Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Code Issues Activity
zot/pkg/extensions/README_mgmt.md
Andrei Aaron 77149aa85c
refactor(extensions)!: refactor the extensions URLs and errors (#1636) 
BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below
BREAKING CHANGE: The API keys endpoint has been moved -  see details below
BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled
BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey

mgmt and imagetrust extensions:
- separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign
- signature verification logic is in a separate `imagetrust` extension
- better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors)
- add authz on signature uploads (and add a new middleware in common for this purpose)
- remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled

userprefs estension:
- userprefs are enabled if both search and ui extensions are enabled (as opposed to just search)

apikey extension is removed and logic moved into the api folder
- Move apikeys code out of pkg/extensions and into pkg/api
- Remove apikey configuration options from the extensions configuration and move it inside the http auth section
- remove the build label apikeys

other changes:
- move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files.
- add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys
- add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions
- more clear methods for verifying specific extensions are enabled
- fix http methods paired with the UI handlers
- rebuild swagger docs

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-02 21:58:34 +03:00

1.1 KiB
Raw Blame History

mgmt

mgmt component provides an endpoint for configuration management

Response depends on the user privileges:

  • unauthenticated and authenticated users will get a stripped config
  • admins will get full configuration with passwords hidden (not implemented yet)
Supported queries Input Output Description
Get current configuration None config json Get current zot configuration

Get current configuration

Sample request

curl http://localhost:8080/v2/_zot/ext/mgmt | jq

Sample response

{
  "distSpecVersion": "1.1.0-dev",
  "binaryType": "-sync-search-scrub-metrics-lint-ui-mgmt",
  "http": {
    "auth": {
      "htpasswd": {},
      "bearer": {
        "realm": "https://auth.myreg.io/auth/token",
        "service": "myauth"
      }
    }
  }
}

If ldap or htpasswd are enabled mgmt will return {"htpasswd": {}} indicating that clients can authenticate with basic auth credentials.

If any key is present under 'auth' key, in the mgmt response, it means that particular authentication method is enabled.