github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 04:48:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor(extensions)!: refactor the extensions URLs and errors (#1636)

Browse Source 
BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below
BREAKING CHANGE: The API keys endpoint has been moved -  see details below
BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled
BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey

mgmt and imagetrust extensions:
- separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign
- signature verification logic is in a separate `imagetrust` extension
- better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors)
- add authz on signature uploads (and add a new middleware in common for this purpose)
- remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled

userprefs estension:
- userprefs are enabled if both search and ui extensions are enabled (as opposed to just search)

apikey extension is removed and logic moved into the api folder
- Move apikeys code out of pkg/extensions and into pkg/api
- Remove apikey configuration options from the extensions configuration and move it inside the http auth section
- remove the build label apikeys

other changes:
- move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files.
- add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys
- add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions
- more clear methods for verifying specific extensions are enabled
- fix http methods paired with the UI handlers
- rebuild swagger docs

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
This commit is contained in:
Andrei Aaron
2023-08-02 21:58:34 +03:00
committed by GitHub
parent 42f9f78125
commit 77149aa85c
61 changed files with 3405 additions and 1471 deletions
Download Patch File Download Diff File Expand all files Collapse all files
swagger/docs.go
+212 -25
View File
@@ -20,6 +20,126 @@ const docTemplate = `{
"host": "{{.Host}}",
"basePath": "{{.BasePath}}",
"paths": {
"/auth/apikey": {
"post": {
"description": "Can create an api key for a logged in user, based on the provided label and scopes.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Create an API key for the current user",
"parameters": [
{
"description": "api token id (UUID)",
"name": "id",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/api.APIKeyPayload"
}
}
],
"responses": {
"201": {
"description": "created",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
},
"delete": {
"description": "Revokes one current user API key based on given key ID",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Revokes one current user API key",
"parameters": [
{
"type": "string",
"description": "api token id (UUID)",
"name": "id",
"in": "query",
"required": true
}
],
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request",
"schema": {
"type": "string"
}
},
"401": {
"description": "unauthorized",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error",
"schema": {
"type": "string"
}
}
}
}
},
"/auth/logout": {
"post": {
"description": "Logout by removing current session",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"summary": "Logout by removing current session",
"responses": {
"200": {
"description": "ok\".",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error\".",
"schema": {
"type": "string"
}
}
}
}
},
"/oras/artifacts/v1/{name}/manifests/{digest}/referrers": {
"get": {
"description": "Get references for an image given a digest and artifact type",
@@ -141,6 +261,49 @@ const docTemplate = `{
}
}
},
"/v2/_zot/ext/cosign": {
"post": {
"description": "Upload cosign public keys for verifying signatures",
"consumes": [
"application/octet-stream"
],
"produces": [
"application/json"
],
"summary": "Upload cosign public keys for verifying signatures",
"parameters": [
{
"description": "Public key content",
"name": "requestBody",
"in": "body",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "ok",
"schema": {
"type": "string"
}
},
"400": {
"description": "bad request\".",
"schema": {
"type": "string"
}
},
"500": {
"description": "internal server error\".",
"schema": {
"type": "string"
}
}
}
}
},
"/v2/_zot/ext/mgmt": {
"get": {
"description": "Get current server configuration",
@@ -176,38 +339,19 @@ const docTemplate = `{
}
}
}
},
}
},
"/v2/_zot/ext/notation": {
"post": {
"description": "Upload certificates and public keys for verifying signatures",
"description": "Upload notation certificates for verifying signatures",
"consumes": [
"application/octet-stream"
],
"produces": [
"application/json"
],
"summary": "Upload certificates and public keys for verifying signatures",
"summary": "Upload notation certificates for verifying signatures",
"parameters": [
{
"enum": [
"signatures"
],
"type": "string",
"description": "specify resource",
"name": "resource",
"in": "query",
"required": true
},
{
"enum": [
"cosign",
"notation"
],
"type": "string",
"description": "specify signing tool",
"name": "tool",
"in": "query",
"required": true
},
{
"type": "string",
"description": "truststore type",
@@ -221,7 +365,7 @@ const docTemplate = `{
"in": "query"
},
{
"description": "Public key or Certificate content",
"description": "Certificate content",
"name": "requestBody",
"in": "body",
"required": true,
@@ -992,6 +1136,20 @@ const docTemplate = `{
}
},
"definitions": {
"api.APIKeyPayload": {
"type": "object",
"properties": {
"label": {
"type": "string"
},
"scopes": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"api.ExtensionList": {
"type": "object",
"properties": {
@@ -1013,6 +1171,10 @@ const docTemplate = `{
"type": "string"
}
},
"artifactType": {
"description": "ArtifactType specifies the IANA media type of artifact when the manifest is used for an artifact.",
"type": "string"
},
"manifests": {
"description": "Manifests references platform specific manifests.",
"type": "array",
@@ -1027,6 +1189,14 @@ const docTemplate = `{
"schemaVersion": {
"description": "SchemaVersion is the image manifest schema that this image follows",
"type": "integer"
},
"subject": {
"description": "Subject is an optional link from the image manifest to another manifest forming an association between the image manifest and the other manifest.",
"allOf": [
{
"$ref": "#/definitions/github_com_opencontainers_image-spec_specs-go_v1.Descriptor"
}
]
}
}
},
@@ -1118,6 +1288,9 @@ const docTemplate = `{
"type": "string"
}
}
},
"openid": {
"$ref": "#/definitions/extensions.OpenIDConfig"
}
}
},
@@ -1160,6 +1333,20 @@ const docTemplate = `{
}
}
},
"extensions.OpenIDConfig": {
"type": "object",
"properties": {
"providers": {
"type": "object",
"additionalProperties": {
"$ref": "#/definitions/extensions.OpenIDProviderConfig"
}
}
}
},
"extensions.OpenIDProviderConfig": {
"type": "object"
},
"extensions.StrippedConfig": {
"type": "object",
"properties": {