96d00cd0ef
fix(cve): Fix CVE scanning in images containing Jar files ( #1475 )
2023-06-01 00:37:46 +03:00
612a12e5a8
refactor(sync): use task scheduler ( #1301 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-05-31 10:26:23 -07:00
a3f355c278
refactor(storage): refactoring storage ( #1459 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-26 11:08:19 -07:00
9acd19f7ea
fix(extensions): consolidate extensions headers returned to UI by extensions ( #1473 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-05-25 11:44:54 -07:00
6a7035c599
fix: removed duplicate structures from service.go and moved them to pkg/common ( #1436 )
...
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com >
2023-05-25 11:27:49 -07:00
2b8479f7f2
feat(userprefs): update documentation and list extensions endpoint ( #1456 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-25 14:46:52 +03:00
970997f3a8
feat(graphql & repodb): add info about signature validity ( #1344 )
...
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
2023-05-24 09:46:16 -07:00
83ae1aad70
chore(go.mod): fix dependabot alerts ( #1466 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-23 10:14:43 +03:00
c0170b0811
feat(routes): move the cors handler from /v2 to only where it's needed ( #1457 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-19 21:22:51 -07:00
2be5459c8e
chore: fix dependabot alerts ( #1458 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-17 00:37:34 -07:00
f4501e6b6b
feat(search): add artifact type to manifest summary gql structure ( #1448 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-15 10:44:49 -07:00
912854f29b
fix(sync): fix digest set into repodb ( #1446 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-15 10:43:41 -07:00
7bf40e7308
fix(sync): fixed way of updating repodb when syncing a signature ( #1439 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-15 12:02:23 +03:00
e262fbea64
feat: verifying and enabling necessary extensions for ui ( #1369 )
...
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com >
2023-05-12 09:43:14 -07:00
7d7bc9d5e4
feat(api): added oci-subject header when pushing an image with subject field ( #1415 )
...
- as requested by the latest version of the oci distribution spec
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-12 09:32:01 -07:00
b7ef88c96d
fix(search): added the missing headers for search route ( #1438 )
...
- added allow methods and allowed headers
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-11 16:05:14 +03:00
ea79be64da
refactor(artifact): remove oci artifact support ( #1359 )
...
* refactor(artifact): remove oci artifact support
- add header to referrers call to indicated applied artifact type filters
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
* feat(gc): simplify gc logic to increase coverage
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
---------
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-10 10:15:33 -07:00
3be690c2ac
feat(userpreferences): update allowed methods header for user preferences routes ( #1430 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-10 10:09:53 -07:00
d62dbcdf63
fix(sync): fix syncing signatures when using destination in sync's config ( #1429 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-05-08 10:16:20 -07:00
449f0d0ac3
fix(repoinfo): fix userprefs values for repos returned by expanded repo info ( #1413 )
...
- now isBookmarked and isStarred are updated correctly
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-04 09:51:21 -07:00
e299ae199a
fix(sync): skip non distributable layers ( #1421 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-05-04 09:38:33 -07:00
42df4c505a
chore: fix dependabot alerts ( #1403 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-01 12:49:10 -07:00
c169698c95
feat: remove usage of zerolog.Logger.Msgf() from zot code ( #1382 )
...
Signed-off-by: Nicol Draghici <idraghic@cisco.com >
2023-04-27 19:44:22 -07:00
40bf76add5
chore(go.mod): upgrade trivy and cosign ( #1387 )
...
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
2023-04-27 09:35:10 -07:00
3d8a4022bd
feat(global-search): add filtering options by starred and bookmarked ( #1336 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-04-27 08:11:13 -07:00
635d07ae04
chore: update golang (to 1.20.x) and golangci-linter ( #1388 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-27 00:09:46 -07:00
9cc990d7ca
feat(repodb): add user related information to repodb ( #1317 )
...
Initial code was contributed by Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com >
Moved implementation from a separate db to repodb by Andrei Aaron <aaaron@luxoft.com >
Not done yet:
- run/test dynamodb implementation, only boltdb was tested
- add additional coverage for existing functionality
- add web-based APIs to toggle the stars/bookmarks on/off
Initially graphql mutation was discussed for the missing API but
we decided REST endpoints would be better suited for configuration
feat(userdb): complete functionality for userdb integration
- dynamodb rollback changes to user starred repos in case increasing the total star count fails
- dynamodb increment/decrement repostars in repometa when user stars/unstars a repo
- dynamodb check anonymous user permissions are working as intendend
- common test handle anonymous users
- RepoMeta2RepoSummary set IsStarred and IsBookmarked
feat(userdb): rest api calls for toggling stars/bookmarks on/off
test(userdb): blackbox tests
test(userdb): move preferences tests in a different file with specific build tags
feat(repodb): add is-starred and is-bookmarked fields to repo-meta
- removed duplicated logic for determining if a repo is starred/bookmarked
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
Co-authored-by: Andrei Aaron <aaaron@luxoft.com >
2023-04-24 11:13:15 -07:00
d818293cc1
test(sync): make sure sync doesn't write on shutdown ( #1370 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-04-19 11:34:41 -07:00
0586c6227e
refactor: remove pkg/extensions/search/common and move the code to the appropriate packages ( #1358 )
...
Signed-off-by: Nicol Draghici <idraghic@cisco.com >
2023-04-18 11:07:47 -07:00
e63faa8898
fix(csp): upgrade UI and fix zap failure ( #1372 )
...
The zap scanner started to check the csp header, which is causing a warning.
We also need to ignore the rule, as both settings are read by the scanner.
Per https://w3c.github.io/webappsec-csp/#example-7bb4ce67 we can have multiple
Content-Security-Policy headers, and the most restrictive policies apply.
This rule doesn't seem to be applied by zap.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-04-13 13:48:09 -07:00
e6b81bb354
chore(go.mod): fix dependabot alerts ( #1365 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-12 14:10:47 +03:00
8f809bda29
chore(go.mod): fix dependabot alerts ( #1351 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-10 14:09:54 -07:00
3510ef0fb0
refactor: move pkg/extensions/search/common/oci_layout.go under pkg/test/ ( #1325 )
...
Signed-off-by: Nicol Draghici <idraghic@cisco.com >
2023-04-07 09:52:26 -07:00
f35ff53146
feat(storage): rebuild storage(s3/local) dedupe index when switching dedupe status ( #1062 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-04-07 09:49:24 -07:00
96232bb11c
test(sync): consolidate all sync tests ( #1332 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-04-07 09:36:27 +03:00
06bd8a8252
chore(go.mod): fix dependabot alerts ( #1333 )
...
upgrade to github.com/aws/aws-sdk-go@v1.44.237
upgrade to github.com/aquasecurity/trivy@v0.38 .3
upgrade to oras.land/oras-go@v1.2.3
upgrade to github.com/google/go-containerregistry@v0.14 .0
upgrade to github.com/moby/buildkit@v0.11 .4
Note we can't switch to trivy 0.39.0 as well as some other updates
because they would also require upgrade of cosign to v2 with
breaking api changes
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-04-06 01:00:12 -07:00
3dd3c46ee3
test: stop task scheduler between test runs ( #1311 )
...
sync: remove sync WaitGroup, it's stopped with context
sync: onDemand will always try to sync newest image when a tag is used
if a digest is used then onDemand will serve local image
test(sync): fix flaky coverage in sync package
closes #1294
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-03-29 11:37:58 -07:00
0ae35e973a
test(convert): added test for consistent coverage for update last-updated timestamp function ( #1299 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-03-29 17:39:15 +03:00
af819e7b76
refactor(repodb): moving common utilities under pkg/meta ( #1292 )
...
* refactor(repodb): moving common utilities under pkg/meta
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
* refactor(repodb): moved update, version components under pkg/meta
- updated wrapper initialization to recieve a log object in constructor
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
* refactor(repodb): moved repodb initialization from controller to pkg/meta/repodb
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
---------
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-03-28 10:20:09 -07:00
917159143c
chore: fix dependabot alerts ( #1312 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-03-27 12:16:29 -07:00
ceda13c24e
chore(deps): remove unused package pkg/extensions/search/digest ( #1298 )
...
Signed-off-by: Nicol Draghici <idraghic@cisco.com >
2023-03-24 14:32:02 +02:00
f8a77bc42f
feat(search): update search pattern matching rules ( #1257 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-03-22 10:31:53 -07:00
5f026d2e80
fix(trivy): consistent coverage for reset method + longer wait time between retries ( #1272 )
...
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com >
2023-03-22 09:52:48 -07:00
21b7c69fd9
feat(cli): updated display format for multiarch images ( #1268 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-03-21 10:16:00 -07:00
0036d6dd09
test(referrers): add test for getting referrers for a image index, multiarch-image, using gql ( #1282 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-03-21 15:10:50 +02:00
ddbb56178e
fix(errors): remove direct dependency on 'github.com/pkg/errors' ( #1275 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-03-20 09:34:04 -07:00
ed01292ad2
feat(search): add referrers field to ImageSummary ( #1261 )
...
Changed repodb to store more information about the referrer needed for the referrers query
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-03-20 09:14:17 -07:00
17a554b504
feat(routes): better error message in case of missing annotations ( #1150 )
...
putting this info into error detail would be ideal, but skopeo
doesn't print them, so overwrite the error message.
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-03-16 20:09:30 -07:00
eea6f3f85a
fix(cve): Search by CVE title/id (full or partial) when listing an image's CVEs ( #1264 )
...
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com >
2023-03-16 12:13:07 -07:00
4d0bbf1e00
fix(mgmt): skip bearer authn for mgmt route ( #1267 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-03-16 12:02:59 -07:00
Andrei Aaron