0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

14 commits

Author SHA1 Message Date
LaurentiuNiculae
3be690c2ac
feat(userpreferences): update allowed methods header for user preferences routes (#1430)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-05-10 10:09:53 -07:00
peusebiu
4d0bbf1e00
fix(mgmt): skip bearer authn for mgmt route (#1267)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-03-16 12:02:59 -07:00
peusebiu
f04e66a5e2
feat(mgmt): added mgmt extension which returns current zot configuration (#1198)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-03-09 10:43:26 -08:00
Lisca Ana-Roberta
336526065f
feat(groups)!: added "groups" mechanism for authZ (#1123)
BREAKING CHANGE: repository paths are now specified under a new config key called "repositories" under "accessControl" section in order to handle "groups" feature. Previously the repository paths were specified directly under "accessControl".

This PR adds the ability to create groups of users which can be used for authZ policies, instead of just users.

{
"http": {
   "accessControl": {
       "groups": {

Just like the users, groups can be part of repository policies/default policies/admin policies. The 'groups' field in accessControl can be missing if there are no groups. The permissions priority is user>group>default>admin policy, verified in this order (in authz.go), and permissions are cumulative. It works with LDAP too, and the group attribute name is configurable. The DN of the group is used as the group name and the functionality is the same. All groups for the given user are added to the context in authn.go. Repository paths are now specified under a new keyword called "repositories" under "accessControl" section in order to handle "groups" feature.

Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>
2023-03-08 11:47:15 -08:00
Andrei Aaron
38b00e3507
chore(lint): gci to separate zot from other imports (#870)
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-20 09:39:20 -07:00
Nicol
33a431ef43
Update go version to 1.19 (#829)
* ci: Update go version to 1.19

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Fix lint issues

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Added needprivileges to lint, made needprivileges pass lint

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-05 13:21:14 +03:00
slab713
8ffb053cec
Replaced deprecated io/ioutil functions (#768)
Signed-off-by: slab713 <109306207+slab713@users.noreply.github.com>
2022-09-02 15:56:02 +03:00
Nicol Draghici
a702a2377e Remove AllowReadOnly and ReadOnly
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Remove check and set header every time

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2022-08-10 14:27:21 -07:00
Shivam Mishra
b8010e1ee4 routes: changes required to do browser authentication
whenever we make a request that contains header apart from CORS allowed header, browser sends a preflight request
and in response accept *Access-Control-Allow-Headers*.

preflight request is in form of OPTIONS method, added new http handler func to set headers
and returns HTTP status ok in case of OPTIONS method.

in case of authorization, request contains authorization header
added authorization header in Access-Control-Allow-Headers list

added AllowOrigin field in HTTPConfig this field value is set to Access-Control-Allow-Origin header and will give zot adminstrator to limit incoming request.

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-03-08 17:42:54 -08:00
Ramkumar Chinchani
ac3801ea2d lint: upgrade golangci-lint
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-20 17:20:35 -08:00
Ramkumar Chinchani
96226af869 move references to zotregistry.io and project-zot
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-05 10:52:27 -08:00
Petu Eusebiu
19003e8a71 Added new extension "sync"
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-21 10:32:46 -07:00
Petu Eusebiu
62e724532a Check if auth config is provided when using access control 2021-09-14 12:55:21 -07:00
Petu Eusebiu
609d85d875 Add identity-based access control, closes #51
Add a cli subcommand to verify config files validity
2021-08-30 13:56:27 -07:00
Renamed from pkg/api/auth.go (Browse further)