refactor(extensions)!: refactor the extensions URLs and errors (#1636)

BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below
BREAKING CHANGE: The API keys endpoint has been moved -  see details below
BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled
BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey

mgmt and imagetrust extensions:
- separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign
- signature verification logic is in a separate `imagetrust` extension
- better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors)
- add authz on signature uploads (and add a new middleware in common for this purpose)
- remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled

userprefs estension:
- userprefs are enabled if both search and ui extensions are enabled (as opposed to just search)

apikey extension is removed and logic moved into the api folder
- Move apikeys code out of pkg/extensions and into pkg/api
- Remove apikey configuration options from the extensions configuration and move it inside the http auth section
- remove the build label apikeys

other changes:
- move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files.
- add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys
- add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions
- more clear methods for verifying specific extensions are enabled
- fix http methods paired with the UI handlers
- rebuild swagger docs

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

pkg/cli/root.go

@@ -313,13 +313,18 @@ func validateCacheConfig(cfg *config.Config) error {
 }
 
 func validateExtensionsConfig(cfg *config.Config) error {
+	if cfg.Extensions != nil && cfg.Extensions.Mgmt != nil {
+		log.Warn().Msg("The mgmt extensions configuration option has been made redundant and will be ignored.")
+	}
+
+	if cfg.Extensions != nil && cfg.Extensions.APIKey != nil {
+		log.Warn().Msg("The apikey extension configuration will be ignored as API keys " +
+			"are now configurable in the HTTP settings.")
+	}
+
 	if cfg.Extensions != nil && cfg.Extensions.UI != nil && cfg.Extensions.UI.Enable != nil && *cfg.Extensions.UI.Enable {
-		if cfg.Extensions.Mgmt == nil || !*cfg.Extensions.Mgmt.Enable {
-			log.Warn().Err(errors.ErrBadConfig).Msg("UI functionality can't be used without mgmt extension.")
-
-			return errors.ErrBadConfig
-		}
-
+		// it would make sense to also check for mgmt and user prefs to be enabled,
+		// but those are both enabled by having the search and ui extensions enabled
 		if cfg.Extensions.Search == nil || !*cfg.Extensions.Search.Enable {
 			log.Warn().Err(errors.ErrBadConfig).Msg("UI functionality can't be used without search extension.")
 
@@ -513,18 +518,18 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper) {
 			config.Extensions.Scrub = &extconf.ScrubConfig{}
 		}
 
-		_, ok = extMap["mgmt"]
+		_, ok = extMap["trust"]
 		if ok {
-			// we found a config like `"extensions": {"mgmt:": {}}`
-			// Note: In case mgmt is not empty the config.Extensions will not be nil and we will not reach here
-			config.Extensions.Mgmt = &extconf.MgmtConfig{}
+			// we found a config like `"extensions": {"trust:": {}}`
+			// Note: In case trust is not empty the config.Extensions will not be nil and we will not reach here
+			config.Extensions.Trust = &extconf.ImageTrustConfig{}
 		}
 
-		_, ok = extMap["apikey"]
+		_, ok = extMap["ui"]
 		if ok {
-			// we found a config like `"extensions": {"mgmt:": {}}`
-			// Note: In case mgmt is not empty the config.Extensions will not be nil and we will not reach here
-			config.Extensions.APIKey = &extconf.APIKeyConfig{}
+			// we found a config like `"extensions": {"ui:": {}}`
+			// Note: In case UI is not empty the config.Extensions will not be nil and we will not reach here
+			config.Extensions.UI = &extconf.UIConfig{}
 		}
 	}
 
@@ -586,18 +591,6 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper) {
 			}
 		}
 
-		if config.Extensions.Mgmt != nil {
-			if config.Extensions.Mgmt.Enable == nil {
-				config.Extensions.Mgmt.Enable = &defaultVal
-			}
-		}
-
-		if config.Extensions.APIKey != nil {
-			if config.Extensions.APIKey.Enable == nil {
-				config.Extensions.APIKey.Enable = &defaultVal
-			}
-		}
-
 		if config.Extensions.Scrub != nil {
 			if config.Extensions.Scrub.Enable == nil {
 				config.Extensions.Scrub.Enable = &defaultVal
@@ -607,6 +600,18 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper) {
 				config.Extensions.Scrub.Interval = 24 * time.Hour //nolint: gomnd
 			}
 		}
+
+		if config.Extensions.UI != nil {
+			if config.Extensions.UI.Enable == nil {
+				config.Extensions.UI.Enable = &defaultVal
+			}
+		}
+
+		if config.Extensions.Trust != nil {
+			if config.Extensions.Trust.Enable == nil {
+				config.Extensions.Trust.Enable = &defaultVal
+			}
+		}
 	}
 
 	if !config.Storage.GC && viperInstance.Get("storage::gcdelay") == nil {
@@ -663,6 +668,12 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper) {
 			config.Storage.SubPaths[name] = storageConfig
 		}
 	}
+
+	// if OpenID authentication is enabled,
+	// API Keys are also enabled in order to provide data path authentication
+	if config.HTTP.Auth != nil && config.HTTP.Auth.OpenID != nil {
+		config.HTTP.Auth.APIKey = true
+	}
 }
 
 func updateDistSpecVersion(config *config.Config) {