github/zot

mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:17:58 +08:00

Author	SHA1	Message	Date
Ramkumar Chinchani	3a349dccec	chore: fix dependabot alerts (#3657 ) Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>	2025-12-15 23:34:32 -08:00
Andrei Aaron	08fae9104d	feat: support mTLS-only authn/authz with AccessControl and allow combining mTLS with other auth mechanisms (#3624 ) * feat: support mTLS-only authn/authz with AccessControl and allow combining mTLS with other auth mechanisms Signed-off-by: Ivan Arkhipov <me@endevir.ru> * refactor: improve authentication logic and TLS certificate generation - Fix mTLS authentication to use only leaf certificate instead of iterating through all certificates in the chain - Reject Authorization headers when corresponding auth method is disabled, regardless of mTLS status (security improvement) - Simplify authentication switch statement ordering and logic - Move ErrUserDataNotFound error handling into sessionAuthn method - Refactor TLS certificate generation to use Options pattern with CertificateOptions struct for better extensibility - Consolidate duplicate certificate generation code into helper functions (generateCertificate, parseCA, initializeTemplate, applyOptions) - Rename certificate generation functions for clarity: - GenerateCertWithCN -> GenerateClientCert - GenerateSelfSignedCertWithCN -> GenerateClientSelfSignedCert - Add support for SAN settings including email addresses in certificates - Update tests to reflect new authentication behavior and certificate API This commit improves both the security posture (rejecting disabled auth methods) and code maintainability (consolidated certificate generation). Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com> * fix: guard against multiple Authorization headers Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com> --------- Signed-off-by: Ivan Arkhipov <me@endevir.ru> Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com> Co-authored-by: Ivan Arkhipov <me@endevir.ru>	2025-12-11 20:08:32 +02:00
Andrei Aaron	ba8ab49502	ci: save unified coverage as build artifact (#3626 ) Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>	2025-12-06 21:58:37 +02:00
Andrei Aaron	667ecfa40e	ci: split needsprivileges tests from devmode tests (#3625 ) Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>	2025-12-06 20:36:32 +02:00
Ramkumar Chinchani	6452bec403	chore: fix dependabot alerts (#3595 ) * chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * ci: bump up golang to 1.25.x Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix: linter errors Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix: stacker and docker build files to use golang 1.25 Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>	2025-11-26 11:21:36 +02:00
Ramkumar Chinchani	a0943eccfe	chore: fix dependabot alerts (#3496 ) * chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix: initialize logger in ut Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>	2025-10-30 14:21:53 -07:00
Ramkumar Chinchani	97ab0e2568	chore: fix dependabot alerts (#3380 ) * chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * ci: bump up golang version to 1.24.x Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>	2025-09-11 11:11:38 +03:00
Ramkumar Chinchani	69e58b092d	chore: fix dependabot alerts (#3312 ) Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>	2025-08-16 00:23:35 -07:00
Koray Oksay	deb0e4a71b	chore(ci): update github runners to oci gh arc runners (#3293 ) ci: update github runners to oci gh arc runners Signed-off-by: Koray Oksay <koray.oksay@gmail.com>	2025-08-06 21:01:12 -07:00
Ramkumar Chinchani	3657148273	chore: fix dependabot alerts (#2783 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2024-11-18 20:27:37 -08:00
Ramkumar Chinchani	5465aa0d51	build: migrate to golang 1.23.x (#2701 ) * build: migrate to golang 1.23.x Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * fix: golangci-lint reported errors Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2024-11-08 08:58:55 -08:00
Ramkumar Chinchani	df4f9ca9d3	ci: stop using the non-free 4-core runners (#2695 ) Signed-off-by: Jeffrey Sica <me@jeefy.dev> Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> Co-authored-by: Jeffrey Sica <me@jeefy.dev>	2024-09-30 11:24:24 -07:00
Ramkumar Chinchani	4bb5ae3c03	ci: use more cores for the extensions test (#2568 ) This test is running into timing issues in our CI. Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2024-07-23 09:12:40 +03:00
Ramkumar Chinchani	1da32e58c1	ci: use smaller runners for CI pipelines (#2566 ) CNCF has been nice to us to offer larger runners, but we need to be careful not to abuse them. Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2024-07-22 10:43:44 -07:00
Andrei Aaron	375c35c5a1	chore: update to go 1.22 (#2330 ) * chore: update to go 1.22 Only go toolchain version is updated. We compile with go 1.22, but we allow others to compile using language version 1.21 if they wish to. If we also updated the go version in go.mod everyone would be forced to update, as that is enforced as a minimum allowed version. This comment explains the difference well enough https://news.ycombinator.com/item?id=36455759 Signed-off-by: Andrei Aaron <aaaron@luxoft.com> * chore: fix freeBSD AMD64 build Looks like they made some cleanup in the logic allowing buildmode pie on various platforms. Related to https://github.com/golang/go/issues/31544 See the code at: https://cs.opensource.google/go/go/+/master:src/internal/platform/supported.go;l=222-231;drc=d7fcb5cf80953f1d63246f1ae9defa60c5ce2d76;bpv=1;bpt=0 Signed-off-by: Andrei Aaron <aaaron@luxoft.com> --------- Signed-off-by: Andrei Aaron <aaaron@luxoft.com>	2024-03-20 11:53:11 -07:00
Andrei Aaron	60dc8569ec	build(go): switch to go 1.21 (#2049 ) Also update to the latest swaggo version, as the previous one did not work with go 1.21 Signed-off-by: Andrei Aaron <aaaron@luxoft.com>	2024-02-07 10:54:28 -08:00
Andrei Aaron	e3065f6a2c	chore(deps): fix dependabot alerts (#2232 ) Signed-off-by: Andrei Aaron <aaaron@luxoft.com>	2024-02-05 09:56:38 -08:00
Ramkumar Chinchani	580df421bf	chore: fix dependabot alerts (#2208 ) https://github.com/project-zot/zot/pull/2192 https://github.com/project-zot/zot/pull/2193 https://github.com/project-zot/zot/pull/2194 https://github.com/project-zot/zot/pull/2195 https://github.com/project-zot/zot/pull/2196 https://github.com/project-zot/zot/pull/2197 https://github.com/project-zot/zot/pull/2198 https://github.com/project-zot/zot/pull/2199 https://github.com/project-zot/zot/pull/2200 https://github.com/project-zot/zot/pull/2201 https://github.com/project-zot/zot/pull/2202 https://github.com/project-zot/zot/pull/2203 https://github.com/project-zot/zot/pull/2204 https://github.com/project-zot/zot/pull/2205 https://github.com/project-zot/zot/pull/2206 https://github.com/project-zot/zot/pull/2207 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2024-01-29 15:30:41 -08:00
Ramkumar Chinchani	44dfa8a210	chore: fix dependabot alerts (#2133 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-12-12 12:44:28 +02:00
Alexei Dodon	8dd06c6e1e	ci: resource tuning for faster runs (#1967 ) Signed-off-by: Alexei Dodon <adodon@cisco.com>	2023-11-15 10:44:31 -08:00
Ramkumar Chinchani	4cb7a6c755	ci: use runners provided by CNCF (#1946 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-10-21 12:07:32 +03:00
Alexei Dodon	3a9a932791	fix: reduce test run time (#1832 ) Signed-off-by: Alexei Dodon <adodon@cisco.com>	2023-09-28 21:59:52 +03:00

22 Commits