Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Code Issues Activity
455 commits 7 branches 108 tags 208 MiB
Commit graph

133 commits

Author SHA1 Message Date
Shivam Mishra
0dd00e7883 fix extension endpoints 
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-05-25 13:46:43 -07:00
Ramkumar Chinchani
6b841809e3 fix CVE-2022-29173/GHSA-66x3-6cw3-v5gj 
https://github.com/project-zot/zot/security/dependabot/16

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-25 11:34:24 -07:00
Shivam Mishra
dcdeb935fd use zot as an extension name, ext as a component and search as a module 
add endpoints field in ext discover api

distribution spec extension discover api has endpoints field required.

https://github.com/opencontainers/distribution-spec/blob/main/extensions/_oci.md#extensions-property-descriptions

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-05-24 19:12:40 -07:00
Petu Eusebiu
5e22acbbc4 s3: added logic for deduping blobs 
Because s3 doesn't support hard links we store duplicated blobs
as empty files. When the original blob is deleted its content is
moved to the the next duplicated blob and so on.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-24 17:00:10 -07:00
Shivam Mishra
36c9631000 ext: use distribution spec route prefix for extension api 
Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-05-22 16:35:16 -07:00
laurentiuNiculae
7d8af50aec mocked tests for routes 
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-05-20 13:27:09 -07:00
Petu Eusebiu
7c3a8f9d07 Report unknown keys when parsing configuration files 
Report missing mandatory ldap keys

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-16 14:13:31 -07:00
laurentiuNiculae
bb95af5b4d default policy only authorization 
unit tests for manifest integrity when updating

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-05-03 11:46:55 -07:00
Alex Stan
d325c8b5f4 Fix problems signaled by new linter version v1.45.2 
PR (linter: upgrade linter version #405) triggered lint job which failed
with many errors generated by various linters. Configurations were added to
golangcilint.yaml and several refactorings were made in order to improve the
results of the linter.

maintidx linter disabled

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
 2022-04-27 09:55:44 -07:00
Andreea-Lupu
5e35dfa28f make gc periodic 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2022-04-18 10:25:29 -07:00
Petu Eusebiu
4e20ab8a5d go.mod: update dependencies 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-04-15 10:31:37 -07:00
Andreea-Lupu
9454c77be2 make scrub inline and periodic 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2022-04-01 13:38:24 -07:00
Alexei Dodon
ad519e2d3e Leave zot repositories in a consistent state after zot hits fd limit closes #359 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2022-03-31 13:25:15 -07:00
Petu Eusebiu
be910cf01c lint: Move out config reloader context from controller struct 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-24 10:50:01 -07:00
Petu Eusebiu
353b0c6034 Move api constants in separate 'constants' package to avoid circular imports 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-24 10:50:01 -07:00
Petu Eusebiu
6d04ab3cdc sync: support reloading sync config when the config file changes 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-18 11:24:11 -07:00
laurentiuNiculae
63d94d4ac5 Update dist-spec version automatically 
Warning if config has wrong dist-spec version

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-03-14 10:24:03 -07:00
Shivam Mishra
b8010e1ee4 routes: changes required to do browser authentication 
whenever we make a request that contains header apart from CORS allowed header, browser sends a preflight request
and in response accept *Access-Control-Allow-Headers*.

preflight request is in form of OPTIONS method, added new http handler func to set headers
and returns HTTP status ok in case of OPTIONS method.

in case of authorization, request contains authorization header
added authorization header in Access-Control-Allow-Headers list

added AllowOrigin field in HTTPConfig this field value is set to Access-Control-Allow-Origin header and will give zot adminstrator to limit incoming request.

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-03-08 17:42:54 -08:00
Eng Zer Jun
0d77b60de7 test: use T.TempDir to create temporary test directory 
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-03-07 12:28:49 -08:00
Ramkumar Chinchani
4be2652085 conformance: fix cross-mount behavior when 'from' is missing 
fixes issue #442

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-04 17:24:50 -08:00
Ramkumar Chinchani
95e4b2054b upgrade module deps 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-04 13:10:58 -08:00
Ramkumar Chinchani
8db3e1b192 CVE-2022-23649: fix dependabot alert 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-02 12:01:14 -08:00
Ramkumar Chinchani
3ada6af0de tls: set min version to 1.2 and restrict cipher suites 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-02 10:03:50 -08:00
Ramkumar Chinchani
38a110314b gc: add a gcDelay param 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-14 14:03:22 -08:00
Ramkumar Chinchani
b2c8533719 test: fix ldap unit tests 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-09 14:48:34 -08:00
Alexei Dodon
47c9b6244e Added config enable=true/false for extensions with default value as enabled closes #258 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2022-02-09 09:53:49 -08:00
Ramkumar Chinchani
730fe70f2f coverage: improve code coverage 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-09 07:42:15 -08:00
Ramkumar Chinchani
d2aa016cdb storage: flush/sync contents to disk on file close 
Behavior controlled by configuration (default=off)
It is a trade-off between performance and consistency.

References:
[1] https://github.com/golang/go/issues/20599

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-07 12:08:01 -08:00
Petu Eusebiu
f89925fb27 sync: periodically retry if on-demand fails inline, closes #281 
sync: don't return error on sync signatures, just skip them, closes #375
sync: sync signatures on demand
sync on demand: in case of parallel requests pull image just once, closes #344

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-02-07 09:04:13 -08:00
Ramkumar Chinchani
87084f286b storage: improve/fix oci image validation 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-02 13:31:41 -08:00
Petu Eusebiu
a0e65379c8 sync: for a prefix, allow multiple registries as a list instead of only one, closes #343 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-02-01 09:45:09 -08:00
Ramkumar Chinchani
45fe129c63 notaryv2: fix 'notation list' 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-01-31 14:33:21 -08:00
Ramkumar Chinchani
e0a1a82890 coverage: add failure injection framework 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-01-28 08:56:00 -08:00
Ramkumar Chinchani
1e5ea7e09c controller: support rate-limiting incoming requests 
helps constraining resource usage and against flood attacks.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-01-24 12:48:13 -08:00
Petu Eusebiu
4f825a5e2f [Identity-based Authorization] Add an option to specify a global policy for all repositories 
using regex.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-01-07 10:55:20 -08:00
Ramkumar Chinchani
8183e1467c lint: some more linter-related cleanup 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-23 22:01:40 -08:00
Ramkumar Chinchani
ac3801ea2d lint: upgrade golangci-lint 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-20 17:20:35 -08:00
Andreea-Lupu
c61c3836db implement scrub to check manifest/blob integrity 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2021-12-09 11:18:09 -08:00
Petu Eusebiu
627cb97ef1 Add wait group for graceful shutdown, closes #302 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-12-08 10:04:52 -08:00
Petu Eusebiu
63a75216ed sync: allow for saving to a subpath, closes #307 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-12-07 10:13:20 -08:00
Ramkumar Chinchani
96226af869 move references to zotregistry.io and project-zot 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-05 10:52:27 -08:00
Ramkumar Chinchani
e42e42a2cc artifacts: initial support for artifacts/notaryv2 spec 
https://github.com/oras-project/artifacts-spec
https://github.com/notaryproject/notaryproject

Fixes issue #264

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-01 18:55:39 -08:00
Alexei Dodon
f99fa37623 ci/cd: unit test hangs for a long time intermittently closes #286 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2021-11-29 14:07:49 -08:00
Ramkumar Chinchani
5f8f61407e routes: fix CheckManifest to return content length 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-11-23 14:09:36 -08:00
Alexei Dodon
e900b09cfb Fix data races in tests, closes #255 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2021-11-17 13:23:59 -08:00
Petu Eusebiu
5c07e19c8d Changed sync behaviour, it used to copy images over http interface 
now it copies to a local cache and then it copies over storage APIs

- accept all images with or without signatures
- disable sync writing to stdout
- added more logs
- fixed switch statement in routes
- fixed enabling sync multiple times for storage subpaths

closes #266

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-15 09:32:43 -08:00
Petu Eusebiu
9c568c0ee2 storage: add s3 backend support (without GC and dedupe) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-15 08:09:00 -08:00
Alexei Dodon
8e4d828867 Implement an API for performance monitoring 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2021-11-12 11:14:10 -08:00
Ramkumar Chinchani
8f3d7d3719 swagger: rename 'docs/' to 'swagger/' 
Use 'docs/' for zot-related documentation.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-10-21 13:46:14 -07:00
Petu Eusebiu
19003e8a71 Added new extension "sync" 
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-10-21 10:32:46 -07:00