0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

1074 commits

Author SHA1 Message Date
peusebiu
94ba538e69
fix(test): consolidate api tests build tags (#1602)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-10 16:11:23 +03:00
peusebiu
8877083daa
fix: remove config (#1600)
remove a config added by mistake

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-10 14:03:59 +03:00
peusebiu
1d01b644ea
feat(sync): sync can include self url in registry.URLs (#1562)
sync now ignores self referencing urls, this will help
in clustering mode where we can have the same config
for multiple zots

closes #1335

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-10 12:27:21 +03:00
peusebiu
cda6916b45
fix: don't allow blobs to be deleted if in use (#1559)
dist-spec APIs independently allow deletion of blobs and manifests.
Doing the former when in use by an image manifest or index is simply
error-prone. So disallow it.

Fixes issue #1509

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-10 12:24:45 +03:00
Ramkumar Chinchani
b22989cfe0
fix: refactor monitoring code outside locks (#1596)
We use locks to protect OCI layouts. However, our critical sections have
too long and cover code instead of data.

Fixes issue #1595

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-07 13:51:00 -07:00
peusebiu
cd6f679359
fix(ci/cd): stop localstack after ci/cd pipeline (#1590)
this should clean localstack persisted data in tests

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-07 12:40:06 -07:00
peusebiu
17d1338af1
feat: integrate openID auth logic and user profile management (#1381)
This change introduces OpenID authn by using providers such as Github,
Gitlab, Google and Dex.
User sessions are now used for web clients to identify
and persist an authenticated users session, thus not requiring every request to
use credentials.
Another change is apikey feature, users can create/revoke their api keys and use them
to authenticate when using cli clients such as skopeo.

eg:
login:
/auth/login?provider=github
/auth/login?provider=gitlab
and so on

logout:
/auth/logout

redirectURL:
/auth/callback/github
/auth/callback/gitlab
and so on

If network policy doesn't allow inbound connections, this callback wont work!

for more info read documentation added in this commit.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro>
2023-07-07 09:27:10 -07:00
peusebiu
5494a1b8d6
fix(storage): do not open/download blobs when validating manifests (#1566)
when pushing manifests, zot will validate blobs (layers + config blob) are
present in repo, currently it opens(in case of filesystem storage) or download(
in case of cloud storage) each blob.

fixed that by adding a new method ImageStore.CheckBlobPresence() on storage
to check blobs presence without checking the cache like ImageStore.CheckBlob() method does.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-06 10:33:36 -07:00
Josh Dolitsky
f3aa855405
fix: missing Oci-Subject header pushing index with subject (#1589)
* fix: missing Oci-Subject header pushing index with subject

Signed-off-by: Josh Dolitsky <josh@dolit.ski>

* fix(s3): Add a test to cover handling pushing indexes with a subject

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

---------

Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Andrei Aaron <aaaron@luxoft.com>
2023-07-06 10:31:40 -07:00
peusebiu
7d7e4416b5
fix(nightly): fix nightly builds (#1584)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-06 16:50:12 +03:00
Andreea Lupu
41b05c60dd
feat: upload certificates and public keys for verifying signatures (#1485)
In order to verify signatures, users could upload their certificates and public keys using these routes:
	-> for public keys:
		/v2/_zot/ext/mgmt?resource=signatures&tool=cosign
	-> for certificates:
		/v2/_zot/ext/mgmt?resource=signatures&tool=notation&truststoreType=ca&truststoreName=name
Then the public keys will be stored under $rootdir/_cosign and the certificates will be stored under
$rootdir/_notation/truststore/x509/$truststoreType/$truststoreName.
Also, for notation case, the "truststores" field of $rootir/_notation/trustpolicy.json file will be
updated with a new entry "$truststoreType:$truststoreName".
Also based on the uploaded files, the information about the signatures validity will be updated
periodically.

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-07-06 14:57:59 +03:00
peusebiu
49e4d93f42
fix(test): TestConfigReloader, wait for trivy db download (#1543)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-06 14:17:49 +03:00
LaurentiuNiculae
0a04b2a4ed
feat(cve): implemented trivy image scan for multiarch images (#1510)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-07-06 11:36:26 +03:00
LaurentiuNiculae
96d9d318df
feat(referrers): added index support for referrers queries (#1560)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-07-05 09:42:16 -07:00
alexstan12
62889c3cb1
refactor: split AuthZ mdw in 2 different parts, each for a specific purpose (#1542)
- AuthzHandler has now been split in BaseAuthzHandler and DistSpecAuthzHandler
The former populates context with user specific data needed in most handlers, while
the latter executes access logic specific to distribution-spec handlers.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2023-07-05 09:37:52 -07:00
Andrei Aaron
7fee57e7cc
fix(CVE): attempt to scan now returns early with an error if trivyDB metadata json is missing (#1548)
Also modify zli to retry in case of such errors,
assuming the trivyDB will eventually be downloaded by the scheduled task.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-07-05 09:08:16 -07:00
Ramkumar Chinchani
137e5bd793
chore: fix dependabot alerts (#1581)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-05 11:42:24 +03:00
Ramkumar Chinchani
aad6db279b
chore: fix dependabot alerts (#1576)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-04 09:19:26 -07:00
Lisca Ana-Roberta
d4f200c2e1
fix: changing default numWorkers, making it customizable and refactoring scheduler (#1563)
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2023-07-04 11:03:29 +03:00
peusebiu
7881ce32b2
fix(extensions): setup UI extension as last one (#1572)
because UI routes will setup a http.FileServer on '/'
any router setup after UI will be ignored at runtime
becuase gorrilla will route it to http.Fileserver instead.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-03 17:13:15 +03:00
Poulpatine
bd7b21f3dc
docs: Add example for various popular public registries (#1550)
Signed-off-by: Poulpatine <poulpatine@gmail.com>
2023-06-30 21:53:10 +03:00
peusebiu
6932e3ffca
test: add more registries in sync blackbox tests (#1568)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-06-30 21:07:04 +03:00
Andreea Lupu
7ec748f58a
fix: change commit message for pushing changes to project-zot/helm-charts (#1564)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-06-28 20:42:31 +03:00
Ramkumar Chinchani
d78ef0b1bd
ci: update oci dist-spec conformance test (#1552)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-24 18:51:47 -07:00
LaurentiuNiculae
809529be18
fix(cli): add help message for searching referrers under search command (#1551)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-06-23 17:44:30 +03:00
Ramkumar Chinchani
8cc5137b2d
build: ui extension needs mgmt (#1549) 2023-06-23 08:38:50 +03:00
Ramkumar Chinchani
1300fdfa88
refactor: filenames should use _ not - (#1547)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-22 11:54:41 -07:00
peusebiu
d881f4e916
fix(sync): flaky test on fetching tags (#1546)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-06-22 10:43:47 -07:00
LaurentiuNiculae
620287c7a4
feat(cli): add referrers and search commands to cli (#1497)
* feat(cli): add referrers command to cli

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

* feat(cli): add global search command

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

* feat(cli): fix comments

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

---------

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-06-22 10:43:01 -07:00
alexstan12
ea7dbf9e5c
refactor: move helper functions under common, in usage specific named files (#1540)
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2023-06-22 14:29:45 +03:00
peusebiu
377aff1853
fix(sync): fixed skipping docker images when they already synced (#1521)
before syncing an image we first check if it's already present in our storage
to do that we get the manifest from remote and compare it with the local one
but in the case of syncing docker images, because the conversion to OCI format is done while
syncing, we get a docker manifest before conversion, so sync detects that local manifest and
remote one are different, so it starts syncing again.

to overcome this, convert remote docker manifests to OCI manifests and then compare.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-06-21 11:05:52 -07:00
peusebiu
ea84752214
fix(test): fix flaky test (#1544)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-06-21 19:53:14 +03:00
peusebiu
d5487d53e3
fix(authz): assign identity to authz context in tls mutual authentication (#1541)
this causes a bug in extensions by not having the identity for the
authenticated user and couldn't apply his permissions, just the default ones.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-06-21 16:06:53 +03:00
Lisca Ana-Roberta
aab149610f
fix: removed quotation marks from enum in swagger docs (#1539)
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2023-06-20 15:32:19 +03:00
Ramkumar Chinchani
d30d7a9330
chore: fix dependabot alerts (#1537)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-19 12:34:50 -07:00
Lisca Ana-Roberta
aa16c955b3
fix: added swagger doc generation for mgmt and userprefs (#1530)
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2023-06-19 10:43:25 -07:00
peusebiu
fc6d6356fb
feat(sync): sync references(signatures/artifacts) recursively (#1500)
sync now also pulls chained artifacts recursively
eg:
 image->sbom->sbom signature
 image->artifact->artifact

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-06-16 10:27:33 -07:00
Andrei Aaron
c41bf02240
fix(ui): fix login screen when anonymous and auth are both enabled (#1528)
Update to the latest zui version

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-06-16 10:26:03 -07:00
peusebiu
d45cfbf5d2
feat(ci): give minio container more time to start (#1527)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-06-16 12:24:38 +03:00
Ramkumar Chinchani
7dd17be96d
chore: fix dependabot alerts (#1517)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-16 10:28:43 +03:00
Andrei Aaron
f9f9422d13
ci(disk usage): disk related fixes and improvements (#1524)
ci(workflow): show disk usage and free up disk space used by unneeded tooling
ci(tests): routes tests: do not copy large images if they are not used later
ci(trivy): update a test: download trivy.db to a temporary folder

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-06-15 15:07:28 -07:00
Lisca Ana-Roberta
988ca427b5
fix: replaced used CVE in blackbox test (#1519)
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2023-06-15 13:22:29 +03:00
peusebiu
03f47f68c0
chore(deps): downgrade golang-lru (#1515)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-06-14 19:45:30 +03:00
Ramkumar Chinchani
d7bddd2a05
chore: fix dependabot alerts (#1508)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-12 14:53:03 -07:00
Lisca Ana-Roberta
622dde9193
fix: referrers now appears in swagger generated docs (#1488)
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2023-06-12 10:32:11 -07:00
Ramkumar Chinchani
4d6ca493f2
chore: fix dependabot alerts (#1501)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-09 10:27:42 -07:00
Ramkumar Chinchani
d9e5f33e7e
chore: fix security alerts (#1493)
https://github.com/project-zot/zot/security/code-scanning/4293

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-01 16:53:50 -07:00
Andrei Aaron
96d00cd0ef
fix(cve): Fix CVE scanning in images containing Jar files (#1475) 2023-06-01 00:37:46 +03:00
Ramkumar Chinchani
40180f878f
chore(go.mod): fix dependabot alerts (#1491)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-05-31 22:16:21 +03:00
peusebiu
612a12e5a8
refactor(sync): use task scheduler (#1301)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-05-31 10:26:23 -07:00