See https://github.com/project-zot/zui/issues/476
In previous implementations the referrers tab only showed the referrers returned at image
level, ignoring the referrers returned at manifest level.
This is fine for singlearch images, since they are the same.
For images containing multiple manifests only index referrers were shown.
The current implementation would show both the referrers to the index and the current manifest.
Also fix refreshing the data shown in the tag details tabs on changing the selected manifest
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
- fix: do not error in TagDetails if an empty manifest list is returned from the backend
- fix: use '----' as default for missing Os/Arch in drop-down and card (this value is for consistency with other such places where the values are missing)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
- fix log folder names used by nightly jobs
- fix attempt to install containerd.io in the redis pipeline (which conflicts with containerd)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Fixes#3005
Previously, changing a image's media-type was disallowed.
However, "docker buildx" appears to first push an image manifest and
then an image index for the same image tag. So, allow this.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* feat: rework token auth to allow ED25519/EC public keys
Signed-off-by: evanebb <git@evanus.nl>
* fix: shadow err variable to hopefully avoid data race
Signed-off-by: evanebb <git@evanus.nl>
* fix: apply golangci-lint feedback
Signed-off-by: evanebb <git@evanus.nl>
* fix: simplify public key loading by only supporting certificates, fixes ED25519 certificate handling
Signed-off-by: evanebb <git@evanus.nl>
* test: add golang-jwt based test auth server and test RSA/EC/ED25519 keys
Signed-off-by: evanebb <git@evanus.nl>
* fix: restrict allowed signing algorithms as recommended by library
Signed-off-by: evanebb <git@evanus.nl>
* test: add more bearer authorizer tests
Signed-off-by: evanebb <git@evanus.nl>
* fix: apply more golangci-lint feedback
Signed-off-by: evanebb <git@evanus.nl>
* test: ensure chmod calls run on test failure for authn errors test
Signed-off-by: evanebb <git@evanus.nl>
* fix: verify issued-at in given token if present
Pulls the validation in-line with the old library
Signed-off-by: evanebb <git@evanus.nl>
---------
Signed-off-by: evanebb <git@evanus.nl>
* feat: show more error information in zb output
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore(ci): gc stress tests to save logs as artifacts
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore: add benchmark results to job summaries
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: count and show zb errors
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* ci: fix the flaky coverage of the redis logger
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(htpasswd): move htpasswd processing to a helper struct and add reload
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
* feat(htpasswd): use dedicated fsnotify reloader for htpasswd file
- rewrite htpasswd watcher not to store context
- improve logging
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
* feat(htpasswd): add htpasswd reload test
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
---------
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
fix: Update AWS DynamoDB permission list, and correct issues in DynamoDB examples
Note DeleteTable is only used for the zot tests, should not be needed in production
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: update download counters for docker media types
closes#2929
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: handle docker config mediatype in MetaDB
The OS/Arch/Layer History information was not written to MetaDB
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat: add redis cache support
https://github.com/project-zot/zot/pull/2005
Fixes https://github.com/project-zot/zot/issues/2004
* feat: add redis cache support
Currently, we have dynamoDB as the remote shared cache but ideal only
for the cloud use case.
For on-prem use case, add support for redis.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* feat(redis): added blackbox tests for redis
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
* feat(redis): dummy implementation of MetaDB interface for redis cache
Signed-off-by: Alexei Dodon <adodon@cisco.com>
* feat: check validity of driver configuration on metadb instantiation
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat: multiple fixes for redis cache driver implementation
- add missing method GetAllBlobs
- add redis cache tests, with and without mocking
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): redis implementation for MetaDB
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): use redsync to block concurrent write access to the redis DB
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): update .github/workflows/cluster.yaml to also test redis
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(metadb): add keyPrefix parameter for redis and remove unneeded method meta.Crate()
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): support RedisCluster configuration and add unit tests
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): more tests for redis metadb implementation
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): add more examples and update examples/README.md
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): move option parsing and redis client initialization under pkg/api/config/redis
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore(cachedb): move Cache interface to pkg/storage/types
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): reorganize code in pkg/storage/cache.go
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): call redis.SetLogger() with the zot logger as parameter
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat(redis): rename pkg/meta/redisdb to pkg/meta/redis
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Signed-off-by: Alexei Dodon <adodon@cisco.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: a <a@tuxpa.in>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
Co-authored-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Alexei Dodon <adodon@cisco.com>
GHSA-c9p4-xwr9-rfhx
authN/authZ creds are added to the request context so that they can be
tracked and enforced in the various subsystems. However, it was
previously a appended list (incorrectly); consequently, even if the user
has been removed from the group configuration, the user could still
log in.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* chore(dynamodb): refactor multiple apikey metadb calls into a single one
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix(metadb): wrong error message in PatchDB() implementation
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix(headers): set Cross-Origin-Resource-Policy header for UI requests
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* ci: disable stacker tests in ecosystem tools as they do not work on Ubuntu 24
Workaround this:
The Ubuntu 22 github free runner is not powerful enough to run all these tests.
We need a real fix on stacker side
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore: update zui version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* chore: upload zap scan artifacts with different names for different scanned images
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Andrei Aaron <aaaron@luxoft.com>
Ramkumar Chinchani