Fixes#3005
Previously, changing a image's media-type was disallowed.
However, "docker buildx" appears to first push an image manifest and
then an image index for the same image tag. So, allow this.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* feat: rework token auth to allow ED25519/EC public keys
Signed-off-by: evanebb <git@evanus.nl>
* fix: shadow err variable to hopefully avoid data race
Signed-off-by: evanebb <git@evanus.nl>
* fix: apply golangci-lint feedback
Signed-off-by: evanebb <git@evanus.nl>
* fix: simplify public key loading by only supporting certificates, fixes ED25519 certificate handling
Signed-off-by: evanebb <git@evanus.nl>
* test: add golang-jwt based test auth server and test RSA/EC/ED25519 keys
Signed-off-by: evanebb <git@evanus.nl>
* fix: restrict allowed signing algorithms as recommended by library
Signed-off-by: evanebb <git@evanus.nl>
* test: add more bearer authorizer tests
Signed-off-by: evanebb <git@evanus.nl>
* fix: apply more golangci-lint feedback
Signed-off-by: evanebb <git@evanus.nl>
* test: ensure chmod calls run on test failure for authn errors test
Signed-off-by: evanebb <git@evanus.nl>
* fix: verify issued-at in given token if present
Pulls the validation in-line with the old library
Signed-off-by: evanebb <git@evanus.nl>
---------
Signed-off-by: evanebb <git@evanus.nl>
* feat: show more error information in zb output
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore(ci): gc stress tests to save logs as artifacts
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore: add benchmark results to job summaries
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: count and show zb errors
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* ci: fix the flaky coverage of the redis logger
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(htpasswd): move htpasswd processing to a helper struct and add reload
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
* feat(htpasswd): use dedicated fsnotify reloader for htpasswd file
- rewrite htpasswd watcher not to store context
- improve logging
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
* feat(htpasswd): add htpasswd reload test
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
---------
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
fix: Update AWS DynamoDB permission list, and correct issues in DynamoDB examples
Note DeleteTable is only used for the zot tests, should not be needed in production
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: update download counters for docker media types
closes#2929
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: handle docker config mediatype in MetaDB
The OS/Arch/Layer History information was not written to MetaDB
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat: add redis cache support
https://github.com/project-zot/zot/pull/2005
Fixes https://github.com/project-zot/zot/issues/2004
* feat: add redis cache support
Currently, we have dynamoDB as the remote shared cache but ideal only
for the cloud use case.
For on-prem use case, add support for redis.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* feat(redis): added blackbox tests for redis
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
* feat(redis): dummy implementation of MetaDB interface for redis cache
Signed-off-by: Alexei Dodon <adodon@cisco.com>
* feat: check validity of driver configuration on metadb instantiation
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat: multiple fixes for redis cache driver implementation
- add missing method GetAllBlobs
- add redis cache tests, with and without mocking
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): redis implementation for MetaDB
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): use redsync to block concurrent write access to the redis DB
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): update .github/workflows/cluster.yaml to also test redis
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(metadb): add keyPrefix parameter for redis and remove unneeded method meta.Crate()
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): support RedisCluster configuration and add unit tests
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): more tests for redis metadb implementation
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): add more examples and update examples/README.md
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): move option parsing and redis client initialization under pkg/api/config/redis
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore(cachedb): move Cache interface to pkg/storage/types
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): reorganize code in pkg/storage/cache.go
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): call redis.SetLogger() with the zot logger as parameter
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): rename pkg/meta/redisdb to pkg/meta/redis
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Signed-off-by: Alexei Dodon <adodon@cisco.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: a <a@tuxpa.in>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
Co-authored-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Alexei Dodon <adodon@cisco.com>
GHSA-c9p4-xwr9-rfhx
authN/authZ creds are added to the request context so that they can be
tracked and enforced in the various subsystems. However, it was
previously a appended list (incorrectly); consequently, even if the user
has been removed from the group configuration, the user could still
log in.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* chore(dynamodb): refactor multiple apikey metadb calls into a single one
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix(metadb): wrong error message in PatchDB() implementation
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix(headers): set Cross-Origin-Resource-Policy header for UI requests
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* ci: disable stacker tests in ecosystem tools as they do not work on Ubuntu 24
Workaround this:
The Ubuntu 22 github free runner is not powerful enough to run all these tests.
We need a real fix on stacker side
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore: update zui version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* chore: upload zap scan artifacts with different names for different scanned images
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Andrei Aaron <aaaron@luxoft.com>
