0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

1097 commits

Author SHA1 Message Date
Ramkumar Chinchani
6461b661f1
chore: fix dependabot alerts (#1797)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-11 20:21:56 -07:00
Andrei Aaron
6011705931
chore(dependabot): increase the limit of dependabot PRs (#1788)
Given the default limit is 5 and some packages like AWS release daily,
having a weekly schedule results in the same packages being flagged for update
most of the time.

Let's increase to 10 to make sure there are no issues in other libraries

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-11 11:02:11 -07:00
Andreea Lupu
68a197d7cc
fix: add retry logic to recreate existing trustpolicy secret (#1776)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-09-11 10:13:22 +03:00
Ramkumar Chinchani
9fcb8a8489
chore: fix dependabot alerts (#1774)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-08 22:31:08 +03:00
Andrei Aaron
24e37eb68b
fix(api): Fix 'last' query param for <repo>/tags/list to work without param 'n' (#1777)
Also fix additional issues:
- sorting of tags on calls without pagination parameters ('n' or 'last')
- if 'n' is 0 we should return an empty list and not error

Added tests accordingly

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-08 19:46:17 +03:00
LaurentiuNiculae
7b1e24c99e
refactor(cli): remove old cli commands (#1756)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-09-08 15:12:47 +03:00
Alexei Dodon
18e591f52a
fix: DATA RACE in TestNewExporter (#1766)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-08 15:00:16 +03:00
Andreea Lupu
5a3fac40db
feat: upload cosign public key and notation certificates to cloud (#1744)
- using secrets manager for storing public keys and certificates
- adding a default truststore for notation verification and upload all certificates to this default truststore
- removig `truststoreName` query param from notation api for uploading certificates


(cherry picked from commit eafcc1a213)

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-09-08 10:03:58 +03:00
Andrei Aaron
6115eed4ec
refactor(makefile): consolidate the make targets used for bats tests (#1746)
New examples of running tests:

1. To run a specific bats file (with and without verbose output):
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats BATS_VERBOSITY=2

2. To run the CI tests (with and without verbose output)
make run-blackbox-ci
make run-blackbox-ci BATS_VERBOSITY=2

BATS_TEST_FILE_PATH is used to pass on the test file to run using `run-blackbox-tests`
BATS_VERBOSITY controls the verbosity of the bats framework output, if unspecified the output only
contains test results and failure message in case of failures.
If BATS_VERBOSITY is 1, then also show commands as they are executed.
If BATS_VERBOSITY is 2, on top of the above it also shows output of passed tests.

Other changes in this PR:
- Update some of the tests to show logs after the run ends.
- Run the linters before the tests, as it saves time on failures when running in GH

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-07 21:06:21 +03:00
Alexei Dodon
f5b63963be
refactor: Reduce binary size of zot-minimal; Added CI check for binary size (#1758)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-06 19:58:00 +03:00
Ramkumar Chinchani
75a76005b4
chore: fix dependabot alerts (#1763)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-05 22:30:49 +03:00
peusebiu
59dc4c3229
feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-05 09:48:56 -07:00
peusebiu
a0290b4b37
fix(gc): gc removes unknown manifests (#1762)
without removing its index.json reference

fix that by also reporting if manifests with unknown mediatypes
are referenced in index.json

this will make gc delete manifest blobs with deleteImageManifest() method
instead of deleteBlob(), which also removes index.json entries.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-05 09:42:12 -07:00
Ramkumar Chinchani
8e36bfd4d1
fix: add manifest validation checks (#1747)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-02 01:28:31 -07:00
peusebiu
c6b822f3dd
refactor(authz): use a struct for user access control info operations (#1682)
fix(authz): fix isAdmin not using groups to determine if a user is admin.
fix(authz): return 401 instead of 403

403 is correct as per HTTP spec
However authz is not part of dist-spec and clients know only about 401
So this is a compromise.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-01 11:13:53 -07:00
peusebiu
b80deb9927
refactor(storage): refactor storage into a single ImageStore (#1656)
unified both local and s3 ImageStore logic into a single ImageStore
added a new driver interface for common file/dirs manipulations
to be implemented by different storage types

refactor(gc): drop umoci dependency, implemented internal gc

added retentionDelay config option that specifies
the garbage collect delay for images without tags

this will also clean manifests which are part of an index image
(multiarch) that no longer exist.

fix(dedupe): skip blobs under .sync/ directory

if startup dedupe is running while also syncing is running
ignore blobs under sync's temporary storage

fix(storage): do not allow image indexes modifications

when deleting a manifest verify that it is not part of a multiarch image
and throw a MethodNotAllowed error to the client if it is.
we don't want to modify multiarch images

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-01 10:54:39 -07:00
LaurentiuNiculae
72a5968437
test(bats): added bats example for deleting an image (#1718)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-09-01 17:23:34 +03:00
Alexei Dodon
423302df5f
fix: nightly build (#1745)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-01 13:08:17 +03:00
Andrei Aaron
521b109c8c
chore(go.mod): upgrade 3rd party packages (#1742)
Special note for oras.land/oras-go:
- 1.2.4 is not released yet, but tip of their v1 branch is compatible with docker v24.0.2
- 1.2.3 is not compatible with docker v24.0.2
Other 3rd party software depend on both oras-go v1 and docker v24

See also https://github.com/oras-project/oras-go/pull/527

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-31 20:40:19 +03:00
Alexei Dodon
41bbb23e30
fix: bats test refactoring (#1731)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-30 12:24:28 -07:00
LaurentiuNiculae
112fbec5b6
refactor(cli): added equivalent subcommands for each flag combination under every command (#1674)
- image command is now deprecated in favor of 'images'
- cve command is now deprecated in favor of 'cves'

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-30 20:12:24 +03:00
peusebiu
2bd479edd7
fix(examples): revert examples/config-minimal.json (#1740)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-08-30 13:25:32 +03:00
Ramkumar Chinchani
9bccd784a9
chore: fix dependabot alerts (#1737) 2023-08-30 07:53:03 +03:00
Andrei Aaron
780bbe42d1
feat(ui): update to latest zui version (#1735)
1. Show more detailed signature information in zui (signing tool, trusted, author)
2. Rename dex to oidc - on zui side
3. New screen for zot without images loaded
4. Remove 'Vulnerability' string from the vulnerability chips

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-29 15:52:08 -07:00
LaurentiuNiculae
40b599cca8
refactor(log): replace default logger with config complient log in root.go (#1734)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-29 12:10:30 -07:00
peusebiu
6926bddd3a
feat(apikey): added route to list user api keys (#1708)
adding api key expiration date

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-08-29 09:38:38 -07:00
Andrei Aaron
28858f695f
feat(mgmt): mgmt extention no longer depends on UI being enabled (#1728)
It is now enabled based only on search configuration

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-26 13:32:41 -07:00
Damien Degois
289acfabbd
feat(authn): add generic oidc and allow customizable name (#1691)
Rebased and squashed

Signed-off-by: Damien Degois <damien@degois.info>
2023-08-24 12:33:35 +03:00
Alexei Dodon
247f6dcd3f
feat: propagate detailed error msgs to client (OCI dist-spec format) (#1681)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-23 20:59:52 +03:00
LaurentiuNiculae
94429a82df
fix(parse): lock storage while reading using image store (#1719)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-23 19:29:23 +03:00
Alexei Dodon
ca2904762a
fix(ci/cd): detect uncommited swagger docs (#1724)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-23 19:21:43 +03:00
Ramkumar Chinchani
6d65401499
chore: fix dependabot alerts (#1720)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-08-22 14:43:34 +03:00
Andreea Lupu
cacf54e8cb
refactor: move /pkg/meta/signatures under /pkg/extensions/imagetrust (#1712)
- the size of the binary-minimal becomes 32MB
- "signatures" package is renamed into "imagetrust" and moved under extensions
- if the binary is not built using "imagetrust" tag then the signatures verification will
not be performed

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-08-19 08:52:03 +03:00
Alexei Dodon
faf702f9c2
feat: automated detection of OS and ARCH if unset (#1711)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-18 14:18:10 -07:00
LaurentiuNiculae
0731fd3828
test(refactor): refactor tests that use zot-test to use smaller images (#1690)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-18 11:46:11 +03:00
Alexei Dodon
e510df7c22
fix: swagger Makefile target broken on darwin (#1701)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-15 13:07:56 -07:00
Ramkumar Chinchani
e129d4003b
chore: fix dependabot alerts (#1702)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-08-15 10:15:50 +03:00
Damien Degois
58870a2468
docs: fix apikey case (#1693)
Signed-off-by: Damien Degois <damien@degois.info>
2023-08-12 09:53:35 +03:00
Alexei Dodon
59922af528
fix: binary-stacker Makefile target is broken (#1689)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-10 12:39:56 -07:00
Ramkumar Chinchani
04627534a9
chore(go.mod): fix dependabot alerts (#1684)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-08-10 09:49:55 +03:00
peusebiu
4d125d55ed
fix(authn): handle the case where zot with openid runs behind a proxy (#1675)
added a new config option under 'http' called externalURL which is used
by openid/oauth2 clients to redirect back to zot

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-08-09 09:11:21 -07:00
LaurentiuNiculae
ed90e3bd24
test(annotations): print logs for annotations bats tests (#1680)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-07 13:51:57 -07:00
Andreea Lupu
76277f5ebd
fix: remove inline GC and schedule a background task instead (#1610)
* fix: remove inline GC and set a default value of gc interval

- remove inline GC
- add a default value of GC interval
- run the GC periodically by default with the default value if no interval provided
- generate GC tasks with a random delay(0-30s) between
- add IsReady() method to scheduler.TaskGenerator interface

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>

* ci: add test for gc with short interval

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>

---------

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-08-07 12:55:19 -07:00
LaurentiuNiculae
fce9a02ed5
fix(convert): now returned annotations for an index will fallback to annotations from a random manifest if the annotations field is not present on the index manifest (#1667)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-07 10:25:05 +03:00
Ramkumar Chinchani
cad564b9ee
ci(conformance): revert to upstream OCI checks (#1678)
Reverts part of de24bd937f

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-08-04 13:38:28 -07:00
Alexei Dodon
2142055dc6
fix: Build scripts broken on Mac (#1668)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-03 20:53:37 +03:00
Andrei Aaron
77149aa85c
refactor(extensions)!: refactor the extensions URLs and errors (#1636)
BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below
BREAKING CHANGE: The API keys endpoint has been moved -  see details below
BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled
BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey

mgmt and imagetrust extensions:
- separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign
- signature verification logic is in a separate `imagetrust` extension
- better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors)
- add authz on signature uploads (and add a new middleware in common for this purpose)
- remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled

userprefs estension:
- userprefs are enabled if both search and ui extensions are enabled (as opposed to just search)

apikey extension is removed and logic moved into the api folder
- Move apikeys code out of pkg/extensions and into pkg/api
- Remove apikey configuration options from the extensions configuration and move it inside the http auth section
- remove the build label apikeys

other changes:
- move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files.
- add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys
- add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions
- more clear methods for verifying specific extensions are enabled
- fix http methods paired with the UI handlers
- rebuild swagger docs

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-02 21:58:34 +03:00
Ramkumar Chinchani
42f9f78125
ci: add freebsd target for releases (#1660)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-31 13:51:03 -07:00
LaurentiuNiculae
9e38ca51e3
feat(pagination): move pagination and sorting image summary results after conversion (#1637)
fix(config): check for config media type when pushing to repodb

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-07-31 22:16:09 +03:00
Doug Rabson
20391a21c0
fix: freebsd build support (#1659)
- Avoid hard-coding the path for bash - this typically is installed as
  /usr/local/bin/bash

- Allow for the fact that FreeBSD's rlimit uses signed integers

Almost all of the test suite passes with three test failures that I
haven't tried to debug yet.

Signed-off-by: Doug Rabson <dfr@rabson.org>
2023-07-29 10:41:25 -07:00