0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-13 22:50:38 -05:00
zot/pkg/cli/discover.go
Andrei Aaron 1d9c88c313
fix(cli): do not show signatures and fix tls verification client side (#904)
Issues fixed:
- the cli calls reaching out to the catalog endpoint used to request signature manifests
- resty was used instead of the cli http client to check if the discovery api was available
but it did not take into account TLS verification configuration
(testing locally withself-signed certificates did not work)

(cherry picked from commit ca42031ae9b1ceb459f5cd4f86cb82b3c9f78157)
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-22 23:44:20 -07:00

100 lines
2.2 KiB
Go

//go:build search
// +build search
package cli
import (
"context"
"fmt"
distext "github.com/opencontainers/distribution-spec/specs-go/v1/extensions"
"zotregistry.io/zot/pkg/api/constants"
)
type field struct {
Name string `json:"name"`
}
type schemaList struct {
Data struct {
Schema struct {
QueryType struct {
Fields []field `json:"fields"`
} `json:"queryType"` //nolint:tagliatelle // graphQL schema
} `json:"__schema"` //nolint:tagliatelle // graphQL schema
} `json:"data"`
Errors []errorGraphQL `json:"errors"`
}
func containsGQLQuery(queryList []field, query string) bool {
for _, q := range queryList {
if q.Name == query {
return true
}
}
return false
}
func checkExtEndPoint(config searchConfig) bool {
username, password := getUsernameAndPassword(*config.user)
ctx := context.Background()
discoverEndPoint, err := combineServerAndEndpointURL(*config.servURL, fmt.Sprintf("%s%s",
constants.RoutePrefix, constants.ExtOciDiscoverPrefix))
if err != nil {
return false
}
discoverResponse := &distext.ExtensionList{}
_, err = makeGETRequest(ctx, discoverEndPoint, username, password, *config.verifyTLS,
*config.debug, &discoverResponse, config.resultWriter)
if err != nil {
return false
}
searchEnabled := false
for _, extension := range discoverResponse.Extensions {
if extension.Name == "_zot" {
for _, endpoint := range extension.Endpoints {
if endpoint == constants.FullSearchPrefix {
searchEnabled = true
}
}
}
}
if !searchEnabled {
return false
}
searchEndPoint, _ := combineServerAndEndpointURL(*config.servURL, constants.FullSearchPrefix)
query := `
{
__schema() {
queryType {
fields {
name
}
}
}
}`
queryResponse := &schemaList{}
err = makeGraphQLRequest(ctx, searchEndPoint, query, username, password, *config.verifyTLS,
*config.debug, queryResponse, config.resultWriter)
if err != nil {
return false
}
if err = checkResultGraphQLQuery(ctx, err, queryResponse.Errors); err != nil {
return false
}
return containsGQLQuery(queryResponse.Data.Schema.QueryType.Fields, "ImageList")
}