223 Commits

Author SHA1 Message Date
b80deb9927 refactor(storage): refactor storage into a single ImageStore (#1656)
unified both local and s3 ImageStore logic into a single ImageStore
added a new driver interface for common file/dirs manipulations
to be implemented by different storage types

refactor(gc): drop umoci dependency, implemented internal gc

added retentionDelay config option that specifies
the garbage collect delay for images without tags

this will also clean manifests which are part of an index image
(multiarch) that no longer exist.

fix(dedupe): skip blobs under .sync/ directory

if startup dedupe is running while also syncing is running
ignore blobs under sync's temporary storage

fix(storage): do not allow image indexes modifications

when deleting a manifest verify that it is not part of a multiarch image
and throw a MethodNotAllowed error to the client if it is.
we don't want to modify multiarch images

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-01 10:54:39 -07:00
521b109c8c chore(go.mod): upgrade 3rd party packages (#1742)
Special note for oras.land/oras-go:
- 1.2.4 is not released yet, but tip of their v1 branch is compatible with docker v24.0.2
- 1.2.3 is not compatible with docker v24.0.2
Other 3rd party software depend on both oras-go v1 and docker v24

See also https://github.com/oras-project/oras-go/pull/527

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-31 20:40:19 +03:00
9bccd784a9 chore: fix dependabot alerts (#1737) 2023-08-30 07:53:03 +03:00
6d65401499 chore: fix dependabot alerts (#1720)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-08-22 14:43:34 +03:00
e129d4003b chore: fix dependabot alerts (#1702)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-08-15 10:15:50 +03:00
04627534a9 chore(go.mod): fix dependabot alerts (#1684)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-08-10 09:49:55 +03:00
635d71853e fix(authn): session authn is skipped when anonymous policy is configured (#1647)
closes: #1642

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-27 09:55:25 -07:00
75b94a3c8b chore: fix dependabot alerts (#1649) 2023-07-25 08:14:37 +03:00
04fccd11fd chore(go.mod): upgrade trivy, cosign and remove replace directive (#1635)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-07-18 14:18:31 -07:00
fe9c9750b5 chore: fix dependabot alerts (#1631)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-17 23:37:54 +03:00
6cd4455da1 chore: fix dependabot alerts (#1621)
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

* test: fix the validation for digests

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-15 12:56:09 +03:00
730ef4aada chore: fix dependabot alerts (#1613)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-13 10:14:03 +03:00
17d1338af1 feat: integrate openID auth logic and user profile management (#1381)
This change introduces OpenID authn by using providers such as Github,
Gitlab, Google and Dex.
User sessions are now used for web clients to identify
and persist an authenticated users session, thus not requiring every request to
use credentials.
Another change is apikey feature, users can create/revoke their api keys and use them
to authenticate when using cli clients such as skopeo.

eg:
login:
/auth/login?provider=github
/auth/login?provider=gitlab
and so on

logout:
/auth/logout

redirectURL:
/auth/callback/github
/auth/callback/gitlab
and so on

If network policy doesn't allow inbound connections, this callback wont work!

for more info read documentation added in this commit.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro>
2023-07-07 09:27:10 -07:00
96d9d318df feat(referrers): added index support for referrers queries (#1560)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-07-05 09:42:16 -07:00
137e5bd793 chore: fix dependabot alerts (#1581)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-05 11:42:24 +03:00
aad6db279b chore: fix dependabot alerts (#1576)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-04 09:19:26 -07:00
d30d7a9330 chore: fix dependabot alerts (#1537)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-19 12:34:50 -07:00
7dd17be96d chore: fix dependabot alerts (#1517)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-16 10:28:43 +03:00
03f47f68c0 chore(deps): downgrade golang-lru (#1515)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-06-14 19:45:30 +03:00
d7bddd2a05 chore: fix dependabot alerts (#1508)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-12 14:53:03 -07:00
622dde9193 fix: referrers now appears in swagger generated docs (#1488)
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2023-06-12 10:32:11 -07:00
4d6ca493f2 chore: fix dependabot alerts (#1501)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-09 10:27:42 -07:00
96d00cd0ef fix(cve): Fix CVE scanning in images containing Jar files (#1475) 2023-06-01 00:37:46 +03:00
40180f878f chore(go.mod): fix dependabot alerts (#1491)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-05-31 22:16:21 +03:00
e148343540 chore(go.mod): fix dependabot alerts (#1479)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-05-27 01:23:50 +03:00
970997f3a8 feat(graphql & repodb): add info about signature validity (#1344)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-05-24 09:46:16 -07:00
6e6ffe800c chore(go.mod): upgrade to notation-go v1.0.0-rc.5 and image-spec v1.1.0-rc3 (#1468)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-05-23 15:16:33 +00:00
83ae1aad70 chore(go.mod): fix dependabot alerts (#1466)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-05-23 10:14:43 +03:00
2be5459c8e chore: fix dependabot alerts (#1458)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-05-17 00:37:34 -07:00
d17fe0044b chore(go.mod): fix dependabot alerts (#1443)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-05-12 09:45:52 +03:00
9534e0b88b chore: fix dependabot alerts (#1409)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-05-11 16:39:21 -07:00
ea79be64da refactor(artifact): remove oci artifact support (#1359)
* refactor(artifact): remove oci artifact support
- add header to referrers call to indicated applied artifact type filters

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

* feat(gc): simplify gc logic to increase coverage

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

---------

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-05-10 10:15:33 -07:00
42df4c505a chore: fix dependabot alerts (#1403)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-05-01 12:49:10 -07:00
c3ba122830 chore(go.mod): fix dependabot alerts (#1377) 2023-05-01 08:31:02 +03:00
40bf76add5 chore(go.mod): upgrade trivy and cosign (#1387)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-04-27 09:35:10 -07:00
635d07ae04 chore: update golang (to 1.20.x) and golangci-linter (#1388)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-04-27 00:09:46 -07:00
e6b81bb354 chore(go.mod): fix dependabot alerts (#1365)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-04-12 14:10:47 +03:00
9f512082ad chore(go.mod): fix dependabot alerts (#1360)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-04-11 23:21:30 -07:00
8f809bda29 chore(go.mod): fix dependabot alerts (#1351)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-04-10 14:09:54 -07:00
38997be596 chore(go.mod): fix dependabot alerts (#1343)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-04-07 09:35:12 +03:00
06bd8a8252 chore(go.mod): fix dependabot alerts (#1333)
upgrade to github.com/aws/aws-sdk-go@v1.44.237
upgrade to github.com/aquasecurity/trivy@v0.38.3
upgrade to oras.land/oras-go@v1.2.3
upgrade to github.com/google/go-containerregistry@v0.14.0
upgrade to github.com/moby/buildkit@v0.11.4

Note we can't switch to trivy 0.39.0 as well as some other updates
because they would also require upgrade of cosign to v2 with
breaking api changes

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-04-06 01:00:12 -07:00
d9173e3ad3 chore(go.mod): fix dependabot alerts (#1330)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-04-05 09:39:15 +03:00
5ad25126b7 chore: fix dependabot alerts (#1320)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-29 13:13:16 -07:00
917159143c chore: fix dependabot alerts (#1312)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-27 12:16:29 -07:00
e54c36db12 chore(go.mod): fix dependabot alerts (#1305)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-25 22:43:36 +02:00
906f8ce621 chore(deps): fix dependabot alerts (#1291)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-22 12:33:21 -07:00
7656b6f011 chore(deps): modify pkg/errors dependency as indirect (#1266)
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2023-03-15 17:10:47 +02:00
c2bec0d4a8 chore(go.mod): fix dependabot alerts (#1251)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-07 09:59:59 +02:00
73b1126bbf chore(go.mod): fix dependabot alerts (#1247)
Supersedes:
- https://github.com/project-zot/zot/pull/1132
- https://github.com/project-zot/zot/pull/1243
- https://github.com/project-zot/zot/pull/1244
- https://github.com/project-zot/zot/pull/1245

Also update the AWS SDK libraries used

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-03-06 11:05:19 -08:00
646250736e fix(go.mod): replace opencontainers/umoci dependency with project-stacker/umoci (#1240)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-03-05 21:11:07 -08:00