0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

36 commits

Author SHA1 Message Date
Ramkumar Chinchani
9ca6eea940 routes: ignore media-type for PatchBlobUpload
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-05-19 10:53:49 -07:00
Shivam Mishra
a7c17b7c16 spec: added support for mount request using hard link 2021-05-04 09:42:29 -07:00
Shivam Mishra
2b7b57313a conformance: fix http status code for cross-repository mounting 2021-01-29 09:35:15 -08:00
Shivam Mishra
9969ba0867 conformance: update README to display conformance results 2021-01-28 15:50:36 -08:00
Shivam Mishra
b0ed625a2e build: increase wait timeout for travis bazel build process 2020-10-27 19:30:06 -07:00
Shivam Mishra
46beb30fc1 build: add build tags to create customizable binaries 2020-10-22 17:20:07 -07:00
Ramkumar Chinchani
386c72d332 routes: refactor locks to handle large file uploads
The storage layer is protected with read-write locks.
However, we may be holding the locks over unnecessarily large critical
sections.

The typical workflow is that a blob is first uploaded via a per-client
private session-id meaning the blob is not publicly visible yet. When
the blob being uploaded is very large, the transfer takes a long time
while holding the lock.

Private session-id based uploads don't really need locks, and hold locks
only when blobs are published after the upload is complete.
2020-10-16 13:33:11 -07:00
Shivam Mishra
2cf2c16137 Added graphql api feature for image vulnerability scanning 2020-08-18 22:44:34 -07:00
Shivam Mishra
af77876306 Upgraded build pipeline
Go version changed to 1.14.4
Golangci-lint changed to 1.26.0
Bazel version changed to 3.0.0
Bazel rules_go version changed to 0.23.3
Bazel gazelle version changed to v0.21.0
Bazel build tools version changed to 0.25.1
Bazel skylib version changed to 1.0.2
2020-06-25 23:43:31 -07:00
Ramkumar Chinchani
e83999ae0d helm: relax Content-Type checks
OCI registries are moving towards a more generic artifact storage
mechanism. In short-term, at the very least support helm charts.
2020-05-19 16:53:05 -07:00
Ramkumar Chinchani
026b009dbb compat: when in "world-readable" mode, return the WWW-Authenticate
header

containers/image is the dominant client library to interact with
registries.

It detects which authentication to use based on the WWW-Authenticate
header returned when pinging "/v2/" end-point. If we didn't return this
header, then creds are not used for other write-protected end-points.
Hence, the compatibility fix.
2020-05-19 13:54:45 -07:00
Ramkumar Chinchani
b1f882e1b8 conformance: align with upstream conformance tests
Upstream conformance tests are being updated, so we need to align along
with our internal GC and dedupe features.

Add a new example config file which plays nice with conformance tests.

DeleteImageManifest() updated to deal with the case where the same
manifest can be created with multiple tags and deleted with the same
digest - so all entries must be deleted.

DeleteBlob() delete the digest key (bucket) when last reference is
dropped
2020-04-16 16:01:53 -07:00
Ramkumar Chinchani
25f5a45296 dedupe: use hard links to dedupe blobs
As the number of repos and layers increases, the greater the probability
that layers are duplicated. We dedupe using hard links when content is
the same. This is intended to be purely a storage layer optimization.
Access control when available is orthogonal this optimization.

Add a durable cache to help speed up layer lookups.

Update README.

Add more unit tests.
2020-04-03 09:29:12 -07:00
Ramkumar Chinchani
8ff60f9138 conformance: fix error msg for DELETE MANIFEST
---
Ran 27 of 27 Specs in 0.120 seconds
SUCCESS! -- 27 Passed | 0 Failed | 0 Pending | 0 Skipped
PASS
---
2020-03-25 12:53:15 -07:00
Ramkumar Chinchani
dfe023225f pkg/api: use a rwlock when accessing storage
The original patch used a mutex, however, the workload patterns are
likely to be read-heavy, so use a rwlock instead.
2020-03-20 12:23:36 -07:00
Ramkumar Chinchani
2fd87b6a86 pkg/api: use a rwlock when accessing storage
The original patch used a mutex, however, the workload patterns are
likely to be read-heavy, so use a rwlock instead.
2020-03-20 10:58:21 -07:00
Tycho Andersen
94afc30661 routes: lock everything that modifies blobs
Now that we're GCing blobs on delete/update manifest, we should lock the
blob queries so that they don't race with each other.

This is a pretty coarse grained lock, there's probably a better way to do
this.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2020-03-20 10:58:21 -07:00
Ramkumar Chinchani
941dffe2c7 conformance: fix http status codes for MANIFEST DELETE failures.
Previously returning 404s as failure code, dist-spec says 400s.
2020-03-18 15:50:40 -07:00
Ramkumar Chinchani
6e494942d4 routes: CheckManifest should return 404 when repo is unknown
Previously, CheckManifest() was not checking for repo not found
condition and would default to 500 status code.

Add the check now to return 404.

Fixes issue #74
2020-02-13 11:00:11 -08:00
Ramkumar Chinchani
58040f4562 check: add unit tests to cover the new code, fix linter errors 2020-01-31 13:21:43 -08:00
Ramkumar Chinchani
f9a1a0fe48 routes: handle compliance requirements
- that errors be returned a certain way using the new NewErrorList()
  method and the string enum constants

- allow for full blob upload without a session with repo name and digest
2020-01-31 11:49:15 -08:00
Peter Engelbert
268b4088fd Add support for bearer/token auth
New options added to configuration file to reference a public key used
to validate authorization tokens signed by an auth server with
corresponding private key.

Resolves #24

Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
2020-01-27 12:42:23 -06:00
Ramkumar Chinchani
964af6ba51 compliance: be compliant with dist-spec compliance tests
dist-spec compliance tests are now becoming a part of dist-spec repo
itself - we want to be compliant

pkg/api/regex.go:
	* revert uppercasing in repository names

pkg/api/routes.go:
	* ListTags() should support the URL params 'n' and 'last'
	  for pagination

	* s/uuid/session_id/g to use the dist-spec's naming

	* Fix off-by-one error in GetBlobUpload()'s http response "Range" header

	* DeleteManifest() success status code is 202

	* Fix PatchBlobUpload() to account for "streamed" use case
	  where neither "Content-Length" nor "Content-Range" headers are set

pkg/storage/storage.go:
	* Add a "streamed" version of PutBlobChunk() called PutBlobChunkStreamed()

pkg/compliance/v1_0_0/check.go:
	* fix unit tests to account for changed response status codes
2020-01-16 11:28:23 -08:00
Ramkumar Chinchani
31b30d858b routes: add more logs
There still appears to be another path where we are seeing 500s.
Adding more logs to catch this path.
2020-01-06 22:51:42 -08:00
Ramkumar Chinchani
8bbf892480 routes: be more paranoid
once we have an non-EOF error in this path, not clear if we can really
recover.
2020-01-05 23:21:27 -08:00
Ramkumar Chinchani
2eb4455df7 routes: improve error handling when returning blob data
We have noticed that very intermittently zot returns a 500 when copying
blob data. This is likely happening due to a io.ErrShortWrite
2020-01-04 18:39:21 -08:00
Ramkumar Chinchani
a57f085749 compliance: cleanup compliance test code
zot ci/cd tests are too stict, so separate and relax them for compliance
tests.

Location header is set in some cases, but some clarification is needed
in URL construction.

Fix some incorrect compliance tests.
2019-12-23 22:32:52 -08:00
Ramkumar Chinchani
c8563d8672 routes: handle "mount blob" to remain compliant
"mount blob" was the only feature we didn't handle.
We don't fully support it yet because we don't have access control
support, but at least handle it and return something sane to remain
compliant.
2019-12-20 10:37:41 -08:00
zendril
4e22352e9c Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
Ramkumar Chinchani
9ae9e40b67 log: improve logging
- add a panic recovery handler
        - add logs on unexpected error paths
        - use logger's panic method
2019-11-26 14:18:20 -08:00
Ramkumar Chinchani
f07c535225 reorder header and data writes 2019-11-26 09:40:13 -08:00
Ramkumar Chinchani
b107d6d1a4 compliance: initial commit 2019-10-14 10:59:11 -07:00
Ramkumar Chinchani
066bf1b9eb router: move to gorilla/mux to support multiple name path components 2019-07-10 18:22:20 -07:00
Ramkumar Chinchani
ed2cd51282 routes: fix error codes 2019-06-26 17:30:24 -07:00
Ramkumar Chinchani
bf5273e176 routes: fix headers 2019-06-24 15:09:37 -07:00
Ramkumar Chinchani
9d4e8b4594 zot: initial commit 2019-06-21 15:29:19 -07:00