Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-06 22:40:28 -05:00
Code Issues Activity
1010 commits 5 branches 109 tags 209 MiB
Commit graph

137 commits

Author SHA1 Message Date
peusebiu
79783b4b06
feat(sync): skip already synced images in sync ondemand (#1234) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2023-03-07 09:58:42 -08:00
LaurentiuNiculae
d62c09e2cc
feat(repodb): Multiarch Image support (#1147) 
* feat(repodb): index logic + tests

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

* feat(cli): printing indexes support using the rest api

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

---------

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
 2023-02-27 11:23:18 -08:00
Bogdan Bivolaru
7c3bf86a6b
refactor: Centralise extensions config entries (#1177) 
Except for registry sync config

Signed-off-by: Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com>
 2023-02-15 22:20:28 -08:00
peusebiu
4aa0106b0a
feat(scheduler): use an worker pool for scheduler (#1146) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2023-02-15 11:36:50 -08:00
Andreea Lupu
ee95ab0ffc
fix: call notation-go libs instead of using notation binary (#1104) 
fix: add loading notation path

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
Co-authored-by: Roxana Nemulescu <roxana.nemulescu@gmail.com>
 2023-02-13 10:43:52 -08:00
Andrei Aaron
d12836e69c
refactor(cve): improve CVE test time by mocking trivy (#1184) 
- refactor(cve): remove the global of type cveinfo.CveInfo from the extensions package
  Replace it with an attribute on controller level
- refactor(controller): extract initialization logic from controller.Run()
- test(cve): mock cve scanner in cli tests

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2023-02-09 21:04:52 -08:00
Nicol
ba3f6f7492
fix(test): update the zot tests not to use test/data as rootDir (use a temporary folder instead) (#1162) 
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
 2023-02-02 11:39:03 -08:00
Lisca Ana-Roberta
976ccfcf0d
fix: removed references to old dist-spec (#1128) 
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>
 2023-01-31 09:35:33 -08:00
Ramkumar Chinchani
e2c7a3c5ba
fix(referrers): fix some conformance issues (#1134) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2023-01-26 10:13:12 -08:00
Nicol
70a60b4660
refactor: Cleanup/simplify testcases in /pkg/extensions (#1116) 
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

fix: Increase coverage when copying files

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
 2023-01-19 08:54:05 -08:00
Lisca Ana-Roberta
14238d4a8d
fix: removed resty calls from sync (#1016) 
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>
 2022-12-22 10:19:42 -08:00
peusebiu
50bdc2f402
fix(sync): also add docker v2 mediatype as supported in sync (#1084) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-12-22 09:23:49 -08:00
peusebiu
7103953777
fix(sync): fix sync on demand with docker library (#1065) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-12-16 09:33:46 -08:00
peusebiu
024b13efe6
fix(sync): syncing OCI artifacts with distribution package fails (#1013) 
sync OCI artifacts using REST APIs

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-12-09 11:38:00 -08:00
Catalin-George Hofnar
31b9481713
feat(cache): dynamodb implementation (#953) 
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-11-22 10:29:57 -08:00
peusebiu
49c3d05706
fix(storage): sanitize storage locks (#1003) 
removed all locks from common code
removed locks from GetBlobContent

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-11-22 10:13:08 -08:00
peusebiu
168d21da1e
fix(storage): deleting manifests with identical digests (#951) 
Suppose we push two identical manifests (sharing same digest) but with
different tags, then deleting by digest should throw an error otherwise
we end up deleting all image tags (with gc) or dangling references
(without gc)

This behaviour is controlled via Authorization, added a new policy
action named detectManifestsCollision which enables this behaviour

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>

Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-11-18 09:35:28 -08:00
peusebiu
e96c80c344
feat(sync,s3): added s3 logic for ORAS and OCI artifacts (#985) 
added sync logic for OCI artifacts

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-11-14 22:21:49 -08:00
Ramkumar Chinchani
c0f93caacb
feat(artifact): add OCI references support (#936) 
Thanks @jdolitsky et al for kicking off these changes at:
https://github.com/oci-playground/zot/commits/main

Thanks @sudo-bmitch for reviewing the patch

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-11-08 00:38:16 -08:00
Catalin-George Hofnar
4170d2adbc
refactor(cache): rewrote/refactored cachedb functionality to use interface (#667) 
Moved boltdb to a driver implementation for such interface
Added CreateCacheDatabaseDriver in controller
Fixed default directory creation (boltDB will only create the file, not the dir
Added coverage tests
Added example config for boltdb
Re-added caching on subpaths, rewrote CreateCacheDatabaseDriver
Fix tests
Made cacheDriver argument mandatory for NewImageStore, added more validation, added defaults
Moved cache interface to own file, removed useRelPaths from config
Got rid of cache config, refactored
Moved cache to own package and folder
Renamed + removed cache factory to backend, replaced CloudCache to RemoteCache
Moved storage constants back to storage package
moved cache interface and factory to storage package, changed remoteCache defaulting

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-11-02 15:53:08 -07:00
peusebiu
2d877aaea1
fix(sync): also sync on demand digests, not only tags, closes #902 (#932) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-10-27 09:39:59 -07:00
Andrei Aaron
ac6c6a844c
refactor(digests): standardise representation of digests to digest.Digest (#898) 
- Digests were represented by different ways
  - We needed a uniform way to represent the digests and enforce a format
  - also replace usage of github.com/google/go-containerregistry/pkg/v1
    with github.com/opencontainers/image-spec/specs-go/v1

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
(cherry picked from commit 96b2f29d6d57070a913ce419149cd481c0723815)
(cherry picked from commit 3d41b583daea654c98378ce3dcb78937d71538e8)

Co-authored-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
 2022-10-22 13:46:13 -07:00
peusebiu
5f99f9a445
fix(sync): fixed broken logic to get tags for repo (#900) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-10-22 00:26:14 -07:00
Ramkumar Chinchani
763287873e
fix(config): make all extension config consistent (#888) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-10-21 15:33:54 +03:00
Andrei Aaron
38b00e3507
chore(lint): gci to separate zot from other imports (#870) 
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
 2022-10-20 09:39:20 -07:00
peusebiu
3c0c51fcbe
fix(sync): also sync image index mediatype (#847) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-10-06 09:41:16 -07:00
peusebiu
c146448f01
fix(sync): revert code which removed image destination feature (#840) 
Added an end to end test for this feature, closes #793

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-10-05 11:03:24 -07:00
Nicol
33a431ef43
Update go version to 1.19 (#829) 
* ci: Update go version to 1.19

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Fix lint issues

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Added needprivileges to lint, made needprivileges pass lint

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-10-05 13:21:14 +03:00
peusebiu
8237f8d20a
storage: Move common code in helper functions, closes #730 (#820) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-09-30 10:35:16 -07:00
LaurentiuNiculae
885f139e0e
Remove forking logger (#825) 
- no longer needed, the race conditions were fixed

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
 2022-09-29 13:28:39 -07:00
slab713
8ffb053cec
Replaced deprecated io/ioutil functions (#768) 
Signed-off-by: slab713 <109306207+slab713@users.noreply.github.com>
 2022-09-02 15:56:02 +03:00
Shivam Mishra
6c293719e3 storage: different subpaths can point to same root directory 
currently different subpaths can only point to same root directory only
when one or both of the storage config does not enable dedupe

different subpath should be able to point to same root directory and in
that case their storage config should be same i.e GC,Dedupe, GC delay
and GC interval

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-08-31 15:43:43 -07:00
Roxana Nemulescu
3bccea7aa2 oras fix: 
newer version of oras: https://github.com/oras-project/oras/releases/tag/v0.14.0
	rename the --manifest-config to --config for push command

Signed-off-by: Roxana Nemulescu <roxana.nemulescu@gmail.com>
 2022-08-30 21:39:16 +03:00
Ramkumar Chinchani
2ff8e8b7d2 fix dependabot alerts 
https://github.com/project-zot/zot/pull/737
https://github.com/project-zot/zot/pull/738
https://github.com/project-zot/zot/pull/739
https://github.com/project-zot/zot/pull/740

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-08-23 09:38:30 -07:00
Andrei Aaron
bd9ad998cd Fix file handlers not being closed after calls to ImageStore.GetBlob 
This is to fixes hitting the FD limit when reading blobs from the disk in the graphql API

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
 2022-08-19 09:22:13 -07:00
Ramkumar Chinchani
4b8e288cd3 fix dependabot alerts 
https://github.com/project-zot/zot/pull/712
https://github.com/project-zot/zot/pull/714

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-08-13 00:02:36 -07:00
Nicol Draghici
a702a2377e Remove AllowReadOnly and ReadOnly 
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Remove check and set header every time

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
 2022-08-10 14:27:21 -07:00
Lisca Ana-Roberta
87fc941b3c image level lint: enforce manifest mandatory annotations 
closes #536

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
 2022-07-27 11:48:04 +03:00
Petu Eusebiu
01d742718f ci/cd: fix oras cli flags after it got updated 
installing notation and oras not needed anymore

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-07-12 10:02:51 -07:00
Petu Eusebiu
7954add73a Fix data races in tests closes #599, closes #598 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-06-30 13:33:47 -07:00
Alex Stan
ada21ed842 Manage builds with different combinations of extensions 
Files were added to be built whether an extension is on or off.
New build tags were added for each extension, while minimal and extended disappeared.

added custom binary naming depending on extensions used and changed references from binary to binary-extended

added automated blackbox tests for sync, search, scrub, metrics

added contributor guidelines

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
 2022-06-30 09:53:52 -07:00
Ramkumar Chinchani
eed48c1715 refactor filenames to reflect functionality 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-06-21 21:42:54 -07:00
Catalin Hofnar
a8a65a6c37 Modified sync log calls to include error type (#336) 
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-06-15 09:45:49 -07:00
Catalin Hofnar
0b6fdc23ea Added sync onDemand test for ORAS artifact 
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-06-06 10:38:42 -07:00
Ramkumar Chinchani
6b841809e3 fix CVE-2022-29173/GHSA-66x3-6cw3-v5gj 
https://github.com/project-zot/zot/security/dependabot/16

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-25 11:34:24 -07:00
Petu Eusebiu
da4acaf178 sync: preserve upstream digests after syncing images 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-25 10:19:36 -07:00
Petu Eusebiu
bd730150a8 sync: allow HTTP redirects when GETing signatures blobs 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-25 10:19:36 -07:00
Petu Eusebiu
aeb8a5da39 sync: specify contentType in headers when GETing cosign manifest 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-25 10:19:36 -07:00
Shivam Mishra
36c9631000 ext: use distribution spec route prefix for extension api 
Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-05-22 16:35:16 -07:00
Catalin Hofnar
20a60cbad4 Enhance sync logic - stop blob redownloads and re-pushes (#479 #480) 
Changed imagesToCopyFromUpstream to return a map[string][]types.ImageReference from just an array of refs
Rewrote some logic in sync.go to use the new signature of imagesToCopyFromUpstream
Split getLocalImageRef by adding function getLocalCachePath
Adapted tests for new changes, added some tests
Merged #481

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-05-16 10:05:01 -07:00
Alex Stan
d325c8b5f4 Fix problems signaled by new linter version v1.45.2 
PR (linter: upgrade linter version #405) triggered lint job which failed
with many errors generated by various linters. Configurations were added to
golangcilint.yaml and several refactorings were made in order to improve the
results of the linter.

maintidx linter disabled

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
 2022-04-27 09:55:44 -07:00
Petu Eusebiu
89c5f4f604 sync: fix functions which compare signatures 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-04-15 10:31:37 -07:00
Petu Eusebiu
4e20ab8a5d go.mod: update dependencies 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-04-15 10:31:37 -07:00
Petu Eusebiu
03dd558ec6 sync: fix inconsistent test 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-31 09:19:07 -07:00
Petu Eusebiu
be910cf01c lint: Move out config reloader context from controller struct 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-24 10:50:01 -07:00
Petu Eusebiu
353b0c6034 Move api constants in separate 'constants' package to avoid circular imports 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-24 10:50:01 -07:00
Petu Eusebiu
f53dc9eb8d sync: Add a new flag to enforce syncing only signed images, closes #455 
sync: When checking if a image is already synced also check for changes in upstream signatures.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-24 10:50:01 -07:00
laurentiuNiculae
0d148e1d6b new config option for sync-destination 
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-03-21 08:12:34 -07:00
Petu Eusebiu
6d04ab3cdc sync: support reloading sync config when the config file changes 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-18 11:24:11 -07:00
Eng Zer Jun
0d77b60de7 test: use T.TempDir to create temporary test directory 
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-03-07 12:28:49 -08:00
Ramkumar Chinchani
95e4b2054b upgrade module deps 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-04 13:10:58 -08:00
Ramkumar Chinchani
8db3e1b192 CVE-2022-23649: fix dependabot alert 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-02 12:01:14 -08:00
Petu Eusebiu
45968e0bb7 sync: fix inconsistent test, used inject error fw for hard to reach test cases 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-01 09:56:27 -08:00
Ramkumar Chinchani
38a110314b gc: add a gcDelay param 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-14 14:03:22 -08:00
Petu Eusebiu
35eeedb22a sync: pull only missing images, not everything, closes #335 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-02-14 08:09:18 -08:00
Alexei Dodon
47c9b6244e Added config enable=true/false for extensions with default value as enabled closes #258 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2022-02-09 09:53:49 -08:00
Ramkumar Chinchani
d2aa016cdb storage: flush/sync contents to disk on file close 
Behavior controlled by configuration (default=off)
It is a trade-off between performance and consistency.

References:
[1] https://github.com/golang/go/issues/20599

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-07 12:08:01 -08:00
Petu Eusebiu
f89925fb27 sync: periodically retry if on-demand fails inline, closes #281 
sync: don't return error on sync signatures, just skip them, closes #375
sync: sync signatures on demand
sync on demand: in case of parallel requests pull image just once, closes #344

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-02-07 09:04:13 -08:00
Ramkumar Chinchani
87084f286b storage: improve/fix oci image validation 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-02 13:31:41 -08:00
Petu Eusebiu
a0e65379c8 sync: for a prefix, allow multiple registries as a list instead of only one, closes #343 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-02-01 09:45:09 -08:00
Petu Eusebiu
b9250a783a Use InsecureSkipVerify only with https upstreams 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-01-29 20:00:27 -08:00
Petu Eusebiu
89b143805e Remove sync http handler, not needed anymore since added sync on demand 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-01-25 09:18:23 -08:00
Petu Eusebiu
1109bb4dde sync: Added support for syncing notary/cosign signatures, closes #261 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-01-13 08:45:59 -08:00
Ramkumar Chinchani
ac3801ea2d lint: upgrade golangci-lint 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-20 17:20:35 -08:00
Petu Eusebiu
5f04092e71 Fix negative WaitGroup counter at runtime 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-12-17 16:52:34 -08:00
Petu Eusebiu
c86f44cc53 Disable sync periodically polling when pollInterval is not configured 
Filtering out sync on demand images based on content configuration

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-12-14 08:59:50 -08:00
Petu Eusebiu
627cb97ef1 Add wait group for graceful shutdown, closes #302 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-12-08 10:04:52 -08:00
Petu Eusebiu
63a75216ed sync: allow for saving to a subpath, closes #307 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-12-07 10:13:20 -08:00
Ramkumar Chinchani
96226af869 move references to zotregistry.io and project-zot 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-05 10:52:27 -08:00
Petu Eusebiu
fff6107310 Sync prefix can be an exact match or a glob pattern, closes #297 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-29 13:10:13 -08:00
Petu Eusebiu
f0ef10fa50 sync: cleanup the orphaned private download dir on failure, closes 282 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-25 10:31:45 -08:00
Petu Eusebiu
7ada50e9c8 sync: skip tls verify on /v2/_catalog when a registry is configured with tls-verify false 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-25 10:31:45 -08:00
Alexei Dodon
e900b09cfb Fix data races in tests, closes #255 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2021-11-17 13:23:59 -08:00
Petu Eusebiu
5c07e19c8d Changed sync behaviour, it used to copy images over http interface 
now it copies to a local cache and then it copies over storage APIs

- accept all images with or without signatures
- disable sync writing to stdout
- added more logs
- fixed switch statement in routes
- fixed enabling sync multiple times for storage subpaths

closes #266

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-15 09:32:43 -08:00
Alexei Dodon
8e4d828867 Implement an API for performance monitoring 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2021-11-12 11:14:10 -08:00
Petu Eusebiu
f7ae491d22 Fix data race in sync tests 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-10-25 10:50:05 -07:00
Petu Eusebiu
19003e8a71 Added new extension "sync" 
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-10-21 10:32:46 -07:00