, file := range caGlob {
cmd = exec.Command("cp", file, "/etc/containers/certs.d/127.0.0.1:8089/")
res, err := cmd.CombinedOutput()
if err != nil {
panic(string(res))
@ -59,6 +62,7 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
for _, file := range allGlob {
cmd = exec.Command("chmod", "a=rwx", file)
res, err := cmd.CombinedOutput()
if err != nil {
panic(string(res))
@ -73,7 +77,9 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
caCertPool.AppendCertsFromPEM(caCert)
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
defer func() { resty.SetTLSClientConfig(nil) }()
conf := config.New()
conf.HTTP.Port = SecurePort2
conf.HTTP.TLS = &config.TLSConfig{
@ -84,14 +90,17 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
ctlr := api.NewController(conf)
ctlr.Config.Storage.RootDirectory = t.TempDir()
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
Convey("Certs in privileged path", func() {
configPath := makeConfigFile(
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
BaseSecureURL2, constants.RoutePrefix, constants.ExtCatalogPrefix))
defer os.Remove(configPath)
args := []string{"list", "--config", "imagetest"}
@ -100,6 +109,7 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
imageCmd.SetOut(imageBuff)
imageCmd.SetErr(imageBuff)
imageCmd.SetArgs(args)
err := imageCmd.Execute()
So(err, ShouldBeNil)
})

57
pkg/cli/client/image_cmd_internal_test.go
View file

@ -35,26 +35,33 @@ import (
func TestSearchImageCmd(t *testing.T) {
Convey("Test image help", t, func() {
args := []string{"--help"}
configPath := makeConfigFile("")
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldContainSubstring, "Usage")
So(err, ShouldBeNil)
Convey("with the shorthand", func() {
args[0] = "-h"
configPath := makeConfigFile("")
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(buff.String(), ShouldContainSubstring, "Usage")
So(err, ShouldBeNil)
})
@ -62,8 +69,10 @@ func TestSearchImageCmd(t *testing.T) {
Convey("Test image no url", t, func() {
args := []string{"name", "dummyIdRandom", "--config", "imagetest"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -97,6 +106,7 @@ func TestSearchImageCmd(t *testing.T) {
if err != nil {
panic(err)
}
err = os.Setenv("HOME", home)
if err != nil {
log.Fatal(err)
@ -105,8 +115,10 @@ func TestSearchImageCmd(t *testing.T) {
Convey("Test image no params", t, func() {
args := []string{"--url", "someUrl"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -118,8 +130,10 @@ func TestSearchImageCmd(t *testing.T) {
Convey("Test image invalid url", t, func() {
args := []string{"name", "dummyImageName", "--url", "invalidUrl"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(searchService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -133,8 +147,10 @@ func TestSearchImageCmd(t *testing.T) {
Convey("Test image invalid url port", t, func() {
args := []string{"name", "dummyImageName", "--url", "http://localhost:99999"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(searchService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -146,8 +162,10 @@ func TestSearchImageCmd(t *testing.T) {
Convey("without flags", func() {
args := []string{"list", "--url", "http://localhost:99999"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(searchService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -161,8 +179,10 @@ func TestSearchImageCmd(t *testing.T) {
Convey("Test image unreachable", t, func() {
args := []string{"name", "dummyImageName", "--url", "http://localhost:9999"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(searchService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -174,8 +194,10 @@ func TestSearchImageCmd(t *testing.T) {
Convey("Test image url from config", t, func() {
args := []string{"name", "dummyImageName", "--config", "imagetest"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -191,8 +213,10 @@ func TestSearchImageCmd(t *testing.T) {
Convey("Test image by name", t, func() {
args := []string{"name", "dummyImageName", "--url", "http://127.0.0.1:8080"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
defer os.Remove(configPath)
imageCmd := NewImageCommand(new(mockService))
buff := &bytes.Buffer{}
imageCmd.SetOut(buff)
@ -233,8 +257,10 @@ func TestListRepos(t *testing.T) {
Convey("Test listing repositories with debug flag", t, func() {
args := []string{"list", "--config", "config-test", "--debug"}
configPath := makeConfigFile(`{"configs":[{"_name":"config-test","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewRepoCommand(new(searchService))
buff := bytes.NewBufferString("")
@ -272,6 +298,7 @@ func TestListRepos(t *testing.T) {
if err != nil {
panic(err)
}
err = os.Setenv("HOME", home)
if err != nil {
log.Fatal(err)
@ -280,9 +307,11 @@ func TestListRepos(t *testing.T) {
Convey("Test listing repositories error", t, func() {
args := []string{"list", "--config", "config-test"}
configPath := makeConfigFile(`{"configs":[{"_name":"config-test",
"url":"https://invalid.invalid","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewRepoCommand(new(searchService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -294,8 +323,10 @@ func TestListRepos(t *testing.T) {
Convey("Test unable to get config value", t, func() {
args := []string{"list", "--config", "config-test-nonexistent"}
configPath := makeConfigFile(`{"configs":[{"_name":"config-test","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewRepoCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -307,8 +338,10 @@ func TestListRepos(t *testing.T) {
Convey("Test error - no url provided", t, func() {
args := []string{"list", "--config", "config-test"}
configPath := makeConfigFile(`{"configs":[{"_name":"config-test","url":"","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewRepoCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -320,9 +353,11 @@ func TestListRepos(t *testing.T) {
Convey("Test error - spinner config invalid", t, func() {
args := []string{"list", "--config", "config-test"}
configPath := makeConfigFile(`{"configs":[{"_name":"config-test",
"url":"https://test-url.com","showspinner":invalid}]}`)
defer os.Remove(configPath)
cmd := NewRepoCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -334,9 +369,11 @@ func TestListRepos(t *testing.T) {
Convey("Test error - verifyTLSConfig fails", t, func() {
args := []string{"list", "--config", "config-test"}
configPath := makeConfigFile(`{"configs":[{"_name":"config-test",
"verify-tls":"invalid", "url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewRepoCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -350,8 +387,10 @@ func TestListRepos(t *testing.T) {
func TestOutputFormat(t *testing.T) {
Convey("Test text", t, func() {
args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "text"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -367,8 +406,10 @@ func TestOutputFormat(t *testing.T) {
Convey("Test json", t, func() {
args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "json"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -396,8 +437,10 @@ func TestOutputFormat(t *testing.T) {
Convey("Test yaml", t, func() {
args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "yaml"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -430,11 +473,13 @@ func TestOutputFormat(t *testing.T) {
Convey("Test yml", func() {
args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "yml"}
configPath := makeConfigFile(
`{"configs":[{"_name":"imagetest",` +
`"url":"https://test-url.com","showspinner":false}]}`,
)
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -468,8 +513,10 @@ func TestOutputFormat(t *testing.T) {
Convey("Test invalid", t, func() {
args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "random"}
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
defer os.Remove(configPath)
cmd := NewImageCommand(new(mockService))
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -778,7 +825,6 @@ func TestImagesCommandGQL(t *testing.T) {
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
baseURL))
defer os.Remove(configPath)
args := []string{"cve", "repo:vuln", "--config", "imagetest"}
cmd := NewImageCommand(mockService{})
buff := bytes.NewBufferString("")
@ -796,9 +842,11 @@ func TestImagesCommandGQL(t *testing.T) {
Convey("CVE errors", func() {
count := 0
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
baseURL))
defer os.Remove(configPath)
args := []string{"cve", "repo:vuln", "--config", "imagetest"}
cmd := NewImageCommand(mockService{
getCveByImageGQLFn: func(ctx context.Context, config SearchConfig, username, password,
@ -920,7 +968,6 @@ func TestImageCommandREST(t *testing.T) {
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
baseURL))
defer os.Remove(configPath)
args := []string{"base", "repo:derived", "--config", "imagetest"}
cmd := NewImageCommand(NewSearchService())
buff := bytes.NewBufferString("")
@ -949,7 +996,6 @@ func TestImageCommandREST(t *testing.T) {
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
baseURL))
defer os.Remove(configPath)
args := []string{"digest", image.DigestStr(), "--config", "imagetest"}
cmd := NewImageCommand(NewSearchService())
buff := bytes.NewBufferString("")
@ -969,7 +1015,6 @@ func TestImageCommandREST(t *testing.T) {
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
baseURL))
defer os.Remove(configPath)
args := []string{"list", "--config", "imagetest"}
cmd := NewImageCommand(NewSearchService())
buff := bytes.NewBufferString("")
@ -994,7 +1039,6 @@ func TestImageCommandREST(t *testing.T) {
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
baseURL))
defer os.Remove(configPath)
args := []string{"name", "repo:img", "--config", "imagetest"}
cmd := NewImageCommand(NewSearchService())
buff := bytes.NewBufferString("")
@ -1011,11 +1055,12 @@ func TestImageCommandREST(t *testing.T) {
vulnImage := CreateDefaultVulnerableImage()
err := UploadImage(vulnImage, baseURL, "repo", "vuln")
So(err, ShouldBeNil)
args := []string{"cve", "repo:vuln", "--config", "imagetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
baseURL))
args := []string{"cve", "repo:vuln", "--config", "imagetest"}
defer os.Remove(configPath)
cmd := NewImageCommand(mockService{})
buff := bytes.NewBufferString("")
cmd.SetOut(buff)

59
pkg/cli/client/image_cmd_test.go
View file

@ -11,6 +11,7 @@ import (
"os"
"path"
"regexp"
"strconv"
"strings"
"testing"
"time"
@ -59,8 +60,10 @@ func TestSignature(t *testing.T) {
}
ctlr := api.NewController(conf)
ctlr.Config.Storage.RootDirectory = currentDir
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
image := CreateDefaultImage()
@ -135,6 +138,7 @@ func TestSignature(t *testing.T) {
ctlr.Config.Storage.RootDirectory = currentDir
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
err = UploadImage(CreateDefaultImage(), url, repoName, "0.0.1")
@ -189,6 +193,7 @@ func TestSignature(t *testing.T) {
ctlr.Config.Storage.RootDirectory = currentDir
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
err = UploadImage(CreateDefaultImage(), url, repoName, "0.0.1")
@ -257,9 +262,9 @@ func TestDerivedImageList(t *testing.T) {
buff := &bytes.Buffer{}
searchConfig.ResultWriter = buff
err := client.SearchDerivedImageListGQL(searchConfig, "repo7:test:2.0")
actual := strings.TrimSpace(space.ReplaceAllString(buff.String(), " "))
So(err, ShouldBeNil)
actual := strings.TrimSpace(space.ReplaceAllString(buff.String(), " "))
So(actual, ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
So(actual, ShouldContainSubstring, "repo7 test:1.0 linux/amd64 9d9461ed false 860B")
})
@ -353,17 +358,21 @@ func TestOutputFormatGQL(t *testing.T) {
ctlr.Config.Storage.RootDirectory = t.TempDir()
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
err := uploadManifest(url)
t.Logf("%s", ctlr.Config.Storage.RootDirectory)
So(err, ShouldBeNil)
t.Logf("%s", ctlr.Config.Storage.RootDirectory)
Convey("Test json", func() {
t.Logf("%s", ctlr.Config.Storage.RootDirectory)
args := []string{"name", "repo7", "--config", "imagetest", "-f", "json"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -408,8 +417,10 @@ func TestOutputFormatGQL(t *testing.T) {
Convey("Test yaml", func() {
args := []string{"name", "repo7", "--config", "imagetest", "-f", "yaml"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -457,8 +468,10 @@ func TestOutputFormatGQL(t *testing.T) {
Convey("Test yml", func() {
args := []string{"name", "repo7", "--config", "imagetest", "-f", "yml"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -506,8 +519,10 @@ func TestOutputFormatGQL(t *testing.T) {
Convey("Test invalid", func() {
args := []string{"name", "repo7", "--config", "imagetest", "-f", "random"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -534,17 +549,21 @@ func TestServerResponseGQL(t *testing.T) {
ctlr.Config.Storage.RootDirectory = t.TempDir()
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
err := uploadManifest(url)
t.Logf("%s", ctlr.Config.Storage.RootDirectory)
So(err, ShouldBeNil)
Convey("Test all images config url", func() {
t.Logf("%s", ctlr.Config.Storage.RootDirectory)
args := []string{"list", "--config", "imagetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := &bytes.Buffer{}
cmd.SetOut(buff)
@ -560,8 +579,10 @@ func TestServerResponseGQL(t *testing.T) {
So(actual, ShouldContainSubstring, "repo7 test:1.0 linux/amd64 51e18f50 false 528B")
Convey("Test all images invalid output format", func() {
args := []string{"list", "--config", "imagetest", "-f", "random"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -575,8 +596,10 @@ func TestServerResponseGQL(t *testing.T) {
Convey("Test all images verbose", func() {
args := []string{"list", "--config", "imagetest", "--verbose"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -600,17 +623,22 @@ func TestServerResponseGQL(t *testing.T) {
Convey("Test all images with debug flag", func() {
args := []string{"list", "--config", "imagetest", "--debug"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
actual := strings.TrimSpace(str)
So(actual, ShouldContainSubstring, "GET")
So(actual, ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
@ -620,17 +648,22 @@ func TestServerResponseGQL(t *testing.T) {
Convey("Test image by name config url", func() {
args := []string{"name", "repo7", "--config", "imagetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err := cmd.Execute()
So(err, ShouldBeNil)
space := regexp.MustCompile(`\s+`)
str := space.ReplaceAllString(buff.String(), " ")
actual := strings.TrimSpace(str)
So(actual, ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
So(actual, ShouldContainSubstring, "repo7 test:2.0 linux/amd64 51e18f50 false 528B")
@ -638,8 +671,10 @@ func TestServerResponseGQL(t *testing.T) {
Convey("invalid output format", func() {
args := []string{"name", "repo7", "--config", "imagetest", "-f", "random"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -653,8 +688,10 @@ func TestServerResponseGQL(t *testing.T) {
Convey("Test image by digest", func() {
args := []string{"digest", "51e18f50", "--config", "imagetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -675,8 +712,10 @@ func TestServerResponseGQL(t *testing.T) {
Convey("nonexistent digest", func() {
args := []string{"digest", "d1g35t", "--config", "imagetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -689,8 +728,10 @@ func TestServerResponseGQL(t *testing.T) {
Convey("invalid output format", func() {
args := []string{"digest", "51e18f50", "--config", "imagetest", "-f", "random"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -704,8 +745,10 @@ func TestServerResponseGQL(t *testing.T) {
Convey("Test image by name nonexistent name", func() {
args := []string{"name", "repo777", "--config", "imagetest"}
configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
defer os.Remove(configPath)
cmd := client.NewImageCommand(client.NewSearchService())
buff := bytes.NewBufferString("")
cmd.SetOut(buff)
@ -782,7 +825,9 @@ func TestServerResponse(t *testing.T) {
buff := &bytes.Buffer{}
searchConfig.ResultWriter = buff
searchConfig.Verbose = true
defer func() { searchConfig.Verbose = false }()
err := client.SearchAllImages(searchConfig)
So(err, ShouldBeNil)
@ -1037,8 +1082,10 @@ func TestImagesSortFlag(t *testing.T) {
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err = cmd.Execute()
So(err, ShouldBeNil)
str = buff.String()
So(strings.Index(str, "b-repo"), ShouldBeLessThan, strings.Index(str, "a-repo"))
@ -1047,9 +1094,11 @@ func TestImagesSortFlag(t *testing.T) {
cmd.SetOut(buff)
cmd.SetErr(buff)
cmd.SetArgs(args)
err = cmd.Execute()
str = buff.String()
So(err, ShouldBeNil)
str = buff.String()
So(strings.Index(str, "b-repo"), ShouldBeLessThan, strings.Index(str, "a-repo"))
})
}
@ -1130,7 +1179,7 @@ func uploadManifest(url string) error {
_, _ = resty.R().
SetContentLength(true).
SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
SetHeader("Content-Length", strconv.Itoa(len(cblob))).
SetHeader("Content-Type", "application/octet-stream").
SetQueryParam("digest", cdigest.String()).
SetBody(cblob).
@ -1236,7 +1285,7 @@ func uploadManifestDerivedBase(url string) error {
_, _ = resty.R().
SetContentLength(true).
SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
SetHeader("Content-Length", strconv.Itoa(len(cblob))).
SetHeader("Content-Type", "application/octet-stream").
SetQueryParam("digest", cdigest.String()).
SetBody(cblob).

6
pkg/cli/client/search_cmd_test.go
View file

@ -45,8 +45,10 @@ func TestReferrerCLI(t *testing.T) {
}
ctlr := api.NewController(conf)
ctlr.Config.Storage.RootDirectory = rootDir
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
repo := repoName
@ -144,6 +146,7 @@ func TestReferrerCLI(t *testing.T) {
ctlr.Config.Storage.RootDirectory = rootDir
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
repo := repoName
@ -239,6 +242,7 @@ func TestFormatsReferrersCLI(t *testing.T) {
ctlr.Config.Storage.RootDirectory = rootDir
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
repo := repoName
@ -443,6 +447,7 @@ func TestSearchCLI(t *testing.T) {
ctlr.Config.Storage.RootDirectory = rootDir
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
const (
@ -557,6 +562,7 @@ func TestFormatsSearchCLI(t *testing.T) {
ctlr.Config.Storage.RootDirectory = rootDir
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(conf.HTTP.Port)
defer cm.StopServer()
const (

6
pkg/cli/client/server_info_cmd.go
View file

@ -67,7 +67,7 @@ func GetServerStatus(config SearchConfig) error {
switch {
case errors.Is(err, zerr.ErrUnauthorizedAccess):
serverInfo.Status = StatusUnknown
serverInfo.ErrorMsg = fmt.Sprintf("unauthorised access, %s", getCredentialsSuggestion(username))
serverInfo.ErrorMsg = "unauthorised access, " + getCredentialsSuggestion(username)
case errors.Is(err, zerr.ErrBadHTTPStatusCode), errors.Is(err, zerr.ErrURLNotFound):
serverInfo.Status = StatusOffline
serverInfo.ErrorMsg = fmt.Sprintf("%s: request at %s failed", zerr.ErrAPINotSupported.Error(),
@ -99,7 +99,7 @@ func GetServerStatus(config SearchConfig) error {
serverInfo.ErrorMsg = fmt.Sprintf("%s%s endpoint is not available", constants.RoutePrefix, constants.ExtMgmt)
case errors.Is(err, zerr.ErrUnauthorizedAccess):
serverInfo.Status = StatusOnline
serverInfo.ErrorMsg = fmt.Sprintf("unauthorised access, %s", getCredentialsSuggestion(username))
serverInfo.ErrorMsg = "unauthorised access, " + getCredentialsSuggestion(username)
case errors.Is(err, zerr.ErrBadHTTPStatusCode):
serverInfo.Status = StatusOnline
serverInfo.ErrorMsg = fmt.Sprintf("%s: request at %s failed", zerr.ErrAPINotSupported.Error(),
@ -165,7 +165,7 @@ func (si *ServerInfo) ToText() (string, error) {
output = serverStatus
} else {
serverStatus := fmt.Sprintf("Server Status: %s", si.Status)
serverStatus := "Server Status: " + si.Status
serverInfo := fmt.Sprintf("Server Version: %s\n"+
"Dist Spec Version: %s\n"+
"Built with: %s",

19
pkg/cli/client/service.go
View file

@ -113,8 +113,8 @@ func (service searchService) getDerivedImageListGQL(ctx context.Context, config
}`, derivedImage, Flag2SortCriteria(config.SortBy))
result := &common.DerivedImageListResponse{}
err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
return nil, errResult
}
@ -261,8 +261,8 @@ func (service searchService) getBaseImageListGQL(ctx context.Context, config Sea
}`, baseImage, Flag2SortCriteria(config.SortBy))
result := &common.BaseImageListResponse{}
err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
return nil, errResult
}
@ -298,7 +298,6 @@ func (service searchService) getImagesGQL(ctx context.Context, config SearchConf
result := &common.ImageListResponse{}
err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
return nil, errResult
}
@ -334,7 +333,6 @@ func (service searchService) getImagesForDigestGQL(ctx context.Context, config S
result := &common.ImagesForDigest{}
err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
return nil, errResult
}
@ -361,7 +359,6 @@ func (service searchService) getCveByImageGQL(ctx context.Context, config Search
result := &cveResult{}
err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
return nil, errResult
}
@ -398,7 +395,6 @@ func (service searchService) getTagsForCVEGQL(ctx context.Context, config Search
result := &common.ImagesForCve{}
err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
return nil, errResult
}
@ -448,7 +444,6 @@ func (service searchService) getFixedTagsForCVEGQL(ctx context.Context, config S
result := &common.ImageListWithCVEFixedResponse{}
err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
return nil, errResult
}
@ -470,9 +465,9 @@ func (service searchService) getReferrers(ctx context.Context, config SearchConf
}
referrerResp := &ispec.Index{}
_, err = makeGETRequest(ctx, referrersEndpoint, username, password, config.VerifyTLS,
config.Debug, &referrerResp, config.ResultWriter)
if err != nil {
if common.IsContextDone(ctx) {
return referrersResult{}, nil
@ -578,9 +573,9 @@ func getImage(ctx context.Context, config SearchConfig, username, password, imag
}
tagList := &tagListResp{}
_, err = makeGETRequest(ctx, tagListEndpoint, username, password, config.VerifyTLS,
config.Debug, &tagList, config.ResultWriter)
if err != nil {
if common.IsContextDone(ctx) {
return
@ -881,7 +876,7 @@ func (cve cveResult) stringPlainText() string {
id := ellipsize(cveListItem.ID, cveIDWidth, ellipsis)
title := ellipsize(cveListItem.Title, cveTitleWidth, ellipsis)
severity := ellipsize(cveListItem.Severity, cveSeverityWidth, ellipsis)
row := make([]string, 3) //nolint:gomnd
row := make([]string, 3) //nolint:mnd
row[colCVEIDIndex] = id
row[colCVESeverityIndex] = severity
row[colCVETitleIndex] = title
@ -1236,7 +1231,7 @@ func addManifestToTable(table *tablewriter.Table, imageName, tagName string, man
imgSize, _ := strconv.ParseUint(manifest.Size, 10, 64)
size := ellipsize(strings.ReplaceAll(humanize.Bytes(imgSize), " ", ""), sizeWidth, ellipsis)
isSigned := manifest.IsSigned
row := make([]string, 8) //nolint:gomnd
row := make([]string, 8) //nolint:mnd
row[colImageNameIndex] = imageName
row[colTagIndex] = tagName
@ -1264,7 +1259,7 @@ func addManifestToTable(table *tablewriter.Table, imageName, tagName string, man
layerDigestStr := ellipsize(layerDigest.Encoded(), digestWidth, "")
layerRow := make([]string, 8) //nolint:gomnd
layerRow := make([]string, 8) //nolint:mnd
layerRow[colImageNameIndex] = ""
layerRow[colTagIndex] = ""
layerRow[colDigestIndex] = ""

2
pkg/cli/client/utils.go
View file

@ -143,7 +143,7 @@ func printImageTableHeader(writer io.Writer, verbose bool, maxImageNameLen, maxT
table.SetColMinWidth(colLayersIndex, layersWidth)
}
row := make([]string, 8) //nolint:gomnd
row := make([]string, 8) //nolint:mnd
// adding spaces so that repository and tag columns are aligned
// in case the name/tag are fully shown and too long

4
pkg/cli/client/utils_internal_test.go
View file

@ -63,7 +63,7 @@ func StartTestHTTPServer(routes HTTPRoutes, port string) *http.Server {
}
server := &http.Server{ //nolint:gosec
Addr: fmt.Sprintf(":%s", port),
Addr: ":" + port,
Handler: mux,
}
@ -81,6 +81,7 @@ func StartTestHTTPServer(routes HTTPRoutes, port string) *http.Server {
func TestDoHTTPRequest(t *testing.T) {
Convey("doHTTPRequest nil result pointer", t, func() {
port := test.GetFreePort()
server := StartTestHTTPServer(nil, port)
defer server.Close()
@ -105,6 +106,7 @@ func TestDoHTTPRequest(t *testing.T) {
AllowedMethods: []string{http.MethodGet},
},
}, port)
defer server.Close()
url := fmt.Sprintf("http://127.0.0.1:%s/test", port)

5
pkg/cli/server/config_reloader_test.go
View file

@ -87,6 +87,7 @@ func TestConfigReloader(t *testing.T) {
// So(err, ShouldBeNil)
os.Args = []string{"cli_test", "serve", cfgfile.Name()}
go func() {
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -203,6 +204,7 @@ func TestConfigReloader(t *testing.T) {
// So(err, ShouldBeNil)
os.Args = []string{"cli_test", "serve", cfgfile.Name()}
go func() {
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -321,6 +323,7 @@ func TestConfigReloader(t *testing.T) {
// So(err, ShouldBeNil)
os.Args = []string{"cli_test", "serve", cfgfile.Name()}
go func() {
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -443,6 +446,7 @@ func TestConfigReloader(t *testing.T) {
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "serve", cfgfile.Name()}
go func() {
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -568,6 +572,7 @@ func TestConfigReloader(t *testing.T) {
// So(err, ShouldBeNil)
os.Args = []string{"cli_test", "serve", cfgfile.Name()}
go func() {
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)

89
pkg/cli/server/extensions_test.go
View file

@ -62,6 +62,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
content = fmt.Sprintf(`{
@ -101,6 +102,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
})
@ -108,6 +110,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s", "storageDriver": {"name": "s3"}},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -118,6 +121,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
})
@ -125,6 +129,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -134,7 +139,9 @@ func TestVerifyExtensionsConfig(t *testing.T) {
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
So(cli.NewServerRootCmd().Execute(), ShouldBeNil)
})
@ -142,6 +149,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -152,7 +160,9 @@ func TestVerifyExtensionsConfig(t *testing.T) {
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
})
@ -160,6 +170,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -171,6 +182,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
})
@ -178,6 +190,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -197,6 +210,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -216,6 +230,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -226,6 +241,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
})
}
@ -235,7 +251,9 @@ func TestValidateExtensionsConfig(t *testing.T) {
config := config.New()
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name())
content := []byte(`{
"storage": {
"rootDirectory": "%/tmp/zot"
@ -264,9 +282,12 @@ func TestValidateExtensionsConfig(t *testing.T) {
Convey("Test missing extensions for UI to work", t, func(c C) {
config := config.New()
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name())
content := []byte(`{
"storage": {
"rootDirectory": "%/tmp/zot"
@ -294,6 +315,7 @@ func TestValidateExtensionsConfig(t *testing.T) {
config := config.New()
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name())
content := []byte(`{
@ -326,6 +348,7 @@ func TestValidateExtensionsConfig(t *testing.T) {
config := config.New()
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name())
content := []byte(`{
@ -374,7 +397,9 @@ func TestServeExtensions(t *testing.T) {
baseURL := GetBaseURL(port)
logFile, err := os.CreateTemp("", "zot-log*.txt")
So(err, ShouldBeNil)
defer os.Remove(logFile.Name()) // clean up
tmpFile := t.TempDir()
content := fmt.Sprintf(`{
@ -394,12 +419,14 @@ func TestServeExtensions(t *testing.T) {
cfgfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(cfgfile.Name()) // clean up
_, err = cfgfile.WriteString(content)
So(err, ShouldBeNil)
err = cfgfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "serve", cfgfile.Name()}
go func() {
Convey("run", t, func() {
err = cli.NewServerRootCmd().Execute()
@ -408,7 +435,9 @@ func TestServeExtensions(t *testing.T) {
}()
WaitTillServerReady(baseURL)
data, err := os.ReadFile(logFile.Name())
So(err, ShouldBeNil)
So(string(data), ShouldContainSubstring, "\"Extensions\":null")
})
@ -418,7 +447,9 @@ func TestServeExtensions(t *testing.T) {
baseURL := GetBaseURL(port)
logFile, err := os.CreateTemp("", "zot-log*.txt")
So(err, ShouldBeNil)
defer os.Remove(logFile.Name()) // clean up
tmpFile := t.TempDir()
content := fmt.Sprintf(`{
@ -440,6 +471,7 @@ func TestServeExtensions(t *testing.T) {
cfgfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(cfgfile.Name()) // clean up
_, err = cfgfile.WriteString(content)
So(err, ShouldBeNil)
err = cfgfile.Close()
@ -476,6 +508,7 @@ func testWithMetricsEnabled(t *testing.T, rootDir string, cfgContentFormat strin
So(err, ShouldBeNil)
defer os.Remove(cfgfile.Name()) // clean up
_, err = cfgfile.WriteString(content)
So(err, ShouldBeNil)
err = cfgfile.Close()
@ -589,6 +622,7 @@ func TestServeMetricsExtension(t *testing.T) {
logFile, err := os.CreateTemp("", "zot-log*.txt")
So(err, ShouldBeNil)
tmpFile := t.TempDir()
defer os.Remove(logFile.Name()) // clean up
content := fmt.Sprintf(`{
@ -613,18 +647,21 @@ func TestServeMetricsExtension(t *testing.T) {
cfgfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(cfgfile.Name()) // clean up
_, err = cfgfile.WriteString(content)
So(err, ShouldBeNil)
err = cfgfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "serve", cfgfile.Name()}
go func() {
Convey("run", t, func() {
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
})
}()
WaitTillServerReady(baseURL)
resp, err := resty.R().Get(baseURL + "/metrics")
@ -684,7 +721,9 @@ func TestServeSyncExtension(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring,
"\"Extensions\":{\"Search\":null,\"Sync\":{\"Enable\":true")
})
@ -730,7 +769,9 @@ func TestServeSyncExtension(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring,
"\"Extensions\":{\"Search\":null,\"Sync\":{\"Enable\":true")
})
@ -766,7 +807,9 @@ func TestServeSyncExtension(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring,
"\"Extensions\":{\"Search\":null,\"Sync\":{\"Enable\":false")
})
@ -800,7 +843,9 @@ func TestServeScrubExtension(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
dataStr := string(data)
So(dataStr, ShouldContainSubstring,
"\"Extensions\":{\"Search\":null,\"Sync\":null,\"Metrics\":null,\"Scrub\":{\"Enable\":true,\"Interval\":86400000000000},\"Lint\":null") //nolint:lll // gofumpt conflicts with lll
@ -832,7 +877,9 @@ func TestServeScrubExtension(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
// Even if in config we specified scrub interval=1h, the minimum interval is 2h
dataStr := string(data)
So(dataStr, ShouldContainSubstring, "\"Scrub\":{\"Enable\":true,\"Interval\":3600000000000}")
@ -864,7 +911,9 @@ func TestServeScrubExtension(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
dataStr := string(data)
So(dataStr, ShouldContainSubstring,
"\"Extensions\":{\"Search\":null,\"Sync\":null,\"Metrics\":null,\"Scrub\":{\"Enable\":true,\"Interval\":86400000000000},\"Lint\":null") //nolint:lll // gofumpt conflicts with lll
@ -896,7 +945,9 @@ func TestServeScrubExtension(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
dataStr := string(data)
So(dataStr, ShouldContainSubstring, "\"Scrub\":{\"Enable\":false,\"Interval\":86400000000000}")
So(dataStr, ShouldContainSubstring, "scrub config not provided, skipping scrub")
@ -935,7 +986,9 @@ func TestServeLintExtension(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring,
"\"Extensions\":{\"Search\":null,\"Sync\":null,\"Metrics\":null,\"Scrub\":null,\"Lint\":{\"Enable\":true,\"MandatoryAnnotations\":") //nolint:lll // gofumpt conflicts with lll
})
@ -964,7 +1017,9 @@ func TestServeLintExtension(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring,
"\"Extensions\":{\"Search\":null,\"Sync\":null,\"Metrics\":null,\"Scrub\":null,\"Lint\":{\"Enable\":false,\"MandatoryAnnotations\":null}") //nolint:lll // gofumpt conflicts with lll
})
@ -1045,7 +1100,9 @@ func TestServeSearchEnabledCVE(t *testing.T) {
tempDir := t.TempDir()
logPath, err := runCLIWithConfig(tempDir, content)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
// to avoid data race when multiple go routines write to trivy DB instance.
WaitTillTrivyDBDownloadStarted(tempDir)
@ -1100,6 +1157,7 @@ func TestServeSearchEnabledNoCVE(t *testing.T) {
tempDir := t.TempDir()
logPath, err := runCLIWithConfig(tempDir, content)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
substring := `"Extensions":{"Search":{"Enable":true,"CVE":null}` //nolint:lll // gofumpt conflicts with lll
@ -1148,7 +1206,9 @@ func TestServeSearchDisabled(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
dataStr := string(data)
So(dataStr, ShouldContainSubstring,
`"Search":{"Enable":false,"CVE":{"UpdateInterval":10800000000000,"Trivy":null}`)
@ -1186,6 +1246,7 @@ func TestServeMgmtExtension(t *testing.T) {
logPath, err := runCLIWithConfig(t.TempDir(), content)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
found, err := ReadLogFileAndSearchString(logPath, "setting up mgmt routes", 10*time.Second)
if !found {
@ -1218,6 +1279,7 @@ func TestServeMgmtExtension(t *testing.T) {
logPath, err := runCLIWithConfig(t.TempDir(), content)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
found, err := ReadLogFileAndSearchString(logPath,
"skip enabling the mgmt route as the config prerequisites are not met", 10*time.Second)
@ -1249,6 +1311,7 @@ func TestServeMgmtExtension(t *testing.T) {
logPath, err := runCLIWithConfig(t.TempDir(), content)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
found, err := ReadLogFileAndSearchString(logPath,
"skip enabling the mgmt route as the config prerequisites are not met", 10*time.Second)
@ -1291,6 +1354,7 @@ func TestServeImageTrustExtension(t *testing.T) {
logPath, err := runCLIWithConfig(t.TempDir(), content)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
found, err := ReadLogFileAndSearchString(logPath,
"skip enabling the image trust routes as the config prerequisites are not met", 10*time.Second)
@ -1327,6 +1391,7 @@ func TestServeImageTrustExtension(t *testing.T) {
logPath, err := runCLIWithConfig(t.TempDir(), content)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
found, err := ReadLogFileAndSearchString(logPath,
"skip enabling the image trust routes as the config prerequisites are not met", 10*time.Second)
@ -1365,6 +1430,7 @@ func TestServeImageTrustExtension(t *testing.T) {
logPath, err := runCLIWithConfig(t.TempDir(), content)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
found, err := ReadLogFileAndSearchString(logPath,
"setting up image trust routes", 10*time.Second)
@ -1400,6 +1466,7 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := `{
"distSpecVersion": "1.1.0",
"storage": {
@ -1458,7 +1525,9 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldNotContainSubstring, "overlapping sync content")
})
@ -1466,6 +1535,7 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := `{
"distSpecVersion": "1.1.0",
"storage": {
@ -1522,7 +1592,9 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring, "overlapping sync content\":{\"Prefix\":\"infra/*")
})
@ -1530,6 +1602,7 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := `{
"distSpecVersion": "1.1.0",
"storage": {
@ -1584,7 +1657,9 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring, "overlapping sync content\":{\"Prefix\":\"**")
})
@ -1592,6 +1667,7 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := `{
"distSpecVersion": "1.1.0",
"storage": {
@ -1649,7 +1725,9 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring, "overlapping sync content\":{\"Prefix\":\"prod/*")
})
}
@ -1714,7 +1792,9 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldNotContainSubstring,
"using both sync and remote storage features needs config.Extensions.Sync.DownloadDir to be specified")
})
@ -1723,11 +1803,14 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
port := GetFreePort()
logFile, err := os.CreateTemp("", "zot-log*.txt")
So(err, ShouldBeNil)
defer os.Remove(logFile.Name()) // clean up
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := fmt.Sprintf(`{
"distSpecVersion": "1.1.0",
"storage": {
@ -1781,7 +1864,9 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
data, err := os.ReadFile(logFile.Name())
So(err, ShouldBeNil)
defer os.Remove(logFile.Name()) // clean up
So(string(data), ShouldContainSubstring,
"using both sync and remote storage features needs config.Extensions.Sync.DownloadDir to be specified")
})
@ -1790,11 +1875,14 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
port := GetFreePort()
logFile, err := os.CreateTemp("", "zot-log*.txt")
So(err, ShouldBeNil)
defer os.Remove(logFile.Name()) // clean up
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := fmt.Sprintf(`{
"distSpecVersion": "1.1.0",
"storage": {
@ -1853,6 +1941,7 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
data, err := os.ReadFile(logFile.Name())
So(err, ShouldBeNil)
defer os.Remove(logFile.Name()) // clean up
So(string(data), ShouldContainSubstring,
"using both sync and remote storage features needs config.Extensions.Sync.DownloadDir to be specified")
})

10
pkg/cli/server/root.go
View file

@ -590,6 +590,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
defaultDBDownloadURL := "ghcr.io/aquasecurity/trivy-db"
log.Info().Str("url", defaultDBDownloadURL).Str("component", "config").
Msg("using default trivy-db download URL.")
config.Extensions.Search.CVE.Trivy.DBRepository = defaultDBDownloadURL
}
@ -597,6 +598,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
defaultJavaDBDownloadURL := "ghcr.io/aquasecurity/trivy-java-db"
log.Info().Str("url", defaultJavaDBDownloadURL).Str("component", "config").
Msg("using default trivy-java-db download URL.")
config.Extensions.Search.CVE.Trivy.JavaDBRepository = defaultJavaDBDownloadURL
}
}
@ -618,7 +620,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
}
if config.Extensions.Scrub.Interval == 0 {
config.Extensions.Scrub.Interval = 24 * time.Hour //nolint: gomnd
config.Extensions.Scrub.Interval = 24 * time.Hour //nolint:mnd
}
}
@ -651,7 +653,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
// apply deleteUntagged default
for idx := range config.Storage.Retention.Policies {
if !viperInstance.IsSet("storage::retention::policies::" + fmt.Sprint(idx) + "::deleteUntagged") {
if !viperInstance.IsSet("storage::retention::policies::" + strconv.Itoa(idx) + "::deleteUntagged") {
config.Storage.Retention.Policies[idx].DeleteUntagged = &defaultVal
}
}
@ -720,7 +722,9 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
// apply deleteUntagged default
for idx := range storageConfig.Retention.Policies {
deleteUntaggedKey := "storage::subpaths::" + name + "::retention::policies::" + fmt.Sprint(idx) + "::deleteUntagged"
deleteUntaggedKey := fmt.Sprintf("storage::subpaths::%s::retention::policies::%d::deleteUntagged",
name, idx,
)
if !viperInstance.IsSet(deleteUntaggedKey) {
storageConfig.Retention.Policies[idx].DeleteUntagged = &defaultVal
}

129
pkg/cli/server/root_test.go
View file

@ -122,12 +122,15 @@ func TestVerify(t *testing.T) {
Convey("Test verify bad config", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"log":{}}`)
_, err = tmpfile.Write(content)
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -136,7 +139,9 @@ func TestVerify(t *testing.T) {
Convey("Test verify config with no extension", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot"},
"log":{"level":"debug"}}`)
@ -144,6 +149,7 @@ func TestVerify(t *testing.T) {
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -152,7 +158,9 @@ func TestVerify(t *testing.T) {
Convey("Test verify config with dotted config name", t, func(c C) {
tmpfile, err := os.CreateTemp("", ".zot-test*")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`
distspecversion: 1.1.0
http:
@ -168,6 +176,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -566,7 +575,9 @@ storage:
Convey("Test verify with bad gc retention repo patterns", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{
"distSpecVersion": "1.1.0",
"storage": {
@ -607,14 +618,18 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
})
Convey("Test verify with bad gc image retention tag regex", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{
"distSpecVersion": "1.1.0",
"storage": {
@ -647,7 +662,9 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
})
@ -710,7 +727,9 @@ storage:
Convey("Test verify storage driver different than s3", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot", "storageDriver": {"name": "gcs"}},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
@ -718,6 +737,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -726,7 +746,9 @@ storage:
Convey("Test verify subpath storage driver different than s3", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot", "storageDriver": {"name": "s3"},
"subPaths": {"/a": {"rootDirectory": "/zot-a","storageDriver": {"name": "gcs"}}}},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
@ -735,6 +757,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -743,13 +766,16 @@ storage:
Convey("Test verify subpath storage config", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot",
"subPaths": {"/a": {"rootDirectory": "/zot-a"},"/b": {"rootDirectory": "/zot-a"}}},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
err = os.WriteFile(tmpfile.Name(), content, 0o0600)
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -762,6 +788,7 @@ storage:
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
err = os.WriteFile(tmpfile.Name(), content, 0o0600)
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -773,6 +800,7 @@ storage:
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
err = os.WriteFile(tmpfile.Name(), content, 0o0600)
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -784,6 +812,7 @@ storage:
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
err = os.WriteFile(tmpfile.Name(), content, 0o0600)
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -795,6 +824,7 @@ storage:
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
err = os.WriteFile(tmpfile.Name(), content, 0o0600)
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -806,6 +836,7 @@ storage:
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
err = os.WriteFile(tmpfile.Name(), content, 0o0600)
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -817,6 +848,7 @@ storage:
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
err = os.WriteFile(tmpfile.Name(), content, 0o0600)
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -825,7 +857,9 @@ storage:
Convey("Test verify w/ authorization and w/o authentication", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"accessControl":{"repositories":{},"adminPolicy":{"users":["admin"],
@ -834,6 +868,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -842,7 +877,9 @@ storage:
Convey("Test verify w/ authorization and w/ authentication", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1},
@ -852,6 +889,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -860,7 +898,9 @@ storage:
Convey("Test verify anonymous authorization", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"accessControl":{"repositories":{"**":{"anonymousPolicy": ["read", "create"]},
@ -870,6 +910,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -878,7 +919,9 @@ storage:
Convey("Test verify admin policy authz is not allowed if no authn is configured", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"accessControl":{
@ -896,6 +939,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -904,7 +948,9 @@ storage:
Convey("Test verify default policy authz is not allowed if no authn is configured", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"accessControl":{
@ -918,6 +964,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -926,7 +973,9 @@ storage:
Convey("Test verify authz per user policies fail if no authn is configured", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"accessControl":{
@ -945,6 +994,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -953,7 +1003,9 @@ storage:
Convey("Test verify w/ sync and w/o filesystem storage", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot", "storageDriver": {"name": "s3"}},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -963,6 +1015,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -971,7 +1024,9 @@ storage:
Convey("Test verify w/ sync and w/ filesystem storage", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -981,6 +1036,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -989,7 +1045,9 @@ storage:
Convey("Test verify with bad sync prefixes", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1000,6 +1058,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1008,7 +1067,9 @@ storage:
Convey("Test verify with bad sync content config", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1019,6 +1080,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1027,7 +1089,9 @@ storage:
Convey("Test verify with good sync content config", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1038,6 +1102,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -1046,7 +1111,9 @@ storage:
Convey("Test verify with bad authorization repo patterns", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1},
@ -1055,6 +1122,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1063,7 +1131,9 @@ storage:
Convey("Test verify sync config default tls value", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1074,6 +1144,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -1082,7 +1153,9 @@ storage:
Convey("Test verify sync without retry options", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1092,6 +1165,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1100,7 +1174,9 @@ storage:
Convey("Test verify config with unknown keys", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
"http": {"url": "127.0.0.1", "port": "8080"},
"log": {"level": "debug"}}`)
@ -1108,6 +1184,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1116,7 +1193,9 @@ storage:
Convey("Test verify openid config with missing parameter", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"openid":{"providers":{"oidc":{"issuer":"http://127.0.0.1:5556/dex"}}}}},
@ -1125,6 +1204,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1133,7 +1213,9 @@ storage:
Convey("Test verify oauth2 config with missing parameter", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"openid":{"providers":{"github":{"clientid":"client_id"}}}}},
@ -1142,6 +1224,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1150,7 +1233,9 @@ storage:
Convey("Test verify openid config with unsupported provider", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"openid":{"providers":{"unsupported":{"issuer":"http://127.0.0.1:5556/dex"}}}}},
@ -1159,6 +1244,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1167,7 +1253,9 @@ storage:
Convey("Test verify openid config without apikey extension enabled", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
"auth":{"openid":{"providers":{"oidc":{"issuer":"http://127.0.0.1:5556/dex",
@ -1177,6 +1265,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -1185,7 +1274,9 @@ storage:
Convey("Test verify config with missing basedn key", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
"http": {"auth": {"ldap": {"address": "ldap", "userattribute": "uid"}},
"address": "127.0.0.1", "port": "8080"},
@ -1194,6 +1285,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1202,7 +1294,9 @@ storage:
Convey("Test verify config with missing address key", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
"http": {"auth": {"ldap": {"basedn": "ou=Users,dc=example,dc=org", "userattribute": "uid"}},
"address": "127.0.0.1", "port": "8080"},
@ -1211,6 +1305,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1219,7 +1314,9 @@ storage:
Convey("Test verify config with missing userattribute key", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
"http": {"auth": {"ldap": {"basedn": "ou=Users,dc=example,dc=org", "address": "ldap"}},
"address": "127.0.0.1", "port": "8080"},
@ -1228,6 +1325,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1236,7 +1334,9 @@ storage:
Convey("Test verify good config", t, func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
"http": {"address": "127.0.0.1", "port": "8080"},
"log": {"level": "debug"}}`)
@ -1244,6 +1344,7 @@ storage:
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldBeNil)
@ -1446,6 +1547,7 @@ func TestApiKeyConfig(t *testing.T) {
config := config.New()
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name())
content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
@ -1466,6 +1568,7 @@ func TestApiKeyConfig(t *testing.T) {
config := config.New()
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name())
content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
@ -1484,6 +1587,7 @@ func TestApiKeyConfig(t *testing.T) {
config := config.New()
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name())
content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
@ -1527,6 +1631,7 @@ func TestServeAPIKey(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring, "\"APIKey\":true")
})
@ -1553,6 +1658,7 @@ func TestServeAPIKey(t *testing.T) {
So(err, ShouldBeNil)
data, err := os.ReadFile(logPath)
So(err, ShouldBeNil)
defer os.Remove(logPath) // clean up
So(string(data), ShouldContainSubstring, "\"APIKey\":false")
})
@ -1568,7 +1674,9 @@ func TestLoadConfig(t *testing.T) {
config := config.New()
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name())
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot",
"subPaths": {"/a": {"rootDirectory": "/tmp/zot","dedupe":"true","gc":"true","gcDelay":"1s","gcInterval":"1s"},
"/b": {"rootDirectory": "/zot-a","dedupe":"true","gc":"true","gcDelay":"1s"}}},
@ -1634,6 +1742,7 @@ func TestLoadConfig(t *testing.T) {
config := config.New()
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name())
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot",
@ -1812,12 +1921,15 @@ func TestScrub(t *testing.T) {
Convey("bad config", func(c C) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(`{"log":{}}`)
_, err = tmpfile.Write(content)
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "scrub", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1837,7 +1949,9 @@ func TestScrub(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(fmt.Sprintf(`{
"storage": {
"rootDirectory": "%s"
@ -1867,7 +1981,9 @@ func TestScrub(t *testing.T) {
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(fmt.Sprintf(`{
"storage": {
"rootDirectory": ""
@ -1884,6 +2000,7 @@ func TestScrub(t *testing.T) {
So(err, ShouldBeNil)
err = tmpfile.Close()
So(err, ShouldBeNil)
os.Args = []string{"cli_test", "scrub", tmpfile.Name()}
err = cli.NewServerRootCmd().Execute()
So(err, ShouldNotBeNil)
@ -1901,27 +2018,29 @@ func TestScrub(t *testing.T) {
panic(err)
}
if err := os.MkdirAll(fmt.Sprintf("%s/blobs", repo), 0o755); err != nil {
if err := os.MkdirAll(repo+"/blobs", 0o755); err != nil {
panic(err)
}
if _, err = os.Stat(fmt.Sprintf("%s/oci-layout", repo)); err != nil {
if _, err = os.Stat(repo + "/oci-layout"); err != nil {
content := []byte(`{"imageLayoutVersion": "1.0.0"}`)
if err = os.WriteFile(fmt.Sprintf("%s/oci-layout", repo), content, 0o600); err != nil {
if err = os.WriteFile(repo+"/oci-layout", content, 0o600); err != nil {
panic(err)
}
}
if _, err = os.Stat(fmt.Sprintf("%s/index.json", repo)); err != nil {
if _, err = os.Stat(repo + "/index.json"); err != nil {
content := []byte(`not a JSON content`)
if err = os.WriteFile(fmt.Sprintf("%s/index.json", repo), content, 0o600); err != nil {
if err = os.WriteFile(repo+"/index.json", content, 0o600); err != nil {
panic(err)
}
}
tmpfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(tmpfile.Name()) // clean up
content := []byte(fmt.Sprintf(`{
"storage": {
"rootDirectory": "%s"

8
pkg/cli/server/stress_test.go
View file

@ -52,6 +52,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
if err != nil {
t.Logf("error when reading zot log file:\n%s\n", err)
}
t.Logf("\n\n Zot log file content:\n%s\n", string(data))
os.Remove(logFile.Name())
}()
@ -67,6 +68,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
if err != nil {
t.Logf("error when listing storage files:\n%s\n", err)
}
t.Logf("Listing Storage root FS:\n%s\n", out)
}()
@ -94,6 +96,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
cfgfile, err := os.CreateTemp("", "zot-test*.json")
So(err, ShouldBeNil)
defer os.Remove(cfgfile.Name()) // clean up
_, err = cfgfile.WriteString(content)
So(err, ShouldBeNil)
@ -104,10 +107,12 @@ func TestStressTooManyOpenFiles(t *testing.T) {
"copy", "--format=oci", "--insecure-policy", "--dest-tls-verify=false",
"docker://public.ecr.aws/zomato/alpine:3.11.3", fmt.Sprintf("oci:%s:alpine", dir),
}
out, err := exec.Command("skopeo", skopeoArgs...).Output()
if err != nil {
t.Logf("\nerror on skopeo copy:\n%s\n", err)
}
So(err, ShouldBeNil)
t.Logf("\nCopy test image locally:\n%s\n", out)
@ -122,6 +127,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
worker(i, port, dir)
}()
}
wg.Wait()
_, err = setMaxOpenFilesLimit(initialLimit)
@ -142,6 +148,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
if err != nil {
t.Logf("error when reading zot scrub file:\n%s\n", err)
}
t.Logf("\n\n Zot scrub file content:\n%s\n", string(data))
os.Remove(scrubFile.Name())
}()
@ -170,6 +177,7 @@ func worker(id int, zotPort, rootDir string) {
"copy", "--format=oci", "--insecure-policy", "--dest-tls-verify=false",
sourceImg, destImg,
}
err := exec.Command("skopeo", skopeoArgs...).Run()
if err != nil { //nolint: wsl
continue // we expect clients to receive errors due to FD limit reached on server

7
pkg/common/common_test.go
View file

@ -46,10 +46,12 @@ func TestCommon(t *testing.T) {
Convey("test dirExists()", t, func() {
exists := common.DirExists("testdir")
So(exists, ShouldBeFalse)
tempDir := t.TempDir()
file, err := os.Create(path.Join(tempDir, "file.txt"))
So(err, ShouldBeNil)
isDir := common.DirExists(file.Name())
So(isDir, ShouldBeFalse)
})
@ -75,6 +77,7 @@ func TestCommon(t *testing.T) {
So(err, ShouldBeNil)
So(localSockets, ShouldNotBeEmpty)
So(localSockets, ShouldContain, "127.0.0.1:8765")
for _, socket := range localSockets {
lastColonIndex := strings.LastIndex(socket, ":")
So(socket[lastColonIndex+1:], ShouldEqual, "8765")
@ -86,6 +89,7 @@ func TestCommon(t *testing.T) {
So(err, ShouldBeNil)
So(localSockets, ShouldNotBeEmpty)
So(localSockets, ShouldContain, "[::1]:8766")
for _, socket := range localSockets {
lastColonIndex := strings.LastIndex(socket, ":")
So(socket[lastColonIndex+1:], ShouldEqual, "8766")
@ -94,9 +98,10 @@ func TestCommon(t *testing.T) {
Convey("Test GetIPFromHostName with valid hostname", t, func() {
addrs, err := common.GetIPFromHostName("github.com")
// we can't check the actual addresses here as they can change
So(err, ShouldBeNil)
So(addrs, ShouldNotBeEmpty)
// we can't check the actual addresses here as they can change
})
Convey("Test GetIPFromHostName with non-existent hostname", t, func() {

2
pkg/common/http_client.go
View file

@ -39,7 +39,6 @@ func loadPerHostCerts(caCertPool *x509.CertPool, host string) *tls.Config {
if DirExists(clientCertsDir) {
tlsConfig, err := GetTLSConfig(clientCertsDir, caCertPool)
if err == nil {
return tlsConfig
}
@ -49,7 +48,6 @@ func loadPerHostCerts(caCertPool *x509.CertPool, host string) *tls.Config {
clientCertsDir = filepath.Join(certsPath, host)
if DirExists(clientCertsDir) {
tlsConfig, err := GetTLSConfig(clientCertsDir, caCertPool)
if err == nil {
return tlsConfig
}

16
pkg/compliance/v1_0_0/check.go
View file

@ -39,7 +39,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
defer outputJSONExit()
}
baseURL := fmt.Sprintf("http://%s", net.JoinHostPort(config.Address, config.Port))
baseURL := "http://" + net.JoinHostPort(config.Address, config.Port)
storageInfo := config.StorageInfo
@ -62,6 +62,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
So(resp.String(), ShouldNotBeEmpty)
So(resp.Header().Get("Content-Type"), ShouldEqual, constants.DefaultMediaType)
var repoList api.RepositoryList
err = json.Unmarshal(resp.Body(), &repoList)
So(err, ShouldBeNil)
@ -84,6 +85,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
So(resp.String(), ShouldNotBeEmpty)
result, ok := resp.Result().(*api.RepositoryList)
So(ok, ShouldBeTrue)
if !config.Compliance {
// stricter check for zot ci/cd
So(len(result.Repositories), ShouldBeGreaterThan, 0)
@ -107,6 +109,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
resp, err = resty.R().Get(baseURL + "/v2/repo1/tags/list")
So(err, ShouldBeNil)
if !config.Compliance {
// stricter check for zot ci/cd
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@ -128,6 +131,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
resp, err = resty.R().Get(baseURL + "/v2/repo2/tags/list")
So(err, ShouldBeNil)
if !config.Compliance {
// stricter check for zot ci/cd
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@ -138,6 +142,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
content := []byte("this is a blob1")
digest := godigest.FromBytes(content)
So(digest, ShouldNotBeNil)
resp, err = resty.R().Put(loc)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest)
@ -221,6 +226,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
resp, err = resty.R().Get(baseURL + "/v2/repo10/repo20/repo30/tags/list")
So(err, ShouldBeNil)
if !config.Compliance {
// stricter check for zot ci/cd
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@ -231,6 +237,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
content := []byte("this is a blob3")
digest := godigest.FromBytes(content)
So(digest, ShouldNotBeNil)
resp, err = resty.R().Put(loc)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest)
@ -271,6 +278,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
So(loc, ShouldNotBeEmpty)
var buf bytes.Buffer
chunk1 := []byte("this is the first chunk1")
nbytes, err := buf.Write(chunk1)
So(nbytes, ShouldEqual, len(chunk1))
@ -315,6 +323,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
blobLoc := test.Location(baseURL, resp)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
So(blobLoc, ShouldNotBeEmpty)
@ -339,6 +348,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
So(loc, ShouldNotBeEmpty)
var buf bytes.Buffer
chunk1 := []byte("this is the first chunk2")
nbytes, err := buf.Write(chunk1)
So(nbytes, ShouldEqual, len(chunk1))
@ -383,6 +393,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
blobLoc := test.Location(baseURL, resp)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
So(blobLoc, ShouldNotBeEmpty)
@ -466,6 +477,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
resp, err = resty.R().Get(loc)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNoContent)
content := []byte("this is a blob5")
digest := godigest.FromBytes(content)
So(digest, ShouldNotBeNil)
@ -606,9 +618,11 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
if strings.HasPrefix(nextURL, "<") || strings.HasPrefix(nextURL, "\"") {
nextURL = nextURL[1:]
}
if strings.HasSuffix(nextURL, ">") || strings.HasSuffix(nextURL, "\"") {
nextURL = nextURL[:len(nextURL)-1]
}
nextURL = baseURL + nextURL
resp, err = resty.R().Get(nextURL)

4
pkg/debug/pprof/pprof_test.go
View file

@ -31,6 +31,7 @@ func TestProfilingAuthz(t *testing.T) {
testCreds := test.GetCredString(adminUsername, adminPassword) +
test.GetCredString(username, password)
htpasswdPath := test.MakeHtpasswdFileFromString(testCreds)
defer os.Remove(htpasswdPath)
conf := config.New()
@ -41,6 +42,7 @@ func TestProfilingAuthz(t *testing.T) {
ctlr := api.NewController(conf)
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(port)
defer cm.StopServer()
// unauthenticated clients should have access to /v2/
@ -103,6 +105,7 @@ func TestProfilingAuthz(t *testing.T) {
ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password")
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(port)
defer cm.StopServer()
// unauthenticated clients should not have access to /v2/
@ -160,6 +163,7 @@ func TestProfilingAuthz(t *testing.T) {
ctlr := api.NewController(conf)
cm := test.NewControllerManager(ctlr)
cm.StartAndWait(port)
defer cm.StopServer()
// unauthenticated clients should have access to /v2/

18
pkg/exporter/api/controller_test.go
View file

@ -93,6 +93,7 @@ func TestNewExporter(t *testing.T) {
Convey("Make an exporter controller", t, func() {
exporterConfig := api.DefaultConfig()
So(exporterConfig, ShouldNotBeNil)
exporterPort := GetFreePort()
serverPort := GetFreePort()
exporterConfig.Exporter.Port = exporterPort
@ -131,6 +132,7 @@ func TestNewExporter(t *testing.T) {
Convey("When zot server is running", func() {
servercConfig := zotcfg.New()
So(servercConfig, ShouldNotBeNil)
baseURL := fmt.Sprintf(BaseURL, serverPort)
servercConfig.HTTP.Port = serverPort
servercConfig.BinaryType = "minimal"
@ -140,6 +142,7 @@ func TestNewExporter(t *testing.T) {
So(serverController, ShouldNotBeNil)
dir := t.TempDir()
serverController.Config.Storage.RootDirectory = dir
go func(ctrl *zotapi.Controller) {
if err := ctrl.Init(); err != nil {
@ -151,6 +154,7 @@ func TestNewExporter(t *testing.T) {
panic(err)
}
}(serverController)
defer func(ctrl *zotapi.Controller) {
_ = ctrl.Server.Shutdown(context.TODO())
}(serverController)
@ -160,6 +164,7 @@ func TestNewExporter(t *testing.T) {
if err == nil {
break
}
time.Sleep(SleepTime)
}
@ -223,10 +228,12 @@ func TestNewExporter(t *testing.T) {
if err != nil {
panic(err)
}
reqsSize := int(nBig.Int64())
for i := 0; i < reqsSize; i++ {
monitoring.IncDownloadCounter(serverController.Metrics, "dummyrepo")
}
time.Sleep(SleepTime)
go func() {
@ -303,16 +310,19 @@ func TestNewExporter(t *testing.T) {
})
Convey("Collecting data: Test that concurent Summary observation requests works properly", func() {
var latencySum float64
nBig, err := rand.Int(rand.Reader, big.NewInt(1000))
if err != nil {
panic(err)
}
reqsSize := int(nBig.Int64())
for i := 0; i < reqsSize; i++ {
latency := getRandomLatency()
latencySum += latency.Seconds()
monitoring.ObserveHTTPRepoLatency(serverController.Metrics, "/v2/dummyrepo/manifests/testreference", latency)
}
time.Sleep(SleepTime)
go func() {
@ -372,6 +382,7 @@ func TestNewExporter(t *testing.T) {
err = pmMetric.Write(&metric)
So(err, ShouldBeNil)
if latency.Seconds() < fvalue {
So(*metric.Counter.Value, ShouldEqual, 1)
} else {
@ -415,6 +426,7 @@ func TestNewExporter(t *testing.T) {
err = pmMetric.Write(&metric)
So(err, ShouldBeNil)
if latency.Seconds() < fvalue {
So(*metric.Counter.Value, ShouldEqual, 1)
} else {
@ -440,9 +452,11 @@ func TestNewExporter(t *testing.T) {
latency = time.Duration(pvalue*float64(time.Second)) +
getRandomLatencyN(int64(dBuckets[0]*float64(time.Second)))
}
latencySum += latency.Seconds()
monitoring.ObserveHTTPMethodLatency(serverController.Metrics, "GET", latency)
}
time.Sleep(SleepTime)
go func() {
@ -489,11 +503,14 @@ func TestNewExporter(t *testing.T) {
if err != nil {
panic(err)
}
workersSize := int(nBig.Int64())
for i := 0; i < workersSize; i++ {
wg.Add(1)
go func() {
defer wg.Done()
m := serverController.Metrics.ReceiveMetrics()
json := jsoniter.ConfigCompatibleWithStandardLibrary
@ -503,6 +520,7 @@ func TestNewExporter(t *testing.T) {
}
}()
}
wg.Wait()
})
Convey("Negative testing: Increment a counter that does not exist", func() {

2
pkg/exporter/api/exporter.go
View file

@ -171,7 +171,7 @@ func GetCollector(c *Controller) *Collector {
}
func runExporter(c *Controller) {
exporterAddr := fmt.Sprintf(":%s", c.Config.Exporter.Port)
exporterAddr := ":" + c.Config.Exporter.Port
server := &http.Server{
Addr: exporterAddr,
IdleTimeout: idleTimeout,

2
pkg/extensions/extension_image_trust.go
View file

@ -175,8 +175,8 @@ func SetupImageTrustExtension(conf *config.Config, metaDB mTypes.MetaDB, log log
if conf.Storage.RemoteCache {
endpoint, _ := conf.Storage.CacheDriver["endpoint"].(string)
region, _ := conf.Storage.CacheDriver["region"].(string)
imgTrustStore, err = imagetrust.NewAWSImageTrustStore(region, endpoint)
imgTrustStore, err = imagetrust.NewAWSImageTrustStore(region, endpoint)
if err != nil {
return err
}

25
pkg/extensions/extension_image_trust_test.go
View file

@ -6,6 +6,7 @@ package extensions_test
import (
"context"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
@ -42,7 +43,7 @@ import (
type errReader int
func (errReader) Read(p []byte) (int, error) {
return 0, fmt.Errorf("test error") //nolint:goerr113
return 0, errors.New("test error") //nolint:goerr113
}
func TestSignatureHandlers(t *testing.T) {
@ -179,6 +180,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
conf := config.New()
conf.HTTP.Port = port
if cacheDriverParams != nil {
conf.Storage.CacheDriver = cacheDriverParams
}
@ -251,7 +253,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
options.KeyOpts{KeyRef: path.Join(keyDir, "cosign.key"), PassFunc: generate.GetPass},
options.SignOptions{
Registry: options.RegistryOptions{AllowInsecure: true},
AnnotationOptions: options.AnnotationOptions{Annotations: []string{fmt.Sprintf("tag=%s", tag)}},
AnnotationOptions: options.AnnotationOptions{Annotations: []string{"tag=" + tag}},
Upload: true,
},
[]string{fmt.Sprintf("localhost:%s/%s@%s", port, repo, image.DigestStr())})
@ -299,6 +301,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
conf := config.New()
conf.HTTP.Port = port
if cacheDriverParams != nil {
conf.Storage.CacheDriver = cacheDriverParams
}
@ -353,7 +356,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
So(err, ShouldBeNil)
// upload the certificate
certificateContent, err := os.ReadFile(path.Join(rootDir, "notation/localkeys", fmt.Sprintf("%s.crt", certName)))
certificateContent, err := os.ReadFile(path.Join(rootDir, "notation/localkeys", certName+".crt"))
So(err, ShouldBeNil)
So(certificateContent, ShouldNotBeNil)
@ -402,6 +405,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
conf := config.New()
conf.HTTP.Port = port
if cacheDriverParams != nil {
conf.Storage.CacheDriver = cacheDriverParams
}
@ -486,7 +490,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
So(err, ShouldBeNil)
// upload the certificate
certificateContent, err := os.ReadFile(path.Join(rootDir, "notation/localkeys", fmt.Sprintf("%s.crt", certName)))
certificateContent, err := os.ReadFile(path.Join(rootDir, "notation/localkeys", certName+".crt"))
So(err, ShouldBeNil)
So(certificateContent, ShouldNotBeNil)
@ -564,6 +568,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
conf := config.New()
conf.HTTP.Port = port
if cacheDriverParams != nil {
conf.Storage.CacheDriver = cacheDriverParams
}
@ -666,7 +671,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
options.KeyOpts{KeyRef: path.Join(keyDir, "cosign.key"), PassFunc: generate.GetPass},
options.SignOptions{
Registry: options.RegistryOptions{AllowInsecure: true},
AnnotationOptions: options.AnnotationOptions{Annotations: []string{fmt.Sprintf("tag=%s", tag)}},
AnnotationOptions: options.AnnotationOptions{Annotations: []string{"tag=" + tag}},
Upload: true,
},
[]string{fmt.Sprintf("localhost:%s/%s@%s", port, repo, image.DigestStr())})
@ -729,6 +734,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
globalDir := t.TempDir()
port := test.GetFreePort()
testCreds := test.GetCredString("admin", "admin") + "\n" + test.GetCredString("test", "test")
htpasswdPath := test.MakeHtpasswdFileFromString(testCreds)
defer os.Remove(htpasswdPath)
@ -741,6 +747,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
Actions: []string{},
},
}
if cacheDriverParams != nil {
conf.Storage.CacheDriver = cacheDriverParams
}
@ -825,6 +832,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
conf := config.New()
conf.HTTP.Port = port
if cacheDriverParams != nil {
conf.Storage.CacheDriver = cacheDriverParams
}
@ -856,14 +864,16 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
// Write image
image := CreateRandomImage()
err = WriteImageToFileSystem(image, repo, tag, storeController)
So(err, ShouldBeNil)
// Write signature
sig := CreateImageWith().RandomLayers(1, 2).RandomConfig().Build()
So(err, ShouldBeNil)
ref, err := signature.GetCosignSignatureTagForManifest(image.Manifest)
So(err, ShouldBeNil)
err = WriteImageToFileSystem(sig, repo, ref, storeController)
So(err, ShouldBeNil)
@ -874,6 +884,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
ctlrManager := test.NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
strQuery := fmt.Sprintf(imageQuery, repo, tag)
@ -929,6 +940,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
conf := config.New()
conf.HTTP.Port = port
if cacheDriverParams != nil {
conf.Storage.CacheDriver = cacheDriverParams
}
@ -985,6 +997,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
// Make sure the write to disk fails
So(os.Chmod(globalDir, 0o000), ShouldBeNil)
defer func() {
So(os.Chmod(globalDir, 0o755), ShouldBeNil)
}()

2
pkg/extensions/extension_scrub.go
View file

@ -68,7 +68,7 @@ func (gen *taskGenerator) Next() (scheduler.Task, error) {
if repo == "" {
gen.done = true
return nil, nil
return nil, nil //nolint:nilnil
}
gen.lastRepo = repo

1
pkg/extensions/extension_ui_test.go
View file

@ -31,6 +31,7 @@ func TestUIExtension(t *testing.T) {
// stdout and a file
logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
So(err, ShouldBeNil)
logPath := logFile.Name()
defer os.Remove(logPath)

28
pkg/extensions/extension_userprefs_test.go
View file

@ -73,11 +73,13 @@ func TestHandlers(t *testing.T) {
extensions.PutStar(response, request, mockmetaDB, log)
res := response.Result()
So(res.StatusCode, ShouldEqual, http.StatusBadRequest)
defer res.Body.Close()
extensions.PutBookmark(response, request, mockmetaDB, log)
res = response.Result()
So(res.StatusCode, ShouldEqual, http.StatusBadRequest)
defer res.Body.Close()
})
@ -88,11 +90,13 @@ func TestHandlers(t *testing.T) {
extensions.PutStar(response, request, mockmetaDB, log)
res := response.Result()
So(res.StatusCode, ShouldEqual, http.StatusNotFound)
defer res.Body.Close()
extensions.PutBookmark(response, request, mockmetaDB, log)
res = response.Result()
So(res.StatusCode, ShouldEqual, http.StatusNotFound)
defer res.Body.Close()
})
@ -111,15 +115,19 @@ func TestHandlers(t *testing.T) {
response := httptest.NewRecorder()
extensions.PutBookmark(response, request, mockmetaDB, log)
res := response.Result()
So(res.StatusCode, ShouldEqual, http.StatusNotFound)
defer res.Body.Close()
So(res.StatusCode, ShouldEqual, http.StatusNotFound)
response = httptest.NewRecorder()
extensions.PutStar(response, request, mockmetaDB, log)
res = response.Result()
So(res.StatusCode, ShouldEqual, http.StatusNotFound)
defer res.Body.Close()
So(res.StatusCode, ShouldEqual, http.StatusNotFound)
})
Convey("ErrUserDataNotAllowed", func() {
@ -137,15 +145,19 @@ func TestHandlers(t *testing.T) {
response := httptest.NewRecorder()
extensions.PutBookmark(response, request, mockmetaDB, log)
res := response.Result()
So(res.StatusCode, ShouldEqual, http.StatusForbidden)
defer res.Body.Close()
So(res.StatusCode, ShouldEqual, http.StatusForbidden)
response = httptest.NewRecorder()
extensions.PutStar(response, request, mockmetaDB, log)
res = response.Result()
So(res.StatusCode, ShouldEqual, http.StatusForbidden)
defer res.Body.Close()
So(res.StatusCode, ShouldEqual, http.StatusForbidden)
})
Convey("ErrUnexpectedError", func() {
@ -162,15 +174,19 @@ func TestHandlers(t *testing.T) {
}
response := httptest.NewRecorder()
extensions.PutBookmark(response, request, mockmetaDB, log)
res := response.Result()
So(res.StatusCode, ShouldEqual, http.StatusInternalServerError)
defer res.Body.Close()
So(res.StatusCode, ShouldEqual, http.StatusInternalServerError)
response = httptest.NewRecorder()
extensions.PutStar(response, request, mockmetaDB, log)
res = response.Result()
So(res.StatusCode, ShouldEqual, http.StatusInternalServerError)
defer res.Body.Close()
So(res.StatusCode, ShouldEqual, http.StatusInternalServerError)
})
})
}

21
pkg/extensions/extensions_test.go
View file

@ -5,7 +5,6 @@ package extensions_test
import (
"encoding/json"
"fmt"
"net/http"
"net/url"
"os"
@ -51,6 +50,7 @@ func TestEnableExtension(t *testing.T) {
So(err, ShouldBeNil)
conf.Log.Level = "info"
conf.Log.Output = logFile.Name()
defer os.Remove(logFile.Name()) // cleanup
ctlr := api.NewController(conf)
@ -87,6 +87,7 @@ func TestMetricsExtension(t *testing.T) {
}
conf.Log.Level = "info"
conf.Log.Output = logFile.Name()
defer os.Remove(logFile.Name()) // cleanup
ctlr := api.NewController(conf)
@ -146,6 +147,7 @@ func TestMgmtExtension(t *testing.T) {
defer func() {
conf.HTTP.Auth.HTPasswd.Path = ""
os.Remove(htpasswdPath)
}()
@ -177,6 +179,7 @@ func TestMgmtExtension(t *testing.T) {
found, err := test.ReadLogFileAndSearchString(logFile.Name(),
"setting up mgmt routes", mgmtReadyTimeout)
So(err, ShouldBeNil)
defer func() {
if !found {
data, err := os.ReadFile(logFile.Name())
@ -363,6 +366,7 @@ func TestMgmtExtension(t *testing.T) {
defer func() {
conf.HTTP.Auth.HTPasswd.Path = ""
os.Remove(htpasswdPath)
}()
@ -448,6 +452,7 @@ func TestMgmtExtension(t *testing.T) {
defer func() {
conf.HTTP.Auth.HTPasswd.Path = ""
os.Remove(htpasswdPath)
}()
@ -733,6 +738,7 @@ func TestMgmtExtension(t *testing.T) {
defer func() {
conf.HTTP.Auth.HTPasswd.Path = ""
os.Remove(htpasswdPath)
}()
@ -865,6 +871,7 @@ func TestMgmtWithBearer(t *testing.T) {
Convey("Make a new controller", t, func() {
authorizedNamespace := "allowedrepo"
unauthorizedNamespace := "notallowedrepo"
authTestServer := authutils.MakeAuthTestServer(ServerKey, unauthorizedNamespace)
defer authTestServer.Close()
@ -915,19 +922,21 @@ func TestMgmtWithBearer(t *testing.T) {
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
var goodToken authutils.AccessTokenResponse
err = json.Unmarshal(resp.Body(), &goodToken)
So(err, ShouldBeNil)
resp, err = resty.R().
SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
SetHeader("Authorization", "Bearer "+goodToken.AccessToken).
Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
resp, err = resty.R().SetHeader("Authorization",
fmt.Sprintf("Bearer %s", goodToken.AccessToken)).Options(baseURL + "/v2/")
"Bearer "+goodToken.AccessToken).Options(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNoContent)
@ -949,7 +958,7 @@ func TestMgmtWithBearer(t *testing.T) {
So(err, ShouldBeNil)
resp, err = resty.R().
SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
SetHeader("Authorization", "Bearer "+goodToken.AccessToken).
Post(baseURL + "/v2/" + authorizedNamespace + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@ -969,12 +978,14 @@ func TestMgmtWithBearer(t *testing.T) {
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
var badToken authutils.AccessTokenResponse
err = json.Unmarshal(resp.Body(), &badToken)
So(err, ShouldBeNil)
resp, err = resty.R().
SetHeader("Authorization", fmt.Sprintf("Bearer %s", badToken.AccessToken)).
SetHeader("Authorization", "Bearer "+badToken.AccessToken).
Post(baseURL + "/v2/" + unauthorizedNamespace + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)

2
pkg/extensions/get_extensions_disabled_test.go
View file

@ -37,7 +37,9 @@ func TestGetExensionsDisabled(t *testing.T) {
logFile, err := os.CreateTemp("", "zot-log*.txt")
So(err, ShouldBeNil)
conf.Log.Output = logFile.Name()
defer os.Remove(logFile.Name()) // clean up
ctlr := makeController(conf, t.TempDir())

4
pkg/extensions/imagetrust/image_trust.go
View file

@ -18,7 +18,7 @@ import (
"github.com/aws/aws-sdk-go/aws/session"
smanager "github.com/aws/aws-sdk-go/service/secretsmanager"
"github.com/aws/aws-secretsmanager-caching-go/secretcache"
smithy "github.com/aws/smithy-go"
"github.com/aws/smithy-go"
godigest "github.com/opencontainers/go-digest"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
@ -225,7 +225,7 @@ func (gen *sigValidityTaskGenerator) Next() (scheduler.Task, error) {
gen.log.Info().Msg("finished generating tasks for updating signatures validity")
return nil, nil
return nil, nil //nolint:nilnil
}
return NewValidityTask(gen.metaDB, gen.repos[gen.repoIndex], gen.log), nil

39
pkg/extensions/imagetrust/image_trust_test.go
View file

@ -19,7 +19,7 @@ import (
awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
smithy "github.com/aws/smithy-go"
"github.com/aws/smithy-go"
smithyhttp "github.com/aws/smithy-go/transport/http"
guuid "github.com/gofrs/uuid"
"github.com/notaryproject/notation-go"
@ -267,7 +267,7 @@ func TestVerifySignatures(t *testing.T) {
options.KeyOpts{KeyRef: path.Join(cosignDir, "cosign.key"), PassFunc: generate.GetPass},
options.SignOptions{
Registry: options.RegistryOptions{AllowInsecure: true},
AnnotationOptions: options.AnnotationOptions{Annotations: []string{fmt.Sprintf("tag=%s", tag)}},
AnnotationOptions: options.AnnotationOptions{Annotations: []string{"tag=" + tag}},
Upload: true,
},
[]string{fmt.Sprintf("localhost:%s/%s@%s", port, repo, image.DigestStr())})
@ -280,11 +280,14 @@ func TestVerifySignatures(t *testing.T) {
So(err, ShouldBeNil)
var index ispec.Index
err = json.Unmarshal(indexContent, &index)
So(err, ShouldBeNil)
var rawSignature []byte
var sigKey string
var (
rawSignature []byte
sigKey string
)
for _, manifest := range index.Manifests {
if manifest.Digest != image.Digest() {
@ -460,11 +463,14 @@ func TestVerifySignatures(t *testing.T) {
So(err, ShouldBeNil)
var index ispec.Index
err = json.Unmarshal(indexContent, &index)
So(err, ShouldBeNil)
var rawSignature []byte
var sigKey string
var (
rawSignature []byte
sigKey string
)
for _, manifest := range index.Manifests {
if manifest.Digest != image.Digest() {
@ -1182,6 +1188,7 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
rootDir := t.TempDir()
logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
So(err, ShouldBeNil)
logPath := logFile.Name()
defer os.Remove(logPath)
@ -1246,7 +1253,7 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
options.KeyOpts{KeyRef: path.Join(keyDir, "cosign.key"), PassFunc: generate.GetPass},
options.SignOptions{
Registry: options.RegistryOptions{AllowInsecure: true},
AnnotationOptions: options.AnnotationOptions{Annotations: []string{fmt.Sprintf("tag=%s", tag)}},
AnnotationOptions: options.AnnotationOptions{Annotations: []string{"tag=" + tag}},
Upload: true,
},
[]string{fmt.Sprintf("localhost:%s/%s@%s", port, repo, image.DigestStr())})
@ -1256,11 +1263,14 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
So(err, ShouldBeNil)
var index ispec.Index
err = json.Unmarshal(indexContent, &index)
So(err, ShouldBeNil)
var rawSignature []byte
var sigKey string
var (
rawSignature []byte
sigKey string
)
for _, manifest := range index.Manifests {
if manifest.Digest != image.Digest() {
@ -1347,8 +1357,10 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
err = json.Unmarshal(indexContent, &index)
So(err, ShouldBeNil)
var rawSignature []byte
var sigKey string
var (
rawSignature []byte
sigKey string
)
for _, manifest := range index.Manifests {
blobContent, err := ctlr.StoreController.DefaultStore.GetBlobContent(repo, manifest.Digest)
@ -1360,6 +1372,7 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
So(err, ShouldBeNil)
t.Logf("Processing manifest %v", notationSig)
if notationSig.Config.MediaType != notreg.ArtifactTypeNotation ||
notationSig.Subject.Digest != image.Digest() {
continue
@ -1379,8 +1392,8 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
certificateContent, err := os.ReadFile(
path.Join(notationDir,
fmt.Sprintf("notation/truststore/x509/ca/%s", certName),
fmt.Sprintf("%s.crt", certName),
"notation/truststore/x509/ca/"+certName,
certName+".crt",
),
)
So(err, ShouldBeNil)

4
pkg/extensions/imagetrust/notation.go
View file

@ -189,7 +189,6 @@ func (cloud *CertificateAWSStorage) InitTrustpolicy(trustpolicy []byte) error {
}
_, err = cloud.secretsManagerClient.DeleteSecret(context.Background(), deleteSecretParam)
if err != nil {
return err
}
@ -210,7 +209,6 @@ func (cloud *CertificateAWSStorage) recreateSecret(secretInputParam *secretsmana
for i := 0; i < maxAttempts; i++ {
_, err = cloud.secretsManagerClient.CreateSecret(context.Background(), secretInputParam)
if err == nil {
return nil
}
@ -494,7 +492,6 @@ func (cloud *CertificateAWSStorage) StoreCertificate(
}
_, err := cloud.secretsManagerClient.CreateSecret(context.Background(), secretInputParam)
if err != nil && IsResourceExistsException(err) {
return nil
}
@ -540,6 +537,7 @@ func parseAndValidateCertificateContent(certificateContent []byte) ([]*x509.Cert
if err != nil {
return []*x509.Certificate{}, false, fmt.Errorf("%w: %w", zerr.ErrInvalidCertificateContent, err)
}
certs = append(certs, cert)
block, rest = pem.Decode(rest)
}

28
pkg/extensions/lint/lint_test.go
View file

@ -9,6 +9,7 @@ import (
"net/http"
"os"
"path"
"strconv"
"testing"
godigest "github.com/opencontainers/go-digest"
@ -60,7 +61,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
manifestBlob := resp.Body()
var manifest ispec.Manifest
err = json.Unmarshal(manifestBlob, &manifest)
So(err, ShouldBeNil)
@ -106,7 +109,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
manifestBlob := resp.Body()
var manifest ispec.Manifest
err = json.Unmarshal(manifestBlob, &manifest)
So(err, ShouldBeNil)
@ -152,7 +157,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
manifestBlob := resp.Body()
var manifest ispec.Manifest
err = json.Unmarshal(manifestBlob, &manifest)
So(err, ShouldBeNil)
@ -204,7 +211,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
manifestBlob := resp.Body()
var manifest ispec.Manifest
err = json.Unmarshal(manifestBlob, &manifest)
So(err, ShouldBeNil)
@ -221,7 +230,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
configBlob := resp.Body()
var imageConfig ispec.Image
err = json.Unmarshal(configBlob, &imageConfig)
So(err, ShouldBeNil)
@ -239,13 +250,13 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
// upload image config blob
resp, err = resty.R().
Post(fmt.Sprintf("%s/v2/zot-test/blobs/uploads/", baseURL))
Post(baseURL + "/v2/zot-test/blobs/uploads/")
So(err, ShouldBeNil)
loc := test.Location(baseURL, resp)
_, err = resty.R().
SetContentLength(true).
SetHeader("Content-Length", fmt.Sprintf("%d", len(configContent))).
SetHeader("Content-Length", strconv.Itoa(len(configContent))).
SetHeader("Content-Type", "application/octet-stream").
SetQueryParam("digest", configBlobDigestRaw.String()).
SetBody(configContent).
@ -290,12 +301,13 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
manifestBlob := resp.Body()
var manifest ispec.Manifest
err = json.Unmarshal(manifestBlob, &manifest)
So(err, ShouldBeNil)
manifest.Annotations = make(map[string]string)
manifest.Annotations["annotation1"] = "testFail1"
configDigest := manifest.Config.Digest
@ -306,7 +318,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
configBlob := resp.Body()
var imageConfig ispec.Image
err = json.Unmarshal(configBlob, &imageConfig)
So(err, ShouldBeNil)
@ -324,13 +338,13 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
// upload image config blob
_, err = resty.R().
Post(fmt.Sprintf("%s/v2/zot-test/blobs/uploads/", baseURL))
Post(baseURL + "/v2/zot-test/blobs/uploads/")
So(err, ShouldBeNil)
loc := test.Location(baseURL, resp)
_, err = resty.R().
SetContentLength(true).
SetHeader("Content-Length", fmt.Sprintf("%d", len(configContent))).
SetHeader("Content-Length", strconv.Itoa(len(configContent))).
SetHeader("Content-Type", "application/octet-stream").
SetQueryParam("digest", configBlobDigestRaw.String()).
SetBody(configContent).
@ -375,7 +389,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
manifestBlob := resp.Body()
var manifest ispec.Manifest
err = json.Unmarshal(manifestBlob, &manifest)
So(err, ShouldBeNil)
@ -430,7 +446,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
manifestBlob := resp.Body()
var manifest ispec.Manifest
err = json.Unmarshal(manifestBlob, &manifest)
So(err, ShouldBeNil)

1
pkg/extensions/monitoring/common.go
View file

@ -23,6 +23,7 @@ func GetDirSize(path string) (int64, error) {
if err != nil {
return err
}
if !info.IsDir() {
size += info.Size()
}

2
pkg/extensions/monitoring/extension.go
View file

@ -220,8 +220,8 @@ func IncDownloadCounter(ms MetricServer, repo string) {
func SetStorageUsage(ms MetricServer, rootDir, repo string) {
ms.ForceSendMetric(func() {
dir := path.Join(rootDir, repo)
repoSize, err := GetDirSize(dir)
repoSize, err := GetDirSize(dir)
if err == nil {
repoStorageBytes.WithLabelValues(repo).Set(float64(repoSize))
}

2
pkg/extensions/monitoring/minimal.go
View file

@ -439,6 +439,7 @@ func (ms *metricServer) HistogramObserve(hv *HistogramValue) {
cachedH := ms.cache.Histograms[index]
cachedH.Count++
cachedH.Sum += hv.Sum
for _, fvalue := range GetBuckets(hv.Name) {
if hv.Sum <= fvalue {
cachedH.Buckets[ms.bucketsF2S[fvalue]]++
@ -478,6 +479,7 @@ func IncHTTPConnRequests(ms MetricServer, lvs ...string) {
func ObserveHTTPRepoLatency(ms MetricServer, path string, latency time.Duration) {
var lvs []string
match := re.FindStringSubmatch(path)
if len(match) > 1 {

5
pkg/extensions/monitoring/monitoring_test.go
View file

@ -90,9 +90,10 @@ func TestExtensionMetrics(t *testing.T) {
conf := config.New()
conf.HTTP.Port = port
var disabled bool
conf.Storage.RootDirectory = t.TempDir()
conf.Extensions = &extconf.ExtensionConfig{}
var disabled bool
conf.Extensions.Metrics = &extconf.MetricsConfig{BaseConfig: extconf.BaseConfig{Enable: &disabled}}
ctlr := api.NewController(conf)
@ -169,6 +170,7 @@ func TestMetricsAuthentication(t *testing.T) {
metricsuser := generateRandomString()
metricspass := generateRandomString()
content := test.GetCredString(username, password) + "\n" + test.GetCredString(metricsuser, metricspass)
htpasswdPath := test.MakeHtpasswdFileFromString(content)
defer os.Remove(htpasswdPath)
@ -233,6 +235,7 @@ func TestMetricsAuthorization(t *testing.T) {
metricsuser := generateRandomString()
metricspass := generateRandomString()
content := test.GetCredString(username, password) + "\n" + test.GetCredString(metricsuser, metricspass)
htpasswdPath := test.MakeHtpasswdFileFromString(content)
defer os.Remove(htpasswdPath)

8
pkg/extensions/scrub/scrub.go
View file

@ -15,14 +15,14 @@ import (
// Scrub Extension for repo...
func RunScrubRepo(ctx context.Context, imgStore storageTypes.ImageStore, repo string, log log.Logger) error {
execMsg := fmt.Sprintf("executing scrub to check manifest/blob integrity for %s", path.Join(imgStore.RootDir(), repo))
execMsg := "executing scrub to check manifest/blob integrity for " + path.Join(imgStore.RootDir(), repo)
log.Info().Msg(execMsg)
results, err := storage.CheckRepo(ctx, repo, imgStore)
if err != nil {
errMessage := fmt.Sprintf("failed to run scrub for %s", path.Join(imgStore.RootDir(), repo))
errMessage := "failed to run scrub for " + path.Join(imgStore.RootDir(), repo)
log.Error().Err(err).Msg(errMessage)
log.Info().Msg(fmt.Sprintf("scrub unsuccessfully completed for %s", path.Join(imgStore.RootDir(), repo)))
log.Info().Msg("scrub unsuccessfully completed for " + path.Join(imgStore.RootDir(), repo))
return err
}
@ -47,7 +47,7 @@ func RunScrubRepo(ctx context.Context, imgStore storageTypes.ImageStore, repo st
}
}
log.Info().Msg(fmt.Sprintf("scrub successfully completed for %s", path.Join(imgStore.RootDir(), repo)))
log.Info().Msg("scrub successfully completed for " + path.Join(imgStore.RootDir(), repo))
return nil
}

3
pkg/extensions/scrub/scrub_test.go
View file

@ -5,7 +5,6 @@ package scrub_test
import (
"context"
"fmt"
"os"
"path"
"testing"
@ -289,7 +288,7 @@ func TestRunScrubRepo(t *testing.T) {
data, err := os.ReadFile(logFile.Name())
So(err, ShouldBeNil)
So(string(data), ShouldContainSubstring,
fmt.Sprintf("failed to run scrub for %s", imgStore.RootDir()))
"failed to run scrub for "+imgStore.RootDir())
So(os.Chmod(path.Join(dir, repoName), 0o755), ShouldBeNil)
})
}

1
pkg/extensions/search/convert/convert_internal_test.go
View file

@ -161,6 +161,7 @@ func TestCVEConvert(t *testing.T) {
Convey("Add CVE Summary to RepoSummary", func() {
var repoSummary *gql_generated.RepoSummary
So(repoSummary, ShouldBeNil)
updateRepoSummaryVulnerabilities(ctx,

2
pkg/extensions/search/cve/cve.go
View file

@ -212,12 +212,14 @@ func (cveinfo BaseCveInfo) GetImageListWithCVEFixed(ctx context.Context, repo, c
if len(vulnerableTags) != 0 {
cveinfo.Log.Info().Str("repository", repo).Str("cve-id", cveID).
Interface("tags", vulnerableTags).Msg("vulnerable tags")
fixedTags = GetFixedTags(allTags, vulnerableTags)
cveinfo.Log.Info().Str("repository", repo).Str("cve-id", cveID).
Interface("tags", fixedTags).Msg("fixed tags")
} else {
cveinfo.Log.Info().Str("repository", repo).Str("cve-id", cveID).
Msg("image does not contain any tag that have given cve")
fixedTags = allTags
}

71
pkg/extensions/search/cve/cve_test.go
View file

@ -157,16 +157,14 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:2a9b097b4e4c613dd8185eba55163201a221909f3d430f8df87cd3639afc5929","size":1240,"annotations":{"org.opencontainers.image.ref.name":"commit-aaa7c6e7-squashfs"},"platform":{"architecture":"amd64","os":"linux"}}]}
`)
content = `{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:2a9b097b4e4c613dd8185eba55163201a221909f3d430f8df87cd3639afc5929","size":1240,"annotations":{"org.opencontainers.image.ref.name":"commit-aaa7c6e7-squashfs"},"platform":{"architecture":"amd64","os":"linux"}}]}`
err = makeTestFile(path.Join(dbDir, "zot-squashfs-invalid-blob", "index.json"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"config"{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:4b37d4133908ac9a3032ba996020f2ad41354a616b071ca7e726a1df18a0f354","size":1691},"layers":[{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:a01a66356aace53222e92fb6fd990b23eb44ab0e58dff6f853fa9f771ecf3ac5","size":54996992},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:91c26d6934ef2b5c5c4d8458af9bfc4ca46cf90c22380193154964abc8298a7a","size":52330496},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:f281a550ca49746cfc6b8f1ac52f8086b3d5845db2ca18fde980dab62ae3bf7d","size":23343104},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:7ee02568717acdda336c9d56d4dc6ea7f3b1c553e43bb0c0ecc6fd3bbd059d1a","size":5910528},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:8fb33b130588b239235dedd560cdf49d29bbf6f2db5419ac68e4592a85c1f416","size":123269120},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:1b49f0b33d4a696bb94d84c9acab3623e2c195bfb446d446a583a2f9f27b04c3","size":113901568}],"annotations":{"com.cisco.stacker.git_version":"7-dev19-63-gaaa7c6e7","ws.tycho.stacker.git_version":"0.3.26"}}
`)
content = `{"schemaVersion":2,"config"{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:4b37d4133908ac9a3032ba996020f2ad41354a616b071ca7e726a1df18a0f354","size":1691},"layers":[{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:a01a66356aace53222e92fb6fd990b23eb44ab0e58dff6f853fa9f771ecf3ac5","size":54996992},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:91c26d6934ef2b5c5c4d8458af9bfc4ca46cf90c22380193154964abc8298a7a","size":52330496},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:f281a550ca49746cfc6b8f1ac52f8086b3d5845db2ca18fde980dab62ae3bf7d","size":23343104},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:7ee02568717acdda336c9d56d4dc6ea7f3b1c553e43bb0c0ecc6fd3bbd059d1a","size":5910528},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:8fb33b130588b239235dedd560cdf49d29bbf6f2db5419ac68e4592a85c1f416","size":123269120},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:1b49f0b33d4a696bb94d84c9acab3623e2c195bfb446d446a583a2f9f27b04c3","size":113901568}],"annotations":{"com.cisco.stacker.git_version":"7-dev19-63-gaaa7c6e7","ws.tycho.stacker.git_version":"0.3.26"}}`
err = makeTestFile(path.Join(dbDir, "zot-squashfs-invalid-blob", "blobs/sha256", "2a9b097b4e4c613dd8185eba55163201a221909f3d430f8df87cd3639afc5929"), content)
if err != nil {
@ -181,8 +179,8 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
}
il := ispec.ImageLayout{Version: ispec.ImageLayoutVersion}
buf, err = json.Marshal(il)
buf, err = json.Marshal(il)
if err != nil {
return err
}
@ -196,49 +194,51 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`)
//nolint:goconst
content = `{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`
err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "index.json"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:c5c2fd2b07ad4cb025cf20936d6bce6085584b8377780599be4da8a91739f0e8","size":1738},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:3414b5ef0ad2f0390daaf55b63c422eeedef6191d47036a69d8ee396fabdce72","size":58993484},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:a3b04fff744c13dfa4883e01fa35e01af8daa7f72d9e9b6b7fad1f28843846b6","size":55631733},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:754f517f58f302190aa94e025c25890c18e1e811127aed1ef25c189278ec4ab0","size":113612795},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:ec004cd43488b803d6e232599e83a3164394d44fcd9f44755fed7b5791087ede","size":108889651}],"annotations":{"ws.tycho.stacker.git_version":"0.3.19"}}`)
content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:c5c2fd2b07ad4cb025cf20936d6bce6085584b8377780599be4da8a91739f0e8","size":1738},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:3414b5ef0ad2f0390daaf55b63c422eeedef6191d47036a69d8ee396fabdce72","size":58993484},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:a3b04fff744c13dfa4883e01fa35e01af8daa7f72d9e9b6b7fad1f28843846b6","size":55631733},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:754f517f58f302190aa94e025c25890c18e1e811127aed1ef25c189278ec4ab0","size":113612795},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:ec004cd43488b803d6e232599e83a3164394d44fcd9f44755fed7b5791087ede","size":108889651}],"annotations":{"ws.tycho.stacker.git_version":"0.3.19"}}`
err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-04-08T05:08:43.590117872Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:12:31.0513552Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`)
content = `{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-04-08T05:08:43.590117872Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:12:31.0513552Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`
err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "c5c2fd2b07ad4cb025cf20936d6bce6085584b8377780599be4da8a91739f0e8"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`)
//nolint:goconst
content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`
err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-05-11T18:17:24.516727354Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:12:31.0513552Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`)
content = `{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-05-11T18:17:24.516727354Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:12:31.0513552Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`
err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:1fc1d045b241b04fea54333d76d4f57eb1961f9a314413f02a956b76e77a99f0","size":1218},"layers":[{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:c40d72b1556293c00a3e4b6c64c46ef4c7ae4d876dc18bad942b7d1903e8e5b7","size":54745420},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:4115890e3e2563e545e03f264bfecb0097e24e02306ae3e7668dea52e00c6cc2","size":52213357},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:91859e13e0cf704d5405199d73a2d1a0718391dbb183a77c4cb85d99e923ff57","size":109479329},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:20aef84d8098d47a0643a2f99ce05f0deed957b3a259fb708c538f23ed97cc82","size":103996238}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`)
content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:1fc1d045b241b04fea54333d76d4f57eb1961f9a314413f02a956b76e77a99f0","size":1218},"layers":[{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:c40d72b1556293c00a3e4b6c64c46ef4c7ae4d876dc18bad942b7d1903e8e5b7","size":54745420},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:4115890e3e2563e545e03f264bfecb0097e24e02306ae3e7668dea52e00c6cc2","size":52213357},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:91859e13e0cf704d5405199d73a2d1a0718391dbb183a77c4cb85d99e923ff57","size":109479329},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:20aef84d8098d47a0643a2f99ce05f0deed957b3a259fb708c538f23ed97cc82","size":103996238}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`
err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-05-11T18:17:24.516727354Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-05-11T19:30:02.467956112Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`)
content = `{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-05-11T18:17:24.516727354Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-05-11T19:30:02.467956112Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`
err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "1fc1d045b241b04fea54333d76d4f57eb1961f9a314413f02a956b76e77a99f0"), content)
if err != nil {
@ -252,21 +252,21 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`)
content = `{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`
err = makeTestFile(path.Join(dbDir, "zot-invalid-layer", "index.json"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`)
content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`
err = makeTestFile(path.Join(dbDir, "zot-invalid-layer", "blobs/sha256", "eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"created":"2020-05-11T19:12:23.239785708Z","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs":{"type":"layers","diff_ids":["sha256:8817d297aa60796f41f559ba688d29b31830854014091233575d474f3a6e808e","sha256:dd5a09481ae1f5caf8d1dbc87bc7f86a01af030796467ba25851ad69964d226d","sha256:a8bce2aaf5ce6f1a5459b72de64927a1e507a911453789bf60df06752222cacd","sha256:dc0b750a934e8f376af23de6dcab1af282967498844a6510aed2c61277f20c11"]},"history":[{"created":"2020-05-11T18:17:24.516727354Z","created_by":"stacker umoci repack"},{"created":"2020-05-11T18:17:33.111086359Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:18:43.147035914Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:19:03.346279546Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:27:01.623678656Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:27:23.420280147Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T19:11:54.886053615Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T19:12:23.239785708Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true}]`)
content = `{"created":"2020-05-11T19:12:23.239785708Z","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs":{"type":"layers","diff_ids":["sha256:8817d297aa60796f41f559ba688d29b31830854014091233575d474f3a6e808e","sha256:dd5a09481ae1f5caf8d1dbc87bc7f86a01af030796467ba25851ad69964d226d","sha256:a8bce2aaf5ce6f1a5459b72de64927a1e507a911453789bf60df06752222cacd","sha256:dc0b750a934e8f376af23de6dcab1af282967498844a6510aed2c61277f20c11"]},"history":[{"created":"2020-05-11T18:17:24.516727354Z","created_by":"stacker umoci repack"},{"created":"2020-05-11T18:17:33.111086359Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:18:43.147035914Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:19:03.346279546Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:27:01.623678656Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:27:23.420280147Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T19:11:54.886053615Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T19:12:23.239785708Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true}]`
err = makeTestFile(path.Join(dbDir, "zot-invalid-layer", "blobs/sha256", "5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6"), content)
if err != nil {
@ -280,21 +280,21 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`)
content = `{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`
err = makeTestFile(path.Join(dbDir, "zot-no-layer", "index.json"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`)
content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`
err = makeTestFile(path.Join(dbDir, "zot-no-layer", "blobs/sha256", "eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb"), content)
if err != nil {
return err
}
content = fmt.Sprint(`{"created":"2020-05-11T19:12:23.239785708Z","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs":{"type":"layers","diff_ids":["sha256:8817d297aa60796f41f559ba688d29b31830854014091233575d474f3a6e808e","sha256:dd5a09481ae1f5caf8d1dbc87bc7f86a01af030796467ba25851ad69964d226d","sha256:a8bce2aaf5ce6f1a5459b72de64927a1e507a911453789bf60df06752222cacd","sha256:dc0b750a934e8f376af23de6dcab1af282967498844a6510aed2c61277f20c11"]},"history":[{"created":"2020-05-11T18:17:24.516727354Z","created_by":"stacker umoci repack"},{"created":"2020-05-11T18:17:33.111086359Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:18:43.147035914Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:19:03.346279546Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:27:01.623678656Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:27:23.420280147Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T19:11:54.886053615Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T19:12:23.239785708Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true}]`)
content = `{"created":"2020-05-11T19:12:23.239785708Z","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs":{"type":"layers","diff_ids":["sha256:8817d297aa60796f41f559ba688d29b31830854014091233575d474f3a6e808e","sha256:dd5a09481ae1f5caf8d1dbc87bc7f86a01af030796467ba25851ad69964d226d","sha256:a8bce2aaf5ce6f1a5459b72de64927a1e507a911453789bf60df06752222cacd","sha256:dc0b750a934e8f376af23de6dcab1af282967498844a6510aed2c61277f20c11"]},"history":[{"created":"2020-05-11T18:17:24.516727354Z","created_by":"stacker umoci repack"},{"created":"2020-05-11T18:17:33.111086359Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:18:43.147035914Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:19:03.346279546Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:27:01.623678656Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:27:23.420280147Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T19:11:54.886053615Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T19:12:23.239785708Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true}]`
err = makeTestFile(path.Join(dbDir, "zot-no-layer", "blobs/sha256", "5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a"), content)
if err != nil {
@ -423,6 +423,7 @@ func TestCVESearchDisabled(t *testing.T) {
conf.HTTP.Port = port
username, seedUser := test.GenerateRandomString()
password, seedPass := test.GenerateRandomString()
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
@ -491,6 +492,7 @@ func TestCVESearch(t *testing.T) {
conf.HTTP.Port = port
username, seedUser := test.GenerateRandomString()
password, seedPass := test.GenerateRandomString()
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
@ -560,15 +562,17 @@ func TestCVESearch(t *testing.T) {
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 401)
var apiErr apiErr.Error
err = json.Unmarshal(resp.Body(), &apiErr)
var apiError apiErr.Error
err = json.Unmarshal(resp.Body(), &apiError)
So(err, ShouldBeNil)
resp, err = resty.R().Get(baseURL + constants.FullSearchPrefix)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 401)
err = json.Unmarshal(resp.Body(), &apiErr)
err = json.Unmarshal(resp.Body(), &apiError)
So(err, ShouldBeNil)
// with creds, should get expected status code
@ -587,14 +591,17 @@ func TestCVESearch(t *testing.T) {
var cveResult CveResult
contains := false
resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
err = json.Unmarshal(resp.Body(), &cveResult)
So(err, ShouldBeNil)
for _, err := range cveResult.Errors {
result := strings.Contains(err.Message, "no reference provided")
if result {
contains = result
}
}
So(contains, ShouldBeTrue)
resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
@ -746,16 +753,18 @@ func TestCVESearch(t *testing.T) {
func TestCVEStruct(t *testing.T) { //nolint:gocyclo
Convey("Unit test the CVE struct", t, func() {
const repo1 = "repo1"
const repo2 = "repo2"
const repo3 = "repo3"
const repo4 = "repo4"
const repo5 = "repo5"
const repo6 = "repo6"
const repo7 = "repo7"
const repo8 = "repo8"
const repo100 = "repo100"
const repoMultiarch = "repoIndex"
const (
repo1 = "repo1"
repo2 = "repo2"
repo3 = "repo3"
repo4 = "repo4"
repo5 = "repo5"
repo6 = "repo6"
repo7 = "repo7"
repo8 = "repo8"
repo100 = "repo100"
repoMultiarch = "repoIndex"
)
params := boltdb.DBParameters{
RootDir: t.TempDir(),

9
pkg/extensions/search/cve/pagination_test.go
View file

@ -154,6 +154,7 @@ func TestCVEPagination(t *testing.T) {
So(cveSummary.CriticalCount, ShouldEqual, 1)
So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
previousSeverity := 4
for _, cve := range cves {
So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
previousSeverity = severityToInt[cve.Severity]
@ -173,6 +174,7 @@ func TestCVEPagination(t *testing.T) {
So(cveSummary.CriticalCount, ShouldEqual, 6)
So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
previousSeverity = 4
for _, cve := range cves {
So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
previousSeverity = severityToInt[cve.Severity]
@ -198,6 +200,7 @@ func TestCVEPagination(t *testing.T) {
So(cveSummary.HighCount, ShouldEqual, 1)
So(cveSummary.CriticalCount, ShouldEqual, 1)
So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
for i, cve := range cves {
So(cve.ID, ShouldEqual, cveIds[i])
}
@ -216,6 +219,7 @@ func TestCVEPagination(t *testing.T) {
So(cveSummary.HighCount, ShouldEqual, 6)
So(cveSummary.CriticalCount, ShouldEqual, 6)
So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
for i, cve := range cves {
So(cve.ID, ShouldEqual, cveIds[i])
}
@ -234,6 +238,7 @@ func TestCVEPagination(t *testing.T) {
So(cveSummary.HighCount, ShouldEqual, 6)
So(cveSummary.CriticalCount, ShouldEqual, 6)
So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
for i, cve := range cves {
So(cve.ID, ShouldEqual, cveIds[i])
}
@ -252,6 +257,7 @@ func TestCVEPagination(t *testing.T) {
So(cveSummary.CriticalCount, ShouldEqual, 6)
So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
previousSeverity := 4
for _, cve := range cves {
So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
previousSeverity = severityToInt[cve.Severity]
@ -323,6 +329,7 @@ func TestCVEPagination(t *testing.T) {
So(cveSummary.CriticalCount, ShouldEqual, 1)
So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
previousSeverity := 4
for _, cve := range cves {
So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
previousSeverity = severityToInt[cve.Severity]
@ -346,6 +353,7 @@ func TestCVEPagination(t *testing.T) {
So(cveSummary.HighCount, ShouldEqual, 6)
So(cveSummary.CriticalCount, ShouldEqual, 6)
So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
for i, cve := range cves {
So(cve.ID, ShouldEqual, cveIds[i+20])
}
@ -410,6 +418,7 @@ func TestCVEPagination(t *testing.T) {
So(cveSummary.CriticalCount, ShouldEqual, 1)
So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
previousSeverity := 4
for _, cve := range cves {
So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
previousSeverity = severityToInt[cve.Severity]

2
pkg/extensions/search/cve/scan.go
View file

@ -142,7 +142,7 @@ func (gen *scanTaskGenerator) Next() (scheduler.Task, error) {
gen.done = true
return nil, nil
return nil, nil //nolint:nilnil
}
// Since imageMeta will always contain just un-scanned images we can pick

2
pkg/extensions/search/cve/scan_test.go
View file

@ -47,6 +47,7 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo
logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
logPath := logFile.Name()
So(err, ShouldBeNil)
defer os.Remove(logFile.Name()) // clean up
@ -484,6 +485,7 @@ func TestScanGeneratorWithRealData(t *testing.T) {
logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
logPath := logFile.Name()
So(err, ShouldBeNil)
defer os.Remove(logFile.Name()) // clean up

5
pkg/extensions/search/cve/trivy/scanner.go
View file

@ -5,6 +5,7 @@ import (
"fmt"
"os"
"path"
"strconv"
"strings"
"sync"
@ -99,7 +100,7 @@ func NewScanner(storeController storage.StoreController,
// Add the schema version if the tag is not specified for backward compatibility.
if t, ok := dbRepositoryRef.(name.Tag); ok && t.TagStr() == "" {
dbRepositoryRef = t.Tag(fmt.Sprint(db.SchemaVersion))
dbRepositoryRef = t.Tag(strconv.Itoa(db.SchemaVersion))
}
var javaDBRepositoryRef name.Reference
@ -111,7 +112,7 @@ func NewScanner(storeController storage.StoreController,
// Add the schema version if the tag is not specified for backward compatibility.
if t, ok := javaDBRepositoryRef.(name.Tag); ok && t.TagStr() == "" {
javaDBRepositoryRef = t.Tag(fmt.Sprint(javadb.SchemaVersion))
javaDBRepositoryRef = t.Tag(strconv.Itoa(javadb.SchemaVersion))
}
}

1
pkg/extensions/search/cve/update_test.go
View file

@ -28,6 +28,7 @@ func TestCVEDBGenerator(t *testing.T) {
Convey("Test CVE DB task scheduler reset", t, func() {
logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
logPath := logFile.Name()
So(err, ShouldBeNil)
defer os.Remove(logFile.Name()) // clean up

1
pkg/extensions/search/digest_test.go
View file

@ -201,6 +201,7 @@ func TestDigestSearchHTTP(t *testing.T) {
So(resp, ShouldNotBeNil)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
var responseStruct2 ImgResponseForDigest
err = json.Unmarshal(resp.Body(), &responseStruct2)

2
pkg/extensions/search/resolver.go
View file

@ -303,6 +303,7 @@ func getCVEDiffListForImages(
if err != nil {
return nil, err
}
resultSubtrahend = getImageIdentifier(subtrahend)
} else {
// search for base images
@ -1124,6 +1125,7 @@ func filterDerivedImages(image *gql_generated.ImageSummary) mTypes.FilterFunc {
if manifestDigest == *image.Manifests[i].Digest {
return false
}
imageLayers := image.Manifests[i].Layers
addImageToList = false

4
pkg/extensions/search/resolver_test.go
View file

@ -36,6 +36,7 @@ var ErrTestError = errors.New("TestError")
func TestResolverGlobalSearch(t *testing.T) {
Convey("globalSearch", t, func() {
const query = "repo1"
Convey("MetaDB SearchRepos error", func() {
mockMetaDB := mocks.MetaDBMock{
SearchReposFn: func(ctx context.Context, searchText string,
@ -77,6 +78,7 @@ func TestResolverGlobalSearch(t *testing.T) {
return []mTypes.FullImageMeta{}, ErrTestError
},
}
const query = "repo1:1.0.1"
mockCve := mocks.CveInfoMock{}
@ -292,6 +294,7 @@ func TestRepoListWithNewestImage(t *testing.T) {
}, nil
},
}
Convey("MetaDB missing requestedPage", func() {
responseContext := graphql.WithResponseContext(context.Background(), graphql.DefaultErrorPresenter,
graphql.DefaultRecover)
@ -560,6 +563,7 @@ func TestGetImageSummaryError(t *testing.T) {
func TestImageListError(t *testing.T) {
Convey("getImageList", t, func() {
testLogger := log.NewLogger("debug", "/dev/null")
Convey("no page requested, SearchRepoFn returns error", func() {
mockMetaDB := mocks.MetaDBMock{
FilterTagsFn: func(ctx context.Context, filterRepoTag mTypes.FilterRepoTagFunc, filterFunc mTypes.FilterFunc,

51
pkg/extensions/search/search_test.go
View file

@ -681,6 +681,7 @@ func TestRepoListWithNewestImage(t *testing.T) {
// stdout and a file
logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
So(err, ShouldBeNil)
logPath := logFile.Name()
defer os.Remove(logPath)
@ -813,6 +814,7 @@ func TestGetReferrersGQL(t *testing.T) {
ctlr := api.NewController(conf)
ctlrManager := NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
// =======================
@ -937,6 +939,7 @@ func TestGetReferrersGQL(t *testing.T) {
ctlr := api.NewController(conf)
ctlrManager := NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
// =======================
@ -1061,6 +1064,7 @@ func TestGetReferrersGQL(t *testing.T) {
conf.Extensions.Search.CVE = nil
ctlr := api.NewController(conf)
ctlrManager := NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
@ -1253,6 +1257,7 @@ func TestExpandedRepoInfo(t *testing.T) {
ctlr := api.NewController(conf)
ctlrManager := NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
annotations := make(map[string]string)
@ -1336,12 +1341,15 @@ func TestExpandedRepoInfo(t *testing.T) {
So(err, ShouldBeNil)
found := false
for _, m := range responseStruct.ImageSummaries {
if m.Manifests[0].Digest == testManifestDigest.String() {
found = true
So(m.IsSigned, ShouldEqual, false)
}
}
So(found, ShouldEqual, true)
err = signature.SignImageUsingCosign("zot-cve-test:0.0.1", port, false)
@ -1361,12 +1369,14 @@ func TestExpandedRepoInfo(t *testing.T) {
So(err, ShouldBeNil)
found = false
for _, m := range responseStruct.ImageSummaries {
if m.Manifests[0].Digest == testManifestDigest.String() {
found = true
So(m.IsSigned, ShouldEqual, true)
}
}
So(found, ShouldEqual, true)
query = `{
@ -1408,12 +1418,15 @@ func TestExpandedRepoInfo(t *testing.T) {
So(err, ShouldBeNil)
found = false
for _, m := range responseStruct.ImageSummaries {
if m.Manifests[0].Digest == testManifestDigest.String() {
found = true
So(m.IsSigned, ShouldEqual, false)
}
}
So(found, ShouldEqual, true)
err = signature.SignImageUsingCosign("zot-test@"+testManifestDigest.String(), port, false)
@ -1433,12 +1446,14 @@ func TestExpandedRepoInfo(t *testing.T) {
So(err, ShouldBeNil)
found = false
for _, m := range responseStruct.ImageSummaries {
if m.Manifests[0].Digest == testManifestDigest.String() {
found = true
So(m.IsSigned, ShouldEqual, true)
}
}
So(found, ShouldEqual, true)
manifestDigest := uploadedImage.ManifestDescriptor.Digest
@ -1474,6 +1489,7 @@ func TestExpandedRepoInfo(t *testing.T) {
ctlr := api.NewController(conf)
ctlrManager := NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
image := CreateImageWith().RandomLayers(1, 20).DefaultConfig().Build()
@ -1709,6 +1725,7 @@ func TestExpandedRepoInfo(t *testing.T) {
So(len(responseStruct.Summary.Platforms), ShouldNotEqual, 5)
found := false
for _, is := range responseStruct.ImageSummaries {
if is.Tag == "1.0.0" {
found = true
@ -1716,9 +1733,11 @@ func TestExpandedRepoInfo(t *testing.T) {
So(len(is.Manifests), ShouldEqual, 2)
}
}
So(found, ShouldBeTrue)
found = false
for _, is := range responseStruct.ImageSummaries {
if is.Tag == "2.0.0" {
found = true
@ -1726,6 +1745,7 @@ func TestExpandedRepoInfo(t *testing.T) {
So(len(is.Manifests), ShouldEqual, 3)
}
}
So(found, ShouldBeTrue)
})
}
@ -2113,12 +2133,14 @@ func TestDerivedImageList(t *testing.T) {
err = json.Unmarshal(resp.Body(), responseStruct)
So(err, ShouldBeNil)
for _, err := range responseStruct.Errors {
result := strings.Contains(err.Message, "no reference provided")
if result {
contains = result
}
}
So(contains, ShouldBeTrue)
})
}
@ -2759,12 +2781,14 @@ func TestBaseImageList(t *testing.T) {
err = json.Unmarshal(resp.Body(), responseStruct)
So(err, ShouldBeNil)
for _, err := range responseStruct.Errors {
result := strings.Contains(err.Message, "no reference provided")
if result {
contains = result
}
}
So(contains, ShouldBeTrue)
})
}
@ -3132,10 +3156,12 @@ func TestGlobalSearch(t *testing.T) {
allExpectedRepoInfoMap := make(map[string]zcommon.RepoInfo)
allExpectedImageSummaryMap := make(map[string]zcommon.ImageSummary)
for _, repo := range repos {
repoInfo, err := olu.GetExpandedRepoInfo(repo)
So(err, ShouldBeNil)
allExpectedRepoInfoMap[repo] = repoInfo
for _, image := range repoInfo.ImageSummaries {
imageName := fmt.Sprintf("%s:%s", repo, image.Tag)
allExpectedImageSummaryMap[imageName] = image
@ -3203,6 +3229,7 @@ func TestGlobalSearch(t *testing.T) {
newestImageMap := make(map[string]zcommon.ImageSummary)
actualRepoMap := make(map[string]zcommon.RepoSummary)
for _, repo := range responseStruct.Repos {
newestImageMap[repo.Name] = repo.NewestImage
actualRepoMap[repo.Name] = repo
@ -3350,6 +3377,7 @@ func TestGlobalSearch(t *testing.T) {
// stdout and a file
logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
So(err, ShouldBeNil)
logPath := logFile.Name()
defer os.Remove(logPath)
@ -3477,10 +3505,12 @@ func TestGlobalSearch(t *testing.T) {
allExpectedRepoInfoMap := make(map[string]zcommon.RepoInfo)
allExpectedImageSummaryMap := make(map[string]zcommon.ImageSummary)
for _, repo := range repos {
repoInfo, err := olu.GetExpandedRepoInfo(repo)
So(err, ShouldBeNil)
allExpectedRepoInfoMap[repo] = repoInfo
for _, image := range repoInfo.ImageSummaries {
imageName := fmt.Sprintf("%s:%s", repo, image.Tag)
allExpectedImageSummaryMap[imageName] = image
@ -3544,6 +3574,7 @@ func TestGlobalSearch(t *testing.T) {
newestImageMap := make(map[string]zcommon.ImageSummary)
actualRepoMap := make(map[string]zcommon.RepoSummary)
for _, repo := range responseStruct.Repos {
newestImageMap[repo.Name] = repo.NewestImage
actualRepoMap[repo.Name] = repo
@ -3572,6 +3603,7 @@ func TestGlobalSearch(t *testing.T) {
// RepoInfo object does not provide vulnerability information so we need to check differently
t.Logf("Found vulnerability summary %v", repoSummary.NewestImage.Vulnerabilities)
if repoName == "repo1" { //nolint:goconst
So(repoSummary.NewestImage.Vulnerabilities.Count, ShouldEqual, 4)
// There are 4 vulnerabilities in the data used in tests
@ -3800,6 +3832,7 @@ func TestGlobalSearch(t *testing.T) {
So(len(results.Repos), ShouldEqual, 0)
expectedRepos := []string{"repo1", "repo2", "repo3", "repo4", "repo5"}
for _, image := range results.Images {
So(image.Tag, ShouldEqual, "tag1")
So(image.RepoName, ShouldBeIn, expectedRepos)
@ -3812,6 +3845,7 @@ func TestGlobalSearch(t *testing.T) {
So(len(results.Repos), ShouldEqual, 0)
expectedRepos = []string{"repo2", "repo4"}
for _, image := range results.Images {
So(image.Tag, ShouldEqual, "tag-multi")
So(image.RepoName, ShouldBeIn, expectedRepos)
@ -3824,9 +3858,11 @@ func TestGlobalSearch(t *testing.T) {
So(len(results.Repos), ShouldEqual, 0)
expectedRepos = []string{"repo1", "repo2", "repo3", "repo4", "repo6"}
for _, image := range results.Images {
So(image.Tag, ShouldEqual, "tag2")
So(image.RepoName, ShouldBeIn, expectedRepos)
if image.RepoName == "repo6" {
So(len(image.Manifests), ShouldEqual, 3)
} else {
@ -3840,6 +3876,7 @@ func TestGlobalSearch(t *testing.T) {
So(len(results.Repos), ShouldEqual, 0)
expectedRepos = []string{"repo2", "repo4"}
for _, image := range results.Images {
So(image.Tag, ShouldContainSubstring, "multi")
So(image.RepoName, ShouldBeIn, expectedRepos)
@ -3852,6 +3889,7 @@ func TestGlobalSearch(t *testing.T) {
So(len(results.Repos), ShouldEqual, 0)
expectedRepos = []string{"repo1", "repo2", "repo3", "repo4", "repo5", "repo6"}
for _, image := range results.Images {
So(image.Tag, ShouldContainSubstring, "tag")
So(image.RepoName, ShouldBeIn, expectedRepos)
@ -4152,11 +4190,14 @@ func TestImageList(t *testing.T) {
buf, _, _, err := imageStore.GetImageManifest(repos[0], tags[0])
So(err, ShouldBeNil)
var imageManifest ispec.Manifest
err = json.Unmarshal(buf, &imageManifest)
So(err, ShouldBeNil)
var imageConfigInfo ispec.Image
imageConfigBuf, err := imageStore.GetBlobContent(repos[0], imageManifest.Config.Digest)
So(err, ShouldBeNil)
err = json.Unmarshal(imageConfigBuf, &imageConfigInfo)
@ -4749,7 +4790,7 @@ func RunMetaDBIndexTests(baseURL, port string) {
responseImage := responseImages[0]
So(len(responseImage.Manifests), ShouldEqual, 3)
err = signature.SignImageUsingCosign(fmt.Sprintf("repo@%s", multiarchImage.DigestStr()), port, false)
err = signature.SignImageUsingCosign("repo@"+multiarchImage.DigestStr(), port, false)
So(err, ShouldBeNil)
resp, err = resty.R().Get(baseURL + graphqlQueryPrefix + "?query=" + url.QueryEscape(query))
@ -5502,6 +5543,7 @@ func TestMetaDBWhenDeletingImages(t *testing.T) {
for _, manifest := range indexContent.Manifests {
manifestBlob, _, _, err := storage.GetImageManifest(repo, manifest.Digest.String())
So(err, ShouldBeNil)
var manifestContent ispec.Manifest
err = json.Unmarshal(manifestBlob, &manifestContent)
@ -5520,7 +5562,9 @@ func TestMetaDBWhenDeletingImages(t *testing.T) {
// check notation signature
manifest1Blob, err := json.Marshal(image1.Manifest)
So(err, ShouldBeNil)
manifest1Digest := godigest.FromBytes(manifest1Blob)
So(sigManifestContent.Subject, ShouldNotBeNil)
So(sigManifestContent.Subject.Digest.String(), ShouldEqual, manifest1Digest.String())
@ -5744,6 +5788,7 @@ func TestSearchSize(t *testing.T) {
configSize := uploadedImage.ConfigDescriptor.Size
manifestSize := uploadedImage.ManifestDescriptor.Size
layersSize := int64(0)
for _, l := range uploadedImage.Layers {
layersSize += int64(len(l))
}
@ -6025,6 +6070,7 @@ func TestImageSummary(t *testing.T) {
contains := false
resp, err = resty.R().Get(targetURL)
So(resp, ShouldNotBeNil)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
@ -6032,12 +6078,14 @@ func TestImageSummary(t *testing.T) {
err = json.Unmarshal(resp.Body(), &imgSummaryResponse)
So(err, ShouldBeNil)
for _, err := range imgSummaryResponse.Errors {
result := strings.Contains(err.Message, "no reference provided")
if result {
contains = result
}
}
So(contains, ShouldBeTrue)
t.Log("starting Test retrieve image based on image identifier")
@ -6214,6 +6262,7 @@ func TestImageSummary(t *testing.T) {
tagTarget := "latest"
err := UploadImage(image, baseURL, repoName, tagTarget)
So(err, ShouldBeNil)
var (
imgSummaryResponse zcommon.ImageSummaryResult
strQuery string

3
pkg/extensions/search/userprefs_test.go
View file

@ -42,6 +42,7 @@ func TestUserData(t *testing.T) {
content := test.GetCredString(adminUser, adminPassword) +
test.GetCredString(simpleUser, simpleUserPassword)
htpasswdPath := test.MakeHtpasswdFileFromString(content)
defer os.Remove(htpasswdPath)
@ -604,6 +605,7 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) {
simpleUser := "simpleUser"
simpleUserPassword := "simpleUserPass"
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword))
defer os.Remove(htpasswdPath)
@ -798,6 +800,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) {
simpleUser := "simpleUser"
simpleUserPassword := "simpleUserPass"
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword))
defer os.Remove(htpasswdPath)

3
pkg/extensions/sync/content_internal_test.go
View file

@ -149,8 +149,10 @@ func TestGetContentByLocalRepo(t *testing.T) {
for _, test := range testCases {
cm := NewContentManager(test.content, log.Logger{})
actualResult := cm.getContentByLocalRepo(test.repo)
if test.expected == -1 {
var tnil *syncconf.Content = nil
So(actualResult, ShouldEqual, tnil)
} else {
So(actualResult, ShouldEqual, &test.content[test.expected])
@ -239,6 +241,7 @@ func TestFilterTags(t *testing.T) {
cm := NewContentManager(test.content, log.NewLogger("debug", ""))
actualResult, err := cm.FilterTags(test.repo, test.tags)
So(actualResult, ShouldResemble, test.filteredTags)
if test.err {
So(err, ShouldNotBeNil)
} else {

2
pkg/extensions/sync/destination.go
View file

@ -295,7 +295,7 @@ func getTempRootDirFromImageReference(imageReference types.ImageReference, repo,
if strings.HasSuffix(imageReference.StringWithinTransport(), reference) {
tmpRootDir = strings.ReplaceAll(imageReference.StringWithinTransport(), fmt.Sprintf("%s:%s", repo, reference), "")
} else {
tmpRootDir = strings.ReplaceAll(imageReference.StringWithinTransport(), fmt.Sprintf("%s:", repo), "")
tmpRootDir = strings.ReplaceAll(imageReference.StringWithinTransport(), repo+":", "")
}
return tmpRootDir

2
pkg/extensions/sync/httpclient/client.go
View file

@ -438,7 +438,7 @@ func parseAuthHeader(resp *http.Response) (challengeParams, error) {
elem := strings.ReplaceAll(elem, "\"", "")
elemSplit := strings.Split(elem, "=")
if len(elemSplit) != 2 { //nolint: gomnd
if len(elemSplit) != 2 { //nolint:mnd
return params, zerr.ErrParsingAuthHeader
}

1
pkg/extensions/sync/references/cosign.go
View file

@ -156,7 +156,6 @@ func (ref CosignReference) SyncReferences(ctx context.Context, localRepo, remote
err = meta.SetImageMetaFromInput(ctx, localRepo, cosignTag, ispec.MediaTypeImageManifest,
referenceDigest, manifestBuf, ref.storeController.GetImageStore(localRepo),
ref.metaDB, ref.log)
if err != nil {
return refsDigests, fmt.Errorf("failed to set metadata for cosign reference in '%s@%s': %w",
localRepo, subjectDigestStr, err)

3
pkg/extensions/sync/service.go
View file

@ -7,6 +7,7 @@ import (
"context"
"errors"
"fmt"
"strconv"
"github.com/containers/common/pkg/retry"
"github.com/containers/image/v5/copy"
@ -247,7 +248,7 @@ func (service *BaseService) GetNextRepo(lastRepo string) (string, error) {
if targetIdx != service.clusterConfig.Proxy.LocalMemberClusterSocketIndex {
service.log.Debug().
Str(constants.RepositoryLogKey, lastRepo).
Str("targetMemberIndex", fmt.Sprintf("%d", targetIdx)).
Str("targetMemberIndex", strconv.FormatUint(targetIdx, 10)).
Str("targetMember", targetMember).
Msg("skipping sync of repo not managed by local instance")

4
pkg/extensions/sync/sync.go
View file

@ -114,7 +114,7 @@ func (gen *TaskGenerator) Next() (scheduler.Task, error) {
defer gen.lock.Unlock()
if time.Since(gen.lastTaskTime) <= gen.waitTime {
return nil, nil
return nil, nil //nolint:nilnil
}
if err := gen.Service.SetNextAvailableURL(); err != nil {
@ -136,7 +136,7 @@ func (gen *TaskGenerator) Next() (scheduler.Task, error) {
gen.log.Info().Str("component", "sync").Msg("finished syncing all repositories")
gen.done = true
return nil, nil
return nil, nil //nolint:nilnil
}
gen.lastRepo = repo

5
pkg/extensions/sync/sync_internal_test.go
View file

@ -7,6 +7,7 @@ import (
"bytes"
"context"
"encoding/json"
"errors"
"fmt"
"os"
"path"
@ -45,7 +46,7 @@ const (
host = "127.0.0.1:45117"
)
var ErrTestError = fmt.Errorf("testError")
var ErrTestError = errors.New("testError")
func TestInjectSyncUtils(t *testing.T) {
Convey("Inject errors in utils functions", t, func() {
@ -62,6 +63,7 @@ func TestInjectSyncUtils(t *testing.T) {
injected = inject.InjectFailure(0)
_, err = getPolicyContext(log.NewLogger("debug", ""))
if injected {
So(err, ShouldNotBeNil)
} else {
@ -75,6 +77,7 @@ func TestInjectSyncUtils(t *testing.T) {
ols := NewOciLayoutStorage(storage.StoreController{DefaultStore: imageStore})
_, err = ols.GetImageReference(testImage, testImageTag)
if injected {
So(err, ShouldNotBeNil)
} else {

363
pkg/extensions/sync/sync_test.go
View file

File diff suppressed because it is too large Load diff

1
pkg/log/log.go
View file

@ -46,6 +46,7 @@ func NewLogger(level, output string) Logger {
if err != nil {
panic(err)
}
log = zerolog.New(file)
}

24
pkg/log/log_test.go
View file

@ -55,7 +55,9 @@ func TestAuditLogMessages(t *testing.T) {
username, seedUser := test.GenerateRandomString()
password, seedPass := test.GenerateRandomString()
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
HTPasswd: config.AuthHTPasswd{
Path: htpasswdPath,
@ -98,15 +100,19 @@ func TestAuditLogMessages(t *testing.T) {
// wait until the file is populated
byteValue, _ := io.ReadAll(auditFile)
for {
if len(byteValue) != 0 {
break
}
time.Sleep(100 * time.Millisecond)
byteValue, _ = io.ReadAll(auditFile)
}
var auditLog AuditLog
err = json.Unmarshal(byteValue, &auditLog)
if err != nil {
panic(err)
@ -131,15 +137,19 @@ func TestAuditLogMessages(t *testing.T) {
// wait until the file is populated
byteValue, _ := io.ReadAll(auditFile)
for {
if len(byteValue) != 0 {
break
}
time.Sleep(100 * time.Millisecond)
byteValue, _ = io.ReadAll(auditFile)
}
var auditLog AuditLog
err = json.Unmarshal(byteValue, &auditLog)
if err != nil {
panic(err)
@ -166,11 +176,14 @@ func TestAuditLogMessages(t *testing.T) {
// wait until the file is populated
byteValue, _ = io.ReadAll(auditFile)
for {
if len(byteValue) != 0 {
break
}
time.Sleep(100 * time.Millisecond)
byteValue, _ = io.ReadAll(auditFile)
}
@ -194,11 +207,14 @@ func TestAuditLogMessages(t *testing.T) {
// wait until the file is populated
byteValue, _ = io.ReadAll(auditFile)
for {
if len(byteValue) != 0 {
break
}
time.Sleep(100 * time.Millisecond)
byteValue, _ = io.ReadAll(auditFile)
}
@ -227,15 +243,19 @@ func TestAuditLogMessages(t *testing.T) {
// wait until the file is populated
byteValue, _ := io.ReadAll(auditFile)
for {
if len(byteValue) != 0 {
break
}
time.Sleep(100 * time.Millisecond)
byteValue, _ = io.ReadAll(auditFile)
}
var auditLog AuditLog
err = json.Unmarshal(byteValue, &auditLog)
if err != nil {
panic(err)
@ -257,16 +277,20 @@ func TestAuditLogMessages(t *testing.T) {
resp, err = resty.R().SetBasicAuth(username, password).
SetHeader("Content-Type", "application/octet-stream").
SetHeader("Content-Range", contentRange).SetBody(chunk).Patch(loc)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
// wait until the file is populated
byteValue, _ = io.ReadAll(auditFile)
for {
if len(byteValue) != 0 {
break
}
time.Sleep(100 * time.Millisecond)
byteValue, _ = io.ReadAll(auditFile)
}

3
pkg/meta/boltdb/boltdb.go
View file

@ -1268,6 +1268,7 @@ func (bdw *BoltDB) UpdateSignaturesValidity(ctx context.Context, repo string, ma
}
manifestSignatures := proto_go.ManifestSignatures{Map: map[string]*proto_go.SignaturesInfo{"": {}}}
for sigType, sigs := range protoRepoMeta.Signatures[manifestDigest.String()].Map {
if zcommon.IsContextDone(ctx) {
return ctx.Err()
@ -1378,6 +1379,7 @@ func (bdw *BoltDB) RemoveRepoReference(repo, reference string, manifestDigest go
/* try to find at least one tag pointing to manifestDigest
if not found then we can also remove everything related to this digest */
var foundTag bool
for _, desc := range protoRepoMeta.Tags {
if desc.Digest == manifestDigest.String() {
foundTag = true
@ -1883,6 +1885,7 @@ func (bdw *BoltDB) DeleteUserAPIKey(ctx context.Context, keyID string) error {
func (bdw *BoltDB) GetUserAPIKeyInfo(hashedKey string) (string, error) {
var userid string
err := bdw.DB.View(func(tx *bbolt.Tx) error {
buck := tx.Bucket([]byte(UserAPIKeysBucket))
if buck == nil {

4
pkg/meta/boltdb/boltdb_test.go
View file

@ -105,6 +105,7 @@ func TestWrapperErrors(t *testing.T) {
Convey("UpdateSignaturesValidity", func() {
boltdbWrapper.SetImageTrustStore(imgTrustStore{})
digest := image.Digest()
ctx := context.Background()
@ -689,6 +690,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": true,
})
ctx := userAc.DeriveContext(context.Background())
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
@ -711,6 +713,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": true,
})
ctx := userAc.DeriveContext(context.Background())
_, err = boltdbWrapper.ToggleStarRepo(ctx, "repo")
@ -814,6 +817,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": true,
})
ctx := userAc.DeriveContext(context.Background())
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {

1
pkg/meta/convert/convert_proto.go
View file

@ -34,6 +34,7 @@ func GetProtoImageMeta(imageMeta mTypes.ImageMeta) *proto_go.ImageMeta {
if len(imageMeta.Manifests) == 0 {
return nil
}
manifestData := imageMeta.Manifests[0]
return GetProtoImageManifestData(manifestData.Manifest, manifestData.Config, manifestData.Size,

5
pkg/meta/dynamodb/dynamodb.go
View file

@ -1415,6 +1415,7 @@ func (dwr *DynamoDB) RemoveRepoReference(repo, reference string, manifestDigest
} else {
// find all tags pointing to this digest
tags := []string{}
for tag, desc := range protoRepoMeta.Tags {
if desc.Digest == reference {
tags = append(tags, tag)
@ -1454,6 +1455,7 @@ func (dwr *DynamoDB) RemoveRepoReference(repo, reference string, manifestDigest
if err != nil {
return err
}
err = dwr.setProtoRepoMeta(repo, protoRepoMeta) //nolint: contextcheck
return err
@ -1519,7 +1521,6 @@ func (dwr *DynamoDB) ToggleBookmarkRepo(ctx context.Context, repo string) (
func (dwr *DynamoDB) GetBookmarkedRepos(ctx context.Context) ([]string, error) {
userMeta, err := dwr.GetUserData(ctx)
if errors.Is(err, zerr.ErrUserDataNotFound) || errors.Is(err, zerr.ErrUserDataNotAllowed) {
return []string{}, nil
}
@ -1634,7 +1635,6 @@ func (dwr *DynamoDB) ToggleStarRepo(ctx context.Context, repo string) (
func (dwr *DynamoDB) GetStarredRepos(ctx context.Context) ([]string, error) {
userMeta, err := dwr.GetUserData(ctx)
if errors.Is(err, zerr.ErrUserDataNotFound) || errors.Is(err, zerr.ErrUserDataNotAllowed) {
return []string{}, nil
}
@ -2179,7 +2179,6 @@ func (dwr *DynamoDB) createVersionTable() error {
TableName: aws.String(dwr.VersionTablename),
UpdateExpression: aws.String("SET #V = :Version"),
})
if err != nil {
return err
}

3
pkg/meta/dynamodb/dynamodb_internal_test.go
View file

@ -12,7 +12,7 @@ import (
"github.com/rs/zerolog"
. "github.com/smartystreets/goconvey/convey"
"zotregistry.dev/zot/pkg/log" //nolint:go-staticcheck
"zotregistry.dev/zot/pkg/log"
"zotregistry.dev/zot/pkg/meta/version"
tskip "zotregistry.dev/zot/pkg/test/skip"
)
@ -21,6 +21,7 @@ func TestWrapperErrors(t *testing.T) {
tskip.SkipDynamo(t)
const region = "us-east-2"
endpoint := os.Getenv("DYNAMODBMOCK_ENDPOINT")
uuid, err := guuid.NewV4()

11
pkg/meta/dynamodb/dynamodb_test.go
View file

@ -32,6 +32,7 @@ func TestIterator(t *testing.T) {
tskip.SkipDynamo(t)
const region = "us-east-2"
endpoint := os.Getenv("DYNAMODBMOCK_ENDPOINT")
uuid, err := guuid.NewV4()
@ -710,6 +711,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": false,
})
ctx := userAc.DeriveContext(context.Background())
_, err := dynamoWrapper.ToggleBookmarkRepo(ctx, "unaccesible")
@ -722,6 +724,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": true,
})
ctx := userAc.DeriveContext(context.Background())
status, err := dynamoWrapper.ToggleBookmarkRepo(ctx, "repo")
@ -735,6 +738,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": false,
})
ctx := userAc.DeriveContext(context.Background())
dynamoWrapper.UserDataTablename = badTablename
@ -750,6 +754,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": false,
})
ctx := userAc.DeriveContext(context.Background())
repos, err := dynamoWrapper.GetBookmarkedRepos(ctx)
@ -771,6 +776,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": false,
})
ctx := userAc.DeriveContext(context.Background())
_, err := dynamoWrapper.ToggleStarRepo(ctx, "unaccesible")
@ -783,6 +789,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": false,
})
ctx := userAc.DeriveContext(context.Background())
dynamoWrapper.UserDataTablename = badTablename
@ -797,6 +804,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": true,
})
ctx := userAc.DeriveContext(context.Background())
dynamoWrapper.RepoMetaTablename = badTablename
@ -821,6 +829,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": true,
})
ctx := userAc.DeriveContext(context.Background())
dynamoWrapper.UserDataTablename = badTablename
@ -835,6 +844,7 @@ func TestWrapperErrors(t *testing.T) {
userAc.SetGlobPatterns("read", map[string]bool{
"repo": true,
})
ctx := userAc.DeriveContext(context.Background())
err := setBadUserData(dynamoWrapper.Client, userDataTablename, userAc.GetUsername())
@ -911,6 +921,7 @@ func TestWrapperErrors(t *testing.T) {
Convey("unmarshal error", func() {
err := setRepoLastUpdated("repo", []byte("bad-blob"), dynamoWrapper)
So(err, ShouldBeNil)
lastUpdated := dynamoWrapper.GetRepoLastUpdated("repo")
So(lastUpdated, ShouldEqual, time.Time{})
})

6
pkg/meta/dynamodb/iterator.go
View file

@ -59,7 +59,7 @@ func (dii *BaseAttributesIterator) First(ctx context.Context) (types.AttributeVa
}
if len(scanOutput.Items) == 0 {
return nil, nil
return nil, nil //nolint:nilnil
}
dii.itemBuffer = scanOutput.Items
@ -72,7 +72,7 @@ func (dii *BaseAttributesIterator) First(ctx context.Context) (types.AttributeVa
func (dii *BaseAttributesIterator) Next(ctx context.Context) (types.AttributeValue, error) {
if len(dii.itemBuffer) <= dii.currentItemIndex {
if dii.lastEvaluatedKey == nil {
return nil, nil
return nil, nil //nolint:nilnil
}
scanOutput, err := dii.Client.Scan(ctx, &dynamodb.ScanInput{
@ -85,7 +85,7 @@ func (dii *BaseAttributesIterator) Next(ctx context.Context) (types.AttributeVal
// all items have been scanned
if len(scanOutput.Items) == 0 {
return nil, nil
return nil, nil //nolint:nilnil
}
dii.itemBuffer = scanOutput.Items

1
pkg/meta/hooks.go
View file

@ -72,6 +72,7 @@ func OnDeleteManifest(repo, reference, mediaType string, digest godigest.Digest,
if err != nil {
log.Error().Err(err).Str("component", "metadb").
Msg("failed to check if image is a signature or not")
manageRepoMetaSuccessfully = false
}
} else {

12
pkg/meta/meta_test.go
View file

@ -48,11 +48,12 @@ func getManifestDigest(md mTypes.ManifestMeta) string { return md.Digest.String(
func TestBoltDB(t *testing.T) {
Convey("BoltDB creation", t, func() {
boltDBParams := boltdb.DBParameters{RootDir: t.TempDir()}
repoDBPath := path.Join(boltDBParams.RootDir, "meta.db")
defer os.Remove(repoDBPath)
boltDriver, err := boltdb.GetBoltDriver(boltDBParams)
So(err, ShouldBeNil)
defer os.Remove(repoDBPath)
log := log.NewLogger("debug", "")
@ -505,8 +506,6 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
retrievedImgMultiData, err := metaDB.GetImageMeta(imgMulti.Digest())
So(err, ShouldBeNil)
So(imgMulti.AsImageMeta(), ShouldEqual, retrievedImgMultiData)
// set subject on multiarch
})
Convey("GetFullImageMeta", func() {
@ -1378,8 +1377,8 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
ShouldResemble, "digest")
imageMeta, err := metaDB.GetImageMeta(image1.Digest)
fullImageMeta := convert.GetFullImageMeta(tag1, repoMeta, imageMeta)
So(err, ShouldBeNil)
So(fullImageMeta.Signatures["cosign"][0].SignatureManifestDigest, ShouldResemble, "digesttag")
So(fullImageMeta.Signatures["cosign"][0].LayersInfo[0].LayerDigest, ShouldResemble, "layer-digest")
@ -1503,7 +1502,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
certificateContent, err := os.ReadFile(path.Join(
tdir,
"notation/localkeys",
fmt.Sprintf("%s.crt", keyName),
keyName+".crt",
))
So(err, ShouldBeNil)
So(certificateContent, ShouldNotBeNil)
@ -1602,7 +1601,9 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
image3 = CreateRandomImage()
ctx = context.Background()
)
_ = repo3
Convey("Search all repos", func() {
err := metaDB.SetRepoReference(ctx, repo1, tag1, image1.AsImageMeta())
So(err, ShouldBeNil)
@ -1688,6 +1689,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
repoMetaList, err := metaDB.SearchRepos(ctx, "repo") //nolint: contextcheck
So(err, ShouldBeNil)
So(len(repoMetaList), ShouldEqual, 2)
for _, k := range repoMetaList {
So(k.Name, ShouldBeIn, []string{repo1, repo2})
}

3
pkg/meta/parse_test.go
View file

@ -348,6 +348,7 @@ func RunParseStorageTests(rootDir string, metaDB mTypes.MetaDB, log log.Logger)
storeController := storage.StoreController{DefaultStore: imageStore}
manifests := []ispec.Manifest{}
for i := 0; i < 3; i++ {
image := CreateRandomImage() //nolint:staticcheck
@ -389,6 +390,7 @@ func RunParseStorageTests(rootDir string, metaDB mTypes.MetaDB, log log.Logger)
}
}
}
buf, err = json.Marshal(index)
So(err, ShouldBeNil)
@ -429,6 +431,7 @@ func RunParseStorageTests(rootDir string, metaDB mTypes.MetaDB, log log.Logger)
// add mock cosign signature without pushing the signed image
image = CreateRandomImage()
So(err, ShouldBeNil)
signatureTag, err := signature.GetCosignSignatureTagForManifest(image.Manifest)

5
pkg/meta/proto/gen/config.pb.go
View file

@ -7,11 +7,12 @@
package gen
import (
reflect "reflect"
sync "sync"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
const (

5
pkg/meta/proto/gen/descriptor.pb.go
View file

@ -7,10 +7,11 @@
package gen
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
)
const (

5
pkg/meta/proto/gen/index.pb.go
View file

@ -7,10 +7,11 @@
package gen
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
)
const (

5
pkg/meta/proto/gen/manifest.pb.go
View file

@ -7,10 +7,11 @@
package gen
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
)
const (

5
pkg/meta/proto/gen/meta.pb.go
View file

@ -7,11 +7,12 @@
package gen
import (
reflect "reflect"
sync "sync"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
)
const (

5
pkg/meta/proto/gen/versioned.pb.go
View file

@ -7,10 +7,11 @@
package gen
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
)
const (

1
pkg/meta/version/version_test.go
View file

@ -34,6 +34,7 @@ func TestVersioningBoltDB(t *testing.T) {
log := log.NewLogger("debug", "")
boltdbWrapper, err := boltdb.New(boltDriver, log)
defer os.Remove(path.Join(boltDBParams.RootDir, "meta.db"))
So(boltdbWrapper, ShouldNotBeNil)
So(err, ShouldBeNil)

Some files were not shown because too many files have changed in this diff Show more