Now that we're GCing blobs on delete/update manifest, we should lock the
blob queries so that they don't race with each other.
This is a pretty coarse grained lock, there's probably a better way to do
this.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Clients today expect the repo to clean up if there are unused blobs, not to
manually delete things they think are unused. Let's do that, and use
umoci's code to do it since it's tested and works.
v2: also run GC on update as well as delete
v3: fix up error return paths needing two args
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Previously, CheckManifest() was not checking for repo not found
condition and would default to 500 status code.
Add the check now to return 404.
Fixes issue #74
- that errors be returned a certain way using the new NewErrorList()
method and the string enum constants
- allow for full blob upload without a session with repo name and digest
Fixes issue #67.
As per dist spec, DELETE of a image manifest can only be done with
digest as <reference> param. Previously, tags were being allowed as
well. This is not conformant to the spec.
New options added to configuration file to reference a public key used
to validate authorization tokens signed by an auth server with
corresponding private key.
Resolves#24
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
dist-spec community is now maintaining its own conformance suite hosted
at https://oci.bloodorange.io which over time will be more complete.
This makes zot's compliance cli superfluous. Hence, deprecating the cli.
However, we keep the unit tests itself though.
dist-spec compliance tests are now becoming a part of dist-spec repo
itself - we want to be compliant
pkg/api/regex.go:
* revert uppercasing in repository names
pkg/api/routes.go:
* ListTags() should support the URL params 'n' and 'last'
for pagination
* s/uuid/session_id/g to use the dist-spec's naming
* Fix off-by-one error in GetBlobUpload()'s http response "Range" header
* DeleteManifest() success status code is 202
* Fix PatchBlobUpload() to account for "streamed" use case
where neither "Content-Length" nor "Content-Range" headers are set
pkg/storage/storage.go:
* Add a "streamed" version of PutBlobChunk() called PutBlobChunkStreamed()
pkg/compliance/v1_0_0/check.go:
* fix unit tests to account for changed response status codes
We are noticing that LDAP connectivity issues and timeouts can affect
authN behavior from client side (which can timeout as well).
Instead, put local authN first so at least we have a reliable authN
method.
But, the caveat is that it is best if the local and LDAP user list
doesn't overlap.
zot ci/cd tests are too stict, so separate and relax them for compliance
tests.
Location header is set in some cases, but some clarification is needed
in URL construction.
Fix some incorrect compliance tests.
"mount blob" was the only feature we didn't handle.
We don't fully support it yet because we don't have access control
support, but at least handle it and return something sane to remain
compliant.
