mirror of
https://github.com/project-zot/zot.git
synced 2026-06-18 13:37:57 +08:00
Piaras Hoban
bc5fd1a357
* feat: add events config Signed-off-by: Piaras Hoban <phoban01@gmail.com> * feat: implement event support with log sink Signed-off-by: Piaras Hoban <phoban01@gmail.com> * feat: integrate events and update tests Signed-off-by: Piaras Hoban <phoban01@gmail.com> * refactor: update event config Signed-off-by: Piaras Hoban <phoban01@gmail.com> * feat: implement http and nats sinks. remove log sink Signed-off-by: Piaras Hoban <phoban01@gmail.com> * refactor: events extension setup Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: cleanup tests to use nil event recorder Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: update events config example and add more logging Signed-off-by: Piaras Hoban <phoban01@gmail.com> * refactor: better use of build tags for minimal binary Signed-off-by: Piaras Hoban <phoban01@gmail.com> * fix: missing store param in evelated privileges tests Signed-off-by: Piaras Hoban <phoban01@gmail.com> * fix: regression in config decoding Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: update check logs script to enable cross-platform usage via GREP_BIN_PATH envvar Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: fix log lint issue for events Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: fix failing events disabled test Signed-off-by: Piaras Hoban <phoban01@gmail.com> * test: add blackbox tests for events Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: specify architecture when downloading binaries in Makefile Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: improve failure handling when no valid sinks are provided Signed-off-by: Piaras Hoban <phoban01@gmail.com> * test: fix data race in events test Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: cleanup event decoding Signed-off-by: Piaras Hoban <phoban01@gmail.com> * test: fix logging tests Signed-off-by: Piaras Hoban <phoban01@gmail.com> * test: make nats server test more reliable Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: go mod cleanup Signed-off-by: Piaras Hoban <phoban01@gmail.com> * test: add sleep when setting up nats client Signed-off-by: Piaras Hoban <phoban01@gmail.com> * fix: ensure event sink errors do not propogate Signed-off-by: Piaras Hoban <phoban01@gmail.com> * test: increase coverage for events Signed-off-by: Piaras Hoban <phoban01@gmail.com> * feat(events): Refactor events to be non-blocking from caller. Signed-off-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no> Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: remove harded-coded linux Co-authored-by: Andrei Aaron <andreifdaaron@gmail.com> Signed-off-by: Piaras Hoban <phoban01@gmail.com> * feat(events): fail to start if incorrect event sink is configured Signed-off-by: Piaras Hoban <phoban01@gmail.com> * test: allow cli tests to return errors instead of panic Signed-off-by: Piaras Hoban <phoban01@gmail.com> * chore: bump nats server to v2.11.3 Signed-off-by: Piaras Hoban <phoban01@gmail.com> --------- Signed-off-by: Piaras Hoban <phoban01@gmail.com> Signed-off-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no> Co-authored-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no> Co-authored-by: Andrei Aaron <andreifdaaron@gmail.com>
151 lines
3.3 KiB
Go
151 lines
3.3 KiB
Go
//go:build events
|
|
// +build events
|
|
|
|
package events
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"errors"
|
|
"os"
|
|
|
|
cloudevents "github.com/cloudevents/sdk-go/v2"
|
|
|
|
eventsconf "zotregistry.dev/zot/pkg/extensions/config/events"
|
|
"zotregistry.dev/zot/pkg/log"
|
|
)
|
|
|
|
type eventRecorder struct {
|
|
log log.Logger
|
|
sinks []Sink
|
|
}
|
|
|
|
var _ Recorder = (*eventRecorder)(nil)
|
|
|
|
func (r eventRecorder) Close() {
|
|
err := r.closeSinks()
|
|
if err != nil {
|
|
r.log.Error().Err(err).Msg("failed to close sinks")
|
|
}
|
|
}
|
|
|
|
func (r eventRecorder) closeSinks() error {
|
|
var retErr error
|
|
|
|
for _, sink := range r.sinks {
|
|
if err := sink.Close(); err != nil {
|
|
retErr = errors.Join(retErr, err)
|
|
}
|
|
}
|
|
|
|
return retErr
|
|
}
|
|
|
|
func (r eventRecorder) publish(event *cloudevents.Event) {
|
|
go func() {
|
|
for _, sink := range r.sinks {
|
|
if response := sink.Emit(event); cloudevents.IsNACK(response) || cloudevents.IsUndelivered(response) {
|
|
r.log.Error().Err(response).Msg("failed to publish event")
|
|
}
|
|
}
|
|
|
|
r.log.Info().Msgf("event published successfully: %s", event.Type())
|
|
}()
|
|
}
|
|
|
|
func (r eventRecorder) RepositoryCreated(name string) {
|
|
event, err := newEventBuilder().
|
|
WithEventType(RepositoryCreatedEventType).
|
|
WithDataField("name", name).
|
|
Build()
|
|
if err != nil {
|
|
r.log.Warn().Err(err).Msg("failed to create event")
|
|
|
|
return
|
|
}
|
|
|
|
r.publish(event)
|
|
}
|
|
|
|
func (r eventRecorder) ImageUpdated(name, reference, digest, mediaType, manifest string) {
|
|
event, err := newEventBuilder().
|
|
WithEventType(ImageUpdatedEventType).
|
|
WithDataField("name", name).
|
|
WithDataField("reference", reference).
|
|
WithDataField("digest", digest).
|
|
WithDataField("mediaType", mediaType).
|
|
WithDataField("manifest", manifest).
|
|
Build()
|
|
if err != nil {
|
|
r.log.Warn().Err(err).Msg("failed to create event")
|
|
|
|
return
|
|
}
|
|
|
|
r.publish(event)
|
|
}
|
|
|
|
func (r eventRecorder) ImageDeleted(name, reference, digest, mediaType string) {
|
|
event, err := newEventBuilder().
|
|
WithEventType(ImageDeletedEventType).
|
|
WithDataField("name", name).
|
|
WithDataField("reference", reference).
|
|
WithDataField("digest", digest).
|
|
WithDataField("mediaType", mediaType).
|
|
Build()
|
|
if err != nil {
|
|
r.log.Warn().Err(err).Msg("failed to create event")
|
|
|
|
return
|
|
}
|
|
|
|
r.publish(event)
|
|
}
|
|
|
|
func (r eventRecorder) ImageLintFailed(name, reference, digest, mediaType, manifest string) {
|
|
event, err := newEventBuilder().
|
|
WithEventType(ImageLintFailedEventType).
|
|
WithDataField("name", name).
|
|
WithDataField("reference", reference).
|
|
WithDataField("digest", digest).
|
|
WithDataField("mediaType", mediaType).
|
|
WithDataField("manifest", manifest).
|
|
Build()
|
|
if err != nil {
|
|
r.log.Warn().Err(err).Msg("failed to create event")
|
|
|
|
return
|
|
}
|
|
|
|
r.publish(event)
|
|
}
|
|
|
|
func getTLSConfig(config eventsconf.SinkConfig) (*tls.Config, error) {
|
|
tlsConfig := &tls.Config{
|
|
MinVersion: tls.VersionTLS12,
|
|
}
|
|
|
|
if config.TLSConfig.CACertFile != "" {
|
|
caCert, err := os.ReadFile(config.TLSConfig.CACertFile)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
caCertPool := x509.NewCertPool()
|
|
if !caCertPool.AppendCertsFromPEM(caCert) {
|
|
return nil, err
|
|
}
|
|
tlsConfig.RootCAs = caCertPool
|
|
}
|
|
|
|
if config.TLSConfig.CertFile != "" && config.TLSConfig.KeyFile != "" {
|
|
cert, err := tls.LoadX509KeyPair(config.TLSConfig.CertFile, config.TLSConfig.KeyFile)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
tlsConfig.Certificates = []tls.Certificate{cert}
|
|
}
|
|
|
|
return tlsConfig, nil
|
|
}
|