UI can now make use of OCI artifacts and references using `Referrers` gQL query.
It returns a list of descriptors that refer on their `subject` field to another
digest.
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Suppose we push two identical manifests (sharing same digest) but with
different tags, then deleting by digest should throw an error otherwise
we end up deleting all image tags (with gc) or dangling references
(without gc)
This behaviour is controlled via Authorization, added a new policy
action named detectManifestsCollision which enables this behaviour
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
Thanks @jdolitsky et al for kicking off these changes at:
https://github.com/oci-playground/zot/commits/main
Thanks @sudo-bmitch for reviewing the patch
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
- Digests were represented by different ways
- We needed a uniform way to represent the digests and enforce a format
- also replace usage of github.com/google/go-containerregistry/pkg/v1
with github.com/opencontainers/image-spec/specs-go/v1
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
(cherry picked from commit 96b2f29d6d57070a913ce419149cd481c0723815)
(cherry picked from commit 3d41b583daea654c98378ce3dcb78937d71538e8)
Co-authored-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
The lastUpdated field was picked from the first entry in image history
Now it is the created time of the image, or the last entry in
image history, if created time is unavailable
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
Return this data as part of GlobalSearch and RepoListWithNewestImage
query results.
This commit also includes refactoring of the CVE scanning logic in
order to better encapsulate trivy specific logic, remove CVE scanning
logic from the graphql resolver.
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
* list all images that are base images for the given image + zli command
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
* Fix a failing test
The test expected the image size to be the size of the layer, not the manifest+config+layer
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
Co-authored-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
- AccessControlContext now resides in a separate package from where it can be imported,
along with the contextKey that will be used to set and retrieve this context value.
- AccessControlContext has a new field called Username, that will be of use for future
implementations in graphQL resolvers.
- GlobalSearch resolver now uses this context to filter repos available to the logged user.
- moved logic for uploading images in tests so that it can be used in every package
- tests were added for multiple request scenarios, when zot-server requires authz
on specific repos
- added tests with injected errors for extended coverage
- added tests for status code error injection utilities
Closes https://github.com/project-zot/zot/issues/615
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
- replace dependency of tagsInfo and repoInfo with a list of manifests, since it provides
all the needed data
- Mock tests added
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
ImageListWithLatestTag currently returns a list of ImageInfo objects.
It needs to return consistent results with the API used for Global search as the same information will be used by the UI in the same type or cards.
So we need to update RepoSummary to include the data which right now is present in ImageInfo, but missing from RepoSummary (information on the latest tag in that specific repo).
Will update return type of ImageListWithLatestTag in a later PR (issue tracked in a separate GH issue)
Closes#666
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
Multiple go routines downloading trivy db
triggers data race on trivy internal db.Path().
In each go routine wait for db download to start.
closes#636
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Files were added to be built whether an extension is on or off.
New build tags were added for each extension, while minimal and extended disappeared.
added custom binary naming depending on extensions used and changed references from binary to binary-extended
added automated blackbox tests for sync, search, scrub, metrics
added contributor guidelines
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
reuqest url also contains query parameter due to this in some scenarios
location header is setting up incorrectly, strip query parameter from
request url to correctly setup location header.
Closes#573#575
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
PR (linter: upgrade linter version #405) triggered lint job which failed
with many errors generated by various linters. Configurations were added to
golangcilint.yaml and several refactorings were made in order to improve the
results of the linter.
maintidx linter disabled
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Behavior controlled by configuration (default=off)
It is a trade-off between performance and consistency.
References:
[1] https://github.com/golang/go/issues/20599
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>