mirror of
https://github.com/project-zot/zot.git
synced 2024-12-16 21:56:37 -05:00
77149aa85c
BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below BREAKING CHANGE: The API keys endpoint has been moved - see details below BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey mgmt and imagetrust extensions: - separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign - signature verification logic is in a separate `imagetrust` extension - better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors) - add authz on signature uploads (and add a new middleware in common for this purpose) - remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled userprefs estension: - userprefs are enabled if both search and ui extensions are enabled (as opposed to just search) apikey extension is removed and logic moved into the api folder - Move apikeys code out of pkg/extensions and into pkg/api - Remove apikey configuration options from the extensions configuration and move it inside the http auth section - remove the build label apikeys other changes: - move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files. - add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys - add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions - more clear methods for verifying specific extensions are enabled - fix http methods paired with the UI handlers - rebuild swagger docs Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
42 lines
1.1 KiB
Markdown
42 lines
1.1 KiB
Markdown
# `mgmt`
|
|
|
|
`mgmt` component provides an endpoint for configuration management
|
|
|
|
Response depends on the user privileges:
|
|
- unauthenticated and authenticated users will get a stripped config
|
|
- admins will get full configuration with passwords hidden (not implemented yet)
|
|
|
|
|
|
| Supported queries | Input | Output | Description |
|
|
| --- | --- | --- | --- |
|
|
| [Get current configuration](#get-current-configuration) | None | config json | Get current zot configuration |
|
|
|
|
## Get current configuration
|
|
|
|
**Sample request**
|
|
|
|
```bash
|
|
curl http://localhost:8080/v2/_zot/ext/mgmt | jq
|
|
```
|
|
|
|
**Sample response**
|
|
|
|
```json
|
|
{
|
|
"distSpecVersion": "1.1.0-dev",
|
|
"binaryType": "-sync-search-scrub-metrics-lint-ui-mgmt",
|
|
"http": {
|
|
"auth": {
|
|
"htpasswd": {},
|
|
"bearer": {
|
|
"realm": "https://auth.myreg.io/auth/token",
|
|
"service": "myauth"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
If ldap or htpasswd are enabled mgmt will return `{"htpasswd": {}}` indicating that clients can authenticate with basic auth credentials.
|
|
|
|
If any key is present under `'auth'` key, in the mgmt response, it means that particular authentication method is enabled.
|