github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 20:38:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(config): warn if cve is used with remote storage driver (#1034)

Browse Source 
* fix(config): warn if cve is used with remote storage driver

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>

* fix: also check if search is enabled

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
This commit is contained in:
Ramkumar Chinchani
2022-11-29 23:35:06 -08:00
committed by GitHub
parent 72abab4947
commit 69f0cf6bb4
6 changed files with 147 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/cli/root.go
+26 -4
View File
@@ -306,6 +306,28 @@ func validateCacheConfig(cfg *config.Config) error {
return nil
}
func validateExtensionsConfig(cfg *config.Config) error {
//nolint:lll
if cfg.Storage.StorageDriver != nil && cfg.Extensions != nil && cfg.Extensions.Search != nil &&
cfg.Extensions.Search.Enable != nil && *cfg.Extensions.Search.Enable && cfg.Extensions.Search.CVE != nil {
log.Warn().Err(errors.ErrBadConfig).Msg("CVE functionality can't be used with remote storage. Please disable CVE")
return errors.ErrBadConfig
}
for _, subPath := range cfg.Storage.SubPaths {
//nolint:lll
if subPath.StorageDriver != nil && cfg.Extensions != nil && cfg.Extensions.Search != nil &&
cfg.Extensions.Search.Enable != nil && *cfg.Extensions.Search.Enable && cfg.Extensions.Search.CVE != nil {
log.Warn().Err(errors.ErrBadConfig).Msg("CVE functionality can't be used with remote storage. Please disable CVE")
return errors.ErrBadConfig
}
}
return nil
}
func validateConfiguration(config *config.Config) error {
if err := validateHTTP(config); err != nil {
return err
@@ -331,6 +353,10 @@ func validateConfiguration(config *config.Config) error {
return err
}
if err := validateExtensionsConfig(config); err != nil {
return err
}
// check authorization config, it should have basic auth enabled or ldap
if config.HTTP.RawAccessControl != nil {
// checking for anonymous policy only authorization config: no users, no policies but anonymous policy
@@ -449,10 +475,6 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper) {
if config.Extensions.Search.Enable == nil {
config.Extensions.Search.Enable = &defaultVal
}
if config.Extensions.Search.CVE == nil {
config.Extensions.Search.CVE = &extconf.CVEConfig{UpdateInterval: 24 * time.Hour} //nolint: gomnd
}
}
if config.Extensions.Metrics != nil {