New examples of running tests:
1. To run a specific bats file (with and without verbose output):
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats BATS_VERBOSITY=2
2. To run the CI tests (with and without verbose output)
make run-blackbox-ci
make run-blackbox-ci BATS_VERBOSITY=2
BATS_TEST_FILE_PATH is used to pass on the test file to run using `run-blackbox-tests`
BATS_VERBOSITY controls the verbosity of the bats framework output, if unspecified the output only
contains test results and failure message in case of failures.
If BATS_VERBOSITY is 1, then also show commands as they are executed.
If BATS_VERBOSITY is 2, on top of the above it also shows output of passed tests.
Other changes in this PR:
- Update some of the tests to show logs after the run ends.
- Run the linters before the tests, as it saves time on failures when running in GH
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
fix(authz): fix isAdmin not using groups to determine if a user is admin.
fix(authz): return 401 instead of 403
403 is correct as per HTTP spec
However authz is not part of dist-spec and clients know only about 401
So this is a compromise.
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
unified both local and s3 ImageStore logic into a single ImageStore
added a new driver interface for common file/dirs manipulations
to be implemented by different storage types
refactor(gc): drop umoci dependency, implemented internal gc
added retentionDelay config option that specifies
the garbage collect delay for images without tags
this will also clean manifests which are part of an index image
(multiarch) that no longer exist.
fix(dedupe): skip blobs under .sync/ directory
if startup dedupe is running while also syncing is running
ignore blobs under sync's temporary storage
fix(storage): do not allow image indexes modifications
when deleting a manifest verify that it is not part of a multiarch image
and throw a MethodNotAllowed error to the client if it is.
we don't want to modify multiarch images
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
1. Show more detailed signature information in zui (signing tool, trusted, author)
2. Rename dex to oidc - on zui side
3. New screen for zot without images loaded
4. Remove 'Vulnerability' string from the vulnerability chips
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below
BREAKING CHANGE: The API keys endpoint has been moved - see details below
BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled
BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey
mgmt and imagetrust extensions:
- separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign
- signature verification logic is in a separate `imagetrust` extension
- better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors)
- add authz on signature uploads (and add a new middleware in common for this purpose)
- remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled
userprefs estension:
- userprefs are enabled if both search and ui extensions are enabled (as opposed to just search)
apikey extension is removed and logic moved into the api folder
- Move apikeys code out of pkg/extensions and into pkg/api
- Remove apikey configuration options from the extensions configuration and move it inside the http auth section
- remove the build label apikeys
other changes:
- move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files.
- add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys
- add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions
- more clear methods for verifying specific extensions are enabled
- fix http methods paired with the UI handlers
- rebuild swagger docs
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Also ignore issues related to https://developer.mozilla.org/en-US/docs/Glossary/Fetch_metadata_request_header
It is not clear what the zap tool expectations are from the zot server, as these headers are supposed to be set by the zot client.
As a separate not ZUI sets these headers, but for some reason the scan expects them when scanning zot minimal without the UI
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
sync now ignores self referencing urls, this will help
in clustering mode where we can have the same config
for multiple zots
closes#1335
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
This change introduces OpenID authn by using providers such as Github,
Gitlab, Google and Dex.
User sessions are now used for web clients to identify
and persist an authenticated users session, thus not requiring every request to
use credentials.
Another change is apikey feature, users can create/revoke their api keys and use them
to authenticate when using cli clients such as skopeo.
eg:
login:
/auth/login?provider=github
/auth/login?provider=gitlab
and so on
logout:
/auth/logout
redirectURL:
/auth/callback/github
/auth/callback/gitlab
and so on
If network policy doesn't allow inbound connections, this callback wont work!
for more info read documentation added in this commit.
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro>
ci(workflow): show disk usage and free up disk space used by unneeded tooling
ci(tests): routes tests: do not copy large images if they are not used later
ci(trivy): update a test: download trivy.db to a temporary folder
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Initial code was contributed by Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com>
Moved implementation from a separate db to repodb by Andrei Aaron <aaaron@luxoft.com>
Not done yet:
- run/test dynamodb implementation, only boltdb was tested
- add additional coverage for existing functionality
- add web-based APIs to toggle the stars/bookmarks on/off
Initially graphql mutation was discussed for the missing API but
we decided REST endpoints would be better suited for configuration
feat(userdb): complete functionality for userdb integration
- dynamodb rollback changes to user starred repos in case increasing the total star count fails
- dynamodb increment/decrement repostars in repometa when user stars/unstars a repo
- dynamodb check anonymous user permissions are working as intendend
- common test handle anonymous users
- RepoMeta2RepoSummary set IsStarred and IsBookmarked
feat(userdb): rest api calls for toggling stars/bookmarks on/off
test(userdb): blackbox tests
test(userdb): move preferences tests in a different file with specific build tags
feat(repodb): add is-starred and is-bookmarked fields to repo-meta
- removed duplicated logic for determining if a repo is starred/bookmarked
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
Co-authored-by: Andrei Aaron <aaaron@luxoft.com>
The zap scanner started to check the csp header, which is causing a warning.
We also need to ignore the rule, as both settings are read by the scanner.
Per https://w3c.github.io/webappsec-csp/#example-7bb4ce67 we can have multiple
Content-Security-Policy headers, and the most restrictive policies apply.
This rule doesn't seem to be applied by zap.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
This is to avoid situations such as https://github.com/project-zot/zot/pull/1150
where an indirect dependency became direct without a corresponding go.mod change
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Update to a zui version with multiarch image support
Also fix some issues with the filtering on the global search page
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Note patch does not mean full support for showing multiarch images in ZUI,
a single architecture is shown, but it fixes the ZUI views which were broken
since #1147
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
(cherry picked from commit 6d03ce5f2d)
Additional changes on top of: 6d03ce5f2d
- Build and use zot from the same branch
do not use a container image as scan target, use the binary
- Fix typo in rules filename
- Add the full rule list to the rules config file
- Ignore some of the specific rules and add reasons
- Add security-related headers to fix some of the issues identified by the scan
- Update UI it includes the latest fixes for zap scan issues
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
Update the default value of the EXTENSIONS variable in the makefile.
Also cleanup binary-ui and other make targets assuming the UI was not included by default.
Enable the ui by default in the zot container image
Swith back to using the distroless images, as c3 only has amd64 images.
Fix updating security events in github (permission issue)
Add an integration test for the UI extension
Rename ui extension files to use _ instead of -
feat(ui): upgrade to zui v2.0.0-rc3
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
(cherry picked from commit d557da0baba819b7cd7e6b5941528776e125ac6d)
build(ui): fix stacker builds
(cherry picked from commit ba25daf02b4a9bc7ee1cb6f84b7a6b096ca7d61f)
build(ui): various fixes
- Fix metrics endpoint
- Fix unit tests unit tests
- Make the ui build optional in the makefile
before the linter lint runs in the golangci-lint workflow
- Do not attempt to include UI routes if search is enabled
- Fix authorization for search endpoint
fix: use zot tag in ui make target
(cherry picked from commit 2a6882fa23f06b2d68c6c299773a6ff50bf90e78)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
Exit code was not corrctly handled because of the pipes/tee,
so the job would not fail if tests were failing. Reverting this for now.
This reverts commit 74013a71af.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Suppose we push two identical manifests (sharing same digest) but with
different tags, then deleting by digest should throw an error otherwise
we end up deleting all image tags (with gc) or dangling references
(without gc)
This behaviour is controlled via Authorization, added a new policy
action named detectManifestsCollision which enables this behaviour
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
Thanks @jdolitsky et al for kicking off these changes at:
https://github.com/oci-playground/zot/commits/main
Thanks @sudo-bmitch for reviewing the patch
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* build: add commit hash to Config at build for proper discovery readme link
* fix: use tag instead of commit hash, add to release build
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
This commit uses native go fuzzing to fuzz test implementations
of storage in storage_fs.
moved fuzzing testdata for storage_fs in separate repo
added make target and script for importing fuzz data and running all fuzz tests
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
We encountered some problems with using the existing folder structure,
but it looks like running the tooling with the latest versions works after
we regenerated the project using 'gql init' and refactoring to separate
the login previously in resolvers.go.
- the autogenerated code is now under the gql_generated folder
- the file resolvers.go now contains only the code which is not
rewritten by the gqlgen framework
- the file schema.resolvers.go is rewritten when gqlgen runs,
and we'll only keep there the actual resolvers matching query names
Changes we observed to schema.resolvers.go when gqlgen runs include
reordering methods, and renaming function parameters to match the
names used in schema.graphql
- we now have a gqlgen.yaml config file which governs the behavior of
gqlgen (can be tweaked to restructure the folder structure of the
generated code in the future)
Looks like the new graphql server has better validation
1 Returns 422 instead of 200 for missing query string - had to update tests
2 Correctly uncovered an error in a test for a bad `%` in query string.
As as result of 2, a `masked` bug was found in the way we check if images are
signed with Notary, the signatures were reasched for with the media type
of the image manifest itself instead of the media type for notation.
Fixed this bug, and improved error messages.
This bug would have also been reproducible with main branch if the bad `%`
in the test would have fixed.
Updated the linter to ignore some issues with the code which is
always rewritten when running:
`go run github.com/99designs/gqlgen@v0.17.13 generate`
Add a workflow to test gqlgen works and has no uncommitted changes
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
This commit adds a new Make target that makes use of go list to show directly
imported packages and used files in a given binary.
This target should be added in all future targets that build binaries, if listing
imported packages and used files is important.
Existing targets were modified to include build-metadata. Also, since build-metadata
depends on EXTENSIONS variable, a dummy tag is used to overwrite the defaults of
this variable in case of minimal-type targets.
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Files were added to be built whether an extension is on or off.
New build tags were added for each extension, while minimal and extended disappeared.
added custom binary naming depending on extensions used and changed references from binary to binary-extended
added automated blackbox tests for sync, search, scrub, metrics
added contributor guidelines
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
PR (linter: upgrade linter version #405) triggered lint job which failed
with many errors generated by various linters. Configurations were added to
golangcilint.yaml and several refactorings were made in order to improve the
results of the linter.
maintidx linter disabled
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
Separated updateDistSpec functionality
Removed rewriting of config when distSpecVersion was wrong
Build zot artifacts for multiple os and arch.
[linux, amd64] - common case
[linux, arm64] - raspberry pi
[darwin, amd64] - Intel-based macs
[darwin, arm64] - Arm-based macs
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Behavior controlled by configuration (default=off)
It is a trade-off between performance and consistency.
References:
[1] https://github.com/golang/go/issues/20599
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
