0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

131 commits

Author SHA1 Message Date
Alexei Dodon
e900b09cfb Fix data races in tests, closes #255
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-11-17 13:23:59 -08:00
Petu Eusebiu
5c07e19c8d Changed sync behaviour, it used to copy images over http interface
now it copies to a local cache and then it copies over storage APIs

- accept all images with or without signatures
- disable sync writing to stdout
- added more logs
- fixed switch statement in routes
- fixed enabling sync multiple times for storage subpaths

closes #266

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-15 09:32:43 -08:00
Petu Eusebiu
9c568c0ee2 storage: add s3 backend support (without GC and dedupe)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-15 08:09:00 -08:00
Alexei Dodon
8e4d828867 Implement an API for performance monitoring
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-11-12 11:14:10 -08:00
Alexei Dodon
f76c76c2e6 Added a timeout option in db cache lock, closes #242
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-10-27 12:43:50 -07:00
Alexei Dodon
d8aa5b8bf3
Fixing ValidateHardLink, closes #256 (#257)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-10-27 20:03:26 +03:00
Petu Eusebiu
f7ae491d22 Fix data race in sync tests
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-25 10:50:05 -07:00
Ramkumar Chinchani
8f3d7d3719 swagger: rename 'docs/' to 'swagger/'
Use 'docs/' for zot-related documentation.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-10-21 13:46:14 -07:00
Petu Eusebiu
19003e8a71 Added new extension "sync"
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-21 10:32:46 -07:00
Shivam Mishra
d930adbd49 search: update trivy
trivy updated to v0.20.0
trivy-db updated to bec0c6a
fanal updated to f7efd1b
2021-10-13 16:37:31 -07:00
Petu Eusebiu
7d077eaf5a Added storage interface 2021-10-11 17:38:46 -07:00
Petu Eusebiu
20f4051446 Clean blob uploads when clients interrupts uploading, closes #225 2021-10-08 14:55:57 -07:00
Shivam Mishra
63fef3e48c search: added graphql api to return repository list with latest tag 2021-09-27 14:36:20 -07:00
Ramkumar Chinchani
008d382446 authn: serialize ldap authn calls
Some LDAP servers are not MT-safe in that when searches happen with binds
in flight leads to errors such as:
"comment: No other operations may be performed on the connection while a
bind is outstanding"

Add goroutine-id in logs to help debug MT bugs.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-09-20 10:24:07 -07:00
Petu Eusebiu
62e724532a Check if auth config is provided when using access control 2021-09-14 12:55:21 -07:00
Petu Eusebiu
609d85d875 Add identity-based access control, closes #51
Add a cli subcommand to verify config files validity
2021-08-30 13:56:27 -07:00
Ramkumar Chinchani
26926ad4c2 go.mod: update modules 2021-08-25 11:51:23 -07:00
Shivam Mishra
c6670b1329 api: implement delete by tag 2021-08-23 17:30:41 -07:00
Roxana Nemulescu
fed5c09b71 TLS certs in CLI client
resolve #194
2021-08-16 23:42:21 -07:00
Ramkumar Chinchani
63b88d0e57 pkg/storage: fix partially initialized repo storage
Thanks shimish2 for the unit test.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-08-09 23:19:20 -07:00
Shivam Mishra
53b5fa6493 dedupe: stat blob path before creating link 2021-08-09 09:40:35 -07:00
Ramkumar Chinchani
f10c174c0e routes: add Content-Type header for HEAD manifest response
With recent docker client-side changes, on 'docker pull' we see:
"Error response from daemon: missing or empty Content-Type header"

Hence, set Content-Type header.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-07-23 10:00:32 -07:00
Shivam Mishra
af30c06aff api: use blob cache path while making hard link
previously mount blob will look for blob that is provided in http request and try to hard link that path
but ideally we should look for path from our cache and do the hard link of that particular path.
this commit does the same.
2021-06-30 01:42:21 -07:00
Petu Eusebiu
3a59b9f487 Use freeport to get ports for zot servers in tests 2021-06-29 13:58:39 -07:00
Andrei Aaron
792e82cbdf Add an 'enable' flag in the server configuration to enable gql-based searches
"extensions": {
        "search": {
            "enable": true
        }
    }
2021-06-24 12:15:25 -07:00
Andrei Aaron
c1dd7878e4 Add a '--verbose' flag to the 'zot images' output
- Show individual layers with size and digest under each image
- Include config digest for each image

See example below
```
IMAGE NAME                        TAG                       DIGEST    CONFIG    LAYERS    SIZE
test/godev                        0.4.7                     7d38d8ca  05b9f86e            519MB
                                                                                f824a027  65MB
                                                                                a98af0f5  52MB
                                                                                ba5b2bc4  163MB
                                                                                58b1ca8d  228MB
                                                                                67d798ee  12MB
test/cdev                         test                      2292b4ae  cf6f6c77            280MB
                                                                                f824a027  65MB
                                                                                a98af0f5  52MB
                                                                                ba5b2bc4  163MB
test/cdev                         0.4.7                     2292b4ae  cf6f6c77            280MB
                                                                                f824a027  65MB
                                                                                a98af0f5  52MB
                                                                                ba5b2bc4  163MB

Note the new layers and config fields will be visible in the json/yaml format regardless of the value of the verbose flag
```
2021-06-24 12:15:25 -07:00
Andrei Aaron
519ea75d9a Implement a way to search for an image by manifest, config or layer digest
```
Usage:
  zot images [config-name] [flags]

Flags:
  -d, --digest string   List images containing a specific manifest, config, or layer digest
[...]
```
2021-06-24 12:15:25 -07:00
Roxana Nemulescu
97628e69c9 logs: add an audit log for API calls with unit tests
resolves #178
2021-06-24 10:53:27 -07:00
Shivam Mishra
28974e81dc config: support multiple storage locations
added support to point multiple storage locations in zot by running multiple instance of zot in background.

see examples/config-multiple.json for more info about config.

Closes #181
2021-05-21 10:18:28 -07:00
Ramkumar Chinchani
9ca6eea940 routes: ignore media-type for PatchBlobUpload
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-05-19 10:53:49 -07:00
Ramkumar Chinchani
8f729820f5 controller: add default headers
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-05-10 12:47:53 -07:00
Shivam Mishra
cf25c6f3c8 ci/cd:inculde binary type in version information 2021-05-04 13:16:23 -07:00
Shivam Mishra
a7c17b7c16 spec: added support for mount request using hard link 2021-05-04 09:42:29 -07:00
Ramkumar Chinchani
f7829d6470 dedupe: optimize check-blob with hard links
In use cases, when there are large images with shared layers across
repositories, clients may benefit from not re-uploading the same blobs
over and over again.

We ensure this by hard linking when check-blob api is called.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-05-04 09:42:29 -07:00
Shivam Mishra
3c88102870 server: add idle timeout in http server configuration 2021-04-29 11:00:12 -07:00
Shivam Mishra
2b7b57313a conformance: fix http status code for cross-repository mounting 2021-01-29 09:35:15 -08:00
Shivam Mishra
9969ba0867 conformance: update README to display conformance results 2021-01-28 15:50:36 -08:00
Ramkumar Chinchani
affdd85986 build: remove bazel
The idea initially was to use bazel to do our builds, however golang
build system is now good enough and our code base is entirely go.
It is also slowing down our travis ci/cd pipeline.
2020-12-21 15:30:13 -08:00
Shivam Mishra
8787142d2c test: pull test images from aws container registry 2020-12-21 15:24:26 -08:00
Ionut Costin Craciun
dad884ddeb Raise error when adding a new zot config with an existed saved name 2020-11-04 10:25:34 +02:00
Shivam Mishra
b0ed625a2e build: increase wait timeout for travis bazel build process 2020-10-27 19:30:06 -07:00
Shivam Mishra
46beb30fc1 build: add build tags to create customizable binaries 2020-10-22 17:20:07 -07:00
Shivam Mishra
7439feb1c2 build: set timeout in travis make build process to avoid timeout failure 2020-10-18 20:55:17 -07:00
Shivam Mishra
14214a5794 test: add unit test to verify lock changes 2020-10-16 14:58:45 -07:00
Ramkumar Chinchani
386c72d332 routes: refactor locks to handle large file uploads
The storage layer is protected with read-write locks.
However, we may be holding the locks over unnecessarily large critical
sections.

The typical workflow is that a blob is first uploaded via a per-client
private session-id meaning the blob is not publicly visible yet. When
the blob being uploaded is very large, the transfer takes a long time
while holding the lock.

Private session-id based uploads don't really need locks, and hold locks
only when blobs are published after the upload is complete.
2020-10-16 13:33:11 -07:00
Shivam Mishra
25ad71787a test: minimize trivy db download tests to avoid api rate limit 2020-10-15 14:32:37 -07:00
Shivam Mishra
8075eadc1a test: add wait for trivy db download in test case 2020-10-02 16:47:54 -07:00
Shivam Mishra
971404f6ee search/cve: fix log messages 2020-09-23 12:47:50 -07:00
Shivam Mishra
d63f715fe5 search/cve: exclude unsupported images from fixed-tag list.
If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list.

Fixes issue #130
2020-09-22 09:24:04 -07:00
Shivam Mishra
cd0206fe6c Fixes issue #132, if image does not have any fixed tags, empty list with no error should be returned 2020-09-08 16:41:06 -07:00