0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-20 22:52:51 -05:00
zot/swagger/swagger.yaml
Andreea Lupu 41b05c60dd
feat: upload certificates and public keys for verifying signatures (#1485)
In order to verify signatures, users could upload their certificates and public keys using these routes:
	-> for public keys:
		/v2/_zot/ext/mgmt?resource=signatures&tool=cosign
	-> for certificates:
		/v2/_zot/ext/mgmt?resource=signatures&tool=notation&truststoreType=ca&truststoreName=name
Then the public keys will be stored under $rootdir/_cosign and the certificates will be stored under
$rootdir/_notation/truststore/x509/$truststoreType/$truststoreName.
Also, for notation case, the "truststores" field of $rootir/_notation/trustpolicy.json file will be
updated with a new entry "$truststoreType:$truststoreName".
Also based on the uploaded files, the information about the signatures validity will be updated
periodically.

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-07-06 14:57:59 +03:00

858 lines
22 KiB
YAML

definitions:
api.ExtensionList:
properties:
extensions:
items:
$ref: '#/definitions/extensions.Extension'
type: array
type: object
api.ImageIndex:
properties:
annotations:
additionalProperties:
type: string
description: Annotations contains arbitrary metadata for the image index.
type: object
manifests:
description: Manifests references platform specific manifests.
items:
$ref: '#/definitions/github_com_opencontainers_image-spec_specs-go_v1.Descriptor'
type: array
mediaType:
description: MediaType specifies the type of this document data structure
e.g. `application/vnd.oci.image.index.v1+json`
type: string
schemaVersion:
description: SchemaVersion is the image manifest schema that this image follows
type: integer
type: object
api.ImageManifest:
properties:
annotations:
additionalProperties:
type: string
description: Annotations contains arbitrary metadata for the image manifest.
type: object
artifactType:
description: ArtifactType specifies the IANA media type of artifact when the
manifest is used for an artifact.
type: string
config:
allOf:
- $ref: '#/definitions/github_com_opencontainers_image-spec_specs-go_v1.Descriptor'
description: |-
Config references a configuration object for a container, by digest.
The referenced configuration object is a JSON blob that the runtime uses to set up the container.
layers:
description: Layers is an indexed list of layers referenced by the manifest.
items:
$ref: '#/definitions/github_com_opencontainers_image-spec_specs-go_v1.Descriptor'
type: array
mediaType:
description: MediaType specifies the type of this document data structure
e.g. `application/vnd.oci.image.manifest.v1+json`
type: string
schemaVersion:
description: SchemaVersion is the image manifest schema that this image follows
type: integer
subject:
allOf:
- $ref: '#/definitions/github_com_opencontainers_image-spec_specs-go_v1.Descriptor'
description: Subject is an optional link from the image manifest to another
manifest forming an association between the image manifest and the other
manifest.
type: object
api.ImageTags:
properties:
name:
type: string
tags:
items:
type: string
type: array
type: object
api.RepositoryList:
properties:
repositories:
items:
type: string
type: array
type: object
extensions.Auth:
properties:
bearer:
$ref: '#/definitions/extensions.BearerConfig'
htpasswd:
$ref: '#/definitions/extensions.HTPasswd'
ldap:
properties:
address:
type: string
type: object
type: object
extensions.BearerConfig:
properties:
realm:
type: string
service:
type: string
type: object
extensions.Extension:
properties:
description:
type: string
endpoints:
items:
type: string
type: array
name:
type: string
url:
type: string
type: object
extensions.HTPasswd:
properties:
path:
type: string
type: object
extensions.StrippedConfig:
properties:
binaryType:
type: string
distSpecVersion:
type: string
http:
properties:
auth:
$ref: '#/definitions/extensions.Auth'
type: object
type: object
github_com_opencontainers_image-spec_specs-go_v1.Descriptor:
properties:
annotations:
additionalProperties:
type: string
description: Annotations contains arbitrary metadata relating to the targeted
content.
type: object
artifactType:
description: ArtifactType is the IANA media type of this artifact.
type: string
data:
description: |-
Data is an embedding of the targeted content. This is encoded as a base64
string when marshalled to JSON (automatically, by encoding/json). If
present, Data can be used directly to avoid fetching the targeted content.
items:
type: integer
type: array
digest:
description: Digest is the digest of the targeted content.
type: string
mediaType:
description: MediaType is the media type of the object this schema refers
to.
type: string
platform:
allOf:
- $ref: '#/definitions/github_com_opencontainers_image-spec_specs-go_v1.Platform'
description: |-
Platform describes the platform which the image in the manifest runs on.
This should only be used when referring to a manifest.
size:
description: Size specifies the size in bytes of the blob.
type: integer
urls:
description: URLs specifies a list of URLs from which this object MAY be downloaded
items:
type: string
type: array
type: object
github_com_opencontainers_image-spec_specs-go_v1.Platform:
properties:
architecture:
description: |-
Architecture field specifies the CPU architecture, for example
`amd64` or `ppc64le`.
type: string
os:
description: OS specifies the operating system, for example `linux` or `windows`.
type: string
os.features:
description: |-
OSFeatures is an optional field specifying an array of strings,
each listing a required OS feature (for example on Windows `win32k`).
items:
type: string
type: array
os.version:
description: |-
OSVersion is an optional field specifying the operating system
version, for example on Windows `10.0.14393.1066`.
type: string
variant:
description: |-
Variant is an optional field specifying a variant of the CPU, for
example `v7` to specify ARMv7 when architecture is `arm`.
type: string
type: object
info:
contact: {}
description: APIs for Open Container Initiative Distribution Specification
license:
name: Apache 2.0
url: http://www.apache.org/licenses/LICENSE-2.0.html
title: Open Container Initiative Distribution Specification
version: v1.1.0-dev
paths:
/oras/artifacts/v1/{name}/manifests/{digest}/referrers:
get:
consumes:
- application/json
description: Get references for an image given a digest and artifact type
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: image digest
in: path
name: digest
required: true
type: string
- description: artifact type
in: query
name: artifactType
required: true
type: string
produces:
- application/json
responses:
"200":
description: ok
schema:
type: string
"404":
description: not found
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Get references for an image
/v2/:
get:
consumes:
- application/json
description: Check if this API version is supported
produces:
- application/json
responses:
"200":
description: ok".
schema:
type: string
summary: Check API support
/v2/_catalog:
get:
consumes:
- application/json
description: List all image repositories
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/api.RepositoryList'
"500":
description: internal server error
schema:
type: string
summary: List image repositories
/v2/_oci/ext/discover:
get:
consumes:
- application/json
description: List all extensions present on registry
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/api.ExtensionList'
summary: List Registry level extensions
/v2/_zot/ext/mgmt:
get:
consumes:
- application/json
description: Get current server configuration
parameters:
- description: specify resource
enum:
- config
in: query
name: resource
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/extensions.StrippedConfig'
"500":
description: internal server error".
schema:
type: string
summary: Get current server configuration
post:
consumes:
- application/octet-stream
description: Upload certificates and public keys for verifying signatures
parameters:
- description: specify resource
enum:
- signatures
in: query
name: resource
required: true
type: string
- description: specify signing tool
enum:
- cosign
- notation
in: query
name: tool
required: true
type: string
- description: truststore type
in: query
name: truststoreType
type: string
- description: truststore name
in: query
name: truststoreName
type: string
- description: Public key or Certificate content
in: body
name: requestBody
required: true
schema:
type: string
produces:
- application/json
responses:
"200":
description: ok
schema:
type: string
"400":
description: bad request".
schema:
type: string
"500":
description: internal server error".
schema:
type: string
summary: Upload certificates and public keys for verifying signatures
/v2/_zot/ext/userprefs:
put:
consumes:
- application/json
description: Add bookmarks/stars info
parameters:
- description: specify action
enum:
- toggleBookmark
- toggleStar
in: query
name: action
required: true
type: string
- description: repository name
in: query
name: repo
required: true
type: string
produces:
- application/json
responses:
"200":
description: ok
schema:
type: string
"400":
description: bad request".
schema:
type: string
"403":
description: forbidden
schema:
type: string
"404":
description: not found
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Add bookmarks/stars info
/v2/{name}/blobs/{digest}:
delete:
consumes:
- application/json
description: Delete an image's blob/layer given a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: blob/layer digest
in: path
name: digest
required: true
type: string
produces:
- application/json
responses:
"202":
description: accepted
schema:
type: string
summary: Delete image blob/layer
get:
consumes:
- application/json
description: Get an image's blob/layer given a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: blob/layer digest
in: path
name: digest
required: true
type: string
produces:
- application/vnd.oci.image.layer.v1.tar+gzip
responses:
"200":
description: OK
schema:
$ref: '#/definitions/api.ImageManifest'
summary: Get image blob/layer
head:
consumes:
- application/json
description: Check an image's blob/layer given a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: blob/layer digest
in: path
name: digest
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
headers:
constants.DistContentDigestKey:
type: object
schema:
$ref: '#/definitions/api.ImageManifest'
summary: Check image blob/layer
/v2/{name}/blobs/uploads:
post:
consumes:
- application/json
description: Create a new image blob/layer upload
parameters:
- description: repository name
in: path
name: name
required: true
type: string
produces:
- application/json
responses:
"202":
description: accepted
headers:
Location:
description: /v2/{name}/blobs/uploads/{session_id}
type: string
Range:
description: 0-0
type: string
schema:
type: string
"404":
description: not found
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Create image blob/layer upload
/v2/{name}/blobs/uploads/{session_id}:
delete:
consumes:
- application/json
description: Delete an image's blob/layer given a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: upload session_id
in: path
name: session_id
required: true
type: string
produces:
- application/json
responses:
"200":
description: ok
schema:
type: string
"404":
description: not found
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Delete image blob/layer
get:
consumes:
- application/json
description: Get an image's blob/layer upload given a session_id
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: upload session_id
in: path
name: session_id
required: true
type: string
produces:
- application/json
responses:
"204":
description: no content
schema:
type: string
"404":
description: not found
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Get image blob/layer upload
patch:
consumes:
- application/json
description: Resume an image's blob/layer upload given an session_id
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: upload session_id
in: path
name: session_id
required: true
type: string
produces:
- application/json
responses:
"202":
description: accepted
headers:
Location:
description: /v2/{name}/blobs/uploads/{session_id}
type: string
Range:
description: 0-128
type: string
schema:
type: string
"400":
description: bad request
schema:
type: string
"404":
description: not found
schema:
type: string
"416":
description: range not satisfiable
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Resume image blob/layer upload
put:
consumes:
- application/json
description: Update and finish an image's blob/layer upload given a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: upload session_id
in: path
name: session_id
required: true
type: string
- description: blob/layer digest
in: query
name: digest
required: true
type: string
produces:
- application/json
responses:
"201":
description: created
schema:
type: string
"404":
description: not found
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Update image blob/layer upload
/v2/{name}/manifests/{reference}:
delete:
consumes:
- application/json
description: Delete an image's manifest given a reference or a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: image reference or digest
in: path
name: reference
required: true
type: string
produces:
- application/json
responses:
"200":
description: ok
schema:
type: string
summary: Delete image manifest
get:
consumes:
- application/json
description: Get an image's manifest given a reference or a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: image reference or digest
in: path
name: reference
required: true
type: string
produces:
- application/vnd.oci.image.manifest.v1+json
responses:
"200":
description: OK
headers:
constants.DistContentDigestKey:
type: object
schema:
$ref: '#/definitions/api.ImageManifest'
"404":
description: not found
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Get image manifest
head:
consumes:
- application/json
description: Check an image's manifest given a reference or a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: image reference or digest
in: path
name: reference
required: true
type: string
produces:
- application/json
responses:
"200":
description: ok
headers:
cosntants.DistContentDigestKey:
type: object
schema:
type: string
"404":
description: not found
schema:
type: string
"500":
description: internal server error".
schema:
type: string
summary: Check image manifest
put:
consumes:
- application/json
description: Update an image's manifest given a reference or a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: image reference or digest
in: path
name: reference
required: true
type: string
produces:
- application/json
responses:
"201":
description: created
schema:
type: string
"400":
description: bad request
schema:
type: string
"404":
description: not found
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Update image manifest
/v2/{name}/referrers/{digest}:
get:
consumes:
- application/json
description: Get referrers given a digest
parameters:
- description: repository name
in: path
name: name
required: true
type: string
- description: digest
in: path
name: digest
required: true
type: string
- description: artifact type
in: query
name: artifactType
type: string
produces:
- application/vnd.oci.image.index.v1+json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/api.ImageIndex'
"404":
description: not found
schema:
type: string
"500":
description: internal server error
schema:
type: string
summary: Get referrers for a given digest
/v2/{name}/tags/list:
get:
consumes:
- application/json
description: List all image tags in a repository
parameters:
- description: test
in: path
name: name
required: true
type: string
- description: limit entries for pagination
in: query
name: "n"
required: true
type: integer
- description: last tag value for pagination
in: query
name: last
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/api.ImageTags'
"400":
description: bad request".
schema:
type: string
"404":
description: not found
schema:
type: string
summary: List image tags
swagger: "2.0"