0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

246 commits

Author SHA1 Message Date
Ramkumar Chinchani
bb53552048 bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-11 19:19:16 -08:00
Ramkumar Chinchani
c0c6b255e1 dependabot-alert: update 'github.com/open-policy-agent/opa'
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-11 19:19:16 -08:00
Ramkumar Chinchani
f66d496257 dependabot-alert: update 'github.com/open-policy-agent/opa'
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-11 15:49:54 -08:00
Ramkumar Chinchani
1e5ea7e09c controller: support rate-limiting incoming requests
helps constraining resource usage and against flood attacks.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-24 12:48:13 -08:00
Ramkumar Chinchani
f251e7af10 update go.mod
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-24 09:15:46 -08:00
Ramkumar Chinchani
9e98b03f55 go.mod: fix GHSA-mvff-h3cj-wj9c
update containerd version

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-07 00:07:10 -08:00
Ramkumar Chinchani
cac7fe4854 storage: use sha256-simd from minio
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-28 22:25:11 -08:00
Ramkumar Chinchani
f011192615 fix Dependabot alert about GHSA-v95c-p5hm-xq8f
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-08 09:02:48 -08:00
Ramkumar Chinchani
e42e42a2cc artifacts: initial support for artifacts/notaryv2 spec
https://github.com/oras-project/artifacts-spec
https://github.com/notaryproject/notaryproject

Fixes issue #264

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-01 18:55:39 -08:00
Petu Eusebiu
fff6107310 Sync prefix can be an exact match or a glob pattern, closes #297
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-29 13:10:13 -08:00
Ramkumar Chinchani
a176bf7e83 go.mod: fix another dependabot alert
GHSA-77vh-xpmg-72qh

pull in upstream github.com/opencontainers/image-spec where this is
fixed.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-11-18 14:32:20 -08:00
Ramkumar Chinchani
528e239e78 go.mod: tidy go.mod
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-11-18 13:16:47 -08:00
Ramkumar Chinchani
bdfbebeb5a dependabot: fix dependabot alerts
Fix GHSA-77vh-xpmg-72qh
Fix GHSA-5j5w-g665-5m35

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-11-18 11:56:50 -08:00
Ramkumar Chinchani
bb537265cc go.mod: upgrade module deps
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-11-17 14:49:22 -08:00
Petu Eusebiu
9c568c0ee2 storage: add s3 backend support (without GC and dedupe)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-15 08:09:00 -08:00
Petu Eusebiu
19003e8a71 Added new extension "sync"
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-21 10:32:46 -07:00
Shivam Mishra
d930adbd49 search: update trivy
trivy updated to v0.20.0
trivy-db updated to bec0c6a
fanal updated to f7efd1b
2021-10-13 16:37:31 -07:00
Ramkumar Chinchani
d69ee3f562 go.mod: update go.mod to fix dependabot alert
https://github.com/advisories/GHSA-c2h3-6mxw-7mvq

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-10-04 14:03:37 -07:00
Shivam Mishra
63fef3e48c search: added graphql api to return repository list with latest tag 2021-09-27 14:36:20 -07:00
Ramkumar Chinchani
0b302d9614 go.mod: update deps to address dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-09-23 13:59:26 -07:00
Ramkumar Chinchani
6f0a73b2a6 go.mod: update umoci dep
There is a performance regression in umoci [1] which is fixed in [2].

References:
[1] https://github.com/opencontainers/umoci/issues/373
[2] https://github.com/opencontainers/umoci/pull/375

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-09-23 10:07:33 -07:00
Petu Eusebiu
609d85d875 Add identity-based access control, closes #51
Add a cli subcommand to verify config files validity
2021-08-30 13:56:27 -07:00
Ramkumar Chinchani
26926ad4c2 go.mod: update modules 2021-08-25 11:51:23 -07:00
Shivam Mishra
53b5fa6493 dedupe: stat blob path before creating link 2021-08-09 09:40:35 -07:00
Petu Eusebiu
1c1e7358f7 Migrate builds from travis to github actions 2021-06-29 13:58:39 -07:00
Shivam Mishra
28974e81dc config: support multiple storage locations
added support to point multiple storage locations in zot by running multiple instance of zot in background.

see examples/config-multiple.json for more info about config.

Closes #181
2021-05-21 10:18:28 -07:00
Shivam Mishra
2cf2c16137 Added graphql api feature for image vulnerability scanning 2020-08-18 22:44:34 -07:00
Shivam Mishra
e537f27f00 Added search extension and integrated trivy to support image vulnerability scanning 2020-08-18 21:03:48 -07:00
Ramkumar Chinchani
324a517ea3 gc: add a policy to skip garbage collecting new blobs
We perform inline garbage collection of orphan blobs. However, the
dist-spec poses a problem because blobs begin their life as orphan blobs
and then a manifest is add which refers to these blobs.

We use umoci's GC() to perform garbage collection and policy support
has been added recently which can control whether a blob can be skipped
for GC.

In this patch, we use a time-based policy to skip blobs.
2020-07-06 15:52:35 -07:00
Tanmay Naik
ad684ac44b cli: add config and images command
Extends the existing zot CLI to add commands for listing all images and
their details on a zot server.
Listing all images introduces the need for configurations.

Each configuration has a name and URL at the least. Check 'zot config
-h' for more details.

The user can specify the URL of zot server explicitly while running the
command or configure a URL and pass it directly.

Adding a configuration:
zot config add aci-zot <zot-url>

Run 'zot config --help' for more.

Listing all images:
zot images --url <zot-url>

Pass a config instead of the url:
zot images <config-name>

Filter the list of images by image name:
zot images <config-name> --name <image-name>

Run 'zot images --help' for all details

- Stores configurations in '$HOME/.zot' file

Add CLI README
2020-07-02 14:30:35 -04:00
Shivam Mishra
85d3e1db4b Changed umoci import path 2020-06-25 17:04:32 -07:00
Ramkumar Chinchani
25f5a45296 dedupe: use hard links to dedupe blobs
As the number of repos and layers increases, the greater the probability
that layers are duplicated. We dedupe using hard links when content is
the same. This is intended to be purely a storage layer optimization.
Access control when available is orthogonal this optimization.

Add a durable cache to help speed up layer lookups.

Update README.

Add more unit tests.
2020-04-03 09:29:12 -07:00
Ramkumar Chinchani
fe471a3c35 gc: fix test cases since umoci GC is more strict
umoci GC enforces a valid index.json and current tests were a little
lax.
2020-03-20 10:58:21 -07:00
Tycho Andersen
95d4a7ce04 zot: run GC after manifest removal
Clients today expect the repo to clean up if there are unused blobs, not to
manually delete things they think are unused. Let's do that, and use
umoci's code to do it since it's tested and works.

v2: also run GC on update as well as delete

v3: fix up error return paths needing two args

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2020-03-20 10:58:21 -07:00
Peter Engelbert
b636ce2da1 Fix auth scope on endpoints without repo name
Resolves #71

Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
2020-01-31 18:04:38 -06:00
Peter Engelbert
268b4088fd Add support for bearer/token auth
New options added to configuration file to reference a public key used
to validate authorization tokens signed by an auth server with
corresponding private key.

Resolves #24

Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
2020-01-27 12:42:23 -06:00
Ramkumar Chinchani
5f71b764fc go.mod: update json-iterator
older versions of json-iterator appear to have an issue with maps.

We are most certainly hitting this panic with maps.
https://github.com/anuvu/zot/blob/master/pkg/api/routes.go#L898

On the json-iterator/go side,
   json-iterator/go@acfec88
   json-iterator/go#388
2020-01-07 14:04:01 -08:00
Josh Dolitsky
271b916a26 feat(compliance): Add JSON output option
This adds a new --json flag to the compliance subcommand, which
will output the compliance test results as minified JSON to stdout.

Also a few other small additions:
- Exit 1 if compliance tests fail
- Use random port for test server using freeport library (added)

Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
2019-12-13 14:57:51 -06:00
Ramkumar Chinchani
7779188a9c ldap: pull in external library code so go modules are in control
1) github.com/jtblin/go-ldap-client is an abandoned project and not keeping
up with go modules, so pull that code in (single file, BSD license)

2) minor refactor ldap as a result of 1)

3) update go.mod
2019-12-11 14:17:06 -08:00
Ramkumar Chinchani
9ae9e40b67 log: improve logging
- add a panic recovery handler
        - add logs on unexpected error paths
        - use logger's panic method
2019-11-26 14:18:20 -08:00
Tycho Andersen
5df6b36a78 update deps
I just did a fresh 'make' of zot, and it generated these changes to go.mod
and go.sum; let's include them.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2019-10-15 15:38:40 -06:00
Ramkumar Chinchani
6295e0c91e auth: add LDAP support
fixes #23
2019-09-20 11:54:49 -07:00
Ramkumar Chinchani
322190de1e coverage: add unit test cases 2019-09-18 13:29:16 -07:00
Ramkumar Chinchani
10199457b4 auth: allow for world-readable deployment mode 2019-08-28 15:39:49 -07:00
Ramkumar Chinchani
066bf1b9eb router: move to gorilla/mux to support multiple name path components 2019-07-10 18:22:20 -07:00
Ramkumar Chinchani
9d4e8b4594 zot: initial commit 2019-06-21 15:29:19 -07:00