0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

147 commits

Author SHA1 Message Date
Ramkumar Chinchani
87084f286b storage: improve/fix oci image validation
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-02 13:31:41 -08:00
Petu Eusebiu
a0e65379c8 sync: for a prefix, allow multiple registries as a list instead of only one, closes #343
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-02-01 09:45:09 -08:00
Alexei Dodon
d259ba6e4f Fix scrub command crash
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2022-01-22 15:54:13 -08:00
Petu Eusebiu
1109bb4dde sync: Added support for syncing notary/cosign signatures, closes #261
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-01-13 08:45:59 -08:00
Petu Eusebiu
e6d6d5a7de Fix cli version showing help message, closes #361
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-01-12 12:35:17 -08:00
Ramkumar Chinchani
4896adad1b build: split functionality into separate binaries
zot: registry server
zli: zot cli to interact with the zot registry
zui: zot ui (proposed)
zb: zot benchmark (proposed)

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-11 11:48:18 -08:00
Petu Eusebiu
4f825a5e2f [Identity-based Authorization] Add an option to specify a global policy for all repositories
using regex.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-01-07 10:55:20 -08:00
Ramkumar Chinchani
ac3801ea2d lint: upgrade golangci-lint
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-20 17:20:35 -08:00
Petu Eusebiu
c86f44cc53 Disable sync periodically polling when pollInterval is not configured
Filtering out sync on demand images based on content configuration

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-12-14 08:59:50 -08:00
Andreea-Lupu
c61c3836db implement scrub to check manifest/blob integrity
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2021-12-09 11:18:09 -08:00
Ramkumar Chinchani
d4307d96ac build: fix build artifacts in binary
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-07 20:59:26 -08:00
Ramkumar Chinchani
96226af869 move references to zotregistry.io and project-zot
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-05 10:52:27 -08:00
Alexei Dodon
f99fa37623 ci/cd: unit test hangs for a long time intermittently closes #286
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-11-29 14:07:49 -08:00
Petu Eusebiu
fff6107310 Sync prefix can be an exact match or a glob pattern, closes #297
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-29 13:10:13 -08:00
Alexei Dodon
e900b09cfb Fix data races in tests, closes #255
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-11-17 13:23:59 -08:00
Petu Eusebiu
5c07e19c8d Changed sync behaviour, it used to copy images over http interface
now it copies to a local cache and then it copies over storage APIs

- accept all images with or without signatures
- disable sync writing to stdout
- added more logs
- fixed switch statement in routes
- fixed enabling sync multiple times for storage subpaths

closes #266

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-15 09:32:43 -08:00
Petu Eusebiu
9c568c0ee2 storage: add s3 backend support (without GC and dedupe)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-15 08:09:00 -08:00
Petu Eusebiu
19003e8a71 Added new extension "sync"
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-21 10:32:46 -07:00
Petu Eusebiu
62e724532a Check if auth config is provided when using access control 2021-09-14 12:55:21 -07:00
Petu Eusebiu
609d85d875 Add identity-based access control, closes #51
Add a cli subcommand to verify config files validity
2021-08-30 13:56:27 -07:00
Ramkumar Chinchani
26926ad4c2 go.mod: update modules 2021-08-25 11:51:23 -07:00
Roxana Nemulescu
fed5c09b71 TLS certs in CLI client
resolve #194
2021-08-16 23:42:21 -07:00
Andrei Aaron
792e82cbdf Add an 'enable' flag in the server configuration to enable gql-based searches
"extensions": {
        "search": {
            "enable": true
        }
    }
2021-06-24 12:15:25 -07:00
Andrei Aaron
c1dd7878e4 Add a '--verbose' flag to the 'zot images' output
- Show individual layers with size and digest under each image
- Include config digest for each image

See example below
```
IMAGE NAME                        TAG                       DIGEST    CONFIG    LAYERS    SIZE
test/godev                        0.4.7                     7d38d8ca  05b9f86e            519MB
                                                                                f824a027  65MB
                                                                                a98af0f5  52MB
                                                                                ba5b2bc4  163MB
                                                                                58b1ca8d  228MB
                                                                                67d798ee  12MB
test/cdev                         test                      2292b4ae  cf6f6c77            280MB
                                                                                f824a027  65MB
                                                                                a98af0f5  52MB
                                                                                ba5b2bc4  163MB
test/cdev                         0.4.7                     2292b4ae  cf6f6c77            280MB
                                                                                f824a027  65MB
                                                                                a98af0f5  52MB
                                                                                ba5b2bc4  163MB

Note the new layers and config fields will be visible in the json/yaml format regardless of the value of the verbose flag
```
2021-06-24 12:15:25 -07:00
Andrei Aaron
519ea75d9a Implement a way to search for an image by manifest, config or layer digest
```
Usage:
  zot images [config-name] [flags]

Flags:
  -d, --digest string   List images containing a specific manifest, config, or layer digest
[...]
```
2021-06-24 12:15:25 -07:00
Shivam Mishra
cf25c6f3c8 ci/cd:inculde binary type in version information 2021-05-04 13:16:23 -07:00
Ramkumar Chinchani
affdd85986 build: remove bazel
The idea initially was to use bazel to do our builds, however golang
build system is now good enough and our code base is entirely go.
It is also slowing down our travis ci/cd pipeline.
2020-12-21 15:30:13 -08:00
Shivam Mishra
8787142d2c test: pull test images from aws container registry 2020-12-21 15:24:26 -08:00
Ionut Costin Craciun
dad884ddeb Raise error when adding a new zot config with an existed saved name 2020-11-04 10:25:34 +02:00
Shivam Mishra
46beb30fc1 build: add build tags to create customizable binaries 2020-10-22 17:20:07 -07:00
Shivam Mishra
14214a5794 test: add unit test to verify lock changes 2020-10-16 14:58:45 -07:00
Shivam Mishra
d63f715fe5 search/cve: exclude unsupported images from fixed-tag list.
If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list.

Fixes issue #130
2020-09-22 09:24:04 -07:00
Shivam Mishra
cd0206fe6c Fixes issue #132, if image does not have any fixed tags, empty list with no error should be returned 2020-09-08 16:41:06 -07:00
Tanmay Naik
f5867ce0b6 cli: group CVEs by severity 2020-09-04 13:56:47 -04:00
Tanmay Naik
c590b86d14 cli: add commands for CVE
Uses GraphQL API of zot to fetch CVE info

- Get all images affected by a CVE (input: CVEID)
- Get all CVEs of a layer (input: image:tag)
- Get all layers of an image which have resolved a CVE (input: image,
CVEID)
- Get all layers of an image affected by a CVE (input: image, CVEID)
2020-08-21 12:42:01 -04:00
Tanmay Naik
6285a730a1 cli: add option to ignore TLS verification
adds a property in config : "verify-tls"
2020-07-17 17:48:42 -04:00
Tanmay Naik
bb9fbd2ef9 cli: move client-only code out of the server flow
earlier, some of the client exclusive code was being run on zot server
instance too.

cli: fix the bug: spinner is not stopped with -o
2020-07-14 13:35:56 -04:00
Tanmay Naik
ad684ac44b cli: add config and images command
Extends the existing zot CLI to add commands for listing all images and
their details on a zot server.
Listing all images introduces the need for configurations.

Each configuration has a name and URL at the least. Check 'zot config
-h' for more details.

The user can specify the URL of zot server explicitly while running the
command or configure a URL and pass it directly.

Adding a configuration:
zot config add aci-zot <zot-url>

Run 'zot config --help' for more.

Listing all images:
zot images --url <zot-url>

Pass a config instead of the url:
zot images <config-name>

Filter the list of images by image name:
zot images <config-name> --name <image-name>

Run 'zot images --help' for all details

- Stores configurations in '$HOME/.zot' file

Add CLI README
2020-07-02 14:30:35 -04:00
Shivam Mishra
af77876306 Upgraded build pipeline
Go version changed to 1.14.4
Golangci-lint changed to 1.26.0
Bazel version changed to 3.0.0
Bazel rules_go version changed to 0.23.3
Bazel gazelle version changed to v0.21.0
Bazel build tools version changed to 0.25.1
Bazel skylib version changed to 1.0.2
2020-06-25 23:43:31 -07:00
Ramkumar Chinchani
404c83fbc1 bazel: fix bazel build failures 2020-03-20 10:58:21 -07:00
Ramkumar Chinchani
9000adba60 cli: deprecate "compliance" command
dist-spec community is now maintaining its own conformance suite hosted
at https://oci.bloodorange.io which over time will be more complete.

This makes zot's compliance cli superfluous. Hence, deprecating the cli.

However, we keep the unit tests itself though.
2020-01-16 15:05:55 -08:00
Josh Dolitsky
271b916a26 feat(compliance): Add JSON output option
This adds a new --json flag to the compliance subcommand, which
will output the compliance test results as minified JSON to stdout.

Also a few other small additions:
- Exit 1 if compliance tests fail
- Use random port for test server using freeport library (added)

Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
2019-12-13 14:57:51 -06:00
zendril
4e22352e9c Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
Ramkumar Chinchani
b107d6d1a4 compliance: initial commit 2019-10-14 10:59:11 -07:00
Ramkumar Chinchani
322190de1e coverage: add unit test cases 2019-09-18 13:29:16 -07:00
Ramkumar Chinchani
4d73d8ff47 version: add commit id to binary during build 2019-09-16 11:58:32 -07:00
Ramkumar Chinchani
9d4e8b4594 zot: initial commit 2019-06-21 15:29:19 -07:00