mirror of
https://github.com/project-zot/zot.git
synced 2026-06-17 21:17:58 +08:00
Andrei Aaron
dfb5d1df54
* fix: make config read/write thread safe and fix some other similar issues 1. The config config has a lock, and safe methods to update and read the attributes 2. The config has methods to retrieve copies of specific attributes, such as the extyensions config, the auth config, and the authz config. These are needed, as the config object may mutate in the middle of an auth/authz requests, and we avoid partial configuration being applied for that request. 3. Fix an issue with the monitoring server not stopping when the controller is shut down. 4. Fix an issue with the HTPasswdWatcher not stopping when the background tasks are supposed to finish. 5. Fix some tests using hardcoded ports. Moved some of the methods which were on the main config to the auth, access control and extension configs Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
136 lines
3.8 KiB
Go
136 lines
3.8 KiB
Go
//go:build mgmt
|
|
// +build mgmt
|
|
|
|
package extensions
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/mux"
|
|
|
|
"zotregistry.dev/zot/v2/pkg/api/config"
|
|
"zotregistry.dev/zot/v2/pkg/api/constants"
|
|
zcommon "zotregistry.dev/zot/v2/pkg/common"
|
|
"zotregistry.dev/zot/v2/pkg/log"
|
|
)
|
|
|
|
type HTPasswd struct {
|
|
Path string `json:"path,omitempty"`
|
|
}
|
|
|
|
type BearerConfig struct {
|
|
Realm string `json:"realm,omitempty"`
|
|
Service string `json:"service,omitempty"`
|
|
}
|
|
|
|
type OpenIDProviderConfig struct {
|
|
Name string `json:"name,omitempty" mapstructure:"name"`
|
|
}
|
|
|
|
type OpenIDConfig struct {
|
|
Providers map[string]OpenIDProviderConfig `json:"providers,omitempty" mapstructure:"providers"`
|
|
}
|
|
|
|
type Auth struct {
|
|
HTPasswd *HTPasswd `json:"htpasswd,omitempty" mapstructure:"htpasswd"`
|
|
Bearer *BearerConfig `json:"bearer,omitempty" mapstructure:"bearer"`
|
|
LDAP *struct {
|
|
Address string `json:"address,omitempty" mapstructure:"address"`
|
|
} `json:"ldap,omitempty" mapstructure:"ldap"`
|
|
OpenID *OpenIDConfig `json:"openid,omitempty" mapstructure:"openid"`
|
|
APIKey bool `json:"apikey,omitempty" mapstructure:"apikey"`
|
|
}
|
|
|
|
type StrippedConfig struct {
|
|
DistSpecVersion string `json:"distSpecVersion" mapstructure:"distSpecVersion"`
|
|
Commit string `json:"commit" mapstructure:"commit"`
|
|
ReleaseTag string `json:"releaseTag" mapstructure:"releaseTag"`
|
|
BinaryType string `json:"binaryType" mapstructure:"binaryType"`
|
|
|
|
HTTP struct {
|
|
Auth *Auth `json:"auth,omitempty" mapstructure:"auth"`
|
|
} `json:"http" mapstructure:"http"`
|
|
}
|
|
|
|
func IsBuiltWithMGMTExtension() bool {
|
|
return true
|
|
}
|
|
|
|
func (auth Auth) MarshalJSON() ([]byte, error) {
|
|
type localAuth Auth
|
|
|
|
if auth.Bearer == nil && auth.LDAP == nil &&
|
|
auth.HTPasswd.Path == "" &&
|
|
(auth.OpenID == nil || len(auth.OpenID.Providers) == 0) {
|
|
auth.HTPasswd = nil
|
|
auth.OpenID = nil
|
|
|
|
return json.Marshal((localAuth)(auth))
|
|
}
|
|
|
|
if auth.HTPasswd.Path == "" && auth.LDAP == nil {
|
|
auth.HTPasswd = nil
|
|
} else {
|
|
auth.HTPasswd.Path = ""
|
|
}
|
|
|
|
if auth.OpenID != nil && len(auth.OpenID.Providers) == 0 {
|
|
auth.OpenID = nil
|
|
}
|
|
|
|
auth.LDAP = nil
|
|
|
|
return json.Marshal((localAuth)(auth))
|
|
}
|
|
|
|
func SetupMgmtRoutes(conf *config.Config, router *mux.Router, log log.Logger) {
|
|
extensionsConfig := conf.CopyExtensionsConfig()
|
|
if !extensionsConfig.IsSearchEnabled() {
|
|
log.Info().Msg("skip enabling the mgmt route as the config prerequisites are not met")
|
|
|
|
return
|
|
}
|
|
|
|
log.Info().Msg("setting up mgmt routes")
|
|
|
|
mgmt := Mgmt{Conf: conf, Log: log}
|
|
|
|
// The endpoint for reading configuration should be available to all users
|
|
allowedMethods := zcommon.AllowedMethods(http.MethodGet)
|
|
|
|
mgmtRouter := router.PathPrefix(constants.ExtMgmt).Subrouter()
|
|
mgmtRouter.Use(zcommon.CORSHeadersMiddleware(conf.HTTP.AllowOrigin))
|
|
mgmtRouter.Use(zcommon.AddExtensionSecurityHeaders())
|
|
mgmtRouter.Use(zcommon.ACHeadersMiddleware(conf, allowedMethods...))
|
|
mgmtRouter.Methods(allowedMethods...).HandlerFunc(mgmt.HandleGetConfig)
|
|
|
|
log.Info().Msg("finished setting up mgmt routes")
|
|
}
|
|
|
|
type Mgmt struct {
|
|
Conf *config.Config
|
|
Log log.Logger
|
|
}
|
|
|
|
// mgmtHandler godoc
|
|
// @Summary Get current server configuration
|
|
// @Description Get current server configuration
|
|
// @Router /v2/_zot/ext/mgmt [get]
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param resource query string false "specify resource" Enums(config)
|
|
// @Success 200 {object} extensions.StrippedConfig
|
|
// @Failure 500 {string} string "internal server error".
|
|
func (mgmt *Mgmt) HandleGetConfig(w http.ResponseWriter, r *http.Request) {
|
|
sanitizedConfig := mgmt.Conf.Sanitize()
|
|
|
|
buf, err := zcommon.MarshalThroughStruct(sanitizedConfig, &StrippedConfig{})
|
|
if err != nil {
|
|
mgmt.Log.Error().Err(err).Str("component", "mgmt").Msg("failed to marshal config response")
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
}
|
|
|
|
_, _ = w.Write(buf)
|
|
}
|