github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 04:17:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
593 Commits 38 Branches 132 Tags
92d97d48d65cd21d6296335821f23e210b515c21
Commit Graph

59 Commits

Author SHA1 Message Date
peusebiu 92d97d48d6 fix(s3): remove tracking multipart uploads (#883) 
Remove sticky sessions from clustering

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-10-20 09:36:58 -07:00
Catalin Hofnar ffc9929c1a feat(GraphQL): playground, served by zot in specific binary (#753) 
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-10-05 12:56:41 -07:00
Nicol 33a431ef43 Update go version to 1.19 (#829) 
* ci: Update go version to 1.19

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Fix lint issues

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Added needprivileges to lint, made needprivileges pass lint

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-10-05 13:21:14 +03:00
Andreea Lupu 5ef023dbc1 add enable/disable option for scrub extension (#827) 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2022-09-27 18:06:50 -07:00
Alex Stan 49e8167dbe graphql: Apply authorization on /_search endpoint 
- AccessControlContext now resides in a separate package from where it can be imported,
along with the contextKey that will be used to set and retrieve this context value.

- AccessControlContext has a new field called Username, that will be of use for future
implementations in graphQL resolvers.

- GlobalSearch resolver now uses this context to filter repos available to the logged user.

- moved logic for uploading images in tests so that it can be used in every package

- tests were added for multiple request scenarios, when zot-server requires authz
on specific repos

- added tests with injected errors for extended coverage

- added tests for status code error injection utilities

Closes https://github.com/project-zot/zot/issues/615

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
 2022-08-26 21:31:26 +03:00
Nicol Draghici a702a2377e Remove AllowReadOnly and ReadOnly 
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Remove check and set header every time

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
 2022-08-10 14:27:21 -07:00
Lisca Ana-Roberta 87fc941b3c image level lint: enforce manifest mandatory annotations 
closes #536

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
 2022-07-27 11:48:04 +03:00
Alex Stan ada21ed842 Manage builds with different combinations of extensions 
Files were added to be built whether an extension is on or off.
New build tags were added for each extension, while minimal and extended disappeared.

added custom binary naming depending on extensions used and changed references from binary to binary-extended

added automated blackbox tests for sync, search, scrub, metrics

added contributor guidelines

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
 2022-06-30 09:53:52 -07:00
Alex Stan 66484c8ca9 changed go version to 1.18 
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
 2022-06-09 04:38:06 -07:00
Petu Eusebiu 5e22acbbc4 s3: added logic for deduping blobs 
Because s3 doesn't support hard links we store duplicated blobs
as empty files. When the original blob is deleted its content is
moved to the the next duplicated blob and so on.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-24 17:00:10 -07:00
Shivam Mishra 36c9631000 ext: use distribution spec route prefix for extension api 
Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-05-22 16:35:16 -07:00
laurentiuNiculae bb95af5b4d default policy only authorization 
unit tests for manifest integrity when updating

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-05-03 11:46:55 -07:00
Andreea-Lupu cb9d8d6c13 update metrics/Dockerfile to match current binary name format 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2022-04-22 11:37:53 -07:00
Petu Eusebiu ad90a4975f Migrate from docker/build-push-action to stacker-build-push-action 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-04-19 10:49:21 -07:00
Andreea-Lupu 5e35dfa28f make gc periodic 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2022-04-18 10:25:29 -07:00
laurentiuNiculae 0d4cc8736d Target for cheking not commited config files. 
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>

Separated updateDistSpec functionality

Removed rewriting of config when distSpecVersion was wrong
 2022-04-14 10:28:38 -07:00
Andreea-Lupu 9454c77be2 make scrub inline and periodic 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2022-04-01 13:38:24 -07:00
Petu Eusebiu ba41368469 Modified shared storage haproxy config to stick only writes, not reads 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-31 10:26:03 -07:00
Ramkumar Chinchani b2a4388522 gc: add a unit test 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-24 12:02:52 -07:00
Petu Eusebiu f53dc9eb8d sync: Add a new flag to enforce syncing only signed images, closes #455 
sync: When checking if a image is already synced also check for changes in upstream signatures.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-24 10:50:01 -07:00
laurentiuNiculae 0d148e1d6b new config option for sync-destination 
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-03-21 08:12:34 -07:00
Ramkumar Chinchani 10f0e6c307 fix dependabot alert 
https://github.com/project-zot/zot/security/dependabot/10

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-15 16:55:32 -07:00
laurentiuNiculae 63d94d4ac5 Update dist-spec version automatically 
Warning if config has wrong dist-spec version

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-03-14 10:24:03 -07:00
Petu Eusebiu fa27e22404 Added clustering github workflow 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-09 10:54:17 -08:00
Ramkumar Chinchani 3ada6af0de tls: set min version to 1.2 and restrict cipher suites 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-02 10:03:50 -08:00
Ramkumar Chinchani b800c5f20a README: update README.md 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-17 13:07:32 -08:00
Ramkumar Chinchani 38a110314b gc: add a gcDelay param 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-14 14:03:22 -08:00
Petu Eusebiu 0ec39c0313 sync: make RetryDelay and MaxRetries optional 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-02-11 09:11:11 -08:00
Alexei Dodon 47c9b6244e Added config enable=true/false for extensions with default value as enabled closes #258 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2022-02-09 09:53:49 -08:00
Ramkumar Chinchani d2aa016cdb storage: flush/sync contents to disk on file close 
Behavior controlled by configuration (default=off)
It is a trade-off between performance and consistency.

References:
[1] https://github.com/golang/go/issues/20599

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-07 12:08:01 -08:00
Petu Eusebiu f89925fb27 sync: periodically retry if on-demand fails inline, closes #281 
sync: don't return error on sync signatures, just skip them, closes #375
sync: sync signatures on demand
sync on demand: in case of parallel requests pull image just once, closes #344

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-02-07 09:04:13 -08:00
Petu Eusebiu a0e65379c8 sync: for a prefix, allow multiple registries as a list instead of only one, closes #343 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-02-01 09:45:09 -08:00
Ramkumar Chinchani 1e5ea7e09c controller: support rate-limiting incoming requests 
helps constraining resource usage and against flood attacks.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-01-24 12:48:13 -08:00
Alexei Dodon c9a81baa10 Renamed zot-exporter to zxp and added its image to zot release 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2022-01-19 10:31:37 -08:00
Alexei Dodon c4d34b7269 Added storage latency histogram metric 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2022-01-10 11:55:39 -08:00
Petu Eusebiu 4f825a5e2f [Identity-based Authorization] Add an option to specify a global policy for all repositories 
using regex.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-01-07 10:55:20 -08:00
Ramkumar Chinchani 3177f87403 ci/cd: upgrade golang to 1.17 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-01-07 09:46:50 -08:00
Petu Eusebiu c86f44cc53 Disable sync periodically polling when pollInterval is not configured 
Filtering out sync on demand images based on content configuration

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-12-14 08:59:50 -08:00
Ramkumar Chinchani 96226af869 move references to zotregistry.io and project-zot 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-05 10:52:27 -08:00
Petu Eusebiu fff6107310 Sync prefix can be an exact match or a glob pattern, closes #297 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-29 13:10:13 -08:00
Petu Eusebiu 5c07e19c8d Changed sync behaviour, it used to copy images over http interface 
now it copies to a local cache and then it copies over storage APIs

- accept all images with or without signatures
- disable sync writing to stdout
- added more logs
- fixed switch statement in routes
- fixed enabling sync multiple times for storage subpaths

closes #266

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-15 09:32:43 -08:00
Petu Eusebiu 9c568c0ee2 storage: add s3 backend support (without GC and dedupe) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-15 08:09:00 -08:00
Alexei Dodon 8e4d828867 Implement an API for performance monitoring 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2021-11-12 11:14:10 -08:00
Petu Eusebiu 19003e8a71 Added new extension "sync" 
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-10-21 10:32:46 -07:00
Ramkumar Chinchani c8779d9e87 doc: add initial documentation for configuration options 
We have built a long list of features and the documentation for users is
only available under examples/

Add a examples/README.md to further explain various configuration
options.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-08-31 17:26:22 -07:00
Petu Eusebiu 609d85d875 Add identity-based access control, closes #51 
Add a cli subcommand to verify config files validity
 2021-08-30 13:56:27 -07:00
Andrei Aaron 792e82cbdf Add an 'enable' flag in the server configuration to enable gql-based searches 
"extensions": {
        "search": {
            "enable": true
        }
    }
 2021-06-24 12:15:25 -07:00
Roxana Nemulescu 97628e69c9 logs: add an audit log for API calls with unit tests 
resolves #178
 2021-06-24 10:53:27 -07:00
Shivam Mishra 28974e81dc config: support multiple storage locations 
added support to point multiple storage locations in zot by running multiple instance of zot in background.

see examples/config-multiple.json for more info about config.

Closes #181
 2021-05-21 10:18:28 -07:00
Shivam Mishra 2cf2c16137 Added graphql api feature for image vulnerability scanning 2020-08-18 22:44:34 -07:00