Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(storage): handle dedupe disabled in GetAllDedupeReposCandidates() #2533

Merged
merged 1 commit into from
Jul 9, 2024
Merged

fix(storage): handle dedupe disabled in GetAllDedupeReposCandidates() #2533

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions pkg/api/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,10 @@ func (c *Config) IsLdapAuthEnabled() bool {
return false
}

func (c *Config) IsAuthzEnabled() bool {
return c.HTTP.AccessControl != nil
}

func (c *Config) IsMTLSAuthEnabled() bool {
if c.HTTP.TLS != nil &&
c.HTTP.TLS.Key != "" &&
Expand Down
22 changes: 13 additions & 9 deletions pkg/api/routes.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -879,13 +879,11 @@
) (bool, error) {
canMount := true

// authz enabled
if userAc != nil {
canMount = false

repos, err := imgStore.GetAllDedupeReposCandidates(digest)
if err != nil {
// first write
return false, err
}

Expand Down Expand Up @@ -943,9 +941,12 @@
return
}

userCanMount, err := canMount(userAc, imgStore, digest)
if err != nil {
rh.c.Log.Error().Err(err).Msg("unexpected error")
userCanMount := true
if rh.c.Config.IsAuthzEnabled() {
userCanMount, err = canMount(userAc, imgStore, digest)
if err != nil {
rh.c.Log.Error().Err(err).Msg("unexpected error")

Check warning on line 948 in pkg/api/routes.go

View check run for this annotation

Codecov / codecov/patch

pkg/api/routes.go#L948 

Added line #L948 was not covered by tests
}
}

var blen int64
Expand All @@ -963,7 +964,7 @@

if err != nil {
details := zerr.GetDetails(err)
if errors.Is(err, zerr.ErrBadBlobDigest) { //nolint:gocritic // errorslint conflicts with gocritic:IfElseChain
if errors.Is(err, zerr.ErrBadBlobDigest) { //nolint:gocritic,dupl // errorslint conflicts with gocritic:IfElseChain
details["digest"] = digest.String()
e := apiErr.NewError(apiErr.DIGEST_INVALID).AddDetail(details)
zcommon.WriteJSON(response, http.StatusBadRequest, apiErr.NewErrorList(e))
Expand Down Expand Up @@ -1254,9 +1255,12 @@
return
}

userCanMount, err := canMount(userAc, imgStore, mountDigest)
if err != nil {
rh.c.Log.Error().Err(err).Msg("unexpected error")
userCanMount := true
if rh.c.Config.IsAuthzEnabled() {
userCanMount, err = canMount(userAc, imgStore, mountDigest)
if err != nil {
rh.c.Log.Error().Err(err).Msg("unexpected error")

Check warning on line 1262 in pkg/api/routes.go

View check run for this annotation

Codecov / codecov/patch

pkg/api/routes.go#L1262 

Added line #L1262 was not covered by tests
}
}

// zot does not support cross mounting directly and do a workaround creating using hard link.
Expand Down
4 changes: 4 additions & 0 deletions pkg/storage/imagestore/imagestore.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@
func NewImageStore(rootDir string, cacheDir string, dedupe, commit bool, log zlog.Logger,
metrics monitoring.MetricServer, linter common.Lint, storeDriver storageTypes.Driver, cacheDriver cache.Cache,
) storageTypes.ImageStore {
if err := storeDriver.EnsureDir(rootDir); err != nil {

Check failure on line 72 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "err != nil" was never evaluated
log.Error().Err(err).Str("rootDir", rootDir).Msg("failed to create root dir")

return nil
Expand Down Expand Up @@ -127,13 +127,13 @@
func (is *ImageStore) initRepo(name string) error {
repoDir := path.Join(is.rootDir, name)

if !utf8.ValidString(name) {

Check failure on line 130 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "utf8.ValidString(name)" was never evaluated
is.log.Error().Msg("invalid UTF-8 input")

return zerr.ErrInvalidRepositoryName
}

if !zreg.FullNameRegexp.MatchString(name) {

Check failure on line 136 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "zreg.FullNameRegexp.MatchString(name)" was never evaluated
is.log.Error().Str("repository", name).Msg("invalid repository name")

return zerr.ErrInvalidRepositoryName
Expand All @@ -141,14 +141,14 @@

// create "blobs" subdir
err := is.storeDriver.EnsureDir(path.Join(repoDir, ispec.ImageBlobsDir))
if err != nil {

Check failure on line 144 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "err != nil" was never evaluated
is.log.Error().Err(err).Str("repository", name).Str("dir", repoDir).Msg("failed to create blobs subdir")

return err
}
// create BlobUploadDir subdir
err = is.storeDriver.EnsureDir(path.Join(repoDir, storageConstants.BlobUploadDir))
if err != nil {

Check failure on line 151 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "err != nil" was never evaluated
is.log.Error().Err(err).Msg("failed to create blob upload subdir")

return err
Expand All @@ -156,17 +156,17 @@

// "oci-layout" file - create if it doesn't exist
ilPath := path.Join(repoDir, ispec.ImageLayoutFile)
if _, err := is.storeDriver.Stat(ilPath); err != nil {

Check failure on line 159 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "err != nil" was never evaluated
il := ispec.ImageLayout{Version: ispec.ImageLayoutVersion}

buf, err := json.Marshal(il)
if err != nil {

Check failure on line 163 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "err != nil" was never evaluated
is.log.Error().Err(err).Msg("failed to marshal JSON")

return err
}

if _, err := is.storeDriver.WriteFile(ilPath, buf); err != nil {

Check failure on line 169 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "err != nil" was never evaluated
is.log.Error().Err(err).Str("file", ilPath).Msg("failed to write file")

return err
Expand All @@ -175,12 +175,12 @@

// "index.json" file - create if it doesn't exist
indexPath := path.Join(repoDir, ispec.ImageIndexFile)
if _, err := is.storeDriver.Stat(indexPath); err != nil {

Check failure on line 178 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "err != nil" was never evaluated
index := ispec.Index{}
index.SchemaVersion = 2

buf, err := json.Marshal(index)
if err != nil {

Check failure on line 183 in pkg/storage/imagestore/imagestore.go

View workflow job for this annotation

GitHub Actions / coverage 

condition "err != nil" was never evaluated
is.log.Error().Err(err).Msg("failed to marshal JSON")

return err
Expand Down Expand Up @@ -1121,6 +1121,10 @@
return nil, err
}

if is.cache == nil {
return nil, nil

Check warning on line 1125 in pkg/storage/imagestore/imagestore.go

View check run for this annotation

Codecov / codecov/patch

pkg/storage/imagestore/imagestore.go#L1125 

Added line #L1125 was not covered by tests
}

is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency)

Expand Down
Loading