0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

98 commits

Author SHA1 Message Date
laurentiuNiculae
bb95af5b4d default policy only authorization
unit tests for manifest integrity when updating

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
2022-05-03 11:46:55 -07:00
Andreea-Lupu
cb9d8d6c13 update metrics/Dockerfile to match current binary name format
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-04-22 11:37:53 -07:00
Petu Eusebiu
ad90a4975f Migrate from docker/build-push-action to stacker-build-push-action
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-04-19 10:49:21 -07:00
Andreea-Lupu
5e35dfa28f make gc periodic
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-04-18 10:25:29 -07:00
laurentiuNiculae
0d4cc8736d Target for cheking not commited config files.
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>

Separated updateDistSpec functionality

Removed rewriting of config when distSpecVersion was wrong
2022-04-14 10:28:38 -07:00
Andreea-Lupu
9454c77be2 make scrub inline and periodic
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-04-01 13:38:24 -07:00
Petu Eusebiu
ba41368469 Modified shared storage haproxy config to stick only writes, not reads
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-03-31 10:26:03 -07:00
Ramkumar Chinchani
b2a4388522 gc: add a unit test
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-24 12:02:52 -07:00
Petu Eusebiu
f53dc9eb8d sync: Add a new flag to enforce syncing only signed images, closes #455
sync: When checking if a image is already synced also check for changes in upstream signatures.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-03-24 10:50:01 -07:00
laurentiuNiculae
0d148e1d6b new config option for sync-destination
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
2022-03-21 08:12:34 -07:00
Ramkumar Chinchani
10f0e6c307 fix dependabot alert
https://github.com/project-zot/zot/security/dependabot/10

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-15 16:55:32 -07:00
laurentiuNiculae
63d94d4ac5 Update dist-spec version automatically
Warning if config has wrong dist-spec version

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
2022-03-14 10:24:03 -07:00
Petu Eusebiu
fa27e22404 Added clustering github workflow
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-03-09 10:54:17 -08:00
Ramkumar Chinchani
3ada6af0de tls: set min version to 1.2 and restrict cipher suites
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-02 10:03:50 -08:00
Ramkumar Chinchani
b800c5f20a README: update README.md
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-17 13:07:32 -08:00
Ramkumar Chinchani
38a110314b gc: add a gcDelay param
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-14 14:03:22 -08:00
Petu Eusebiu
0ec39c0313 sync: make RetryDelay and MaxRetries optional
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-02-11 09:11:11 -08:00
Alexei Dodon
47c9b6244e Added config enable=true/false for extensions with default value as enabled closes #258
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2022-02-09 09:53:49 -08:00
Ramkumar Chinchani
d2aa016cdb storage: flush/sync contents to disk on file close
Behavior controlled by configuration (default=off)
It is a trade-off between performance and consistency.

References:
[1] https://github.com/golang/go/issues/20599

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-07 12:08:01 -08:00
Petu Eusebiu
f89925fb27 sync: periodically retry if on-demand fails inline, closes #281
sync: don't return error on sync signatures, just skip them, closes #375
sync: sync signatures on demand
sync on demand: in case of parallel requests pull image just once, closes #344

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-02-07 09:04:13 -08:00
Petu Eusebiu
a0e65379c8 sync: for a prefix, allow multiple registries as a list instead of only one, closes #343
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-02-01 09:45:09 -08:00
Ramkumar Chinchani
1e5ea7e09c controller: support rate-limiting incoming requests
helps constraining resource usage and against flood attacks.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-24 12:48:13 -08:00
Alexei Dodon
c9a81baa10 Renamed zot-exporter to zxp and added its image to zot release
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2022-01-19 10:31:37 -08:00
Alexei Dodon
c4d34b7269 Added storage latency histogram metric
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2022-01-10 11:55:39 -08:00
Petu Eusebiu
4f825a5e2f [Identity-based Authorization] Add an option to specify a global policy for all repositories
using regex.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-01-07 10:55:20 -08:00
Ramkumar Chinchani
3177f87403 ci/cd: upgrade golang to 1.17
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-07 09:46:50 -08:00
Petu Eusebiu
c86f44cc53 Disable sync periodically polling when pollInterval is not configured
Filtering out sync on demand images based on content configuration

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-12-14 08:59:50 -08:00
Ramkumar Chinchani
96226af869 move references to zotregistry.io and project-zot
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-05 10:52:27 -08:00
Petu Eusebiu
fff6107310 Sync prefix can be an exact match or a glob pattern, closes #297
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-29 13:10:13 -08:00
Petu Eusebiu
5c07e19c8d Changed sync behaviour, it used to copy images over http interface
now it copies to a local cache and then it copies over storage APIs

- accept all images with or without signatures
- disable sync writing to stdout
- added more logs
- fixed switch statement in routes
- fixed enabling sync multiple times for storage subpaths

closes #266

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-15 09:32:43 -08:00
Petu Eusebiu
9c568c0ee2 storage: add s3 backend support (without GC and dedupe)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-15 08:09:00 -08:00
Alexei Dodon
8e4d828867 Implement an API for performance monitoring
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-11-12 11:14:10 -08:00
Petu Eusebiu
19003e8a71 Added new extension "sync"
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-21 10:32:46 -07:00
Ramkumar Chinchani
c8779d9e87 doc: add initial documentation for configuration options
We have built a long list of features and the documentation for users is
only available under examples/

Add a examples/README.md to further explain various configuration
options.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-08-31 17:26:22 -07:00
Petu Eusebiu
609d85d875 Add identity-based access control, closes #51
Add a cli subcommand to verify config files validity
2021-08-30 13:56:27 -07:00
Andrei Aaron
792e82cbdf Add an 'enable' flag in the server configuration to enable gql-based searches
"extensions": {
        "search": {
            "enable": true
        }
    }
2021-06-24 12:15:25 -07:00
Roxana Nemulescu
97628e69c9 logs: add an audit log for API calls with unit tests
resolves #178
2021-06-24 10:53:27 -07:00
Shivam Mishra
28974e81dc config: support multiple storage locations
added support to point multiple storage locations in zot by running multiple instance of zot in background.

see examples/config-multiple.json for more info about config.

Closes #181
2021-05-21 10:18:28 -07:00
Shivam Mishra
2cf2c16137 Added graphql api feature for image vulnerability scanning 2020-08-18 22:44:34 -07:00
Ramkumar Chinchani
557ac6b5c1 systemd: add a systemd service example file
Copy this file into /etc/systemd/system, and

\# systemctl enable zot
\# systemctl start zot
2020-06-25 17:50:30 -07:00
Ramkumar Chinchani
b1f882e1b8 conformance: align with upstream conformance tests
Upstream conformance tests are being updated, so we need to align along
with our internal GC and dedupe features.

Add a new example config file which plays nice with conformance tests.

DeleteImageManifest() updated to deal with the case where the same
manifest can be created with multiple tags and deleted with the same
digest - so all entries must be deleted.

DeleteBlob() delete the digest key (bucket) when last reference is
dropped
2020-04-16 16:01:53 -07:00
Peter Engelbert
268b4088fd Add support for bearer/token auth
New options added to configuration file to reference a public key used
to validate authorization tokens signed by an auth server with
corresponding private key.

Resolves #24

Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
2020-01-27 12:42:23 -06:00
Ramkumar Chinchani
964af6ba51 compliance: be compliant with dist-spec compliance tests
dist-spec compliance tests are now becoming a part of dist-spec repo
itself - we want to be compliant

pkg/api/regex.go:
	* revert uppercasing in repository names

pkg/api/routes.go:
	* ListTags() should support the URL params 'n' and 'last'
	  for pagination

	* s/uuid/session_id/g to use the dist-spec's naming

	* Fix off-by-one error in GetBlobUpload()'s http response "Range" header

	* DeleteManifest() success status code is 202

	* Fix PatchBlobUpload() to account for "streamed" use case
	  where neither "Content-Length" nor "Content-Range" headers are set

pkg/storage/storage.go:
	* Add a "streamed" version of PutBlobChunk() called PutBlobChunkStreamed()

pkg/compliance/v1_0_0/check.go:
	* fix unit tests to account for changed response status codes
2020-01-16 11:28:23 -08:00
Ramkumar Chinchani
6295e0c91e auth: add LDAP support
fixes #23
2019-09-20 11:54:49 -07:00
Ramkumar Chinchani
10199457b4 auth: allow for world-readable deployment mode 2019-08-28 15:39:49 -07:00
Ramkumar Chinchani
36ca298507 tls: require mutual auth only when htpasswd not available 2019-07-21 15:10:09 -07:00
Ramkumar Chinchani
066bf1b9eb router: move to gorilla/mux to support multiple name path components 2019-07-10 18:22:20 -07:00
Ramkumar Chinchani
9d4e8b4594 zot: initial commit 2019-06-21 15:29:19 -07:00