github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 12:28:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
425 Commits 38 Branches 132 Tags
cb9d8d6c139da67444c0c918b057b797b42c4bd1
Commit Graph

51 Commits

Author SHA1 Message Date
Andreea-Lupu 5e35dfa28f make gc periodic 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2022-04-18 10:25:29 -07:00
Petu Eusebiu 4e20ab8a5d go.mod: update dependencies 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-04-15 10:31:37 -07:00
Alexei Dodon ad519e2d3e Leave zot repositories in a consistent state after zot hits fd limit closes #359 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2022-03-31 13:25:15 -07:00
Petu Eusebiu be910cf01c lint: Move out config reloader context from controller struct 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-24 10:50:01 -07:00
Petu Eusebiu 353b0c6034 Move api constants in separate 'constants' package to avoid circular imports 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-03-24 10:50:01 -07:00
Shivam Mishra b8010e1ee4 routes: changes required to do browser authentication 
whenever we make a request that contains header apart from CORS allowed header, browser sends a preflight request
and in response accept *Access-Control-Allow-Headers*.

preflight request is in form of OPTIONS method, added new http handler func to set headers
and returns HTTP status ok in case of OPTIONS method.

in case of authorization, request contains authorization header
added authorization header in Access-Control-Allow-Headers list

added AllowOrigin field in HTTPConfig this field value is set to Access-Control-Allow-Origin header and will give zot adminstrator to limit incoming request.

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-03-08 17:42:54 -08:00
Eng Zer Jun 0d77b60de7 test: use T.TempDir to create temporary test directory 
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-03-07 12:28:49 -08:00
Ramkumar Chinchani 4be2652085 conformance: fix cross-mount behavior when 'from' is missing 
fixes issue #442

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-04 17:24:50 -08:00
Ramkumar Chinchani 95e4b2054b upgrade module deps 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-04 13:10:58 -08:00
Ramkumar Chinchani 8db3e1b192 CVE-2022-23649: fix dependabot alert 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-03-02 12:01:14 -08:00
Ramkumar Chinchani b2c8533719 test: fix ldap unit tests 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-09 14:48:34 -08:00
Ramkumar Chinchani 730fe70f2f coverage: improve code coverage 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-09 07:42:15 -08:00
Ramkumar Chinchani d2aa016cdb storage: flush/sync contents to disk on file close 
Behavior controlled by configuration (default=off)
It is a trade-off between performance and consistency.

References:
[1] https://github.com/golang/go/issues/20599

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-07 12:08:01 -08:00
Ramkumar Chinchani 87084f286b storage: improve/fix oci image validation 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-02-02 13:31:41 -08:00
Ramkumar Chinchani 45fe129c63 notaryv2: fix 'notation list' 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-01-31 14:33:21 -08:00
Ramkumar Chinchani e0a1a82890 coverage: add failure injection framework 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-01-28 08:56:00 -08:00
Ramkumar Chinchani 1e5ea7e09c controller: support rate-limiting incoming requests 
helps constraining resource usage and against flood attacks.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-01-24 12:48:13 -08:00
Petu Eusebiu 4f825a5e2f [Identity-based Authorization] Add an option to specify a global policy for all repositories 
using regex.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-01-07 10:55:20 -08:00
Ramkumar Chinchani 8183e1467c lint: some more linter-related cleanup 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-23 22:01:40 -08:00
Ramkumar Chinchani ac3801ea2d lint: upgrade golangci-lint 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-20 17:20:35 -08:00
Andreea-Lupu c61c3836db implement scrub to check manifest/blob integrity 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2021-12-09 11:18:09 -08:00
Ramkumar Chinchani 96226af869 move references to zotregistry.io and project-zot 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-05 10:52:27 -08:00
Ramkumar Chinchani e42e42a2cc artifacts: initial support for artifacts/notaryv2 spec 
https://github.com/oras-project/artifacts-spec
https://github.com/notaryproject/notaryproject

Fixes issue #264

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2021-12-01 18:55:39 -08:00
Alexei Dodon f99fa37623 ci/cd: unit test hangs for a long time intermittently closes #286 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2021-11-29 14:07:49 -08:00
Alexei Dodon e900b09cfb Fix data races in tests, closes #255 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
 2021-11-17 13:23:59 -08:00
Petu Eusebiu 9c568c0ee2 storage: add s3 backend support (without GC and dedupe) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-11-15 08:09:00 -08:00
Petu Eusebiu 19003e8a71 Added new extension "sync" 
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2021-10-21 10:32:46 -07:00
Petu Eusebiu 20f4051446 Clean blob uploads when clients interrupts uploading, closes #225 2021-10-08 14:55:57 -07:00
Petu Eusebiu 609d85d875 Add identity-based access control, closes #51 
Add a cli subcommand to verify config files validity
 2021-08-30 13:56:27 -07:00
Shivam Mishra af30c06aff api: use blob cache path while making hard link 
previously mount blob will look for blob that is provided in http request and try to hard link that path
but ideally we should look for path from our cache and do the hard link of that particular path.
this commit does the same.
 2021-06-30 01:42:21 -07:00
Petu Eusebiu 3a59b9f487 Use freeport to get ports for zot servers in tests 2021-06-29 13:58:39 -07:00
Shivam Mishra 28974e81dc config: support multiple storage locations 
added support to point multiple storage locations in zot by running multiple instance of zot in background.

see examples/config-multiple.json for more info about config.

Closes #181
 2021-05-21 10:18:28 -07:00
Shivam Mishra a7c17b7c16 spec: added support for mount request using hard link 2021-05-04 09:42:29 -07:00
Shivam Mishra 2b7b57313a conformance: fix http status code for cross-repository mounting 2021-01-29 09:35:15 -08:00
Shivam Mishra 46beb30fc1 build: add build tags to create customizable binaries 2020-10-22 17:20:07 -07:00
Shivam Mishra 7439feb1c2 build: set timeout in travis make build process to avoid timeout failure 2020-10-18 20:55:17 -07:00
Shivam Mishra 14214a5794 test: add unit test to verify lock changes 2020-10-16 14:58:45 -07:00
Ramkumar Chinchani 78be4cbe3c auth: support a read-only mode 
This is useful if we want to roll out experimental versions of zot
pointing to some storage shared with another zot instance.

Also, when under storage full conditions, will be useful to turn on this
flag to prevent further writes.
 2020-07-10 21:48:35 -07:00
Shivam Mishra af77876306 Upgraded build pipeline 
Go version changed to 1.14.4
Golangci-lint changed to 1.26.0
Bazel version changed to 3.0.0
Bazel rules_go version changed to 0.23.3
Bazel gazelle version changed to v0.21.0
Bazel build tools version changed to 0.25.1
Bazel skylib version changed to 1.0.2
 2020-06-25 23:43:31 -07:00
Tanmay Naik 3f3f7e3f8c tests: add better tests for 3cfb2b3 2020-06-17 20:17:49 -04:00
Tanmay Naik 904ae763d7 tests: add unit tests for fix 3cfb2b3 2020-06-09 19:18:33 -04:00
Ramkumar Chinchani 026b009dbb compat: when in "world-readable" mode, return the WWW-Authenticate 
header

containers/image is the dominant client library to interact with
registries.

It detects which authentication to use based on the WWW-Authenticate
header returned when pinging "/v2/" end-point. If we didn't return this
header, then creds are not used for other write-protected end-points.
Hence, the compatibility fix.
 2020-05-19 13:54:45 -07:00
Peter Engelbert b636ce2da1 Fix auth scope on endpoints without repo name 
Resolves #71

Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
 2020-01-31 18:04:38 -06:00
Peter Engelbert 268b4088fd Add support for bearer/token auth 
New options added to configuration file to reference a public key used
to validate authorization tokens signed by an auth server with
corresponding private key.

Resolves #24

Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
 2020-01-27 12:42:23 -06:00
Ramkumar Chinchani d30766de34 test/data: remove htpasswd file 
Fixes issue #15
 2019-12-13 11:11:24 -08:00
zendril 4e22352e9c Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
Ramkumar Chinchani 6295e0c91e auth: add LDAP support 
fixes #23
 2019-09-20 11:54:49 -07:00
Ramkumar Chinchani 10199457b4 auth: allow for world-readable deployment mode 2019-08-28 15:39:49 -07:00
Ramkumar Chinchani 36ca298507 tls: require mutual auth only when htpasswd not available 2019-07-21 15:10:09 -07:00
Ramkumar Chinchani 066bf1b9eb router: move to gorilla/mux to support multiple name path components 2019-07-10 18:22:20 -07:00