0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

131 commits

Author SHA1 Message Date
Ramkumar Chinchani
dfe023225f pkg/api: use a rwlock when accessing storage
The original patch used a mutex, however, the workload patterns are
likely to be read-heavy, so use a rwlock instead.
2020-03-20 12:23:36 -07:00
Ramkumar Chinchani
2fd87b6a86 pkg/api: use a rwlock when accessing storage
The original patch used a mutex, however, the workload patterns are
likely to be read-heavy, so use a rwlock instead.
2020-03-20 10:58:21 -07:00
Ramkumar Chinchani
fe471a3c35 gc: fix test cases since umoci GC is more strict
umoci GC enforces a valid index.json and current tests were a little
lax.
2020-03-20 10:58:21 -07:00
Tycho Andersen
4774aa81b3 compliance: don't leak test directory
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2020-03-20 10:58:21 -07:00
Ramkumar Chinchani
404c83fbc1 bazel: fix bazel build failures 2020-03-20 10:58:21 -07:00
Tycho Andersen
94afc30661 routes: lock everything that modifies blobs
Now that we're GCing blobs on delete/update manifest, we should lock the
blob queries so that they don't race with each other.

This is a pretty coarse grained lock, there's probably a better way to do
this.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2020-03-20 10:58:21 -07:00
Tycho Andersen
95d4a7ce04 zot: run GC after manifest removal
Clients today expect the repo to clean up if there are unused blobs, not to
manually delete things they think are unused. Let's do that, and use
umoci's code to do it since it's tested and works.

v2: also run GC on update as well as delete

v3: fix up error return paths needing two args

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2020-03-20 10:58:21 -07:00
Tycho Andersen
3349e8cb71
Merge pull request #78 from rchincha/compl
conformance: fix http status codes for MANIFEST DELETE failures.
2020-03-18 17:07:07 -06:00
Ramkumar Chinchani
941dffe2c7 conformance: fix http status codes for MANIFEST DELETE failures.
Previously returning 404s as failure code, dist-spec says 400s.
2020-03-18 15:50:40 -07:00
Serge Hallyn
355a3b4f0e
Merge pull request #75 from rchincha/issue-74
routes: CheckManifest should return 404 when repo is unknown
2020-02-13 13:44:26 -06:00
Ramkumar Chinchani
7287700ceb coverage: fix coverage to track packages better 2020-02-13 11:22:04 -08:00
Ramkumar Chinchani
6e494942d4 routes: CheckManifest should return 404 when repo is unknown
Previously, CheckManifest() was not checking for repo not found
condition and would default to 500 status code.

Add the check now to return 404.

Fixes issue #74
2020-02-13 11:00:11 -08:00
Ramkumar Chinchani
910e2730fe
Merge pull request #72 from bloodorangeio/auth-fix
Fix auth scope on endpoints without repo name
2020-02-04 09:56:26 -08:00
Peter Engelbert
b636ce2da1 Fix auth scope on endpoints without repo name
Resolves #71

Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
2020-01-31 18:04:38 -06:00
Ramkumar Chinchani
92241d17cb
Merge pull request #70 from rchincha/compl
fix compliance
2020-01-31 13:47:35 -08:00
Ramkumar Chinchani
58040f4562 check: add unit tests to cover the new code, fix linter errors 2020-01-31 13:21:43 -08:00
Ramkumar Chinchani
f9a1a0fe48 routes: handle compliance requirements
- that errors be returned a certain way using the new NewErrorList()
  method and the string enum constants

- allow for full blob upload without a session with repo name and digest
2020-01-31 11:49:15 -08:00
Ramkumar Chinchani
d9fcf713ca auth: compliance requires error codes be returned a certain way
use the new NewErrorList() method and the enum constants as strings
2020-01-31 11:49:15 -08:00
Ramkumar Chinchani
909a97b922 storage: compliance allows for a full blob upload without a session
implement a new method which just takes the repo name, body and digest
and creates a blob out of this
2020-01-31 11:49:15 -08:00
Ramkumar Chinchani
48fb4967a2 errors: compliance requires error codes to be string enum constants. 2020-01-30 23:54:05 -08:00
Ramkumar Chinchani
8803c5f99b
Merge pull request #68 from rchincha/issue-67
manifest can be deleted only by digest and not tag
2020-01-28 16:39:52 -08:00
Ramkumar Chinchani
faad2b1d1f manifest can be deleted only by digest and not tag
Fixes issue #67.

As per dist spec, DELETE of a image manifest can only be done with
digest as <reference> param. Previously, tags were being allowed as
well. This is not conformant to the spec.
2020-01-28 14:51:51 -08:00
Ramkumar Chinchani
8d04f97f17
Merge pull request #66 from rchincha/master
https://github.com/anuvu/zot/pull/65
2020-01-28 12:46:01 -08:00
Ramkumar Chinchani
61550d0919
Merge branch 'master' into master 2020-01-28 11:50:20 -08:00
Ramkumar Chinchani
ffc097d962 Merge branch 'bloodorangeio-bearer-auth-support' 2020-01-28 11:34:09 -08:00
Serge Hallyn
1248e2cf9d
Merge pull request #64 from bloodorangeio/dockerfile
Dockerfile for running zot server
2020-01-28 08:36:32 -06:00
Peter Engelbert
268b4088fd Add support for bearer/token auth
New options added to configuration file to reference a public key used
to validate authorization tokens signed by an auth server with
corresponding private key.

Resolves #24

Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
2020-01-27 12:42:23 -06:00
Josh Dolitsky
9863c80bc3
Add -it flags 2020-01-27 09:47:08 -06:00
Josh Dolitsky
98c3237d2f
Clarify defaults for running container image 2020-01-27 09:44:07 -06:00
Josh Dolitsky
dfd8b84344 Add new Dockerfile and README instructions
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
2020-01-24 11:54:38 -06:00
Josh Dolitsky
d50a07c149 rename Dockerfile to Dockerfile.build
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
2020-01-24 11:47:16 -06:00
Tycho Andersen
10d8a8650f
Merge pull request #62 from rchincha/compl
cli: deprecate "compliance" command
2020-01-16 17:46:47 -08:00
Ramkumar Chinchani
9000adba60 cli: deprecate "compliance" command
dist-spec community is now maintaining its own conformance suite hosted
at https://oci.bloodorange.io which over time will be more complete.

This makes zot's compliance cli superfluous. Hence, deprecating the cli.

However, we keep the unit tests itself though.
2020-01-16 15:05:55 -08:00
Tycho Andersen
d69be98a58
Merge pull request #61 from rchincha/compliance
compliance: be compliant with dist-spec compliance tests
2020-01-16 12:37:54 -08:00
Ramkumar Chinchani
964af6ba51 compliance: be compliant with dist-spec compliance tests
dist-spec compliance tests are now becoming a part of dist-spec repo
itself - we want to be compliant

pkg/api/regex.go:
	* revert uppercasing in repository names

pkg/api/routes.go:
	* ListTags() should support the URL params 'n' and 'last'
	  for pagination

	* s/uuid/session_id/g to use the dist-spec's naming

	* Fix off-by-one error in GetBlobUpload()'s http response "Range" header

	* DeleteManifest() success status code is 202

	* Fix PatchBlobUpload() to account for "streamed" use case
	  where neither "Content-Length" nor "Content-Range" headers are set

pkg/storage/storage.go:
	* Add a "streamed" version of PutBlobChunk() called PutBlobChunkStreamed()

pkg/compliance/v1_0_0/check.go:
	* fix unit tests to account for changed response status codes
2020-01-16 11:28:23 -08:00
Tycho Andersen
92d8f7c866
Merge pull request #59 from rchincha/ldap
authN: first try local htpasswd then LDAP
2020-01-15 09:57:46 -08:00
Ramkumar Chinchani
d64a3e33cc authN: first try local htpasswd then LDAP
We are noticing that LDAP connectivity issues and timeouts can affect
authN behavior from client side (which can timeout as well).

Instead, put local authN first so at least we have a reliable authN
method.

But, the caveat is that it is best if the local and LDAP user list
doesn't overlap.
2020-01-15 09:37:17 -08:00
Tycho Andersen
17ac1be723
Merge pull request #57 from rchincha/500-status
go.mod: update json-iterator
2020-01-08 10:41:46 -07:00
Ravi Chamarthy
1f8bf8dbd0
Merge pull request #58 from rchincha/compl
README: update compliance test results
2020-01-07 16:21:02 -08:00
Ramkumar Chinchani
5f71b764fc go.mod: update json-iterator
older versions of json-iterator appear to have an issue with maps.

We are most certainly hitting this panic with maps.
https://github.com/anuvu/zot/blob/master/pkg/api/routes.go#L898

On the json-iterator/go side,
   json-iterator/go@acfec88
   json-iterator/go#388
2020-01-07 14:04:01 -08:00
Ramkumar Chinchani
488ff24aef README: update compliance test results
Documented results/notes for zot and docker.
Setting up quay is proving a little harder, will append once available.
2020-01-07 13:14:10 -08:00
Ravi Chamarthy
250118269c
Merge pull request #56 from rchincha/500-status
routes: add more logs
2020-01-06 23:55:18 -08:00
Ramkumar Chinchani
31b30d858b routes: add more logs
There still appears to be another path where we are seeing 500s.
Adding more logs to catch this path.
2020-01-06 22:51:42 -08:00
Ravi Chamarthy
2b9d29c9a2
Merge pull request #55 from rchincha/500-status 2020-01-05 23:45:33 -08:00
Ramkumar Chinchani
8bbf892480 routes: be more paranoid
once we have an non-EOF error in this path, not clear if we can really
recover.
2020-01-05 23:21:27 -08:00
Ravi Chamarthy
d5d6928341
Merge pull request #54 from rchincha/compl 2020-01-04 19:16:57 -08:00
Ravi Chamarthy
70dc6b1722
Merge pull request #53 from rchincha/500-status 2020-01-04 19:14:23 -08:00
Ramkumar Chinchani
87bad57345 compliance: "Location" header can be absolute or relative
Pls. see: https://github.com/opencontainers/distribution-spec/issues/79
2020-01-04 19:05:39 -08:00
Ramkumar Chinchani
2eb4455df7 routes: improve error handling when returning blob data
We have noticed that very intermittently zot returns a 500 when copying
blob data. This is likely happening due to a io.ErrShortWrite
2020-01-04 18:39:21 -08:00
Serge Hallyn
915c994c6c
Merge pull request #52 from rchincha/compl
Compliance cleanup
2019-12-26 21:19:58 -06:00