0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

859 commits

Author SHA1 Message Date
Ramkumar Chinchani
917159143c
chore: fix dependabot alerts (#1312)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-27 12:16:29 -07:00
Ramkumar Chinchani
e54c36db12
chore(go.mod): fix dependabot alerts (#1305)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-25 22:43:36 +02:00
Nicol
ceda13c24e
chore(deps): remove unused package pkg/extensions/search/digest (#1298)
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2023-03-24 14:32:02 +02:00
Lisca Ana-Roberta
5c76c11bb2
fix(cve): blackbox cve tests now verifying actual cves (#1300)
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>
2023-03-23 11:11:29 -07:00
LaurentiuNiculae
91e14bee00
fix(loadrepodb): statistics are now preserved after reloading zot (#1289)
- before, the download count for a manifest and repo star count were lost after reload

- now we are keeping these values when we reset the repo-meta structure

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-23 11:08:11 -07:00
Ramkumar Chinchani
906f8ce621
chore(deps): fix dependabot alerts (#1291)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-22 12:33:21 -07:00
LaurentiuNiculae
f8a77bc42f
feat(search): update search pattern matching rules (#1257)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-22 10:31:53 -07:00
Andrei Aaron
fb85c8678c
feat(ui): update zui to a version which leverages the referrers on ImageSummary (#1293)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-03-22 10:16:35 -07:00
Lisca Ana-Roberta
5f026d2e80
fix(trivy): consistent coverage for reset method + longer wait time between retries (#1272)
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>
2023-03-22 09:52:48 -07:00
peusebiu
a2c34808a5
fix(http): fix GET requests to use 'Accept' header (#1288)
use 'Accept' header instead of 'Content-Type'
use 'Authorization' header only if we have credentials

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-03-21 10:27:49 -07:00
Andrei Aaron
c91d4a0308
feat(ui): upgrade to zui supporting cve search for a specific image (#1290)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-03-21 10:25:59 -07:00
Andrei Aaron
4939ca3300
ci(go.mod): verify go.mod and go.sum don't have uncommitted changes after go mod tidy (#1287)
This is to avoid situations such as https://github.com/project-zot/zot/pull/1150
where an indirect dependency became direct without a corresponding go.mod change

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-03-21 10:25:13 -07:00
LaurentiuNiculae
21b7c69fd9
feat(cli): updated display format for multiarch images (#1268)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-21 10:16:00 -07:00
LaurentiuNiculae
0036d6dd09
test(referrers): add test for getting referrers for a image index, multiarch-image, using gql (#1282)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-21 15:10:50 +02:00
Nicol
0842b02181
feat: cleanup error msgs (#1273)
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2023-03-20 12:42:36 -07:00
LaurentiuNiculae
ddbb56178e
fix(errors): remove direct dependency on 'github.com/pkg/errors' (#1275)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-20 09:34:04 -07:00
LaurentiuNiculae
ed01292ad2
feat(search): add referrers field to ImageSummary (#1261)
Changed repodb to store more information about the referrer needed for the referrers query

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-20 09:14:17 -07:00
peusebiu
17a554b504
feat(routes): better error message in case of missing annotations (#1150)
putting this info into error detail would be ideal, but skopeo
doesn't print them, so overwrite the error message.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-03-16 20:09:30 -07:00
Lisca Ana-Roberta
eea6f3f85a
fix(cve): Search by CVE title/id (full or partial) when listing an image's CVEs (#1264)
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>
2023-03-16 12:13:07 -07:00
peusebiu
4d0bbf1e00
fix(mgmt): skip bearer authn for mgmt route (#1267)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-03-16 12:02:59 -07:00
LaurentiuNiculae
150ee88945
fix(repodb): GQL request for ExpandedRepoInfo errors when artifacts with tags are present (#1265)
If we push an artifact and give it a tag, repodb would crash because of the null pointer dereferencing

Now when iterating over the tags of a repo and stumbling upon a unsupported media type, it's being ignored

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-15 10:34:48 -07:00
Nicol
7656b6f011
chore(deps): modify pkg/errors dependency as indirect (#1266)
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2023-03-15 17:10:47 +02:00
Nicol Draghici
6f0c37079c chore(deps): remove usage of deprecated package pkg/errors
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2023-03-14 10:46:29 -07:00
LaurentiuNiculae
5d1f91a79f
feat(repodb): update referrers api to use repodb (#1230)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-10 10:37:29 -08:00
Andrei Aaron
c731acf6de
fix(cve): fix trivyDB being downloaded multiple times in a loop (#1255)
The condition to generate trivyDB download tasks was bugged,
and new tasks were generated in case the download had already been
successful (state `done`).

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-03-10 10:08:53 -08:00
peusebiu
f04e66a5e2
feat(mgmt): added mgmt extension which returns current zot configuration (#1198)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-03-09 10:43:26 -08:00
LaurentiuNiculae
4c156234cb
feat(repodb): sync-repodb WIP (#1241)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-09 10:41:48 -08:00
Andrei Aaron
fd5a2af10b
feat(ui): zui can now show multiple manifests per image (#1254)
Update to a zui version with multiarch image support
Also fix some issues with the filtering on the global search page

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-03-09 09:00:01 -08:00
Lisca Ana-Roberta
336526065f
feat(groups)!: added "groups" mechanism for authZ (#1123)
BREAKING CHANGE: repository paths are now specified under a new config key called "repositories" under "accessControl" section in order to handle "groups" feature. Previously the repository paths were specified directly under "accessControl".

This PR adds the ability to create groups of users which can be used for authZ policies, instead of just users.

{
"http": {
   "accessControl": {
       "groups": {

Just like the users, groups can be part of repository policies/default policies/admin policies. The 'groups' field in accessControl can be missing if there are no groups. The permissions priority is user>group>default>admin policy, verified in this order (in authz.go), and permissions are cumulative. It works with LDAP too, and the group attribute name is configurable. The DN of the group is used as the group name and the functionality is the same. All groups for the given user are added to the context in authn.go. Repository paths are now specified under a new keyword called "repositories" under "accessControl" section in order to handle "groups" feature.

Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>
2023-03-08 11:47:15 -08:00
peusebiu
79783b4b06
feat(sync): skip already synced images in sync ondemand (#1234)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-03-07 09:58:42 -08:00
Ramkumar Chinchani
c2bec0d4a8
chore(go.mod): fix dependabot alerts (#1251)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-07 09:59:59 +02:00
Andrei Aaron
73b1126bbf
chore(go.mod): fix dependabot alerts (#1247)
Supersedes:
- https://github.com/project-zot/zot/pull/1132
- https://github.com/project-zot/zot/pull/1243
- https://github.com/project-zot/zot/pull/1244
- https://github.com/project-zot/zot/pull/1245

Also update the AWS SDK libraries used

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-03-06 11:05:19 -08:00
Andrei Aaron
c9b594d03d
feat(ui): update to the latest zui version which supports new multiarch image APIs (#1246)
Note patch does not mean full support for showing multiarch images in ZUI,
a single architecture is shown, but it fixes the ZUI views which were broken
since #1147

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-03-06 09:42:05 -08:00
peusebiu
e712b64c28
feat(doc): add documentation for dynamodb (#1236)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-03-06 09:25:20 -08:00
Andreea Lupu
646250736e
fix(go.mod): replace opencontainers/umoci dependency with project-stacker/umoci (#1240)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-03-05 21:11:07 -08:00
Nicol
23efe24c72
refactor(test): update cve tests to stop duplicating test/data if not needed (#1232)
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2023-03-02 09:45:23 -08:00
Lisca Ana-Roberta
6bbf730061
fix: trivydb update now uses task scheduler (#1204)
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>
2023-03-02 09:43:54 -08:00
Ramkumar Chinchani
5a2fb4108d
chore(go.mod): fix dependabot alerts (#1228)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-02-28 17:38:49 +02:00
Andrei Aaron
5968e7199f
test(ui): add owasp zap scanner in ci/cd (#1224)
(cherry picked from commit 6d03ce5f2d)

Additional changes on top of: 6d03ce5f2d
- Build and use zot from the same branch
do not use a container image as scan target, use the binary
- Fix typo in rules filename
- Add the full rule list to the rules config file
- Ignore some of the specific rules and add reasons
- Add security-related headers to fix some of the issues identified by the scan
- Update UI it includes the latest fixes for zap scan issues

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-02-27 11:25:47 -08:00
LaurentiuNiculae
d62c09e2cc
feat(repodb): Multiarch Image support (#1147)
* feat(repodb): index logic + tests

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

* feat(cli): printing indexes support using the rest api

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

---------

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-02-27 11:23:18 -08:00
Nicol
a561d0bad5
refactor(test): remove unnecessary usage of images copied from under test/data (#1217)
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2023-02-24 14:22:47 -08:00
Andrei Aaron
792f3f55b3
feat(graphql): Image() call now returns a non-nullable ImageSummary (#1216)
This is for consistency with the other calls, and should help in making
all ZUI handling of ZOT errors consistent

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-02-24 12:22:01 -08:00
Ramkumar Chinchani
f6a540747f
chore(go.mod): fix dependabot alerts (#1222)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-02-23 22:32:20 +02:00
Andrei Aaron
ed4954ab0d
build(ui): the ui is now included in the zot binary by default (#1202)
Update the default value of the EXTENSIONS variable in the makefile.
Also cleanup binary-ui and other make targets assuming the UI was not included by default.
Enable the ui by default in the zot container image
Swith back to using the distroless images, as c3 only has amd64 images.
Fix updating security events in github (permission issue)
Add an integration test for the UI extension
Rename ui extension files to use _ instead of -
feat(ui): upgrade to zui v2.0.0-rc3

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-02-23 22:28:08 +02:00
Ramkumar Chinchani
4a56e30cd7
chore(go.mod): fix dependabot alerts (#1218)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-02-23 09:09:28 +02:00
Andrei Aaron
b1c6d945c6
chore(codecov): use a token to authenticate to codecov (#1212)
This should not be necessary for public repos,
but should help with rate limitting

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-02-17 23:10:28 -08:00
Ramkumar Chinchani
be33f7b252
chore(go.mod): fix dependabot alerts (#1210)
* chore(go.mod): fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

* chore(test): update image tags

We have cleaned up older golang images in the project.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

* ci(gqlgen): fix gql schema validation GH workflow after npm upgrade

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-02-17 13:54:49 -08:00
Andrei Aaron
1f9f178a57
ci(golang): fix syncing build image golang 1.20 (#1205)
Since the matrix values were unquoted,
the logic reading the yaml considered them numbers

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-02-17 10:02:30 -08:00
Ramkumar Chinchani
672a2cd384
chore: add/sync golang 1.20.x images (#1200)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-02-16 11:25:32 +02:00
Bogdan Bivolaru
7c3bf86a6b
refactor: Centralise extensions config entries (#1177)
Except for registry sync config

Signed-off-by: Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com>
2023-02-15 22:20:28 -08:00