From d30589863a2ade13e88218d0701c77f3c101f6d7 Mon Sep 17 00:00:00 2001 From: Petu Eusebiu Date: Fri, 22 Sep 2023 15:29:01 +0300 Subject: [PATCH] feat(retention): added image retention policies feat(metaDB): add more image statistics info Signed-off-by: Petu Eusebiu --- errors/errors.go | 1 + examples/README.md | 77 ++ examples/config-gc-periodic.json | 4 +- examples/config-gc.json | 2 - examples/config-retention.json | 68 ++ examples/config-sync-localhost.json | 37 - examples/config-sync.json | 6 +- pkg/api/config/config.go | 86 +- pkg/api/config/config_test.go | 45 + pkg/api/controller.go | 39 +- pkg/api/controller_test.go | 56 +- pkg/api/routes.go | 4 +- pkg/cli/server/config_reloader_test.go | 106 +++ pkg/cli/server/extensions_test.go | 352 ++++++- pkg/cli/server/root.go | 86 +- pkg/cli/server/root_test.go | 88 ++ pkg/cli/server/stress_test.go | 2 +- pkg/cli/server/validate_sync_disabled.go | 13 + pkg/cli/server/validate_sync_enabled.go | 86 ++ .../search/convert/convert_internal_test.go | 2 +- pkg/extensions/search/cve/cve_test.go | 22 +- pkg/extensions/search/cve/pagination_test.go | 5 +- pkg/extensions/search/cve/scan_test.go | 32 +- .../search/cve/trivy/scanner_internal_test.go | 15 +- pkg/extensions/search/resolver_test.go | 2 +- pkg/extensions/search/search_test.go | 6 +- pkg/extensions/sync/local.go | 5 +- pkg/extensions/sync/references/cosign.go | 3 +- pkg/extensions/sync/references/oci.go | 3 +- pkg/extensions/sync/references/oras.go | 3 +- .../sync/references/referrers_tag.go | 3 +- pkg/extensions/sync/sync_internal_test.go | 8 +- pkg/extensions/sync/sync_test.go | 2 +- pkg/log/log.go | 16 +- pkg/meta/boltdb/boltdb.go | 21 +- pkg/meta/boltdb/boltdb_test.go | 28 +- pkg/meta/dynamodb/dynamodb.go | 26 +- pkg/meta/dynamodb/dynamodb_test.go | 65 +- pkg/meta/hooks.go | 13 +- pkg/meta/hooks_test.go | 26 +- pkg/meta/meta_test.go | 200 ++-- pkg/meta/parse.go | 25 +- pkg/meta/parse_test.go | 14 +- pkg/meta/types/types.go | 12 +- pkg/retention/candidate.go | 29 + pkg/retention/matcher.go | 39 + pkg/retention/retention.go | 272 ++++++ pkg/retention/rules.go | 140 +++ pkg/retention/types/types.go | 30 + pkg/storage/constants/constants.go | 36 +- pkg/storage/gc/gc.go | 323 +++++-- pkg/storage/gc/gc_internal_test.go | 214 +++-- pkg/storage/gc/gc_test.go | 863 ++++++++++++++++++ pkg/storage/imagestore/imagestore.go | 9 +- pkg/storage/local/driver.go | 2 +- pkg/storage/local/local_test.go | 166 ++-- pkg/storage/storage_test.go | 113 ++- pkg/test/image-utils/upload_test.go | 17 +- pkg/test/mocks/repo_db_mock.go | 17 +- test/blackbox/garbage_collect.bats | 14 +- test/cluster/config-minio.json | 2 +- test/gc-stress/config-gc-bench-local.json | 2 - .../config-gc-bench-s3-localstack.json | 10 +- test/gc-stress/config-gc-bench-s3-minio.json | 10 +- .../config-gc-referrers-bench-local.json | 13 +- ...nfig-gc-referrers-bench-s3-localstack.json | 19 +- .../config-gc-referrers-bench-s3-minio.json | 19 +- 67 files changed, 3406 insertions(+), 668 deletions(-) create mode 100644 examples/config-retention.json delete mode 100644 examples/config-sync-localhost.json create mode 100644 pkg/cli/server/validate_sync_disabled.go create mode 100644 pkg/cli/server/validate_sync_enabled.go create mode 100644 pkg/retention/candidate.go create mode 100644 pkg/retention/matcher.go create mode 100644 pkg/retention/retention.go create mode 100644 pkg/retention/rules.go create mode 100644 pkg/retention/types/types.go create mode 100644 pkg/storage/gc/gc_test.go diff --git a/errors/errors.go b/errors/errors.go index ed2dcf42cf..9589492e6c 100644 --- a/errors/errors.go +++ b/errors/errors.go @@ -163,4 +163,5 @@ var ( ErrInvalidOutputFormat = errors.New("cli: invalid output format") ErrFlagValueUnsupported = errors.New("supported values ") ErrUnknownSubcommand = errors.New("cli: unknown subcommand") + ErrRetentionPolicyNotFound = errors.New("retention: repo or tag policy not found") ) diff --git a/examples/README.md b/examples/README.md index 2cf41bc974..c022b37456 100644 --- a/examples/README.md +++ b/examples/README.md @@ -84,6 +84,12 @@ to wasted storage, and background garbage collection can be enabled with: "gc": true, ``` +Orphan blobs are removed if they are older than gcDelay. + +``` + "gcDelay": "2h" +``` + It is also possible to store and serve images from multiple filesystems with their own repository paths, dedupe and garbage collection settings with: @@ -106,6 +112,77 @@ their own repository paths, dedupe and garbage collection settings with: }, ``` +## Retention + +You can define tag retention rules that govern how many tags of a given repository to retain, or for how long to retain certain tags. + +There are 4 possible rules for tags: + +mostRecentlyPushedCount: x - top x most recently pushed tags +mostRecentlyPulledCount: x - top x most recently pulled tags +pulledWithin: x hours - tags pulled in the last x hours +pushedWithin: x hours - tags pushed in the last x hours + +If ANY of these rules are met by a tag, then it will be retained, in other words there is an OR logic between them + +repoNames uses glob patterns +tag patterns uses regex + +``` + "retention": { + "dryRun": false, // if enabled will just log the retain action without actually removing + "delay": "24h", // is applied on untagged and referrers, will remove them only if they are older than 24h + "policies": [ // a repo will match a policy if it matches any repoNames[] glob pattern, it will select the first policy it can matches + { + "repoNames": ["infra/*", "prod/*"], // patterns to match + "deleteReferrers": false, // delete manifests with missing Subject (default is false) + "deleteUntagged": true, // delete untagged manifests (default is true) + "KeepTags": [{ // same as repo, the first pattern(this time regex) matched is the policy applied + "patterns": ["v2.*", ".*-prod"] // if there is no rule then the default is to retain always, this tagRetention will retain all tags matching the regexes in the patterns list. + }, + { + "patterns": ["v3.*", ".*-prod"], + "pulledWithin": "168h" // will keep v3.* and .*-prod tags that are pulled within last 168h + }] + }, // all tags under infra/* and prod/* will be removed! because they don't match any retention policy + { + "repoNames": ["tmp/**"], // matches recursively all repos under tmp/ + "deleteReferrers": true, + "deleteUntagged": true, + "KeepTags": [{ // will retain all tags starting with v1 and pulled within the last 168h + "patterns": ["v1.*"], // all the other tags will be removed + "pulledWithin": "168h", + "pushedWithin": "168h" + }] + }, + { + "repoNames": ["**"], + "deleteReferrers": true, + "deleteUntagged": true, + "keepTags": [{ + "mostRecentlyPushedCount": 10, // top 10 recently pushed tags + "mostRecentlyPulledCount": 10, // top 10 recently pulled tags + "pulledWithin": "720h", + "pushedWithin": "720h" + }] + } + ] + } +``` + +If a repo doesn't match any policy, then that repo and all its tags are retained. (default is to not delete anything) +If keepTags is empty, then all tags are retained (default is to retain all tags) +If we have at least one tagRetention policy in the tagRetention list then all tags that don't match at least one of them will be removed! + +For safety purpose you can have a default policy as the last policy in list, all tags that don't match the above policies will be retained by this one: +``` + "keepTags": [ + { + "patterns": [".*"] // will retain all tags + } + }] +``` + ## Authentication TLS mutual authentication and passphrase-based authentication are supported. diff --git a/examples/config-gc-periodic.json b/examples/config-gc-periodic.json index 88e38cffa8..8e44166c4d 100644 --- a/examples/config-gc-periodic.json +++ b/examples/config-gc-periodic.json @@ -4,13 +4,13 @@ "rootDirectory": "/tmp/zot", "gc": true, "gcDelay": "1h", - "gcInterval": "24h", + "gcInterval": "1h", "subPaths": { "/a": { "rootDirectory": "/tmp/zot1", "gc": true, "gcDelay": "1h", - "gcInterval": "24h" + "gcInterval": "1h" } } }, diff --git a/examples/config-gc.json b/examples/config-gc.json index cad60105fd..360d919cfc 100644 --- a/examples/config-gc.json +++ b/examples/config-gc.json @@ -3,9 +3,7 @@ "storage": { "rootDirectory": "/tmp/zot", "gc": true, - "gcReferrers": true, "gcDelay": "2h", - "untaggedImageRetentionDelay": "4h", "gcInterval": "1h" }, "http": { diff --git a/examples/config-retention.json b/examples/config-retention.json new file mode 100644 index 0000000000..3e46e2bfb0 --- /dev/null +++ b/examples/config-retention.json @@ -0,0 +1,68 @@ +{ + "distSpecVersion": "1.1.0-dev", + "storage": { + "rootDirectory": "/tmp/zot", + "gc": true, + "gcDelay": "2h", + "gcInterval": "1h", + "retention": { + "dryRun": false, + "delay": "24h", + "policies": [ + { + "repositories": ["infra/*", "prod/*"], + "deleteReferrers": false, + "keepTags": [{ + "patterns": ["v2.*", ".*-prod"] + }, + { + "patterns": ["v3.*", ".*-prod"], + "pulledWithin": "168h" + }] + }, + { + "repositories": ["tmp/**"], + "deleteReferrers": true, + "deleteUntagged": true, + "keepTags": [{ + "patterns": ["v1.*"], + "pulledWithin": "168h", + "pushedWithin": "168h" + }] + }, + { + "repositories": ["**"], + "deleteReferrers": true, + "deleteUntagged": true, + "keepTags": [{ + "mostRecentlyPushedCount": 10, + "mostRecentlyPulledCount": 10, + "pulledWithin": "720h", + "pushedWithin": "720h" + }] + } + ] + }, + "subPaths": { + "/a": { + "rootDirectory": "/tmp/zot1", + "dedupe": true, + "retention": { + "policies": [ + { + "repositories": ["infra/*", "prod/*"], + "deleteReferrers": false + } + ] + } + } + } + }, + "http": { + "address": "127.0.0.1", + "port": "8080" + }, + "log": { + "level": "debug" + } +} diff --git a/examples/config-sync-localhost.json b/examples/config-sync-localhost.json deleted file mode 100644 index fc545f7b98..0000000000 --- a/examples/config-sync-localhost.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "distspecversion":"1.1.0-dev", - "storage": { - "rootDirectory": "/tmp/zot_to_sync", - "dedupe": false, - "gc": false - }, - "http": { - "address": "127.0.0.1", - "port": "8081" - }, - "log": { - "level": "debug" - }, - "extensions": { - "sync": { - "registries": [ - { - "urls": [ - "http://localhost:8080" - ], - "onDemand": true, - "tlsVerify": false, - "PollInterval": "30s", - "content": [ - { - "prefix": "**" - } - ] - } - ] - }, - "scrub": { - "interval": "24h" - } - } -} \ No newline at end of file diff --git a/examples/config-sync.json b/examples/config-sync.json index 092e4b1e85..c993119711 100644 --- a/examples/config-sync.json +++ b/examples/config-sync.json @@ -35,12 +35,12 @@ } }, { - "prefix": "/repo1/repo", + "prefix": "/repo2/repo", "destination": "/repo", "stripPrefix": true }, { - "prefix": "/repo2/repo" + "prefix": "/repo3/**" } ] }, @@ -54,7 +54,7 @@ "onDemand": false, "content": [ { - "prefix": "/repo2", + "prefix": "**", "tags": { "semver": true } diff --git a/pkg/api/config/config.go b/pkg/api/config/config.go index c6ed53da26..5dbcf343a5 100644 --- a/pkg/api/config/config.go +++ b/pkg/api/config/config.go @@ -23,17 +23,37 @@ var ( ) type StorageConfig struct { - RootDirectory string - Dedupe bool - RemoteCache bool - GC bool - Commit bool - GCDelay time.Duration - GCInterval time.Duration - GCReferrers bool - UntaggedImageRetentionDelay time.Duration - StorageDriver map[string]interface{} `mapstructure:",omitempty"` - CacheDriver map[string]interface{} `mapstructure:",omitempty"` + RootDirectory string + Dedupe bool + RemoteCache bool + GC bool + Commit bool + GCDelay time.Duration // applied for blobs + GCInterval time.Duration + Retention ImageRetention + StorageDriver map[string]interface{} `mapstructure:",omitempty"` + CacheDriver map[string]interface{} `mapstructure:",omitempty"` +} + +type ImageRetention struct { + DryRun bool + Delay time.Duration // applied for referrers and untagged + Policies []RetentionPolicy +} + +type RetentionPolicy struct { + Repositories []string + DeleteReferrers bool + DeleteUntagged *bool + KeepTags []KeepTagsPolicy +} + +type KeepTagsPolicy struct { + Patterns []string + PulledWithin *time.Duration + PushedWithin *time.Duration + MostRecentlyPushedCount int + MostRecentlyPulledCount int } type TLSConfig struct { @@ -195,9 +215,11 @@ func New() *Config { BinaryType: BinaryType, Storage: GlobalStorageConfig{ StorageConfig: StorageConfig{ - GC: true, GCReferrers: true, GCDelay: storageConstants.DefaultGCDelay, - UntaggedImageRetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - GCInterval: storageConstants.DefaultGCInterval, Dedupe: true, + Dedupe: true, + GC: true, + GCDelay: storageConstants.DefaultGCDelay, + GCInterval: storageConstants.DefaultGCInterval, + Retention: ImageRetention{}, }, }, HTTP: HTTPConfig{Address: "127.0.0.1", Port: "8080", Auth: &AuthConfig{FailDelay: 0}}, @@ -373,6 +395,42 @@ func (c *Config) IsImageTrustEnabled() bool { return c.Extensions != nil && c.Extensions.Trust != nil && *c.Extensions.Trust.Enable } +// check if tags retention is enabled. +func (c *Config) IsRetentionEnabled() bool { + var needsMetaDB bool + + for _, retentionPolicy := range c.Storage.Retention.Policies { + for _, tagRetentionPolicy := range retentionPolicy.KeepTags { + if c.isTagsRetentionEnabled(tagRetentionPolicy) { + needsMetaDB = true + } + } + } + + for _, subpath := range c.Storage.SubPaths { + for _, retentionPolicy := range subpath.Retention.Policies { + for _, tagRetentionPolicy := range retentionPolicy.KeepTags { + if c.isTagsRetentionEnabled(tagRetentionPolicy) { + needsMetaDB = true + } + } + } + } + + return needsMetaDB +} + +func (c *Config) isTagsRetentionEnabled(tagRetentionPolicy KeepTagsPolicy) bool { + if tagRetentionPolicy.MostRecentlyPulledCount != 0 || + tagRetentionPolicy.MostRecentlyPushedCount != 0 || + tagRetentionPolicy.PulledWithin != nil || + tagRetentionPolicy.PushedWithin != nil { + return true + } + + return false +} + func (c *Config) IsCosignEnabled() bool { return c.IsImageTrustEnabled() && c.Extensions.Trust.Cosign } diff --git a/pkg/api/config/config_test.go b/pkg/api/config/config_test.go index 9d23e0ce27..72c5e0a858 100644 --- a/pkg/api/config/config_test.go +++ b/pkg/api/config/config_test.go @@ -65,6 +65,7 @@ func TestConfig(t *testing.T) { So(err, ShouldBeNil) So(isSame, ShouldBeTrue) }) + Convey("Test DeepCopy() & Sanitize()", t, func() { conf := config.New() So(conf, ShouldNotBeNil) @@ -81,4 +82,48 @@ func TestConfig(t *testing.T) { err = config.DeepCopy(obj, conf) So(err, ShouldNotBeNil) }) + + Convey("Test IsRetentionEnabled()", t, func() { + conf := config.New() + So(conf.IsRetentionEnabled(), ShouldBeFalse) + + conf.Storage.Retention.Policies = []config.RetentionPolicy{ + { + Repositories: []string{"repo"}, + }, + } + + So(conf.IsRetentionEnabled(), ShouldBeFalse) + + policies := []config.RetentionPolicy{ + { + Repositories: []string{"repo"}, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{"tag"}, + MostRecentlyPulledCount: 2, + }, + }, + }, + } + + conf.Storage.Retention = config.ImageRetention{ + Policies: policies, + } + + So(conf.IsRetentionEnabled(), ShouldBeTrue) + + subPaths := make(map[string]config.StorageConfig) + + subPaths["/a"] = config.StorageConfig{ + GC: true, + Retention: config.ImageRetention{ + Policies: policies, + }, + } + + conf.Storage.SubPaths = subPaths + + So(conf.IsRetentionEnabled(), ShouldBeTrue) + }) } diff --git a/pkg/api/controller.go b/pkg/api/controller.go index e958048d77..2e61bc39e9 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -277,7 +277,8 @@ func (c *Controller) initCookieStore() error { func (c *Controller) InitMetaDB(reloadCtx context.Context) error { // init metaDB if search is enabled or we need to store user profiles, api keys or signatures - if c.Config.IsSearchEnabled() || c.Config.IsBasicAuthnEnabled() || c.Config.IsImageTrustEnabled() { + if c.Config.IsSearchEnabled() || c.Config.IsBasicAuthnEnabled() || c.Config.IsImageTrustEnabled() || + c.Config.IsRetentionEnabled() { driver, err := meta.New(c.Config.Storage.StorageConfig, c.Log) //nolint:contextcheck if err != nil { return err @@ -293,7 +294,7 @@ func (c *Controller) InitMetaDB(reloadCtx context.Context) error { return err } - err = meta.ParseStorage(driver, c.StoreController, c.Log) + err = meta.ParseStorage(driver, c.StoreController, c.Log) //nolint: contextcheck if err != nil { return err } @@ -309,10 +310,30 @@ func (c *Controller) LoadNewConfig(reloadCtx context.Context, newConfig *config. c.Config.HTTP.AccessControl = newConfig.HTTP.AccessControl // reload periodical gc config - c.Config.Storage.GCInterval = newConfig.Storage.GCInterval c.Config.Storage.GC = newConfig.Storage.GC + c.Config.Storage.Dedupe = newConfig.Storage.Dedupe c.Config.Storage.GCDelay = newConfig.Storage.GCDelay - c.Config.Storage.GCReferrers = newConfig.Storage.GCReferrers + c.Config.Storage.GCInterval = newConfig.Storage.GCInterval + // only if we have a metaDB already in place + if c.Config.IsRetentionEnabled() { + c.Config.Storage.Retention = newConfig.Storage.Retention + } + + for subPath, storageConfig := range newConfig.Storage.SubPaths { + subPathConfig, ok := c.Config.Storage.SubPaths[subPath] + if ok { + subPathConfig.GC = storageConfig.GC + subPathConfig.Dedupe = storageConfig.Dedupe + subPathConfig.GCDelay = storageConfig.GCDelay + subPathConfig.GCInterval = storageConfig.GCInterval + // only if we have a metaDB already in place + if c.Config.IsRetentionEnabled() { + subPathConfig.Retention = storageConfig.Retention + } + + c.Config.Storage.SubPaths[subPath] = subPathConfig + } + } // reload background tasks if newConfig.Extensions != nil { @@ -356,10 +377,9 @@ func (c *Controller) StartBackgroundTasks(reloadCtx context.Context) { // Enable running garbage-collect periodically for DefaultStore if c.Config.Storage.GC { gc := gc.NewGarbageCollect(c.StoreController.DefaultStore, c.MetaDB, gc.Options{ - Referrers: c.Config.Storage.GCReferrers, Delay: c.Config.Storage.GCDelay, - RetentionDelay: c.Config.Storage.UntaggedImageRetentionDelay, - }, c.Log) + ImageRetention: c.Config.Storage.Retention, + }, c.Audit, c.Log) gc.CleanImageStorePeriodically(c.Config.Storage.GCInterval, taskScheduler) } @@ -379,10 +399,9 @@ func (c *Controller) StartBackgroundTasks(reloadCtx context.Context) { if storageConfig.GC { gc := gc.NewGarbageCollect(c.StoreController.SubStore[route], c.MetaDB, gc.Options{ - Referrers: storageConfig.GCReferrers, Delay: storageConfig.GCDelay, - RetentionDelay: storageConfig.UntaggedImageRetentionDelay, - }, c.Log) + ImageRetention: storageConfig.Retention, + }, c.Audit, c.Log) gc.CleanImageStorePeriodically(storageConfig.GCInterval, taskScheduler) } diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go index 0fdf0c90cd..85a317d759 100644 --- a/pkg/api/controller_test.go +++ b/pkg/api/controller_test.go @@ -5059,6 +5059,7 @@ func TestHardLink(t *testing.T) { port := test.GetFreePort() conf := config.New() conf.HTTP.Port = port + conf.Storage.GC = false dir := t.TempDir() @@ -7716,6 +7717,8 @@ func TestInjectTooManyOpenFiles(t *testing.T) { func TestGCSignaturesAndUntaggedManifestsWithMetaDB(t *testing.T) { Convey("Make controller", t, func() { + trueVal := true + Convey("Garbage collect signatures without subject and manifests without tags", func(c C) { repoName := "testrepo" //nolint:goconst tag := "0.0.1" @@ -7725,6 +7728,11 @@ func TestGCSignaturesAndUntaggedManifestsWithMetaDB(t *testing.T) { conf := config.New() conf.HTTP.Port = port + logFile, err := os.CreateTemp("", "zot-log*.txt") + So(err, ShouldBeNil) + + conf.Log.Audit = logFile.Name() + value := true searchConfig := &extconf.SearchConfig{ BaseConfig: extconf.BaseConfig{Enable: &value}, @@ -7741,7 +7749,21 @@ func TestGCSignaturesAndUntaggedManifestsWithMetaDB(t *testing.T) { ctlr.Config.Storage.RootDirectory = dir ctlr.Config.Storage.GC = true ctlr.Config.Storage.GCDelay = 1 * time.Millisecond - ctlr.Config.Storage.UntaggedImageRetentionDelay = 1 * time.Millisecond + ctlr.Config.Storage.Retention = config.ImageRetention{ + Delay: 1 * time.Millisecond, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{".*"}, // just for coverage + }, + }, + }, + }, + } ctlr.Config.Storage.Dedupe = false @@ -7752,16 +7774,14 @@ func TestGCSignaturesAndUntaggedManifestsWithMetaDB(t *testing.T) { img := CreateDefaultImage() - err := UploadImage(img, baseURL, repoName, tag) + err = UploadImage(img, baseURL, repoName, tag) So(err, ShouldBeNil) gc := gc.NewGarbageCollect(ctlr.StoreController.DefaultStore, ctlr.MetaDB, gc.Options{ - Referrers: ctlr.Config.Storage.GCReferrers, Delay: ctlr.Config.Storage.GCDelay, - RetentionDelay: ctlr.Config.Storage.UntaggedImageRetentionDelay, - }, - ctlr.Log) + ImageRetention: ctlr.Config.Storage.Retention, + }, ctlr.Audit, ctlr.Log) resp, err := resty.R().Get(baseURL + fmt.Sprintf("/v2/%s/manifests/%s", repoName, tag)) So(err, ShouldBeNil) @@ -7986,7 +8006,16 @@ func TestGCSignaturesAndUntaggedManifestsWithMetaDB(t *testing.T) { ctlr.Config.Storage.RootDirectory = dir ctlr.Config.Storage.GC = true ctlr.Config.Storage.GCDelay = 1 * time.Second - ctlr.Config.Storage.UntaggedImageRetentionDelay = 1 * time.Second + ctlr.Config.Storage.Retention = config.ImageRetention{ + Delay: 1 * time.Second, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + }, + }, + } err := WriteImageToFileSystem(CreateDefaultImage(), repoName, tag, ociutils.GetDefaultStoreController(dir, ctlr.Log)) @@ -7998,10 +8027,9 @@ func TestGCSignaturesAndUntaggedManifestsWithMetaDB(t *testing.T) { gc := gc.NewGarbageCollect(ctlr.StoreController.DefaultStore, ctlr.MetaDB, gc.Options{ - Referrers: ctlr.Config.Storage.GCReferrers, Delay: ctlr.Config.Storage.GCDelay, - RetentionDelay: ctlr.Config.Storage.UntaggedImageRetentionDelay, - }, ctlr.Log) + ImageRetention: ctlr.Config.Storage.Retention, + }, ctlr.Audit, ctlr.Log) resp, err := resty.R().Get(baseURL + fmt.Sprintf("/v2/%s/manifests/%s", repoName, tag)) So(err, ShouldBeNil) @@ -8131,8 +8159,12 @@ func TestPeriodicGC(t *testing.T) { subPaths := make(map[string]config.StorageConfig) subPaths["/a"] = config.StorageConfig{ - RootDirectory: subDir, GC: true, GCDelay: 1 * time.Second, - UntaggedImageRetentionDelay: 1 * time.Second, GCInterval: 24 * time.Hour, RemoteCache: false, Dedupe: false, + RootDirectory: subDir, + GC: true, + GCDelay: 1 * time.Second, + GCInterval: 24 * time.Hour, + RemoteCache: false, + Dedupe: false, } //nolint:lll // gofumpt conflicts with lll ctlr.Config.Storage.Dedupe = false ctlr.Config.Storage.SubPaths = subPaths diff --git a/pkg/api/routes.go b/pkg/api/routes.go index ec93ffdc59..f3e0bf2a7e 100644 --- a/pkg/api/routes.go +++ b/pkg/api/routes.go @@ -721,8 +721,8 @@ func (rh *RouteHandler) UpdateManifest(response http.ResponseWriter, request *ht } if rh.c.MetaDB != nil { - err := meta.OnUpdateManifest(name, reference, mediaType, digest, body, rh.c.StoreController, rh.c.MetaDB, - rh.c.Log) + err := meta.OnUpdateManifest(request.Context(), name, reference, mediaType, + digest, body, rh.c.StoreController, rh.c.MetaDB, rh.c.Log) if err != nil { response.WriteHeader(http.StatusInternalServerError) diff --git a/pkg/cli/server/config_reloader_test.go b/pkg/cli/server/config_reloader_test.go index eb8fdcf7a6..b54c1fd4fe 100644 --- a/pkg/cli/server/config_reloader_test.go +++ b/pkg/cli/server/config_reloader_test.go @@ -166,6 +166,112 @@ func TestConfigReloader(t *testing.T) { So(string(data), ShouldContainSubstring, "\"Actions\":[\"read\",\"create\",\"update\",\"delete\"]") }) + Convey("reload gc config", t, func(c C) { + port := test.GetFreePort() + baseURL := test.GetBaseURL(port) + + logFile, err := os.CreateTemp("", "zot-log*.txt") + So(err, ShouldBeNil) + + defer os.Remove(logFile.Name()) // clean up + + content := fmt.Sprintf(`{ + "distSpecVersion": "1.1.0-dev", + "storage": { + "rootDirectory": "%s", + "gc": false, + "dedupe": false, + "subPaths": { + "/a": { + "rootDirectory": "%s", + "gc": false, + "dedupe": false + } + } + }, + "http": { + "address": "127.0.0.1", + "port": "%s" + }, + "log": { + "level": "debug", + "output": "%s" + } + }`, t.TempDir(), t.TempDir(), port, logFile.Name()) + + cfgfile, err := os.CreateTemp("", "zot-test*.json") + So(err, ShouldBeNil) + + defer os.Remove(cfgfile.Name()) // clean up + + _, err = cfgfile.WriteString(content) + So(err, ShouldBeNil) + + // err = cfgfile.Close() + // So(err, ShouldBeNil) + + os.Args = []string{"cli_test", "serve", cfgfile.Name()} + go func() { + err = cli.NewServerRootCmd().Execute() + So(err, ShouldBeNil) + }() + + test.WaitTillServerReady(baseURL) + + content = fmt.Sprintf(`{ + "distSpecVersion": "1.1.0-dev", + "storage": { + "rootDirectory": "%s", + "gc": true, + "dedupe": true, + "subPaths": { + "/a": { + "rootDirectory": "%s", + "gc": true, + "dedupe": true + } + } + }, + "http": { + "address": "127.0.0.1", + "port": "%s" + }, + "log": { + "level": "debug", + "output": "%s" + } + }`, t.TempDir(), t.TempDir(), port, logFile.Name()) + + err = cfgfile.Truncate(0) + So(err, ShouldBeNil) + + _, err = cfgfile.Seek(0, io.SeekStart) + So(err, ShouldBeNil) + + // truncate log before changing config, for the ShouldNotContainString + So(logFile.Truncate(0), ShouldBeNil) + + _, err = cfgfile.WriteString(content) + So(err, ShouldBeNil) + + err = cfgfile.Close() + So(err, ShouldBeNil) + + // wait for config reload + time.Sleep(2 * time.Second) + + data, err := os.ReadFile(logFile.Name()) + So(err, ShouldBeNil) + t.Logf("log file: %s", data) + + So(string(data), ShouldContainSubstring, "reloaded params") + So(string(data), ShouldContainSubstring, "loaded new configuration settings") + So(string(data), ShouldContainSubstring, "\"GC\":true") + So(string(data), ShouldContainSubstring, "\"Dedupe\":true") + So(string(data), ShouldNotContainSubstring, "\"GC\":false") + So(string(data), ShouldNotContainSubstring, "\"Dedupe\":false") + }) + Convey("reload sync config", t, func(c C) { port := test.GetFreePort() baseURL := test.GetBaseURL(port) diff --git a/pkg/cli/server/extensions_test.go b/pkg/cli/server/extensions_test.go index c27c9948dc..eab785ff9d 100644 --- a/pkg/cli/server/extensions_test.go +++ b/pkg/cli/server/extensions_test.go @@ -30,9 +30,9 @@ func TestVerifyExtensionsConfig(t *testing.T) { So(err, ShouldBeNil) defer os.Remove(tmpfile.Name()) // clean up - content := []byte(`{ + content := fmt.Sprintf(`{ "storage":{ - "rootDirectory":"/tmp/zot", + "rootDirectory":"%s", "dedupe":true, "remoteCache":false, "storageDriver":{ @@ -56,21 +56,22 @@ func TestVerifyExtensionsConfig(t *testing.T) { } } } - }`) - err = os.WriteFile(tmpfile.Name(), content, 0o0600) + }`, t.TempDir()) + + err = os.WriteFile(tmpfile.Name(), []byte(content), 0o0600) So(err, ShouldBeNil) os.Args = []string{"cli_test", "verify", tmpfile.Name()} So(func() { _ = cli.NewServerRootCmd().Execute() }, ShouldPanic) - content = []byte(`{ + content = fmt.Sprintf(`{ "storage":{ - "rootDirectory":"/tmp/zot", + "rootDirectory":"%s", "dedupe":true, "remoteCache":false, "subPaths":{ "/a": { - "rootDirectory": "/tmp/zot1", + "rootDirectory": "%s", "dedupe": false, "storageDriver":{ "name":"s3", @@ -95,8 +96,8 @@ func TestVerifyExtensionsConfig(t *testing.T) { } } } - }`) - err = os.WriteFile(tmpfile.Name(), content, 0o0600) + }`, t.TempDir(), t.TempDir()) + err = os.WriteFile(tmpfile.Name(), []byte(content), 0o0600) So(err, ShouldBeNil) os.Args = []string{"cli_test", "verify", tmpfile.Name()} @@ -107,12 +108,12 @@ func TestVerifyExtensionsConfig(t *testing.T) { tmpfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) defer os.Remove(tmpfile.Name()) // clean up - content := []byte(`{"storage":{"rootDirectory":"/tmp/zot", "storageDriver": {"name": "s3"}}, + content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s", "storageDriver": {"name": "s3"}}, "http":{"address":"127.0.0.1","port":"8080","realm":"zot", "auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}, "extensions":{"sync": {"registries": [{"urls":["localhost:9999"], - "maxRetries": 1, "retryDelay": "10s"}]}}}`) - _, err = tmpfile.Write(content) + "maxRetries": 1, "retryDelay": "10s"}]}}}`, t.TempDir()) + _, err = tmpfile.WriteString(content) So(err, ShouldBeNil) err = tmpfile.Close() So(err, ShouldBeNil) @@ -124,12 +125,12 @@ func TestVerifyExtensionsConfig(t *testing.T) { tmpfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) defer os.Remove(tmpfile.Name()) // clean up - content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"}, + content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"}, "http":{"address":"127.0.0.1","port":"8080","realm":"zot", "auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}, "extensions":{"sync": {"registries": [{"urls":["localhost:9999"], - "maxRetries": 1, "retryDelay": "10s"}]}}}`) - _, err = tmpfile.Write(content) + "maxRetries": 1, "retryDelay": "10s"}]}}}`, t.TempDir()) + _, err = tmpfile.WriteString(content) So(err, ShouldBeNil) err = tmpfile.Close() So(err, ShouldBeNil) @@ -141,13 +142,13 @@ func TestVerifyExtensionsConfig(t *testing.T) { tmpfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) defer os.Remove(tmpfile.Name()) // clean up - content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"}, + content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"}, "http":{"address":"127.0.0.1","port":"8080","realm":"zot", "auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}, "extensions":{"sync": {"registries": [{"urls":["localhost:9999"], "maxRetries": 1, "retryDelay": "10s", - "content": [{"prefix":"[repo%^&"}]}]}}}`) - _, err = tmpfile.Write(content) + "content": [{"prefix":"[repo^&["}]}]}}}`, t.TempDir()) + _, err = tmpfile.WriteString(content) So(err, ShouldBeNil) err = tmpfile.Close() So(err, ShouldBeNil) @@ -159,13 +160,13 @@ func TestVerifyExtensionsConfig(t *testing.T) { tmpfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) defer os.Remove(tmpfile.Name()) // clean up - content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"}, + content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"}, "http":{"address":"127.0.0.1","port":"8080","realm":"zot", "auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}, "extensions":{"sync": {"registries": [{"urls":["localhost:9999"], "maxRetries": 1, "retryDelay": "10s", - "content": [{"prefix":"zot-repo","stripPrefix":true,"destination":"/"}]}]}}}`) - _, err = tmpfile.Write(content) + "content": [{"prefix":"zot-repo","stripPrefix":true,"destination":"/"}]}]}}}`, t.TempDir()) + _, err = tmpfile.WriteString(content) So(err, ShouldBeNil) err = tmpfile.Close() So(err, ShouldBeNil) @@ -177,13 +178,13 @@ func TestVerifyExtensionsConfig(t *testing.T) { tmpfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) defer os.Remove(tmpfile.Name()) // clean up - content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"}, + content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"}, "http":{"address":"127.0.0.1","port":"8080","realm":"zot", "auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}, "extensions":{"sync": {"registries": [{"urls":["localhost:9999"], "maxRetries": 1, "retryDelay": "10s", - "content": [{"prefix":"zot-repo/*","stripPrefix":true,"destination":"/"}]}]}}}`) - _, err = tmpfile.Write(content) + "content": [{"prefix":"zot-repo/*","stripPrefix":true,"destination":"/"}]}]}}}`, t.TempDir()) + _, err = tmpfile.WriteString(content) So(err, ShouldBeNil) err = tmpfile.Close() So(err, ShouldBeNil) @@ -196,13 +197,13 @@ func TestVerifyExtensionsConfig(t *testing.T) { tmpfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) defer os.Remove(tmpfile.Name()) // clean up - content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"}, + content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"}, "http":{"address":"127.0.0.1","port":"8080","realm":"zot", "auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}, "extensions":{"sync": {"registries": [{"urls":["localhost:9999"], "maxRetries": 1, "retryDelay": "10s", - "content": [{"prefix":"repo**"}]}]}}}`) - _, err = tmpfile.Write(content) + "content": [{"prefix":"repo**"}]}]}}}`, t.TempDir()) + _, err = tmpfile.WriteString(content) So(err, ShouldBeNil) err = tmpfile.Close() So(err, ShouldBeNil) @@ -215,12 +216,12 @@ func TestVerifyExtensionsConfig(t *testing.T) { tmpfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) defer os.Remove(tmpfile.Name()) // clean up - content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"}, + content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"}, "http":{"address":"127.0.0.1","port":"8080","realm":"zot", "auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}, "extensions":{"sync": {"registries": [{"urls":["localhost:9999"], - "maxRetries": 10, "content": [{"prefix":"repo**"}]}]}}}`) - _, err = tmpfile.Write(content) + "maxRetries": 10, "content": [{"prefix":"repo**"}]}]}}}`, t.TempDir()) + _, err = tmpfile.WriteString(content) So(err, ShouldBeNil) err = tmpfile.Close() So(err, ShouldBeNil) @@ -377,7 +378,7 @@ func TestServeExtensions(t *testing.T) { content := fmt.Sprintf(`{ "storage": { - "rootDirectory": "/tmp/zot" + "rootDirectory": "%s" }, "http": { "address": "127.0.0.1", @@ -387,7 +388,7 @@ func TestServeExtensions(t *testing.T) { "level": "debug", "output": "%s" } - }`, port, logFile.Name()) + }`, t.TempDir(), port, logFile.Name()) cfgfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) @@ -418,7 +419,7 @@ func TestServeExtensions(t *testing.T) { content := fmt.Sprintf(`{ "storage": { - "rootDirectory": "/tmp/zot" + "rootDirectory": "%s" }, "http": { "address": "127.0.0.1", @@ -430,7 +431,7 @@ func TestServeExtensions(t *testing.T) { }, "extensions": { } - }`, port, logFile.Name()) + }`, t.TempDir(), port, logFile.Name()) cfgfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) @@ -454,7 +455,7 @@ func TestServeExtensions(t *testing.T) { }) } -func testWithMetricsEnabled(cfgContentFormat string) { +func testWithMetricsEnabled(rootDir string, cfgContentFormat string) { port := GetFreePort() baseURL := GetBaseURL(port) logFile, err := os.CreateTemp("", "zot-log*.txt") @@ -462,7 +463,7 @@ func testWithMetricsEnabled(cfgContentFormat string) { defer os.Remove(logFile.Name()) // clean up - content := fmt.Sprintf(cfgContentFormat, port, logFile.Name()) + content := fmt.Sprintf(cfgContentFormat, rootDir, port, logFile.Name()) cfgfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) @@ -502,7 +503,7 @@ func TestServeMetricsExtension(t *testing.T) { Convey("no explicit enable", t, func(c C) { content := `{ "storage": { - "rootDirectory": "/tmp/zot" + "rootDirectory": "%s" }, "http": { "address": "127.0.0.1", @@ -517,13 +518,13 @@ func TestServeMetricsExtension(t *testing.T) { } } }` - testWithMetricsEnabled(content) + testWithMetricsEnabled(t.TempDir(), content) }) Convey("no explicit enable but with prometheus parameter", t, func(c C) { content := `{ "storage": { - "rootDirectory": "/tmp/zot" + "rootDirectory": "%s" }, "http": { "address": "127.0.0.1", @@ -541,13 +542,13 @@ func TestServeMetricsExtension(t *testing.T) { } } }` - testWithMetricsEnabled(content) + testWithMetricsEnabled(t.TempDir(), content) }) Convey("with explicit enable, but without prometheus parameter", t, func(c C) { content := `{ "storage": { - "rootDirectory": "/tmp/zot" + "rootDirectory": "%s" }, "http": { "address": "127.0.0.1", @@ -563,7 +564,7 @@ func TestServeMetricsExtension(t *testing.T) { } } }` - testWithMetricsEnabled(content) + testWithMetricsEnabled(t.TempDir(), content) }) Convey("with explicit disable", t, func(c C) { @@ -575,7 +576,7 @@ func TestServeMetricsExtension(t *testing.T) { content := fmt.Sprintf(`{ "storage": { - "rootDirectory": "/tmp/zot" + "rootDirectory": "%s" }, "http": { "address": "127.0.0.1", @@ -590,7 +591,7 @@ func TestServeMetricsExtension(t *testing.T) { "enable": false } } - }`, port, logFile.Name()) + }`, t.TempDir(), port, logFile.Name()) cfgfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) @@ -1373,3 +1374,266 @@ func TestServeImageTrustExtension(t *testing.T) { So(found, ShouldBeTrue) }) } + +func TestOverlappingSyncRetentionConfig(t *testing.T) { + oldArgs := os.Args + + defer func() { os.Args = oldArgs }() + + Convey("Test verify without overlapping sync and retention", t, func(c C) { + tmpfile, err := os.CreateTemp("", "zot-test*.json") + So(err, ShouldBeNil) + defer os.Remove(tmpfile.Name()) // clean up + content := `{ + "distSpecVersion": "1.1.0-dev", + "storage": { + "rootDirectory": "%s", + "gc": true, + "gcDelay": "2h", + "gcInterval": "1h", + "retention": { + "policies": [ + { + "repositories": ["infra/*", "prod/*"], + "deleteReferrers": false, + "keepTags": [{ + "patterns": ["v4.*", ".*-prod"] + }, + { + "patterns": ["v3.*", ".*-prod"], + "pulledWithin": "168h" + }] + } + ] + } + }, + "http": { + "address": "127.0.0.1", + "port": "%s" + }, + "log": { + "level": "debug", + "output": "%s" + }, + "extensions": { + "sync": { + "enable": true, + "registries": [ + { + "urls": [ + "https://registry1:5000" + ], + "content": [ + { + "prefix": "infra/*", + "tags": { + "regex": "v4.*", + "semver": true + } + } + ] + } + ] + } + } + }` + + logPath, err := runCLIWithConfig(t.TempDir(), content) + So(err, ShouldBeNil) + data, err := os.ReadFile(logPath) + So(err, ShouldBeNil) + defer os.Remove(logPath) // clean up + So(string(data), ShouldNotContainSubstring, "overlapping sync content") + }) + + Convey("Test verify with overlapping sync and retention - retention would remove v4 tags", t, func(c C) { + tmpfile, err := os.CreateTemp("", "zot-test*.json") + So(err, ShouldBeNil) + defer os.Remove(tmpfile.Name()) // clean up + content := `{ + "distSpecVersion": "1.1.0-dev", + "storage": { + "rootDirectory": "%s", + "gc": true, + "gcDelay": "2h", + "gcInterval": "1h", + "retention": { + "policies": [ + { + "repositories": ["infra/*", "prod/*"], + "keepTags": [{ + "patterns": ["v2.*", ".*-prod"] + }, + { + "patterns": ["v3.*", ".*-prod"] + }] + } + ] + } + }, + "http": { + "address": "127.0.0.1", + "port": "%s" + }, + "log": { + "level": "debug", + "output": "%s" + }, + "extensions": { + "sync": { + "enable": true, + "registries": [ + { + "urls": [ + "https://registry1:5000" + ], + "content": [ + { + "prefix": "infra/*", + "tags": { + "regex": "4.*", + "semver": true + } + } + ] + } + ] + } + } + }` + + logPath, err := runCLIWithConfig(t.TempDir(), content) + So(err, ShouldBeNil) + data, err := os.ReadFile(logPath) + So(err, ShouldBeNil) + defer os.Remove(logPath) // clean up + So(string(data), ShouldContainSubstring, "overlapping sync content\":{\"Prefix\":\"infra/*") + }) + + Convey("Test verify with overlapping sync and retention - retention would remove tags from repo", t, func(c C) { + tmpfile, err := os.CreateTemp("", "zot-test*.json") + So(err, ShouldBeNil) + defer os.Remove(tmpfile.Name()) // clean up + content := `{ + "distSpecVersion": "1.1.0-dev", + "storage": { + "rootDirectory": "%s", + "gc": true, + "gcDelay": "2h", + "gcInterval": "1h", + "retention": { + "dryRun": false, + "delay": "24h", + "policies": [ + { + "repositories": ["tmp/**"], + "keepTags": [{ + "patterns": ["v1.*"] + }] + } + ] + } + }, + "http": { + "address": "127.0.0.1", + "port": "%s" + }, + "log": { + "level": "debug", + "output": "%s" + }, + "extensions": { + "sync": { + "enable": true, + "registries": [ + { + "urls": [ + "https://registry1:5000" + ], + "content": [ + { + "prefix": "**", + "destination": "/tmp", + "stripPrefix": true + } + ] + } + ] + } + } + } + ` + + logPath, err := runCLIWithConfig(t.TempDir(), content) + So(err, ShouldBeNil) + data, err := os.ReadFile(logPath) + So(err, ShouldBeNil) + defer os.Remove(logPath) // clean up + So(string(data), ShouldContainSubstring, "overlapping sync content\":{\"Prefix\":\"**") + }) + + Convey("Test verify with overlapping sync and retention - retention would remove tags from subpath", t, func(c C) { + tmpfile, err := os.CreateTemp("", "zot-test*.json") + So(err, ShouldBeNil) + defer os.Remove(tmpfile.Name()) // clean up + content := `{ + "distSpecVersion": "1.1.0-dev", + "storage": { + "rootDirectory": "%s", + "gc": true, + "gcDelay": "2h", + "gcInterval": "1h", + "subPaths": { + "/synced": { + "rootDirectory": "/tmp/zot2", + "dedupe": true, + "retention": { + "policies": [ + { + "repositories": ["infra/*", "prod/*"], + "deleteReferrers": false, + "keepTags": [{ + }] + } + ] + } + } + } + }, + "http": { + "address": "127.0.0.1", + "port": "%s" + }, + "log": { + "level": "debug", + "output": "%s" + }, + "extensions": { + "sync": { + "enable": true, + "registries": [ + { + "urls": [ + "https://registry1:5000" + ], + "content": [ + { + "prefix": "prod/*", + "destination": "/synced" + } + ] + } + ] + } + } + } + ` + + logPath, err := runCLIWithConfig(t.TempDir(), content) + So(err, ShouldBeNil) + data, err := os.ReadFile(logPath) + So(err, ShouldBeNil) + defer os.Remove(logPath) // clean up + So(string(data), ShouldContainSubstring, "overlapping sync content\":{\"Prefix\":\"prod/*") + }) +} diff --git a/pkg/cli/server/root.go b/pkg/cli/server/root.go index c4088fa806..d49f3902aa 100644 --- a/pkg/cli/server/root.go +++ b/pkg/cli/server/root.go @@ -7,6 +7,7 @@ import ( "net/http" "os" "path" + "regexp" "strconv" "strings" "time" @@ -596,8 +597,8 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z config.Storage.GCDelay = 0 } - if viperInstance.Get("storage::gcdelay") == nil { - config.Storage.UntaggedImageRetentionDelay = 0 + if viperInstance.Get("storage::retention::delay") == nil { + config.Storage.Retention.Delay = 0 } if viperInstance.Get("storage::gcinterval") == nil { @@ -605,6 +606,13 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z } } + // apply deleteUntagged default + for idx := range config.Storage.Retention.Policies { + if !viperInstance.IsSet("storage::retention::policies::" + fmt.Sprint(idx) + "::deleteUntagged") { + config.Storage.Retention.Policies[idx].DeleteUntagged = &defaultVal + } + } + // cache settings // global storage @@ -615,7 +623,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z config.Storage.RemoteCache = true } - // s3 dedup=false, check for previous dedup usage and set to true if cachedb found + // s3 dedup=false, check for previous dedupe usage and set to true if cachedb found if !config.Storage.Dedupe && config.Storage.StorageDriver != nil { cacheDir, _ := config.Storage.StorageDriver["rootdirectory"].(string) cachePath := path.Join(cacheDir, storageConstants.BoltdbName+storageConstants.DBExtensionName) @@ -651,28 +659,31 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z // if gc is enabled if storageConfig.GC { - // and gcReferrers is not set, it is set to default value - if !viperInstance.IsSet("storage::subpaths::" + name + "::gcreferrers") { - storageConfig.GCReferrers = true - } - // and gcDelay is not set, it is set to default value if !viperInstance.IsSet("storage::subpaths::" + name + "::gcdelay") { storageConfig.GCDelay = storageConstants.DefaultGCDelay } // and retentionDelay is not set, it is set to default value - if !viperInstance.IsSet("storage::subpaths::" + name + "::retentiondelay") { - storageConfig.UntaggedImageRetentionDelay = storageConstants.DefaultUntaggedImgeRetentionDelay + if !viperInstance.IsSet("storage::subpaths::" + name + "::retention::delay") { + storageConfig.Retention.Delay = storageConstants.DefaultRetentionDelay } // and gcInterval is not set, it is set to default value if !viperInstance.IsSet("storage::subpaths::" + name + "::gcinterval") { storageConfig.GCInterval = storageConstants.DefaultGCInterval } + } - config.Storage.SubPaths[name] = storageConfig + // apply deleteUntagged default + for idx := range storageConfig.Retention.Policies { + deleteUntaggedKey := "storage::subpaths::" + name + "::retention::policies::" + fmt.Sprint(idx) + "::deleteUntagged" + if !viperInstance.IsSet(deleteUntaggedKey) { + storageConfig.Retention.Policies[idx].DeleteUntagged = &defaultVal + } } + + config.Storage.SubPaths[name] = storageConfig } // if OpenID authentication is enabled, @@ -851,6 +862,10 @@ func validateGC(config *config.Config, log zlog.Logger) error { } } + if err := validateGCRules(config.Storage.Retention, log); err != nil { + return err + } + // subpaths for name, subPath := range config.Storage.SubPaths { if subPath.GC && subPath.GCDelay <= 0 { @@ -861,6 +876,37 @@ func validateGC(config *config.Config, log zlog.Logger) error { return zerr.ErrBadConfig } + + if err := validateGCRules(subPath.Retention, log); err != nil { + return err + } + } + + return nil +} + +func validateGCRules(retention config.ImageRetention, log zlog.Logger) error { + for _, policy := range retention.Policies { + for _, pattern := range policy.Repositories { + if ok := glob.ValidatePattern(pattern); !ok { + log.Error().Err(glob.ErrBadPattern).Str("pattern", pattern). + Msg("retention repo glob pattern could not be compiled") + + return zerr.ErrBadConfig + } + } + + for _, tagRule := range policy.KeepTags { + for _, regex := range tagRule.Patterns { + _, err := regexp.Compile(regex) + if err != nil { + log.Error().Err(glob.ErrBadPattern).Str("regex", regex). + Msg("retention tag regex could not be compiled") + + return zerr.ErrBadConfig + } + } + } } return nil @@ -882,9 +928,20 @@ func validateSync(config *config.Config, log zlog.Logger) error { for _, content := range regCfg.Content { ok := glob.ValidatePattern(content.Prefix) if !ok { - log.Error().Err(glob.ErrBadPattern).Str("prefix", content.Prefix).Msg("sync prefix could not be compiled") + log.Error().Err(glob.ErrBadPattern).Str("prefix", content.Prefix). + Msg("sync prefix could not be compiled") - return glob.ErrBadPattern + return zerr.ErrBadConfig + } + + if content.Tags != nil && content.Tags.Regex != nil { + _, err := regexp.Compile(*content.Tags.Regex) + if err != nil { + log.Error().Err(glob.ErrBadPattern).Str("regex", *content.Tags.Regex). + Msg("sync content regex could not be compiled") + + return zerr.ErrBadConfig + } } if content.StripPrefix && !strings.Contains(content.Prefix, "/*") && content.Destination == "/" { @@ -894,6 +951,9 @@ func validateSync(config *config.Config, log zlog.Logger) error { return zerr.ErrBadConfig } + + // check sync config doesn't overlap with retention config + validateRetentionSyncOverlaps(config, content, regCfg.URLs, log) } } } diff --git a/pkg/cli/server/root_test.go b/pkg/cli/server/root_test.go index c97c0277d4..aa9dd1a5d6 100644 --- a/pkg/cli/server/root_test.go +++ b/pkg/cli/server/root_test.go @@ -417,6 +417,94 @@ func TestVerify(t *testing.T) { So(func() { _ = cli.NewServerRootCmd().Execute() }, ShouldNotPanic) }) + Convey("Test verify with bad gc retention repo patterns", t, func(c C) { + tmpfile, err := os.CreateTemp("", "zot-test*.json") + So(err, ShouldBeNil) + defer os.Remove(tmpfile.Name()) // clean up + content := []byte(`{ + "distSpecVersion": "1.1.0-dev", + "storage": { + "rootDirectory": "/tmp/zot", + "gc": true, + "retention": { + "policies": [ + { + "repositories": ["["], + "deleteReferrers": false + } + ] + }, + "subPaths":{ + "/a":{ + "rootDirectory":"/zot-a", + "retention": { + "policies": [ + { + "repositories": ["**"], + "deleteReferrers": true + } + ] + } + } + } + }, + "http": { + "address": "127.0.0.1", + "port": "8080" + }, + "log": { + "level": "debug" + } + }`) + + _, err = tmpfile.Write(content) + So(err, ShouldBeNil) + err = tmpfile.Close() + So(err, ShouldBeNil) + os.Args = []string{"cli_test", "verify", tmpfile.Name()} + So(func() { _ = cli.NewServerRootCmd().Execute() }, ShouldPanic) + }) + + Convey("Test verify with bad gc image retention tag regex", t, func(c C) { + tmpfile, err := os.CreateTemp("", "zot-test*.json") + So(err, ShouldBeNil) + defer os.Remove(tmpfile.Name()) // clean up + content := []byte(`{ + "distSpecVersion": "1.1.0-dev", + "storage": { + "rootDirectory": "/tmp/zot", + "gc": true, + "retention": { + "dryRun": false, + "policies": [ + { + "repositories": ["infra/*"], + "deleteReferrers": false, + "deleteUntagged": true, + "keepTags": [{ + "names": ["["] + }] + } + ] + } + }, + "http": { + "address": "127.0.0.1", + "port": "8080" + }, + "log": { + "level": "debug" + } + }`) + + _, err = tmpfile.Write(content) + So(err, ShouldBeNil) + err = tmpfile.Close() + So(err, ShouldBeNil) + os.Args = []string{"cli_test", "verify", tmpfile.Name()} + So(func() { _ = cli.NewServerRootCmd().Execute() }, ShouldPanic) + }) + Convey("Test apply defaults cache db", t, func(c C) { tmpfile, err := os.CreateTemp("", "zot-test*.json") So(err, ShouldBeNil) diff --git a/pkg/cli/server/stress_test.go b/pkg/cli/server/stress_test.go index 28fe8d3feb..5eab4ed317 100644 --- a/pkg/cli/server/stress_test.go +++ b/pkg/cli/server/stress_test.go @@ -25,7 +25,7 @@ const ( WorkerRunningTime = 60 * time.Second ) -func TestSressTooManyOpenFiles(t *testing.T) { +func TestStressTooManyOpenFiles(t *testing.T) { oldArgs := os.Args defer func() { os.Args = oldArgs }() diff --git a/pkg/cli/server/validate_sync_disabled.go b/pkg/cli/server/validate_sync_disabled.go new file mode 100644 index 0000000000..6e5e0f1cc6 --- /dev/null +++ b/pkg/cli/server/validate_sync_disabled.go @@ -0,0 +1,13 @@ +//go:build !sync +// +build !sync + +package server + +import ( + "zotregistry.io/zot/pkg/api/config" + syncconf "zotregistry.io/zot/pkg/extensions/config/sync" + zlog "zotregistry.io/zot/pkg/log" +) + +func validateRetentionSyncOverlaps(config *config.Config, content syncconf.Content, urls []string, log zlog.Logger) { +} diff --git a/pkg/cli/server/validate_sync_enabled.go b/pkg/cli/server/validate_sync_enabled.go new file mode 100644 index 0000000000..736a0fdfd9 --- /dev/null +++ b/pkg/cli/server/validate_sync_enabled.go @@ -0,0 +1,86 @@ +//go:build sync +// +build sync + +package server + +import ( + "path" + + "zotregistry.io/zot/pkg/api/config" + syncconf "zotregistry.io/zot/pkg/extensions/config/sync" + "zotregistry.io/zot/pkg/extensions/sync" + zlog "zotregistry.io/zot/pkg/log" +) + +func validateRetentionSyncOverlaps(config *config.Config, content syncconf.Content, urls []string, log zlog.Logger) { + cm := sync.NewContentManager([]syncconf.Content{content}, log) + + prefix := content.Prefix + if content.Destination != "" { + prefix = cm.GetRepoDestination(content.Prefix) + } + + repoPolicy := getRepoPolicyByPrefix(config, prefix) + if repoPolicy == nil { + return + } + + if content.Tags != nil && content.Tags.Regex != nil { + areTagsRetained := false + + for _, tagPolicy := range repoPolicy.KeepTags { + for _, tagRegex := range tagPolicy.Patterns { + if tagRegex == *content.Tags.Regex { + areTagsRetained = true + } + } + } + + if !areTagsRetained { + log.Warn().Str("repositories pattern", prefix). + Str("tags regex", *content.Tags.Regex). + Interface("sync urls", urls). + Interface("overlapping sync content", content). + Interface("overlapping repo policy", repoPolicy). + Msgf("retention policy can overlap with the sync config, "+ + "make sure retention doesn't remove syncing images with next tag regex: %s", *content.Tags.Regex) + } + } else { + log.Warn().Str("repositories pattern", prefix). + Interface("sync urls", urls). + Interface("overlapping sync content", content). + Interface("overlapping repo policy", repoPolicy). + Msg("retention policy can overlap with the sync config, make sure retention doesn't remove syncing images") + } +} + +func getRepoPolicyByPrefixFromStorageConfig(config config.StorageConfig, subpath string, prefix string, +) *config.RetentionPolicy { + for _, repoPolicy := range config.Retention.Policies { + for _, repo := range repoPolicy.Repositories { + if subpath != "" { + repo = path.Join(subpath, repo)[1:] // remove startin '/' + } + + if repo == prefix { + return &repoPolicy + } + } + } + + return nil +} + +func getRepoPolicyByPrefix(config *config.Config, prefix string) *config.RetentionPolicy { + if repoPolicy := getRepoPolicyByPrefixFromStorageConfig(config.Storage.StorageConfig, "", prefix); repoPolicy != nil { + return repoPolicy + } + + for subpath, subpathConfig := range config.Storage.SubPaths { + if repoPolicy := getRepoPolicyByPrefixFromStorageConfig(subpathConfig, subpath, prefix); repoPolicy != nil { + return repoPolicy + } + } + + return nil +} diff --git a/pkg/extensions/search/convert/convert_internal_test.go b/pkg/extensions/search/convert/convert_internal_test.go index fe99ae68c7..85948f85d4 100644 --- a/pkg/extensions/search/convert/convert_internal_test.go +++ b/pkg/extensions/search/convert/convert_internal_test.go @@ -56,7 +56,7 @@ func TestCVEConvert(t *testing.T) { digest11 := godigest.FromString("abc1") err = metaDB.SetManifestMeta("repo1", digest11, repoMeta11) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo1", "0.1.0", digest11, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", "0.1.0", digest11, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) reposMeta, manifestMetaMap, _, err := metaDB.SearchRepos(context.Background(), "") diff --git a/pkg/extensions/search/cve/cve_test.go b/pkg/extensions/search/cve/cve_test.go index 32d9059150..ace30a86ef 100644 --- a/pkg/extensions/search/cve/cve_test.go +++ b/pkg/extensions/search/cve/cve_test.go @@ -5,6 +5,7 @@ package cveinfo_test import ( + "context" "encoding/json" "fmt" "io" @@ -773,7 +774,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo err = metaDB.SetManifestMeta(repo1, image11.ManifestDescriptor.Digest, repoMeta11) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "0.1.0", image11.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, "0.1.0", image11.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) image12 := CreateImageWith().DefaultLayers(). @@ -788,7 +789,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo err = metaDB.SetManifestMeta(repo1, image12.ManifestDescriptor.Digest, repoMeta12) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "1.0.0", image12.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, "1.0.0", image12.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) image13 := CreateImageWith().DefaultLayers(). @@ -803,7 +804,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo err = metaDB.SetManifestMeta(repo1, image13.ManifestDescriptor.Digest, repoMeta13) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "1.1.0", image13.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, "1.1.0", image13.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) image14 := CreateImageWith().DefaultLayers(). @@ -816,7 +817,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo err = metaDB.SetManifestMeta(repo1, image14.ManifestDescriptor.Digest, repoMeta14) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "1.0.1", image14.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, "1.0.1", image14.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // Create metadb data for scannable image with no vulnerabilities @@ -830,7 +831,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo err = metaDB.SetManifestMeta(repo6, image61.ManifestDescriptor.Digest, repoMeta61) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo6, "1.0.0", image61.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo6, "1.0.0", image61.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // Create metadb data for image not supporting scanning @@ -847,7 +848,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo err = metaDB.SetManifestMeta(repo2, image21.ManifestDescriptor.Digest, repoMeta21) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, "1.0.0", image21.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, "1.0.0", image21.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // Create metadb data for invalid images/negative tests @@ -861,7 +862,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo digest31 := godigest.FromBytes(manifestBlob31) err = metaDB.SetManifestMeta(repo3, digest31, repoMeta31) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo3, "invalid-manifest", digest31, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo3, "invalid-manifest", digest31, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) image41 := CreateImageWith().DefaultLayers(). @@ -874,12 +875,12 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo err = metaDB.SetManifestMeta(repo4, image41.ManifestDescriptor.Digest, repoMeta41) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo4, "invalid-config", image41.ManifestDescriptor.Digest, + err = metaDB.SetRepoReference(context.Background(), repo4, "invalid-config", image41.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) digest51 := godigest.FromString("abc8") - err = metaDB.SetRepoReference(repo5, "nonexitent-manifest", digest51, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo5, "nonexitent-manifest", digest51, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // Create metadb data for scannable image which errors during scan @@ -893,7 +894,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo err = metaDB.SetManifestMeta(repo7, image71.ManifestDescriptor.Digest, repoMeta71) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo7, "1.0.0", image71.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo7, "1.0.0", image71.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // create multiarch image with vulnerabilities @@ -933,6 +934,7 @@ func TestCVEStruct(t *testing.T) { //nolint:gocyclo So(err, ShouldBeNil) err = metaDB.SetRepoReference( + context.Background(), repoMultiarch, "tagIndex", multiarchImage.IndexDescriptor.Digest, diff --git a/pkg/extensions/search/cve/pagination_test.go b/pkg/extensions/search/cve/pagination_test.go index ab518c2cd0..fad034bf5a 100644 --- a/pkg/extensions/search/cve/pagination_test.go +++ b/pkg/extensions/search/cve/pagination_test.go @@ -4,6 +4,7 @@ package cveinfo_test import ( + "context" "encoding/json" "fmt" "sort" @@ -65,7 +66,7 @@ func TestCVEPagination(t *testing.T) { digest11 := godigest.FromBytes(manifestBlob11) err = metaDB.SetManifestMeta("repo1", digest11, repoMeta11) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo1", "0.1.0", digest11, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", "0.1.0", digest11, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) timeStamp12 := time.Date(2009, 1, 1, 12, 0, 0, 0, time.UTC) @@ -99,7 +100,7 @@ func TestCVEPagination(t *testing.T) { digest12 := godigest.FromBytes(manifestBlob12) err = metaDB.SetManifestMeta("repo1", digest12, repoMeta12) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo1", "1.0.0", digest12, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", "1.0.0", digest12, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // MetaDB loaded with initial data, mock the scanner diff --git a/pkg/extensions/search/cve/scan_test.go b/pkg/extensions/search/cve/scan_test.go index ccb45dfc8b..a9ded0fcc5 100644 --- a/pkg/extensions/search/cve/scan_test.go +++ b/pkg/extensions/search/cve/scan_test.go @@ -82,7 +82,8 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo err = metaDB.SetManifestMeta("repo1", image11.ManifestDescriptor.Digest, repoMeta11) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo1", "0.1.0", image11.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", + "0.1.0", image11.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) image12 := CreateImageWith().DefaultLayers(). @@ -97,7 +98,8 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo err = metaDB.SetManifestMeta("repo1", image12.ManifestDescriptor.Digest, repoMeta12) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo1", "1.0.0", image12.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", + "1.0.0", image12.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) image13 := CreateImageWith().DefaultLayers(). @@ -112,7 +114,8 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo err = metaDB.SetManifestMeta("repo1", image13.ManifestDescriptor.Digest, repoMeta13) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo1", "1.1.0", image13.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", + "1.1.0", image13.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) image14 := CreateImageWith().DefaultLayers(). @@ -125,7 +128,8 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo err = metaDB.SetManifestMeta("repo1", image14.ManifestDescriptor.Digest, repoMeta14) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo1", "1.0.1", image14.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", + "1.0.1", image14.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // Create metadb data for scannable image with no vulnerabilities @@ -139,7 +143,8 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo err = metaDB.SetManifestMeta("repo6", image61.ManifestDescriptor.Digest, repoMeta61) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo6", "1.0.0", image61.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo6", + "1.0.0", image61.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // Create metadb data for image not supporting scanning @@ -156,7 +161,8 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo err = metaDB.SetManifestMeta("repo2", image21.ManifestDescriptor.Digest, repoMeta21) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo2", "1.0.0", image21.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo2", + "1.0.0", image21.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // Create metadb data for invalid images/negative tests @@ -170,7 +176,8 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo digest31 := godigest.FromBytes(manifestBlob31) err = metaDB.SetManifestMeta("repo3", digest31, repoMeta31) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo3", "invalid-manifest", digest31, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo3", + "invalid-manifest", digest31, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) image41 := CreateImageWith().DefaultLayers(). @@ -183,12 +190,13 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo err = metaDB.SetManifestMeta("repo4", image41.ManifestDescriptor.Digest, repoMeta41) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo4", "invalid-config", image41.ManifestDescriptor.Digest, - ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo4", + "invalid-config", image41.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) digest51 := godigest.FromString("abc8") - err = metaDB.SetRepoReference("repo5", "nonexitent-manifest", digest51, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo5", + "nonexitent-manifest", digest51, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // Create metadb data for scannable image which errors during scan @@ -202,7 +210,8 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo err = metaDB.SetManifestMeta("repo7", image71.ManifestDescriptor.Digest, repoMeta71) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo7", "1.0.0", image71.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo7", + "1.0.0", image71.ManifestDescriptor.Digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // Create multiarch image with vulnerabilities @@ -242,6 +251,7 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo So(err, ShouldBeNil) err = metaDB.SetRepoReference( + context.Background(), repoIndex, "tagIndex", multiarchImage.IndexDescriptor.Digest, diff --git a/pkg/extensions/search/cve/trivy/scanner_internal_test.go b/pkg/extensions/search/cve/trivy/scanner_internal_test.go index 4d81ef9778..8842b810c2 100644 --- a/pkg/extensions/search/cve/trivy/scanner_internal_test.go +++ b/pkg/extensions/search/cve/trivy/scanner_internal_test.go @@ -5,6 +5,7 @@ package trivy import ( "bytes" + "context" "encoding/json" "os" "path" @@ -325,7 +326,8 @@ func TestImageScannable(t *testing.T) { panic(err) } - err = metaDB.SetRepoReference("repo1", "valid", digestValidManifest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", + "valid", digestValidManifest, ispec.MediaTypeImageManifest) if err != nil { panic(err) } @@ -361,7 +363,7 @@ func TestImageScannable(t *testing.T) { panic(err) } - err = metaDB.SetRepoReference("repo1", "unscannable-layer", digestManifestUnscannableLayer, + err = metaDB.SetRepoReference(context.Background(), "repo1", "unscannable-layer", digestManifestUnscannableLayer, ispec.MediaTypeImageManifest) if err != nil { panic(err) @@ -381,7 +383,8 @@ func TestImageScannable(t *testing.T) { panic(err) } - err = metaDB.SetRepoReference("repo1", "unmarshable", digestUnmarshableManifest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", + "unmarshable", digestUnmarshableManifest, ispec.MediaTypeImageManifest) if err != nil { panic(err) } @@ -389,13 +392,15 @@ func TestImageScannable(t *testing.T) { // Manifest meta cannot be found digestMissingManifest := godigest.FromBytes([]byte("Some other string")) - err = metaDB.SetRepoReference("repo1", "missing", digestMissingManifest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", + "missing", digestMissingManifest, ispec.MediaTypeImageManifest) if err != nil { panic(err) } // RepoMeta contains invalid digest - err = metaDB.SetRepoReference("repo1", "invalid-digest", "invalid", ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo1", + "invalid-digest", "invalid", ispec.MediaTypeImageManifest) if err != nil { panic(err) } diff --git a/pkg/extensions/search/resolver_test.go b/pkg/extensions/search/resolver_test.go index eedcce38b3..dae30468f2 100644 --- a/pkg/extensions/search/resolver_test.go +++ b/pkg/extensions/search/resolver_test.go @@ -2072,7 +2072,7 @@ func TestCVEResolvers(t *testing.T) { //nolint:gocyclo for image, digest := range tagsMap { repo, tag := common.GetImageDirAndTag(image) - err := metaDB.SetRepoReference(repo, tag, digest, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo, tag, digest, ispec.MediaTypeImageManifest) if err != nil { panic(err) } diff --git a/pkg/extensions/search/search_test.go b/pkg/extensions/search/search_test.go index f704e48cca..e7aec2284b 100644 --- a/pkg/extensions/search/search_test.go +++ b/pkg/extensions/search/search_test.go @@ -4530,7 +4530,9 @@ func TestMetaDBWhenPushingImages(t *testing.T) { Convey("SetManifestMeta succeeds but SetRepoReference fails", func() { ctlr.MetaDB = mocks.MetaDBMock{ - SetRepoReferenceFn: func(repo, reference string, manifestDigest godigest.Digest, mediaType string) error { + SetRepoReferenceFn: func(ctx context.Context, repo, + reference string, manifestDigest godigest.Digest, mediaType string, + ) error { return ErrTestError }, } @@ -5258,7 +5260,7 @@ func TestMetaDBWhenReadingImages(t *testing.T) { Convey("Error when incrementing", func() { ctlr.MetaDB = mocks.MetaDBMock{ - IncrementImageDownloadsFn: func(repo string, tag string) error { + UpdateStatsOnDownloadFn: func(repo string, tag string) error { return ErrTestError }, } diff --git a/pkg/extensions/sync/local.go b/pkg/extensions/sync/local.go index 9bf1717901..86ccf357c5 100644 --- a/pkg/extensions/sync/local.go +++ b/pkg/extensions/sync/local.go @@ -4,6 +4,7 @@ package sync import ( + "context" "encoding/json" "errors" "fmt" @@ -164,7 +165,7 @@ func (registry *LocalRegistry) CommitImage(imageReference types.ImageReference, } if registry.metaDB != nil { - err = meta.SetImageMetaFromInput(repo, reference, mediaType, + err = meta.SetImageMetaFromInput(context.Background(), repo, reference, mediaType, manifestDigest, manifestBlob, imageStore, registry.metaDB, registry.log) if err != nil { return fmt.Errorf("metaDB: failed to set metadata for image '%s %s': %w", repo, reference, err) @@ -222,7 +223,7 @@ func (registry *LocalRegistry) copyManifest(repo string, manifestContent []byte, } if registry.metaDB != nil { - err = meta.SetImageMetaFromInput(repo, reference, ispec.MediaTypeImageManifest, + err = meta.SetImageMetaFromInput(context.Background(), repo, reference, ispec.MediaTypeImageManifest, digest, manifestContent, imageStore, registry.metaDB, registry.log) if err != nil { registry.log.Error().Str("errorType", common.TypeOf(err)). diff --git a/pkg/extensions/sync/references/cosign.go b/pkg/extensions/sync/references/cosign.go index 1b842b6e69..c69ac962ca 100644 --- a/pkg/extensions/sync/references/cosign.go +++ b/pkg/extensions/sync/references/cosign.go @@ -164,7 +164,8 @@ func (ref CosignReference) SyncReferences(ctx context.Context, localRepo, remote err = addSigToMeta(ref.metaDB, localRepo, sigType, cosignTag, signedManifestDig, referenceDigest, manifestBuf, imageStore, ref.log) } else { - err = meta.SetImageMetaFromInput(localRepo, cosignTag, ispec.MediaTypeImageManifest, + err = meta.SetImageMetaFromInput(context.Background(), localRepo, //nolint:contextcheck + cosignTag, ispec.MediaTypeImageManifest, referenceDigest, manifestBuf, ref.storeController.GetImageStore(localRepo), ref.metaDB, ref.log) } diff --git a/pkg/extensions/sync/references/oci.go b/pkg/extensions/sync/references/oci.go index beac30311e..c9e3172e72 100644 --- a/pkg/extensions/sync/references/oci.go +++ b/pkg/extensions/sync/references/oci.go @@ -148,7 +148,8 @@ func (ref OciReferences) SyncReferences(ctx context.Context, localRepo, remoteRe err = addSigToMeta(ref.metaDB, localRepo, sigType, referrer.Digest.String(), signedManifestDig, referenceDigest, referenceBuf, imageStore, ref.log) } else { - err = meta.SetImageMetaFromInput(localRepo, referenceDigest.String(), referrer.MediaType, + err = meta.SetImageMetaFromInput(context.Background(), localRepo, //nolint:contextcheck + referenceDigest.String(), referrer.MediaType, referenceDigest, referenceBuf, ref.storeController.GetImageStore(localRepo), ref.metaDB, ref.log) } diff --git a/pkg/extensions/sync/references/oras.go b/pkg/extensions/sync/references/oras.go index c5a208d613..12ba3a8e68 100644 --- a/pkg/extensions/sync/references/oras.go +++ b/pkg/extensions/sync/references/oras.go @@ -154,7 +154,8 @@ func (ref ORASReferences) SyncReferences(ctx context.Context, localRepo, remoteR ref.log.Debug().Str("repository", localRepo).Str("subject", subjectDigestStr). Msg("metaDB: trying to sync oras artifact for image") - err := meta.SetImageMetaFromInput(localRepo, referenceDigest.String(), referrer.MediaType, + err := meta.SetImageMetaFromInput(context.Background(), localRepo, //nolint:contextcheck + referenceDigest.String(), referrer.MediaType, referenceDigest, orasBuf, ref.storeController.GetImageStore(localRepo), ref.metaDB, ref.log) if err != nil { diff --git a/pkg/extensions/sync/references/referrers_tag.go b/pkg/extensions/sync/references/referrers_tag.go index 4628add388..78b3d87766 100644 --- a/pkg/extensions/sync/references/referrers_tag.go +++ b/pkg/extensions/sync/references/referrers_tag.go @@ -124,7 +124,8 @@ func (ref TagReferences) SyncReferences(ctx context.Context, localRepo, remoteRe err = addSigToMeta(ref.metaDB, localRepo, sigType, referrer.Digest.String(), signedManifestDig, referenceDigest, referenceBuf, imageStore, ref.log) } else { - err = meta.SetImageMetaFromInput(localRepo, referenceDigest.String(), referrer.MediaType, + //nolint: contextcheck + err = meta.SetImageMetaFromInput(context.Background(), localRepo, referenceDigest.String(), referrer.MediaType, referenceDigest, referenceBuf, ref.storeController.GetImageStore(localRepo), ref.metaDB, ref.log) } diff --git a/pkg/extensions/sync/sync_internal_test.go b/pkg/extensions/sync/sync_internal_test.go index 9b6c2968a8..29ef4e7939 100644 --- a/pkg/extensions/sync/sync_internal_test.go +++ b/pkg/extensions/sync/sync_internal_test.go @@ -336,7 +336,9 @@ func TestLocalRegistry(t *testing.T) { Convey("trigger metaDB error on index manifest in CommitImage()", func() { registry := NewLocalRegistry(storage.StoreController{DefaultStore: syncImgStore}, mocks.MetaDBMock{ - SetRepoReferenceFn: func(repo, Reference string, manifestDigest godigest.Digest, mediaType string) error { + SetRepoReferenceFn: func(ctx context.Context, repo, + Reference string, manifestDigest godigest.Digest, mediaType string, + ) error { if Reference == "1.0" { return zerr.ErrRepoMetaNotFound } @@ -351,7 +353,9 @@ func TestLocalRegistry(t *testing.T) { Convey("trigger metaDB error on image manifest in CommitImage()", func() { registry := NewLocalRegistry(storage.StoreController{DefaultStore: syncImgStore}, mocks.MetaDBMock{ - SetRepoReferenceFn: func(repo, Reference string, manifestDigest godigest.Digest, mediaType string) error { + SetRepoReferenceFn: func(ctx context.Context, repo, + Reference string, manifestDigest godigest.Digest, mediaType string, + ) error { return zerr.ErrRepoMetaNotFound }, }, log) diff --git a/pkg/extensions/sync/sync_test.go b/pkg/extensions/sync/sync_test.go index b0519c5560..d22c66182f 100644 --- a/pkg/extensions/sync/sync_test.go +++ b/pkg/extensions/sync/sync_test.go @@ -875,7 +875,7 @@ func TestOnDemand(t *testing.T) { return nil }, - SetRepoReferenceFn: func(repo, reference string, manifestDigest godigest.Digest, + SetRepoReferenceFn: func(ctx context.Context, repo, reference string, manifestDigest godigest.Digest, mediaType string, ) error { if strings.HasPrefix(reference, "sha256-") && diff --git a/pkg/log/log.go b/pkg/log/log.go index 72b534ac8e..e3b42aaef5 100644 --- a/pkg/log/log.go +++ b/pkg/log/log.go @@ -52,7 +52,7 @@ func NewLogger(level, output string) Logger { return Logger{Logger: log.Hook(goroutineHook{}).With().Caller().Timestamp().Logger()} } -func NewAuditLogger(level, audit string) *Logger { +func NewAuditLogger(level, output string) *Logger { loggerSetTimeFormat.Do(func() { zerolog.TimeFieldFormat = time.RFC3339Nano }) @@ -66,12 +66,16 @@ func NewAuditLogger(level, audit string) *Logger { var auditLog zerolog.Logger - auditFile, err := os.OpenFile(audit, os.O_APPEND|os.O_WRONLY|os.O_CREATE, defaultPerms) - if err != nil { - panic(err) - } + if output == "" { + auditLog = zerolog.New(os.Stdout) + } else { + auditFile, err := os.OpenFile(output, os.O_APPEND|os.O_WRONLY|os.O_CREATE, defaultPerms) + if err != nil { + panic(err) + } - auditLog = zerolog.New(auditFile) + auditLog = zerolog.New(auditFile) + } return &Logger{Logger: auditLog.With().Timestamp().Logger()} } diff --git a/pkg/meta/boltdb/boltdb.go b/pkg/meta/boltdb/boltdb.go index ca14e456da..de00f4be18 100644 --- a/pkg/meta/boltdb/boltdb.go +++ b/pkg/meta/boltdb/boltdb.go @@ -471,14 +471,21 @@ func (bdw *BoltDB) RemoveRepoReference(repo, reference string, manifestDigest go return err } -func (bdw *BoltDB) SetRepoReference(repo string, reference string, manifestDigest godigest.Digest, +func (bdw *BoltDB) SetRepoReference(ctx context.Context, repo string, reference string, manifestDigest godigest.Digest, mediaType string, ) error { if err := common.ValidateRepoReferenceInput(repo, reference, manifestDigest); err != nil { return err } - err := bdw.DB.Update(func(tx *bbolt.Tx) error { + var userid string + + userAc, err := reqCtx.UserAcFromContext(ctx) + if err == nil { + userid = userAc.GetUsername() + } + + err = bdw.DB.Update(func(tx *bbolt.Tx) error { buck := tx.Bucket([]byte(RepoMetadataBucket)) repoMetaBlob := buck.Get([]byte(repo)) @@ -507,7 +514,12 @@ func (bdw *BoltDB) SetRepoReference(repo string, reference string, manifestDiges } if _, ok := repoMeta.Statistics[manifestDigest.String()]; !ok { - repoMeta.Statistics[manifestDigest.String()] = mTypes.DescriptorStatistics{DownloadCount: 0} + repoMeta.Statistics[manifestDigest.String()] = mTypes.DescriptorStatistics{ + DownloadCount: 0, + LastPullTimestamp: time.Time{}, + PushTimestamp: time.Now(), + PushedBy: userid, + } } if _, ok := repoMeta.Signatures[manifestDigest.String()]; !ok { @@ -752,7 +764,7 @@ func (bdw *BoltDB) GetMultipleRepoMeta(ctx context.Context, filter func(repoMeta return foundRepos, err } -func (bdw *BoltDB) IncrementImageDownloads(repo string, reference string) error { +func (bdw *BoltDB) UpdateStatsOnDownload(repo string, reference string) error { err := bdw.DB.Update(func(tx *bbolt.Tx) error { buck := tx.Bucket([]byte(RepoMetadataBucket)) @@ -783,6 +795,7 @@ func (bdw *BoltDB) IncrementImageDownloads(repo string, reference string) error manifestStatistics := repoMeta.Statistics[manifestDigest] manifestStatistics.DownloadCount++ + manifestStatistics.LastPullTimestamp = time.Now() repoMeta.Statistics[manifestDigest] = manifestStatistics repoMetaBlob, err = json.Marshal(repoMeta) diff --git a/pkg/meta/boltdb/boltdb_test.go b/pkg/meta/boltdb/boltdb_test.go index 4729e5a892..eb7fc4b43b 100644 --- a/pkg/meta/boltdb/boltdb_test.go +++ b/pkg/meta/boltdb/boltdb_test.go @@ -335,7 +335,7 @@ func TestWrapperErrors(t *testing.T) { }) So(err, ShouldBeNil) - err = boltdbWrapper.SetRepoReference("repo1", "tag", "digest", ispec.MediaTypeImageManifest) + err = boltdbWrapper.SetRepoReference(context.Background(), "repo1", "tag", "digest", ispec.MediaTypeImageManifest) So(err, ShouldNotBeNil) }) @@ -434,7 +434,7 @@ func TestWrapperErrors(t *testing.T) { So(err, ShouldNotBeNil) }) - Convey("IncrementImageDownloads", func() { + Convey("UpdateStatsOnDownload", func() { err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error { repoBuck := tx.Bucket([]byte(boltdb.RepoMetadataBucket)) @@ -442,10 +442,10 @@ func TestWrapperErrors(t *testing.T) { }) So(err, ShouldBeNil) - err = boltdbWrapper.IncrementImageDownloads("repo2", "tag") + err = boltdbWrapper.UpdateStatsOnDownload("repo2", "tag") So(err, ShouldNotBeNil) - err = boltdbWrapper.IncrementImageDownloads("repo1", "tag") + err = boltdbWrapper.UpdateStatsOnDownload("repo1", "tag") So(err, ShouldNotBeNil) err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error { @@ -455,7 +455,7 @@ func TestWrapperErrors(t *testing.T) { }) So(err, ShouldBeNil) - err = boltdbWrapper.IncrementImageDownloads("repo1", "tag") + err = boltdbWrapper.UpdateStatsOnDownload("repo1", "tag") So(err, ShouldNotBeNil) }) @@ -648,7 +648,8 @@ func TestWrapperErrors(t *testing.T) { Convey("Bad index data", func() { indexDigest := digest.FromString("indexDigest") - err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := boltdbWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = setBadIndexData(boltdbWrapper.DB, indexDigest.String()) @@ -664,7 +665,8 @@ func TestWrapperErrors(t *testing.T) { Convey("Bad indexBlob in IndexData", func() { indexDigest := digest.FromString("indexDigest") - err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := boltdbWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = boltdbWrapper.SetIndexData(indexDigest, mTypes.IndexData{ @@ -778,7 +780,8 @@ func TestWrapperErrors(t *testing.T) { Convey("FilterTags bad IndexData", func() { indexDigest := digest.FromString("indexDigest") - err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := boltdbWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = setBadIndexData(boltdbWrapper.DB, indexDigest.String()) @@ -792,7 +795,8 @@ func TestWrapperErrors(t *testing.T) { Convey("FilterTags bad indexBlob in IndexData", func() { indexDigest := digest.FromString("indexDigest") - err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := boltdbWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = boltdbWrapper.SetIndexData(indexDigest, mTypes.IndexData{ @@ -812,7 +816,8 @@ func TestWrapperErrors(t *testing.T) { manifestDigestFromIndex2 = digest.FromString("manifestDigestFromIndex2") ) - err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := boltdbWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) indexBlob, err := GetIndexBlobWithManifests([]digest.Digest{ @@ -979,7 +984,8 @@ func TestWrapperErrors(t *testing.T) { Convey("Unsuported type", func() { digest := digest.FromString("digest") - err := boltdbWrapper.SetRepoReference("repo", "tag1", digest, "invalid type") //nolint:contextcheck + err := boltdbWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", digest, "invalid type") So(err, ShouldBeNil) _, _, _, err = boltdbWrapper.SearchRepos(ctx, "") diff --git a/pkg/meta/dynamodb/dynamodb.go b/pkg/meta/dynamodb/dynamodb.go index 84c20e2d63..09187aa91a 100644 --- a/pkg/meta/dynamodb/dynamodb.go +++ b/pkg/meta/dynamodb/dynamodb.go @@ -520,14 +520,21 @@ func (dwr *DynamoDB) RemoveRepoReference(repo, reference string, manifestDigest return err } -func (dwr *DynamoDB) SetRepoReference(repo string, reference string, manifestDigest godigest.Digest, - mediaType string, +func (dwr *DynamoDB) SetRepoReference(ctx context.Context, repo string, reference string, + manifestDigest godigest.Digest, mediaType string, ) error { if err := common.ValidateRepoReferenceInput(repo, reference, manifestDigest); err != nil { return err } - resp, err := dwr.Client.GetItem(context.TODO(), &dynamodb.GetItemInput{ + var userid string + + userAc, err := reqCtx.UserAcFromContext(ctx) + if err == nil { + userid = userAc.GetUsername() + } + + resp, err := dwr.Client.GetItem(context.TODO(), &dynamodb.GetItemInput{ //nolint:contextcheck TableName: aws.String(dwr.RepoMetaTablename), Key: map[string]types.AttributeValue{ "RepoName": &types.AttributeValueMemberS{Value: repo}, @@ -560,7 +567,13 @@ func (dwr *DynamoDB) SetRepoReference(repo string, reference string, manifestDig } if _, ok := repoMeta.Statistics[manifestDigest.String()]; !ok { - repoMeta.Statistics[manifestDigest.String()] = mTypes.DescriptorStatistics{DownloadCount: 0} + repoMeta.Statistics[manifestDigest.String()] = mTypes.DescriptorStatistics{ + DownloadCount: 0, + LastPullTimestamp: time.Time{}, + PushTimestamp: time.Now(), + // Q do we care if it was pushed by sync or by metaDB.ParseStorage()? + PushedBy: userid, + } } if _, ok := repoMeta.Signatures[manifestDigest.String()]; !ok { @@ -571,7 +584,7 @@ func (dwr *DynamoDB) SetRepoReference(repo string, reference string, manifestDig repoMeta.Referrers[manifestDigest.String()] = []mTypes.ReferrerInfo{} } - err = dwr.SetRepoMeta(repo, repoMeta) + err = dwr.SetRepoMeta(repo, repoMeta) //nolint: contextcheck return err } @@ -682,7 +695,7 @@ func (dwr *DynamoDB) GetUserRepoMeta(ctx context.Context, repo string) (mTypes.R return repoMeta, nil } -func (dwr *DynamoDB) IncrementImageDownloads(repo string, reference string) error { +func (dwr *DynamoDB) UpdateStatsOnDownload(repo string, reference string) error { repoMeta, err := dwr.GetRepoMeta(repo) if err != nil { return err @@ -703,6 +716,7 @@ func (dwr *DynamoDB) IncrementImageDownloads(repo string, reference string) erro manifestStatistics := repoMeta.Statistics[descriptorDigest] manifestStatistics.DownloadCount++ + manifestStatistics.LastPullTimestamp = time.Now() repoMeta.Statistics[descriptorDigest] = manifestStatistics return dwr.SetRepoMeta(repo, repoMeta) diff --git a/pkg/meta/dynamodb/dynamodb_test.go b/pkg/meta/dynamodb/dynamodb_test.go index 4901d8ec12..63adfab733 100644 --- a/pkg/meta/dynamodb/dynamodb_test.go +++ b/pkg/meta/dynamodb/dynamodb_test.go @@ -68,13 +68,13 @@ func TestIterator(t *testing.T) { So(dynamoWrapper.ResetManifestDataTable(), ShouldBeNil) So(dynamoWrapper.ResetRepoMetaTable(), ShouldBeNil) - err = dynamoWrapper.SetRepoReference("repo1", "tag1", "manifestType", "manifestDigest1") + err = dynamoWrapper.SetRepoReference(context.Background(), "repo1", "tag1", "manifestType", "manifestDigest1") So(err, ShouldBeNil) - err = dynamoWrapper.SetRepoReference("repo2", "tag2", "manifestType", "manifestDigest2") + err = dynamoWrapper.SetRepoReference(context.Background(), "repo2", "tag2", "manifestType", "manifestDigest2") So(err, ShouldBeNil) - err = dynamoWrapper.SetRepoReference("repo3", "tag3", "manifestType", "manifestDigest3") + err = dynamoWrapper.SetRepoReference(context.Background(), "repo3", "tag3", "manifestType", "manifestDigest3") So(err, ShouldBeNil) repoMetaAttributeIterator := mdynamodb.NewBaseDynamoAttributesIterator( @@ -522,7 +522,7 @@ func TestWrapperErrors(t *testing.T) { }) Convey("GetManifestMeta GetManifestData not found error", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag", "dig", "") + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", "tag", "dig", "") So(err, ShouldBeNil) _, err = dynamoWrapper.GetManifestMeta("repo", "dig") @@ -551,7 +551,8 @@ func TestWrapperErrors(t *testing.T) { Convey("SetRepoReference client error", func() { dynamoWrapper.RepoMetaTablename = badTablename digest := digest.FromString("str") - err := dynamoWrapper.SetRepoReference("repo", digest.String(), digest, ispec.MediaTypeImageManifest) + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", + digest.String(), digest, ispec.MediaTypeImageManifest) So(err, ShouldNotBeNil) }) @@ -685,16 +686,16 @@ func TestWrapperErrors(t *testing.T) { So(err, ShouldNotBeNil) }) - Convey("IncrementImageDownloads GetRepoMeta error", func() { - err = dynamoWrapper.IncrementImageDownloads("repoNotFound", "") + Convey("UpdateStatsOnDownload GetRepoMeta error", func() { + err = dynamoWrapper.UpdateStatsOnDownload("repoNotFound", "") So(err, ShouldNotBeNil) }) - Convey("IncrementImageDownloads tag not found error", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag", "dig", "") + Convey("UpdateStatsOnDownload tag not found error", func() { + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", "tag", "dig", "") So(err, ShouldBeNil) - err = dynamoWrapper.IncrementImageDownloads("repo", "notFoundTag") + err = dynamoWrapper.UpdateStatsOnDownload("repo", "notFoundTag") So(err, ShouldNotBeNil) }) @@ -721,7 +722,7 @@ func TestWrapperErrors(t *testing.T) { }) Convey("AddManifestSignature GetRepoMeta error", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag", "dig", "") + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", "tag", "dig", "") So(err, ShouldBeNil) err = dynamoWrapper.AddManifestSignature("repoNotFound", "tag", mTypes.SignatureMetadata{}) @@ -729,7 +730,7 @@ func TestWrapperErrors(t *testing.T) { }) Convey("AddManifestSignature ManifestSignatures signedManifestDigest not found error", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag", "dig", "") + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", "tag", "dig", "") So(err, ShouldBeNil) err = dynamoWrapper.AddManifestSignature("repo", "tagNotFound", mTypes.SignatureMetadata{}) @@ -737,7 +738,7 @@ func TestWrapperErrors(t *testing.T) { }) Convey("AddManifestSignature SignatureType metadb.NotationType", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag", "dig", "") + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", "tag", "dig", "") So(err, ShouldBeNil) err = dynamoWrapper.AddManifestSignature("repo", "tagNotFound", mTypes.SignatureMetadata{ @@ -834,7 +835,8 @@ func TestWrapperErrors(t *testing.T) { }) Convey("SearchRepos GetManifestMeta error", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag1", "notFoundDigest", //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", "tag1", //nolint:contextcheck + "notFoundDigest", ispec.MediaTypeImageManifest) So(err, ShouldBeNil) @@ -846,7 +848,8 @@ func TestWrapperErrors(t *testing.T) { Convey("Unsuported type", func() { digest := digest.FromString("digest") - err := dynamoWrapper.SetRepoReference("repo", "tag1", digest, "invalid type") //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", digest, "invalid type") So(err, ShouldBeNil) _, _, _, err = dynamoWrapper.SearchRepos(ctx, "") @@ -863,7 +866,8 @@ func TestWrapperErrors(t *testing.T) { Convey("SearchRepos bad index data", func() { indexDigest := digest.FromString("indexDigest") - err := dynamoWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = setBadIndexData(dynamoWrapper.Client, indexDataTablename, indexDigest.String()) //nolint:contextcheck @@ -876,7 +880,8 @@ func TestWrapperErrors(t *testing.T) { Convey("SearchRepos bad indexBlob in IndexData", func() { indexDigest := digest.FromString("indexDigest") - err := dynamoWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = dynamoWrapper.SetIndexData(indexDigest, mTypes.IndexData{ //nolint:contextcheck @@ -898,7 +903,8 @@ func TestWrapperErrors(t *testing.T) { }) Convey("SearchTags GetManifestMeta error", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag1", "manifestNotFound", //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", "manifestNotFound", ispec.MediaTypeImageManifest) So(err, ShouldBeNil) @@ -910,7 +916,8 @@ func TestWrapperErrors(t *testing.T) { Convey("SearchTags bad index data", func() { indexDigest := digest.FromString("indexDigest") - err := dynamoWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = setBadIndexData(dynamoWrapper.Client, indexDataTablename, indexDigest.String()) //nolint:contextcheck @@ -923,7 +930,8 @@ func TestWrapperErrors(t *testing.T) { Convey("SearchTags bad indexBlob in IndexData", func() { indexDigest := digest.FromString("indexDigest") - err := dynamoWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = dynamoWrapper.SetIndexData(indexDigest, mTypes.IndexData{ //nolint:contextcheck @@ -983,7 +991,7 @@ func TestWrapperErrors(t *testing.T) { }) Convey("FilterTags manifestMeta not found", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag1", "manifestNotFound", //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", "tag1", "manifestNotFound", //nolint:contextcheck ispec.MediaTypeImageManifest) So(err, ShouldBeNil) @@ -996,7 +1004,8 @@ func TestWrapperErrors(t *testing.T) { }) Convey("FilterTags manifestMeta unmarshal error", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag1", "dig", ispec.MediaTypeImageManifest) //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", "dig", ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = setBadManifestData(dynamoWrapper.Client, manifestDataTablename, "dig") //nolint:contextcheck @@ -1014,7 +1023,8 @@ func TestWrapperErrors(t *testing.T) { Convey("FilterTags bad IndexData", func() { indexDigest := digest.FromString("indexDigest") - err := dynamoWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = setBadIndexData(dynamoWrapper.Client, indexDataTablename, indexDigest.String()) //nolint:contextcheck @@ -1028,7 +1038,8 @@ func TestWrapperErrors(t *testing.T) { Convey("FilterTags bad indexBlob in IndexData", func() { indexDigest := digest.FromString("indexDigest") - err := dynamoWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) err = dynamoWrapper.SetIndexData(indexDigest, mTypes.IndexData{ //nolint:contextcheck @@ -1048,7 +1059,8 @@ func TestWrapperErrors(t *testing.T) { manifestDigestFromIndex2 = digest.FromString("manifestDigestFromIndex2") ) - err := dynamoWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag1", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) indexBlob, err := GetIndexBlobWithManifests([]digest.Digest{ @@ -1126,7 +1138,8 @@ func TestWrapperErrors(t *testing.T) { }) Convey("GetUserRepoMeta userMeta not found", func() { - err := dynamoWrapper.SetRepoReference("repo", "tag", digest.FromString("1"), ispec.MediaTypeImageManifest) + err := dynamoWrapper.SetRepoReference(context.Background(), "repo", + "tag", digest.FromString("1"), ispec.MediaTypeImageManifest) So(err, ShouldBeNil) dynamoWrapper.UserDataTablename = badTablename diff --git a/pkg/meta/hooks.go b/pkg/meta/hooks.go index 3817f2c95a..1445cc4e27 100644 --- a/pkg/meta/hooks.go +++ b/pkg/meta/hooks.go @@ -1,6 +1,8 @@ package meta import ( + "context" + godigest "github.com/opencontainers/go-digest" zcommon "zotregistry.io/zot/pkg/common" @@ -13,7 +15,7 @@ import ( // OnUpdateManifest is called when a new manifest is added. It updates metadb according to the type // of image pushed(normal images, signatues, etc.). In care of any errors, it makes sure to keep // consistency between metadb and the image store. -func OnUpdateManifest(repo, reference, mediaType string, digest godigest.Digest, body []byte, +func OnUpdateManifest(ctx context.Context, repo, reference, mediaType string, digest godigest.Digest, body []byte, storeController storage.StoreController, metaDB mTypes.MetaDB, log log.Logger, ) error { if zcommon.IsReferrersTag(reference) { @@ -63,16 +65,17 @@ func OnUpdateManifest(repo, reference, mediaType string, digest godigest.Digest, } } } else { - err = SetImageMetaFromInput(repo, reference, mediaType, digest, body, + err = SetImageMetaFromInput(ctx, repo, reference, mediaType, digest, body, imgStore, metaDB, log) if err != nil { + log.Info().Err(err).Str("tag", reference).Str("repository", repo).Bytes("body", body). + Msg("uploading image meta was unsuccessful for tag in repo") + metadataSuccessfullySet = false } } if !metadataSuccessfullySet { - log.Info().Str("tag", reference).Str("repository", repo).Msg("uploading image meta was unsuccessful for tag in repo") - if err := imgStore.DeleteImageManifest(repo, reference, false); err != nil { log.Error().Err(err).Str("reference", reference).Str("repository", repo). Msg("couldn't remove image manifest in repo") @@ -164,7 +167,7 @@ func OnGetManifest(name, reference string, body []byte, } if !isSignature && !zcommon.IsReferrersTag(reference) { - err := metaDB.IncrementImageDownloads(name, reference) + err := metaDB.UpdateStatsOnDownload(name, reference) if err != nil { log.Error().Err(err).Str("repository", name).Str("reference", reference). Msg("unexpected error for image") diff --git a/pkg/meta/hooks_test.go b/pkg/meta/hooks_test.go index 5f697905c6..2e3278b46c 100644 --- a/pkg/meta/hooks_test.go +++ b/pkg/meta/hooks_test.go @@ -1,6 +1,7 @@ package meta_test import ( + "context" "encoding/json" "errors" "testing" @@ -56,7 +57,8 @@ func TestOnUpdateManifest(t *testing.T) { digest := godigest.FromBytes(manifestBlob) - err = meta.OnUpdateManifest("repo", "tag1", "", digest, manifestBlob, storeController, metaDB, log) + err = meta.OnUpdateManifest(context.Background(), "repo", + "tag1", "", digest, manifestBlob, storeController, metaDB, log) So(err, ShouldBeNil) repoMeta, err := metaDB.GetRepoMeta("repo") @@ -78,7 +80,7 @@ func TestOnUpdateManifest(t *testing.T) { }, } - err := meta.OnUpdateManifest("repo", "tag1", ispec.MediaTypeImageManifest, "digest", + err := meta.OnUpdateManifest(context.Background(), "repo", "tag1", ispec.MediaTypeImageManifest, "digest", []byte("{}"), storeController, metaDB, log) So(err, ShouldNotBeNil) }) @@ -103,13 +105,13 @@ func TestUpdateErrors(t *testing.T) { return nil } - err := meta.OnUpdateManifest("repo", "tag1", "digest", "media", badManifestBlob, + err := meta.OnUpdateManifest(context.Background(), "repo", "tag1", "digest", "media", badManifestBlob, storeController, metaDB, log) So(err, ShouldNotBeNil) }) Convey("IsReferrersTag true", func() { - err := meta.OnUpdateManifest("repo", "sha256-123", "digest", "media", []byte("bad"), + err := meta.OnUpdateManifest(context.Background(), "repo", "sha256-123", "digest", "media", []byte("bad"), storeController, metaDB, log) So(err, ShouldBeNil) }) @@ -130,7 +132,7 @@ func TestUpdateErrors(t *testing.T) { return badNotationManifestBlob, "", "", nil } - err = meta.OnUpdateManifest("repo", "tag1", "", "digest", badNotationManifestBlob, + err = meta.OnUpdateManifest(context.Background(), "repo", "tag1", "", "digest", badNotationManifestBlob, storeController, metaDB, log) So(err, ShouldNotBeNil) }) @@ -162,7 +164,7 @@ func TestUpdateErrors(t *testing.T) { return ErrTestError } - err = meta.OnUpdateManifest("repo", "tag1", "", "digest", notationManifestBlob, + err = meta.OnUpdateManifest(context.Background(), "repo", "tag1", "", "digest", notationManifestBlob, storeController, metaDB, log) So(err, ShouldNotBeNil) }) @@ -228,7 +230,7 @@ func TestUpdateErrors(t *testing.T) { metaDB := mocks.MetaDBMock{} log := log.NewLogger("debug", "") - err := meta.SetImageMetaFromInput("repo", "ref", ispec.MediaTypeImageManifest, "digest", + err := meta.SetImageMetaFromInput(context.Background(), "repo", "ref", ispec.MediaTypeImageManifest, "digest", []byte("BadManifestBlob"), imageStore, metaDB, log) So(err, ShouldNotBeNil) @@ -245,8 +247,8 @@ func TestUpdateErrors(t *testing.T) { return []byte("{}"), nil } - err = meta.SetImageMetaFromInput("repo", string(godigest.FromString("reference")), "", "digest", - manifestBlob, imageStore, metaDB, log) + err = meta.SetImageMetaFromInput(context.Background(), "repo", + string(godigest.FromString("reference")), "", "digest", manifestBlob, imageStore, metaDB, log) So(err, ShouldBeNil) }) @@ -259,7 +261,7 @@ func TestUpdateErrors(t *testing.T) { return ErrTestError }, } - err := meta.SetImageMetaFromInput("repo", "ref", ispec.MediaTypeImageManifest, "digest", + err := meta.SetImageMetaFromInput(context.Background(), "repo", "ref", ispec.MediaTypeImageManifest, "digest", []byte("{}"), imageStore, metaDB, log) So(err, ShouldNotBeNil) }) @@ -273,7 +275,7 @@ func TestUpdateErrors(t *testing.T) { return ErrTestError }, } - err := meta.SetImageMetaFromInput("repo", "ref", ispec.MediaTypeImageIndex, "digest", + err := meta.SetImageMetaFromInput(context.Background(), "repo", "ref", ispec.MediaTypeImageIndex, "digest", []byte("{}"), imageStore, metaDB, log) So(err, ShouldNotBeNil) }) @@ -292,7 +294,7 @@ func TestUpdateErrors(t *testing.T) { }, } - err := meta.SetImageMetaFromInput("repo", "ref", ispec.MediaTypeImageManifest, "digest", + err := meta.SetImageMetaFromInput(context.Background(), "repo", "ref", ispec.MediaTypeImageManifest, "digest", []byte(`{"subject": {"digest": "subjDigest"}}`), imageStore, metaDB, log) So(err, ShouldNotBeNil) }) diff --git a/pkg/meta/meta_test.go b/pkg/meta/meta_test.go index 7e9996df49..c5f5a58f70 100644 --- a/pkg/meta/meta_test.go +++ b/pkg/meta/meta_test.go @@ -529,7 +529,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func ) Convey("Setting a good repo", func() { - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) repoMeta, err := metaDB.GetRepoMeta(repo1) @@ -555,7 +555,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func So(err, ShouldNotBeNil) digest := godigest.FromString("digest") - err = metaDB.SetRepoReference(repo1, digest.String(), digest, + err = metaDB.SetRepoReference(context.Background(), repo1, digest.String(), digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) @@ -565,9 +565,9 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) Convey("Set multiple tags for repo", func() { - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, tag2, manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, tag2, manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) repoMeta, err := metaDB.GetRepoMeta(repo1) @@ -577,9 +577,9 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) Convey("Set multiple repos", func() { - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, tag2, manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, tag2, manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) repoMeta1, err := metaDB.GetRepoMeta(repo1) @@ -593,17 +593,17 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func Convey("Setting a repo with invalid fields", func() { Convey("Repo name is not valid", func() { - err := metaDB.SetRepoReference("", tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), "", tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldNotBeNil) }) Convey("Tag is not valid", func() { - err := metaDB.SetRepoReference(repo1, "", manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, "", manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldNotBeNil) }) Convey("Manifest Digest is not valid", func() { - err := metaDB.SetRepoReference(repo1, tag1, "", ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, "", ispec.MediaTypeImageManifest) So(err, ShouldNotBeNil) }) }) @@ -622,10 +622,10 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func InexistentRepo = "InexistentRepo" ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, tag2, manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, tag2, manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) Convey("Get a existent repo", func() { @@ -654,10 +654,10 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func manifestDigest2 = godigest.FromString("fake-manifest2") ) - err := metaDB.SetRepoReference(repo, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo, tag2, manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo, tag2, manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) Convey("Delete reference from repo", func() { @@ -764,13 +764,13 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func manifestDigest2 = godigest.FromString("fake-manifest2") ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, tag2, manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, tag2, manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, tag2, manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, tag2, manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) Convey("Get all Repometa", func() { @@ -804,7 +804,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func manifestDigest1 = godigest.FromString("fake-manifest1") ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.IncrementRepoStars(repo1) @@ -836,7 +836,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func manifestDigest1 = godigest.FromString("fake-manifest1") ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.IncrementRepoStars(repo1) @@ -871,7 +871,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func manifestDigest1 = godigest.FromString("fake-manifest1") ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.IncrementRepoStars(repo1) @@ -931,10 +931,10 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func // anonymous user ctx3 := userAc.DeriveContext(context.Background()) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) starCount, err := metaDB.GetRepoStars(repo1) @@ -1168,10 +1168,10 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func // anonymous user ctx3 := userAc.DeriveContext(context.Background()) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) repos, err := metaDB.GetBookmarkedRepos(ctx1) @@ -1275,7 +1275,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func So(len(repos), ShouldEqual, 0) }) - Convey("Test IncrementImageDownloads", func() { + Convey("Test UpdateStatsOnDownload", func() { var ( repo1 = "repo1" tag1 = "0.0.1" @@ -1286,7 +1286,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func manifestDigest := godigest.FromBytes(manifestBlob) - err = metaDB.SetRepoReference(repo1, tag1, manifestDigest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo1, manifestDigest, mTypes.ManifestMetadata{ @@ -1295,7 +1295,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) So(err, ShouldBeNil) - err = metaDB.IncrementImageDownloads(repo1, tag1) + err = metaDB.UpdateStatsOnDownload(repo1, tag1) So(err, ShouldBeNil) repoMeta, err := metaDB.GetRepoMeta(repo1) @@ -1303,13 +1303,14 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func So(repoMeta.Statistics[manifestDigest.String()].DownloadCount, ShouldEqual, 1) - err = metaDB.IncrementImageDownloads(repo1, tag1) + err = metaDB.UpdateStatsOnDownload(repo1, tag1) So(err, ShouldBeNil) repoMeta, err = metaDB.GetRepoMeta(repo1) So(err, ShouldBeNil) So(repoMeta.Statistics[manifestDigest.String()].DownloadCount, ShouldEqual, 2) + So(time.Now().Local(), ShouldHappenAfter, repoMeta.Statistics[manifestDigest.String()].LastPullTimestamp) _, err = metaDB.GetManifestMeta(repo1, "badManiestDigest") So(err, ShouldNotBeNil) @@ -1322,7 +1323,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func manifestDigest1 = godigest.FromString("fake-manifest1") ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo1, manifestDigest1, mTypes.ManifestMetadata{}) @@ -1351,7 +1352,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func manifestDigest1 = godigest.FromString("dig") ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo1, manifestDigest1, mTypes.ManifestMetadata{ @@ -1386,7 +1387,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func repo := "repo" tag := "0.0.1" - err := metaDB.SetRepoReference(repo, tag, manifestDigest, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo, tag, manifestDigest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo, manifestDigest, mTypes.ManifestMetadata{ @@ -1497,7 +1498,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestData(manifestDigest1, mTypes.ManifestData{}) @@ -1519,7 +1520,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func manifestDigest1 = godigest.FromString("fake-manifest1") ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestData(manifestDigest1, mTypes.ManifestData{}) @@ -1580,11 +1581,14 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func } Convey("Search all repos", func() { - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, tag2, manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag2, manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, tag3, manifestDigest3, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, //nolint:contextcheck + tag3, manifestDigest3, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo1, manifestDigest1, emptyRepoMeta) @@ -1604,7 +1608,8 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) Convey("Search a repo by name", func() { - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo1, manifestDigest1, emptyRepoMeta) @@ -1618,10 +1623,12 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) Convey("Search non-existing repo by name", func() { - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, tag2, manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag2, manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) repos, manifestMetaMap, _, err := metaDB.SearchRepos(ctx, "RepoThatDoesntExist") @@ -1631,11 +1638,14 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) Convey("Search with partial match", func() { - err := metaDB.SetRepoReference("alpine", tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), "alpine", //nolint:contextcheck + tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("pine", tag2, manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "pine", //nolint:contextcheck + tag2, manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("golang", tag3, manifestDigest3, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "golang", //nolint:contextcheck + tag3, manifestDigest3, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta("alpine", manifestDigest1, emptyRepoMeta) @@ -1654,11 +1664,14 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) Convey("Search multiple repos that share manifests", func() { - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, tag2, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, //nolint:contextcheck + tag2, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo3, tag3, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo3, //nolint:contextcheck + tag3, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo1, manifestDigest1, emptyRepoMeta) @@ -1675,11 +1688,14 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) Convey("Search repos with access control", func() { - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, tag2, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, //nolint:contextcheck + tag2, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo3, tag3, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo3, //nolint:contextcheck + tag3, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo1, manifestDigest1, emptyRepoMeta) @@ -1764,10 +1780,12 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo", tag4, indexDigest, ispec.MediaTypeImageIndex) + err = metaDB.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + tag4, indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo", tag5, manifestDigest3, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + tag5, manifestDigest3, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) repos, manifestMetaMap, indexDataMap, err := metaDB.SearchRepos(ctx, "repo") @@ -1807,17 +1825,23 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func ConfigBlob: emptyConfigBlob, } - err = metaDB.SetRepoReference(repo1, "0.0.1", manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "0.0.1", manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "0.0.2", manifestDigest3, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "0.0.2", manifestDigest3, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "0.1.0", manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "0.1.0", manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "1.0.0", manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "1.0.0", manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "1.0.1", manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "1.0.1", manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, "0.0.1", manifestDigest3, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, //nolint:contextcheck + "0.0.1", manifestDigest3, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo1, manifestDigest1, emptyRepoMeta) @@ -1907,11 +1931,14 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func tag3 = "0.0.3" ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, tag2, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, //nolint:contextcheck + tag2, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo3, tag3, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo3, //nolint:contextcheck + tag3, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) config := ispec.Image{} @@ -2004,13 +2031,16 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo", tag4, indexDigest, ispec.MediaTypeImageIndex) + err = metaDB.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + tag4, indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo", tag5, manifestDigest3, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + tag5, manifestDigest3, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo", tag6, manifestDigest4, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + tag6, manifestDigest4, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) repos, manifestMetaMap, indexDataMap, err := metaDB.SearchTags(ctx, "repo:0.0") @@ -2040,15 +2070,20 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func tag5 = "0.0.5" ) - err := metaDB.SetRepoReference(repo1, tag1, manifestDigest1, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag1, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, tag2, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag2, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, tag3, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag3, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, tag4, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag4, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, tag5, manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + tag5, manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) config := ispec.Image{} @@ -2120,7 +2155,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func ConfigBlob: emptyConfigBlob, } - err = metaDB.SetRepoReference(repo1, "2.0.0", indexDigest, ispec.MediaTypeImageIndex) + err = metaDB.SetRepoReference(context.Background(), repo1, "2.0.0", indexDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) indexBlob, err := GetIndexBlobWithManifests([]godigest.Digest{ @@ -2134,17 +2169,23 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "0.0.1", manifestDigest1, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "0.0.1", manifestDigest1, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "0.0.2", manifestDigest3, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "0.0.2", manifestDigest3, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "0.1.0", manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "0.1.0", manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "1.0.0", manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "1.0.0", manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo1, "1.0.1", manifestDigest2, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo1, //nolint:contextcheck + "1.0.1", manifestDigest2, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo2, "0.0.1", manifestDigest3, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo2, //nolint:contextcheck + "0.0.1", manifestDigest3, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.SetManifestMeta(repo1, manifestDigest1, emptyManifestMeta) @@ -2290,7 +2331,8 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func err = metaDB.SetManifestData(referredDigest, manifestData) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo", "tag", referredDigest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + "tag", referredDigest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) // ------- Add Artifact 1 @@ -2464,10 +2506,12 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func So(err, ShouldBeNil) } - err = metaDB.SetRepoReference("repo", img.DigestStr(), imgDigest, img.Manifest.MediaType) + err = metaDB.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + img.DigestStr(), imgDigest, img.Manifest.MediaType) So(err, ShouldBeNil) - err = metaDB.SetRepoReference("repo", multiarch.DigestStr(), multiarchDigest, ispec.MediaTypeImageIndex) + err = metaDB.SetRepoReference(context.Background(), "repo", //nolint:contextcheck + multiarch.DigestStr(), multiarchDigest, ispec.MediaTypeImageIndex) So(err, ShouldBeNil) repoMetas, _, _, err := metaDB.FilterRepos(context.Background(), @@ -2493,7 +2537,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func }) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo99, "tag", manifestDigest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo99, "tag", manifestDigest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) repoMetas, _, _, err := metaDB.SearchRepos(ctx, repo99) @@ -2568,7 +2612,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func digest := godigest.FromString("1") - err := metaDB.SetRepoReference("repo", "tag", digest, ispec.MediaTypeImageManifest) + err := metaDB.SetRepoReference(context.Background(), "repo", "tag", digest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) _, err = metaDB.ToggleBookmarkRepo(ctx, "repo") diff --git a/pkg/meta/parse.go b/pkg/meta/parse.go index 6613d29b2b..3f92411437 100644 --- a/pkg/meta/parse.go +++ b/pkg/meta/parse.go @@ -1,6 +1,7 @@ package meta import ( + "context" "encoding/json" "errors" "fmt" @@ -138,8 +139,8 @@ func ParseRepo(repo string, metaDB mTypes.MetaDB, storeController storage.StoreC reference = descriptor.Digest.String() } - err = SetImageMetaFromInput(repo, reference, descriptor.MediaType, descriptor.Digest, descriptorBlob, - imageStore, metaDB, log) + err = SetImageMetaFromInput(context.Background(), repo, reference, descriptor.MediaType, + descriptor.Digest, descriptorBlob, imageStore, metaDB, log) if err != nil { log.Error().Err(err).Str("repository", repo).Str("tag", tag). Msg("load-repo: failed to set metadata for image") @@ -342,7 +343,7 @@ func getNotationSignatureLayersInfo( } // NewManifestMeta takes raw data about an image and createa a new ManifestMetadate object. -func NewManifestData(repoName string, manifestBlob []byte, imageStore storageTypes.ImageStore, +func NewManifestData(repoName string, manifestBlob []byte, imageStore storageTypes.ImageStore, log log.Logger, ) (mTypes.ManifestData, error) { var ( manifestContent ispec.Manifest @@ -389,19 +390,21 @@ func NewIndexData(repoName string, indexBlob []byte, imageStore storageTypes.Ima // SetMetadataFromInput tries to set manifest metadata and update repo metadata by adding the current tag // (in case the reference is a tag). The function expects image manifests and indexes (multi arch images). -func SetImageMetaFromInput(repo, reference, mediaType string, digest godigest.Digest, descriptorBlob []byte, - imageStore storageTypes.ImageStore, metaDB mTypes.MetaDB, log log.Logger, +func SetImageMetaFromInput(ctx context.Context, repo, reference, mediaType string, digest godigest.Digest, + descriptorBlob []byte, imageStore storageTypes.ImageStore, metaDB mTypes.MetaDB, log log.Logger, ) error { switch mediaType { case ispec.MediaTypeImageManifest: - imageData, err := NewManifestData(repo, descriptorBlob, imageStore) + imageData, err := NewManifestData(repo, descriptorBlob, imageStore, log) if err != nil { + log.Error().Err(err).Msg("metadb: error while getting image data") + return err } err = metaDB.SetManifestData(digest, imageData) if err != nil { - log.Error().Err(err).Msg("metadb: error while putting manifest meta") + log.Error().Err(err).Msg("metadb: error while setting manifest meta") return err } @@ -410,7 +413,7 @@ func SetImageMetaFromInput(repo, reference, mediaType string, digest godigest.Di err := metaDB.SetIndexData(digest, indexData) if err != nil { - log.Error().Err(err).Msg("metadb: error while putting index data") + log.Error().Err(err).Msg("metadb: error while setting index data") return err } @@ -420,15 +423,15 @@ func SetImageMetaFromInput(repo, reference, mediaType string, digest godigest.Di if hasSubject && err == nil { err := metaDB.SetReferrer(repo, referredDigest, referrerInfo) if err != nil { - log.Error().Err(err).Msg("metadb: error while settingg referrer") + log.Error().Err(err).Msg("metadb: error while setting referrer") return err } } - err = metaDB.SetRepoReference(repo, reference, digest, mediaType) + err = metaDB.SetRepoReference(ctx, repo, reference, digest, mediaType) if err != nil { - log.Error().Err(err).Msg("metadb: error while putting repo meta") + log.Error().Err(err).Msg("metadb: error while setting repo meta") return err } diff --git a/pkg/meta/parse_test.go b/pkg/meta/parse_test.go index 103d847e42..4cc93486e7 100644 --- a/pkg/meta/parse_test.go +++ b/pkg/meta/parse_test.go @@ -8,6 +8,7 @@ import ( "os" "path" "testing" + "time" godigest "github.com/opencontainers/go-digest" ispec "github.com/opencontainers/image-spec/specs-go/v1" @@ -161,7 +162,9 @@ func TestParseStorageErrors(t *testing.T) { } Convey("metaDB.SetRepoReference", func() { - metaDB.SetRepoReferenceFn = func(repo, tag string, manifestDigest godigest.Digest, mediaType string) error { + metaDB.SetRepoReferenceFn = func(ctx context.Context, repo, //nolint:contextcheck + tag string, manifestDigest godigest.Digest, mediaType string, + ) error { return ErrTestError } @@ -585,16 +588,16 @@ func RunParseStorageTests(rootDir string, metaDB mTypes.MetaDB) { err = WriteImageToFileSystem(image, repo, "tag", storeController) So(err, ShouldBeNil) - err = metaDB.SetRepoReference(repo, "tag", manifestDigest, ispec.MediaTypeImageManifest) + err = metaDB.SetRepoReference(context.Background(), repo, "tag", manifestDigest, ispec.MediaTypeImageManifest) So(err, ShouldBeNil) err = metaDB.IncrementRepoStars(repo) So(err, ShouldBeNil) - err = metaDB.IncrementImageDownloads(repo, "tag") + err = metaDB.UpdateStatsOnDownload(repo, "tag") So(err, ShouldBeNil) - err = metaDB.IncrementImageDownloads(repo, "tag") + err = metaDB.UpdateStatsOnDownload(repo, "tag") So(err, ShouldBeNil) - err = metaDB.IncrementImageDownloads(repo, "tag") + err = metaDB.UpdateStatsOnDownload(repo, "tag") So(err, ShouldBeNil) repoMeta, err := metaDB.GetRepoMeta(repo) @@ -602,6 +605,7 @@ func RunParseStorageTests(rootDir string, metaDB mTypes.MetaDB) { So(repoMeta.Statistics[manifestDigest.String()].DownloadCount, ShouldEqual, 3) So(repoMeta.Stars, ShouldEqual, 1) + So(time.Now().Local(), ShouldHappenAfter, repoMeta.Statistics[manifestDigest.String()].LastPullTimestamp) err = meta.ParseStorage(metaDB, storeController, log.NewLogger("debug", "")) So(err, ShouldBeNil) diff --git a/pkg/meta/types/types.go b/pkg/meta/types/types.go index 6e64280bef..4b036a0fbc 100644 --- a/pkg/meta/types/types.go +++ b/pkg/meta/types/types.go @@ -43,7 +43,8 @@ type MetaDB interface { //nolint:interfacebloat GetRepoStars(repo string) (int, error) // SetRepoReference sets the reference of a manifest in the tag list of a repo - SetRepoReference(repo string, reference string, manifestDigest godigest.Digest, mediaType string) error + SetRepoReference(ctx context.Context, repo string, reference string, + manifestDigest godigest.Digest, mediaType string) error /* RemoveRepoReference removes the tag from RepoMetadata if the reference is a tag, @@ -102,8 +103,8 @@ type MetaDB interface { //nolint:interfacebloat GetReferrersInfo(repo string, referredDigest godigest.Digest, artifactTypes []string) ( []ReferrerInfo, error) - // IncrementManifestDownloads adds 1 to the download count of a manifest - IncrementImageDownloads(repo string, reference string) error + // UpdateStatsOnDownload adds 1 to the download count of a manifest and sets the timestamp of download + UpdateStatsOnDownload(repo string, reference string) error // AddManifestSignature adds signature metadata to a given manifest in the database AddManifestSignature(repo string, signedManifestDigest godigest.Digest, sm SignatureMetadata) error @@ -212,7 +213,10 @@ type Descriptor struct { } type DescriptorStatistics struct { - DownloadCount int + DownloadCount int + LastPullTimestamp time.Time + PushTimestamp time.Time + PushedBy string } type ManifestSignatures map[string][]SignatureInfo diff --git a/pkg/retention/candidate.go b/pkg/retention/candidate.go new file mode 100644 index 0000000000..7ee00b7453 --- /dev/null +++ b/pkg/retention/candidate.go @@ -0,0 +1,29 @@ +package retention + +import ( + mTypes "zotregistry.io/zot/pkg/meta/types" + "zotregistry.io/zot/pkg/retention/types" +) + +func GetCandidates(repoMeta mTypes.RepoMetadata) []types.Candidate { + candidates := make([]types.Candidate, 0) + + // collect all statistic of repo's manifests + for tag, desc := range repoMeta.Tags { + for digestStr, stats := range repoMeta.Statistics { + if digestStr == desc.Digest { + candidate := types.Candidate{ + MediaType: desc.MediaType, + DigestStr: digestStr, + Tag: tag, + PushTimestamp: stats.PushTimestamp, + PullTimestamp: stats.LastPullTimestamp, + } + + candidates = append(candidates, candidate) + } + } + } + + return candidates +} diff --git a/pkg/retention/matcher.go b/pkg/retention/matcher.go new file mode 100644 index 0000000000..2eeec935a8 --- /dev/null +++ b/pkg/retention/matcher.go @@ -0,0 +1,39 @@ +package retention + +import "regexp" + +type RegexMatcher struct { + compiled map[string]*regexp.Regexp +} + +func NewRegexMatcher() *RegexMatcher { + return &RegexMatcher{ + make(map[string]*regexp.Regexp, 0), + } +} + +// MatchesListOfRegex is used by retention, it return true if list of regexes is empty. +func (r *RegexMatcher) MatchesListOfRegex(name string, regexes []string) bool { + if len(regexes) == 0 { + // empty regexes matches everything in retention logic + return true + } + + for _, regex := range regexes { + if tagReg, ok := r.compiled[regex]; ok { + if tagReg.MatchString(name) { + return true + } + } else { + // all are compilable because they are checked at startup + if tagReg, err := regexp.Compile(regex); err == nil { + r.compiled[regex] = tagReg + if tagReg.MatchString(name) { + return true + } + } + } + } + + return false +} diff --git a/pkg/retention/retention.go b/pkg/retention/retention.go new file mode 100644 index 0000000000..ac13d691b2 --- /dev/null +++ b/pkg/retention/retention.go @@ -0,0 +1,272 @@ +package retention + +import ( + "fmt" + + glob "github.com/bmatcuk/doublestar/v4" + ispec "github.com/opencontainers/image-spec/specs-go/v1" + + zerr "zotregistry.io/zot/errors" + "zotregistry.io/zot/pkg/api/config" + zcommon "zotregistry.io/zot/pkg/common" + zlog "zotregistry.io/zot/pkg/log" + mTypes "zotregistry.io/zot/pkg/meta/types" + "zotregistry.io/zot/pkg/retention/types" +) + +const ( + // reasons for gc. + filteredByTagRules = "didn't meet any tag retention rule" + filteredByTagNames = "didn't meet any tag 'patterns' rules" + // reasons for retention. + retainedStrFormat = "retained by %s policy" +) + +type candidatesRules struct { + candidates []types.Candidate + // tag retention rules + rules []types.Rule +} + +type policyManager struct { + config config.ImageRetention + regex *RegexMatcher + log zlog.Logger + auditLog *zlog.Logger +} + +func NewPolicyManager(config config.ImageRetention, log zlog.Logger, auditLog *zlog.Logger) policyManager { + return policyManager{ + config: config, + regex: NewRegexMatcher(), + log: log, + auditLog: auditLog, + } +} + +func (p policyManager) HasDeleteUntagged(repo string) bool { + if policy, err := p.getRepoPolicy(repo); err == nil { + if policy.DeleteUntagged != nil { + return *policy.DeleteUntagged + } + + return true + } + + // default + return false +} + +func (p policyManager) HasDeleteReferrer(repo string) bool { + if policy, err := p.getRepoPolicy(repo); err == nil { + return policy.DeleteReferrers + } + + // default + return false +} + +func (p policyManager) HasTagRetention(repo string) bool { + if policy, err := p.getRepoPolicy(repo); err == nil { + return len(policy.KeepTags) > 0 + } + + // default + return false +} + +func (p policyManager) getRules(tagPolicy config.KeepTagsPolicy) []types.Rule { + rules := make([]types.Rule, 0) + + if tagPolicy.MostRecentlyPulledCount != 0 { + rules = append(rules, NewLatestPull(tagPolicy.MostRecentlyPulledCount)) + } + + if tagPolicy.MostRecentlyPushedCount != 0 { + rules = append(rules, NewLatestPush(tagPolicy.MostRecentlyPushedCount)) + } + + if tagPolicy.PulledWithin != nil { + rules = append(rules, NewDaysPull(*tagPolicy.PulledWithin)) + } + + if tagPolicy.PushedWithin != nil { + rules = append(rules, NewDaysPush(*tagPolicy.PushedWithin)) + } + + return rules +} + +func (p policyManager) GetRetainedTags(repoMeta mTypes.RepoMetadata, index ispec.Index) []string { + repo := repoMeta.Name + + matchedByName := make([]string, 0) + + candidates := GetCandidates(repoMeta) + retainTags := make([]string, 0) + + // we need to make sure tags for which we can not find statistics in repoDB are not removed + actualTags := getIndexTags(index) + + // find tags which are not in candidates list, if they are not in repoDB we want to keep them + for _, tag := range actualTags { + found := false + + for _, candidate := range candidates { + if candidate.Tag == tag { + found = true + } + } + + if !found { + p.log.Info().Str("module", "retention"). + Bool("dry-run", p.config.DryRun). + Str("repository", repo). + Str("tag", tag). + Str("decision", "keep"). + Str("reason", "tag statistics not found").Msg("will keep tag") + + retainTags = append(retainTags, tag) + } + } + + // group all tags by tag policy + grouped := p.groupCandidatesByTagPolicy(repo, candidates) + + for _, candidates := range grouped { + retainCandidates := candidates.candidates // copy + // tag rules + rules := candidates.rules + + for _, retainedByName := range retainCandidates { + matchedByName = append(matchedByName, retainedByName.Tag) + } + + rulesCandidates := make([]types.Candidate, 0) + + // we retain candidates if any of the below rules are met (OR logic between rules) + for _, rule := range rules { + ruleCandidates := rule.Perform(retainCandidates) + + rulesCandidates = append(rulesCandidates, ruleCandidates...) + } + + // if we applied any rule + if len(rules) > 0 { + retainCandidates = rulesCandidates + } // else we retain just the one matching name rule + + for _, retainCandidate := range retainCandidates { + // there may be duplicates + if !zcommon.Contains(retainTags, retainCandidate.Tag) { + // format reason log msg + reason := fmt.Sprintf(retainedStrFormat, retainCandidate.RetainedBy) + + logAction(repo, "keep", reason, retainCandidate, p.config.DryRun, &p.log) + + retainTags = append(retainTags, retainCandidate.Tag) + } + } + } + + // log tags which will be removed + for _, candidateInfo := range candidates { + if !zcommon.Contains(retainTags, candidateInfo.Tag) { + var reason string + if zcommon.Contains(matchedByName, candidateInfo.Tag) { + reason = filteredByTagRules + } else { + reason = filteredByTagNames + } + + logAction(repo, "delete", reason, candidateInfo, p.config.DryRun, &p.log) + + if p.auditLog != nil { + logAction(repo, "delete", reason, candidateInfo, p.config.DryRun, p.auditLog) + } + } + } + + return retainTags +} + +func (p policyManager) getRepoPolicy(repo string) (config.RetentionPolicy, error) { + for _, policy := range p.config.Policies { + for _, pattern := range policy.Repositories { + matched, err := glob.Match(pattern, repo) + if err == nil && matched { + return policy, nil + } + } + } + + return config.RetentionPolicy{}, zerr.ErrRetentionPolicyNotFound +} + +func (p policyManager) getTagPolicy(tag string, tagPolicies []config.KeepTagsPolicy, +) (config.KeepTagsPolicy, int, error) { + for idx, tagPolicy := range tagPolicies { + if p.regex.MatchesListOfRegex(tag, tagPolicy.Patterns) { + return tagPolicy, idx, nil + } + } + + return config.KeepTagsPolicy{}, -1, zerr.ErrRetentionPolicyNotFound +} + +// groups candidates by tag policies, tags which don't match any policy are automatically excluded from this map. +func (p policyManager) groupCandidatesByTagPolicy(repo string, candidates []types.Candidate, +) map[int]candidatesRules { + candidatesByTagPolicy := make(map[int]candidatesRules) + + // no need to check for error, at this point we have both repo policy for this repo and non nil tags policy + repoPolicy, _ := p.getRepoPolicy(repo) + + for _, candidateInfo := range candidates { + tagPolicy, tagPolicyID, err := p.getTagPolicy(candidateInfo.Tag, repoPolicy.KeepTags) + if err != nil { + // no tag policy found for the current candidate, skip it (will be gc'ed) + continue + } + + candidateInfo.RetainedBy = "patterns" + + if _, ok := candidatesByTagPolicy[tagPolicyID]; !ok { + candidatesRules := candidatesRules{candidates: []types.Candidate{candidateInfo}} + candidatesRules.rules = p.getRules(tagPolicy) + candidatesByTagPolicy[tagPolicyID] = candidatesRules + } else { + candidatesRules := candidatesByTagPolicy[tagPolicyID] + candidatesRules.candidates = append(candidatesRules.candidates, candidateInfo) + candidatesByTagPolicy[tagPolicyID] = candidatesRules + } + } + + return candidatesByTagPolicy +} + +func logAction(repo, decision, reason string, candidate types.Candidate, dryRun bool, log *zlog.Logger) { + log.Info().Str("module", "retention"). + Bool("dry-run", dryRun). + Str("repository", repo). + Str("mediaType", candidate.MediaType). + Str("digest", candidate.DigestStr). + Str("tag", candidate.Tag). + Str("lastPullTimestamp", candidate.PullTimestamp.String()). + Str("pushTimestamp", candidate.PushTimestamp.String()). + Str("decision", decision). + Str("reason", reason).Msg("applied policy") +} + +func getIndexTags(index ispec.Index) []string { + tags := make([]string, 0) + + for _, desc := range index.Manifests { + tag, ok := desc.Annotations[ispec.AnnotationRefName] + if ok { + tags = append(tags, tag) + } + } + + return tags +} diff --git a/pkg/retention/rules.go b/pkg/retention/rules.go new file mode 100644 index 0000000000..569fda0be6 --- /dev/null +++ b/pkg/retention/rules.go @@ -0,0 +1,140 @@ +package retention + +import ( + "fmt" + "sort" + "time" + + "zotregistry.io/zot/pkg/retention/types" +) + +const ( + // rules name. + daysPullName = "pulledWithin" + daysPushName = "pushedWithin" + latestPullName = "mostRecentlyPulledCount" + latestPushName = "mostRecentlyPushedCount" +) + +// rules implementatio + +type DaysPull struct { + duration time.Duration +} + +func NewDaysPull(duration time.Duration) DaysPull { + return DaysPull{duration: duration} +} + +func (dp DaysPull) Name() string { + return fmt.Sprintf("%s:%d", daysPullName, dp.duration) +} + +func (dp DaysPull) Perform(candidates []types.Candidate) []types.Candidate { + filtered := make([]types.Candidate, 0) + + timestamp := time.Now().Add(-dp.duration) + + for _, candidate := range candidates { + // we check pushtimestamp because we don't want to delete tags pushed after timestamp + // ie: if the tag doesn't meet PulledWithin: "3days" and the image is 1day old then do not remove! + if candidate.PullTimestamp.After(timestamp) || candidate.PushTimestamp.After(timestamp) { + candidate.RetainedBy = dp.Name() + filtered = append(filtered, candidate) + } + } + + return filtered +} + +type DaysPush struct { + duration time.Duration +} + +func NewDaysPush(duration time.Duration) DaysPush { + return DaysPush{duration: duration} +} + +func (dp DaysPush) Name() string { + return fmt.Sprintf("%s:%d", daysPushName, dp.duration) +} + +func (dp DaysPush) Perform(candidates []types.Candidate) []types.Candidate { + filtered := make([]types.Candidate, 0) + + timestamp := time.Now().Add(-dp.duration) + + for _, candidate := range candidates { + if candidate.PushTimestamp.After(timestamp) { + candidate.RetainedBy = dp.Name() + + filtered = append(filtered, candidate) + } + } + + return filtered +} + +type latestPull struct { + count int +} + +func NewLatestPull(count int) latestPull { + return latestPull{count: count} +} + +func (lp latestPull) Name() string { + return fmt.Sprintf("%s:%d", latestPullName, lp.count) +} + +func (lp latestPull) Perform(candidates []types.Candidate) []types.Candidate { + sort.Slice(candidates, func(i, j int) bool { + return candidates[i].PullTimestamp.After(candidates[j].PullTimestamp) + }) + + // take top count candidates + upper := lp.count + if lp.count > len(candidates) { + upper = len(candidates) + } + + candidates = candidates[:upper] + + for _, candidate := range candidates { + candidate.RetainedBy = lp.Name() + } + + return candidates +} + +type latestPush struct { + count int +} + +func NewLatestPush(count int) latestPush { + return latestPush{count: count} +} + +func (lp latestPush) Name() string { + return fmt.Sprintf("%s:%d", latestPushName, lp.count) +} + +func (lp latestPush) Perform(candidates []types.Candidate) []types.Candidate { + sort.Slice(candidates, func(i, j int) bool { + return candidates[i].PushTimestamp.After(candidates[j].PushTimestamp) + }) + + // take top count candidates + upper := lp.count + if lp.count > len(candidates) { + upper = len(candidates) + } + + candidates = candidates[:upper] + + for _, candidate := range candidates { + candidate.RetainedBy = lp.Name() + } + + return candidates +} diff --git a/pkg/retention/types/types.go b/pkg/retention/types/types.go new file mode 100644 index 0000000000..f6d5aa8bfe --- /dev/null +++ b/pkg/retention/types/types.go @@ -0,0 +1,30 @@ +package types + +import ( + "time" + + ispec "github.com/opencontainers/image-spec/specs-go/v1" + + mTypes "zotregistry.io/zot/pkg/meta/types" +) + +type Candidate struct { + DigestStr string + MediaType string + Tag string + PushTimestamp time.Time + PullTimestamp time.Time + RetainedBy string +} + +type PolicyManager interface { + HasDeleteReferrer(repo string) bool + HasDeleteUntagged(repo string) bool + HasTagRetention(repo string) bool + GetRetainedTags(repoMeta mTypes.RepoMetadata, index ispec.Index) []string +} + +type Rule interface { + Name() string + Perform(candidates []Candidate) []Candidate +} diff --git a/pkg/storage/constants/constants.go b/pkg/storage/constants/constants.go index 7b9b49f849..905178bd92 100644 --- a/pkg/storage/constants/constants.go +++ b/pkg/storage/constants/constants.go @@ -6,22 +6,22 @@ import ( const ( // BlobUploadDir defines the upload directory for blob uploads. - BlobUploadDir = ".uploads" - SchemaVersion = 2 - DefaultFilePerms = 0o600 - DefaultDirPerms = 0o700 - RLOCK = "RLock" - RWLOCK = "RWLock" - BlobsCache = "blobs" - DuplicatesBucket = "duplicates" - OriginalBucket = "original" - DBExtensionName = ".db" - DBCacheLockCheckTimeout = 10 * time.Second - BoltdbName = "cache" - DynamoDBDriverName = "dynamodb" - DefaultGCDelay = 1 * time.Hour - DefaultUntaggedImgeRetentionDelay = 24 * time.Hour - DefaultGCInterval = 1 * time.Hour - S3StorageDriverName = "s3" - LocalStorageDriverName = "local" + BlobUploadDir = ".uploads" + SchemaVersion = 2 + DefaultFilePerms = 0o600 + DefaultDirPerms = 0o700 + RLOCK = "RLock" + RWLOCK = "RWLock" + BlobsCache = "blobs" + DuplicatesBucket = "duplicates" + OriginalBucket = "original" + DBExtensionName = ".db" + DBCacheLockCheckTimeout = 10 * time.Second + BoltdbName = "cache" + DynamoDBDriverName = "dynamodb" + DefaultGCDelay = 1 * time.Hour + DefaultRetentionDelay = 24 * time.Hour + DefaultGCInterval = 1 * time.Hour + S3StorageDriverName = "s3" + LocalStorageDriverName = "local" ) diff --git a/pkg/storage/gc/gc.go b/pkg/storage/gc/gc.go index 220bfd6894..f12115981d 100644 --- a/pkg/storage/gc/gc.go +++ b/pkg/storage/gc/gc.go @@ -15,9 +15,12 @@ import ( oras "github.com/oras-project/artifacts-spec/specs-go/v1" zerr "zotregistry.io/zot/errors" + "zotregistry.io/zot/pkg/api/config" zcommon "zotregistry.io/zot/pkg/common" zlog "zotregistry.io/zot/pkg/log" mTypes "zotregistry.io/zot/pkg/meta/types" + "zotregistry.io/zot/pkg/retention" + rTypes "zotregistry.io/zot/pkg/retention/types" "zotregistry.io/zot/pkg/scheduler" "zotregistry.io/zot/pkg/storage" common "zotregistry.io/zot/pkg/storage/common" @@ -30,28 +33,31 @@ const ( ) type Options struct { - // will garbage collect referrers with missing subject older than Delay - Referrers bool // will garbage collect blobs older than Delay Delay time.Duration - // will garbage collect untagged manifests older than RetentionDelay - RetentionDelay time.Duration + + ImageRetention config.ImageRetention } type GarbageCollect struct { - imgStore types.ImageStore - opts Options - metaDB mTypes.MetaDB - log zlog.Logger + imgStore types.ImageStore + opts Options + metaDB mTypes.MetaDB + policyMgr rTypes.PolicyManager + auditLog *zlog.Logger + log zlog.Logger } -func NewGarbageCollect(imgStore types.ImageStore, metaDB mTypes.MetaDB, opts Options, log zlog.Logger, +func NewGarbageCollect(imgStore types.ImageStore, metaDB mTypes.MetaDB, opts Options, + auditLog *zlog.Logger, log zlog.Logger, ) GarbageCollect { return GarbageCollect{ - imgStore: imgStore, - metaDB: metaDB, - opts: opts, - log: log, + imgStore: imgStore, + metaDB: metaDB, + opts: opts, + policyMgr: retention.NewPolicyManager(opts.ImageRetention, log, auditLog), + auditLog: auditLog, + log: log, } } @@ -75,17 +81,20 @@ It also gc referrers with missing subject if the Referrer Option is enabled It also gc untagged manifests. */ func (gc GarbageCollect) CleanRepo(repo string) error { - gc.log.Info().Msg(fmt.Sprintf("executing GC of orphaned blobs for %s", path.Join(gc.imgStore.RootDir(), repo))) + gc.log.Info().Str("module", "gc"). + Msg(fmt.Sprintf("executing GC of orphaned blobs for %s", path.Join(gc.imgStore.RootDir(), repo))) if err := gc.cleanRepo(repo); err != nil { errMessage := fmt.Sprintf("error while running GC for %s", path.Join(gc.imgStore.RootDir(), repo)) - gc.log.Error().Err(err).Msg(errMessage) - gc.log.Info().Msg(fmt.Sprintf("GC unsuccessfully completed for %s", path.Join(gc.imgStore.RootDir(), repo))) + gc.log.Error().Err(err).Str("module", "gc").Msg(errMessage) + gc.log.Info().Str("module", "gc"). + Msg(fmt.Sprintf("GC unsuccessfully completed for %s", path.Join(gc.imgStore.RootDir(), repo))) return err } - gc.log.Info().Msg(fmt.Sprintf("GC successfully completed for %s", path.Join(gc.imgStore.RootDir(), repo))) + gc.log.Info().Str("module", "gc"). + Msg(fmt.Sprintf("GC successfully completed for %s", path.Join(gc.imgStore.RootDir(), repo))) return nil } @@ -112,28 +121,39 @@ func (gc GarbageCollect) cleanRepo(repo string) error { */ index, err := common.GetIndex(gc.imgStore, repo, gc.log) if err != nil { + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo).Msg("unable to read index.json in repo") + + return err + } + + // apply tags retention + if err := gc.removeTagsPerRetentionPolicy(repo, &index); err != nil { return err } // gc referrers manifests with missing subject and untagged manifests - if err := gc.cleanManifests(repo, &index); err != nil { + if err := gc.removeManifestsPerRepoPolicy(repo, &index); err != nil { return err } // update repos's index.json in storage - if err := gc.imgStore.PutIndexContent(repo, index); err != nil { - return err + if !gc.opts.ImageRetention.DryRun { + /* this will update the index.json with manifests deleted above + and the manifests blobs will be removed by gc.removeUnreferencedBlobs()*/ + if err := gc.imgStore.PutIndexContent(repo, index); err != nil { + return err + } } // gc unreferenced blobs - if err := gc.cleanBlobs(repo, index, gc.opts.Delay, gc.log); err != nil { + if err := gc.removeUnreferencedBlobs(repo, gc.opts.Delay, gc.log); err != nil { return err } return nil } -func (gc GarbageCollect) cleanManifests(repo string, index *ispec.Index) error { +func (gc GarbageCollect) removeManifestsPerRepoPolicy(repo string, index *ispec.Index) error { var err error /* gc all manifests that have a missing subject, stop when neither gc(referrer and untagged) @@ -142,32 +162,36 @@ func (gc GarbageCollect) cleanManifests(repo string, index *ispec.Index) error { for !stop { var gcedReferrer bool - if gc.opts.Referrers { - gc.log.Debug().Str("repository", repo).Msg("gc: manifests with missing referrers") + var gcedUntagged bool + + if gc.policyMgr.HasDeleteReferrer(repo) { + gc.log.Debug().Str("module", "gc").Str("repository", repo).Msg("manifests with missing referrers") - gcedReferrer, err = gc.cleanIndexReferrers(repo, index, *index) + gcedReferrer, err = gc.removeIndexReferrers(repo, index, *index) if err != nil { return err } } - referenced := make(map[godigest.Digest]bool, 0) + if gc.policyMgr.HasDeleteUntagged(repo) { + referenced := make(map[godigest.Digest]bool, 0) - /* gather all manifests referenced in multiarch images/by other manifests - so that we can skip them in cleanUntaggedManifests */ - if err := gc.identifyManifestsReferencedInIndex(*index, repo, referenced); err != nil { - return err - } + /* gather all manifests referenced in multiarch images/by other manifests + so that we can skip them in cleanUntaggedManifests */ + if err := gc.identifyManifestsReferencedInIndex(*index, repo, referenced); err != nil { + return err + } - // apply image retention policy - gcedManifest, err := gc.cleanUntaggedManifests(repo, index, referenced) - if err != nil { - return err + // apply image retention policy + gcedUntagged, err = gc.removeUntaggedManifests(repo, index, referenced) + if err != nil { + return err + } } /* if we gced any manifest then loop again and gc manifests with a subject pointing to the last ones which were gced. */ - stop = !gcedReferrer && !gcedManifest + stop = !gcedReferrer && !gcedUntagged } return nil @@ -179,7 +203,7 @@ garbageCollectIndexReferrers will gc all referrers with a missing subject recurs rootIndex is indexJson, need to pass it down to garbageCollectReferrer() rootIndex is the place we look for referrers. */ -func (gc GarbageCollect) cleanIndexReferrers(repo string, rootIndex *ispec.Index, index ispec.Index, +func (gc GarbageCollect) removeIndexReferrers(repo string, rootIndex *ispec.Index, index ispec.Index, ) (bool, error) { var count int @@ -190,13 +214,13 @@ func (gc GarbageCollect) cleanIndexReferrers(repo string, rootIndex *ispec.Index case ispec.MediaTypeImageIndex: indexImage, err := common.GetImageIndex(gc.imgStore, repo, desc.Digest, gc.log) if err != nil { - gc.log.Error().Err(err).Str("repository", repo).Str("digest", desc.Digest.String()). - Msg("gc: failed to read multiarch(index) image") + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo).Str("digest", desc.Digest.String()). + Msg("failed to read multiarch(index) image") return false, err } - gced, err := gc.cleanReferrer(repo, rootIndex, desc, indexImage.Subject, indexImage.ArtifactType) + gced, err := gc.removeReferrer(repo, rootIndex, desc, indexImage.Subject, indexImage.ArtifactType) if err != nil { return false, err } @@ -208,7 +232,7 @@ func (gc GarbageCollect) cleanIndexReferrers(repo string, rootIndex *ispec.Index return true, nil } - gced, err = gc.cleanIndexReferrers(repo, rootIndex, indexImage) + gced, err = gc.removeIndexReferrers(repo, rootIndex, indexImage) if err != nil { return false, err } @@ -219,15 +243,15 @@ func (gc GarbageCollect) cleanIndexReferrers(repo string, rootIndex *ispec.Index case ispec.MediaTypeImageManifest, oras.MediaTypeArtifactManifest: image, err := common.GetImageManifest(gc.imgStore, repo, desc.Digest, gc.log) if err != nil { - gc.log.Error().Err(err).Str("repo", repo).Str("digest", desc.Digest.String()). - Msg("gc: failed to read manifest image") + gc.log.Error().Err(err).Str("module", "gc").Str("repo", repo).Str("digest", desc.Digest.String()). + Msg("failed to read manifest image") return false, err } artifactType := zcommon.GetManifestArtifactType(image) - gced, err := gc.cleanReferrer(repo, rootIndex, desc, image.Subject, artifactType) + gced, err := gc.removeReferrer(repo, rootIndex, desc, image.Subject, artifactType) if err != nil { return false, err } @@ -241,7 +265,7 @@ func (gc GarbageCollect) cleanIndexReferrers(repo string, rootIndex *ispec.Index return count > 0, err } -func (gc GarbageCollect) cleanReferrer(repo string, index *ispec.Index, manifestDesc ispec.Descriptor, +func (gc GarbageCollect) removeReferrer(repo string, index *ispec.Index, manifestDesc ispec.Descriptor, subject *ispec.Descriptor, artifactType string, ) (bool, error) { var gced bool @@ -259,18 +283,35 @@ func (gc GarbageCollect) cleanReferrer(repo string, index *ispec.Index, manifest } if !referenced { - gced, err = gc.gcManifest(repo, index, manifestDesc, signatureType, subject.Digest, gc.opts.Delay) + gced, err = gc.gcManifest(repo, index, manifestDesc, signatureType, subject.Digest, gc.opts.ImageRetention.Delay) if err != nil { return false, err } + + if gced { + gc.log.Info().Str("module", "gc"). + Str("repository", repo). + Str("reference", manifestDesc.Digest.String()). + Str("subject", subject.Digest.String()). + Str("decision", "delete"). + Str("reason", "deleteReferrers").Msg("removed manifest without reference") + + if gc.auditLog != nil { + gc.auditLog.Info().Str("module", "gc"). + Str("repository", repo). + Str("reference", manifestDesc.Digest.String()). + Str("subject", subject.Digest.String()). + Str("decision", "delete"). + Str("reason", "deleteReferrers").Msg("removed manifest without reference") + } + } } } // cosign - tag, ok := manifestDesc.Annotations[ispec.AnnotationRefName] + tag, ok := getDescriptorTag(manifestDesc) if ok { - if strings.HasPrefix(tag, "sha256-") && (strings.HasSuffix(tag, cosignSignatureTagSuffix) || - strings.HasSuffix(tag, SBOMTagSuffix)) { + if isCosignTag(tag) { subjectDigest := getSubjectFromCosignTag(tag) referenced := isManifestReferencedInIndex(index, subjectDigest) @@ -279,6 +320,26 @@ func (gc GarbageCollect) cleanReferrer(repo string, index *ispec.Index, manifest if err != nil { return false, err } + + if gced { + gc.log.Info().Str("module", "gc"). + Bool("dry-run", gc.opts.ImageRetention.DryRun). + Str("repository", repo). + Str("reference", tag). + Str("subject", subjectDigest.String()). + Str("decision", "delete"). + Str("reason", "deleteReferrers").Msg("removed cosign manifest without reference") + + if gc.auditLog != nil { + gc.auditLog.Info().Str("module", "gc"). + Bool("dry-run", gc.opts.ImageRetention.DryRun). + Str("repository", repo). + Str("reference", tag). + Str("subject", subjectDigest.String()). + Str("decision", "delete"). + Str("reason", "deleteReferrers").Msg("removed cosign manifest without reference") + } + } } } } @@ -286,6 +347,36 @@ func (gc GarbageCollect) cleanReferrer(repo string, index *ispec.Index, manifest return gced, nil } +func (gc GarbageCollect) removeTagsPerRetentionPolicy(repo string, index *ispec.Index) error { + if !gc.policyMgr.HasTagRetention(repo) { + return nil + } + + repoMeta, err := gc.metaDB.GetRepoMeta(repo) + if err != nil { + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo).Msg("can't retrieve repoMeta for repo") + + return err + } + + retainTags := gc.policyMgr.GetRetainedTags(repoMeta, *index) + + // remove + for _, desc := range index.Manifests { + // check tag + tag, ok := getDescriptorTag(desc) + if ok && !zcommon.Contains(retainTags, tag) { + // remove tags which should not be retained + _, err := gc.removeManifest(repo, index, desc, tag, "", "") + if err != nil && !errors.Is(err, zerr.ErrManifestNotFound) { + return err + } + } + } + + return nil +} + // gcManifest removes a manifest entry from an index and syncs metaDB accordingly if the blob is older than gc.Delay. func (gc GarbageCollect) gcManifest(repo string, index *ispec.Index, desc ispec.Descriptor, signatureType string, subjectDigest godigest.Digest, delay time.Duration, @@ -294,14 +385,14 @@ func (gc GarbageCollect) gcManifest(repo string, index *ispec.Index, desc ispec. canGC, err := isBlobOlderThan(gc.imgStore, repo, desc.Digest, delay, gc.log) if err != nil { - gc.log.Error().Err(err).Str("repository", repo).Str("digest", desc.Digest.String()). - Str("delay", gc.opts.Delay.String()).Msg("gc: failed to check if blob is older than delay") + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo).Str("digest", desc.Digest.String()). + Str("delay", delay.String()).Msg("failed to check if blob is older than delay") return false, err } if canGC { - if gced, err = gc.removeManifest(repo, index, desc, signatureType, subjectDigest); err != nil { + if gced, err = gc.removeManifest(repo, index, desc, desc.Digest.String(), signatureType, subjectDigest); err != nil { return false, err } } @@ -311,12 +402,9 @@ func (gc GarbageCollect) gcManifest(repo string, index *ispec.Index, desc ispec. // removeManifest removes a manifest entry from an index and syncs metaDB accordingly. func (gc GarbageCollect) removeManifest(repo string, index *ispec.Index, - desc ispec.Descriptor, signatureType string, subjectDigest godigest.Digest, + desc ispec.Descriptor, reference string, signatureType string, subjectDigest godigest.Digest, ) (bool, error) { - gc.log.Debug().Str("repository", repo).Str("digest", desc.Digest.String()).Msg("gc: removing manifest") - - // remove from index - _, err := common.RemoveManifestDescByReference(index, desc.Digest.String(), true) + _, err := common.RemoveManifestDescByReference(index, reference, true) if err != nil { if errors.Is(err, zerr.ErrManifestConflict) { return false, nil @@ -325,6 +413,10 @@ func (gc GarbageCollect) removeManifest(repo string, index *ispec.Index, return false, err } + if gc.opts.ImageRetention.DryRun { + return true, nil + } + // sync metaDB if gc.metaDB != nil { if signatureType != "" { @@ -333,14 +425,14 @@ func (gc GarbageCollect) removeManifest(repo string, index *ispec.Index, SignatureType: signatureType, }) if err != nil { - gc.log.Error().Err(err).Msg("gc,metadb: unable to remove signature in metaDB") + gc.log.Error().Err(err).Str("module", "gc").Msg("metadb: unable to remove signature in metaDB") return false, err } } else { - err := gc.metaDB.RemoveRepoReference(repo, desc.Digest.String(), desc.Digest) + err := gc.metaDB.RemoveRepoReference(repo, reference, desc.Digest) if err != nil { - gc.log.Error().Err(err).Msg("gc, metadb: unable to remove repo reference in metaDB") + gc.log.Error().Err(err).Str("module", "gc").Msg("metadb: unable to remove repo reference in metaDB") return false, err } @@ -350,16 +442,15 @@ func (gc GarbageCollect) removeManifest(repo string, index *ispec.Index, return true, nil } -func (gc GarbageCollect) cleanUntaggedManifests(repo string, index *ispec.Index, +func (gc GarbageCollect) removeUntaggedManifests(repo string, index *ispec.Index, referenced map[godigest.Digest]bool, ) (bool, error) { var gced bool var err error - gc.log.Debug().Str("repository", repo).Msg("gc: manifests without tags") + gc.log.Debug().Str("module", "gc").Str("repository", repo).Msg("manifests without tags") - // first gather manifests part of image indexes and referrers, we want to skip checking them for _, desc := range index.Manifests { // skip manifests referenced in image indexes if _, referenced := referenced[desc.Digest]; referenced { @@ -368,12 +459,30 @@ func (gc GarbageCollect) cleanUntaggedManifests(repo string, index *ispec.Index, // remove untagged images if desc.MediaType == ispec.MediaTypeImageManifest || desc.MediaType == ispec.MediaTypeImageIndex { - _, ok := desc.Annotations[ispec.AnnotationRefName] + _, ok := getDescriptorTag(desc) if !ok { - gced, err = gc.gcManifest(repo, index, desc, "", "", gc.opts.RetentionDelay) + gced, err = gc.gcManifest(repo, index, desc, "", "", gc.opts.ImageRetention.Delay) if err != nil { return false, err } + + if gced { + gc.log.Info().Str("module", "gc"). + Bool("dry-run", gc.opts.ImageRetention.DryRun). + Str("repository", repo). + Str("reference", desc.Digest.String()). + Str("decision", "delete"). + Str("reason", "deleteUntagged").Msg("removed untagged manifest") + + if gc.auditLog != nil { + gc.auditLog.Info().Str("module", "gc"). + Bool("dry-run", gc.opts.ImageRetention.DryRun). + Str("repository", repo). + Str("reference", desc.Digest.String()). + Str("decision", "delete"). + Str("reason", "deleteUntagged").Msg("removed untagged manifest") + } + } } } } @@ -390,8 +499,8 @@ func (gc GarbageCollect) identifyManifestsReferencedInIndex(index ispec.Index, r case ispec.MediaTypeImageIndex: indexImage, err := common.GetImageIndex(gc.imgStore, repo, desc.Digest, gc.log) if err != nil { - gc.log.Error().Err(err).Str("repository", repo).Str("digest", desc.Digest.String()). - Msg("gc: failed to read multiarch(index) image") + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo). + Str("digest", desc.Digest.String()).Msg("failed to read multiarch(index) image") return err } @@ -410,8 +519,8 @@ func (gc GarbageCollect) identifyManifestsReferencedInIndex(index ispec.Index, r case ispec.MediaTypeImageManifest, oras.MediaTypeArtifactManifest: image, err := common.GetImageManifest(gc.imgStore, repo, desc.Digest, gc.log) if err != nil { - gc.log.Error().Err(err).Str("repo", repo).Str("digest", desc.Digest.String()). - Msg("gc: failed to read manifest image") + gc.log.Error().Err(err).Str("module", "gc").Str("repo", repo). + Str("digest", desc.Digest.String()).Msg("failed to read manifest image") return err } @@ -425,17 +534,23 @@ func (gc GarbageCollect) identifyManifestsReferencedInIndex(index ispec.Index, r return nil } -// cleanBlobs gc all blobs which are not referenced by any manifest found in repo's index.json. -func (gc GarbageCollect) cleanBlobs(repo string, index ispec.Index, - delay time.Duration, log zlog.Logger, +// removeUnreferencedBlobs gc all blobs which are not referenced by any manifest found in repo's index.json. +func (gc GarbageCollect) removeUnreferencedBlobs(repo string, delay time.Duration, log zlog.Logger, ) error { - gc.log.Debug().Str("repository", repo).Msg("gc: blobs") + gc.log.Debug().Str("module", "gc").Str("repository", repo).Msg("cleaning orphan blobs") refBlobs := map[string]bool{} - err := gc.addIndexBlobsToReferences(repo, index, refBlobs) + index, err := common.GetIndex(gc.imgStore, repo, gc.log) + if err != nil { + log.Error().Err(err).Str("module", "gc").Str("repository", repo).Msg("unable to read index.json in repo") + + return err + } + + err = gc.addIndexBlobsToReferences(repo, index, refBlobs) if err != nil { - log.Error().Err(err).Str("repository", repo).Msg("gc: unable to get referenced blobs in repo") + log.Error().Err(err).Str("module", "gc").Str("repository", repo).Msg("unable to get referenced blobs in repo") return err } @@ -447,7 +562,7 @@ func (gc GarbageCollect) cleanBlobs(repo string, index ispec.Index, return nil } - log.Error().Err(err).Str("repository", repo).Msg("gc: unable to get all blobs") + log.Error().Err(err).Str("module", "gc").Str("repository", repo).Msg("unable to get all blobs") return err } @@ -457,7 +572,8 @@ func (gc GarbageCollect) cleanBlobs(repo string, index ispec.Index, for _, blob := range allBlobs { digest := godigest.NewDigestFromEncoded(godigest.SHA256, blob) if err = digest.Validate(); err != nil { - log.Error().Err(err).Str("repository", repo).Str("digest", blob).Msg("gc: unable to parse digest") + log.Error().Err(err).Str("module", "gc").Str("repository", repo).Str("digest", blob). + Msg("unable to parse digest") return err } @@ -465,7 +581,8 @@ func (gc GarbageCollect) cleanBlobs(repo string, index ispec.Index, if _, ok := refBlobs[digest.String()]; !ok { canGC, err := isBlobOlderThan(gc.imgStore, repo, digest, delay, log) if err != nil { - log.Error().Err(err).Str("repository", repo).Str("digest", blob).Msg("gc: unable to determine GC delay") + log.Error().Err(err).Str("module", "gc").Str("repository", repo).Str("digest", blob). + Msg("unable to determine GC delay") return err } @@ -484,11 +601,13 @@ func (gc GarbageCollect) cleanBlobs(repo string, index ispec.Index, return err } - log.Info().Str("repository", repo).Int("count", reaped).Msg("gc: garbage collected blobs") + log.Info().Str("module", "gc").Str("repository", repo).Int("count", reaped). + Msg("garbage collected blobs") return nil } +// used by removeUnreferencedBlobs() // addIndexBlobsToReferences adds referenced blobs found in referenced manifests (index.json) in refblobs map. func (gc GarbageCollect) addIndexBlobsToReferences(repo string, index ispec.Index, refBlobs map[string]bool, ) error { @@ -496,22 +615,22 @@ func (gc GarbageCollect) addIndexBlobsToReferences(repo string, index ispec.Inde switch desc.MediaType { case ispec.MediaTypeImageIndex: if err := gc.addImageIndexBlobsToReferences(repo, desc.Digest, refBlobs); err != nil { - gc.log.Error().Err(err).Str("repository", repo).Str("digest", desc.Digest.String()). - Msg("gc: failed to read blobs in multiarch(index) image") + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo). + Str("digest", desc.Digest.String()).Msg("failed to read blobs in multiarch(index) image") return err } case ispec.MediaTypeImageManifest: if err := gc.addImageManifestBlobsToReferences(repo, desc.Digest, refBlobs); err != nil { - gc.log.Error().Err(err).Str("repository", repo).Str("digest", desc.Digest.String()). - Msg("gc: failed to read blobs in image manifest") + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo). + Str("digest", desc.Digest.String()).Msg("failed to read blobs in image manifest") return err } case oras.MediaTypeArtifactManifest: if err := gc.addORASImageManifestBlobsToReferences(repo, desc.Digest, refBlobs); err != nil { - gc.log.Error().Err(err).Str("repository", repo).Str("digest", desc.Digest.String()). - Msg("gc: failed to read blobs in ORAS image manifest") + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo). + Str("digest", desc.Digest.String()).Msg("failed to read blobs in ORAS image manifest") return err } @@ -525,8 +644,8 @@ func (gc GarbageCollect) addImageIndexBlobsToReferences(repo string, mdigest god ) error { index, err := common.GetImageIndex(gc.imgStore, repo, mdigest, gc.log) if err != nil { - gc.log.Error().Err(err).Str("repository", repo).Str("digest", mdigest.String()). - Msg("gc: failed to read manifest image") + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo).Str("digest", mdigest.String()). + Msg("failed to read manifest image") return err } @@ -550,8 +669,8 @@ func (gc GarbageCollect) addImageManifestBlobsToReferences(repo string, mdigest ) error { manifestContent, err := common.GetImageManifest(gc.imgStore, repo, mdigest, gc.log) if err != nil { - gc.log.Error().Err(err).Str("repository", repo).Str("digest", mdigest.String()). - Msg("gc: failed to read manifest image") + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo). + Str("digest", mdigest.String()).Msg("failed to read manifest image") return err } @@ -576,8 +695,8 @@ func (gc GarbageCollect) addORASImageManifestBlobsToReferences(repo string, mdig ) error { manifestContent, err := common.GetOrasManifestByDigest(gc.imgStore, repo, mdigest, gc.log) if err != nil { - gc.log.Error().Err(err).Str("repository", repo).Str("digest", mdigest.String()). - Msg("gc: failed to read manifest image") + gc.log.Error().Err(err).Str("module", "gc").Str("repository", repo). + Str("digest", mdigest.String()).Msg("failed to read manifest image") return err } @@ -611,8 +730,8 @@ func isBlobOlderThan(imgStore types.ImageStore, repo string, ) (bool, error) { _, _, modtime, err := imgStore.StatBlob(repo, digest) if err != nil { - log.Error().Err(err).Str("repository", repo).Str("digest", digest.String()). - Msg("gc: failed to stat blob") + log.Error().Err(err).Str("module", "gc").Str("repository", repo).Str("digest", digest.String()). + Msg("failed to stat blob") return false, err } @@ -631,6 +750,22 @@ func getSubjectFromCosignTag(tag string) godigest.Digest { return godigest.NewDigestFromEncoded(godigest.Algorithm(alg), encoded) } +func getDescriptorTag(desc ispec.Descriptor) (string, bool) { + tag, ok := desc.Annotations[ispec.AnnotationRefName] + + return tag, ok +} + +// this function will check if tag is a cosign tag (signature or sbom). +func isCosignTag(tag string) bool { + if strings.HasPrefix(tag, "sha256-") && + (strings.HasSuffix(tag, cosignSignatureTagSuffix) || strings.HasSuffix(tag, SBOMTagSuffix)) { + return true + } + + return false +} + /* GCTaskGenerator takes all repositories found in the storage.imagestore @@ -704,5 +839,5 @@ func NewGCTask(imgStore types.ImageStore, gc GarbageCollect, repo string, func (gct *gcTask) DoWork(ctx context.Context) error { // run task - return gct.gc.CleanRepo(gct.repo) + return gct.gc.CleanRepo(gct.repo) //nolint: contextcheck } diff --git a/pkg/storage/gc/gc_internal_test.go b/pkg/storage/gc/gc_internal_test.go index 9618f32331..49903348ac 100644 --- a/pkg/storage/gc/gc_internal_test.go +++ b/pkg/storage/gc/gc_internal_test.go @@ -12,12 +12,12 @@ import ( godigest "github.com/opencontainers/go-digest" ispec "github.com/opencontainers/image-spec/specs-go/v1" artifactspec "github.com/oras-project/artifacts-spec/specs-go/v1" - "github.com/rs/zerolog" . "github.com/smartystreets/goconvey/convey" + "zotregistry.io/zot/pkg/api/config" zcommon "zotregistry.io/zot/pkg/common" "zotregistry.io/zot/pkg/extensions/monitoring" - "zotregistry.io/zot/pkg/log" + zlog "zotregistry.io/zot/pkg/log" "zotregistry.io/zot/pkg/meta/types" "zotregistry.io/zot/pkg/storage" "zotregistry.io/zot/pkg/storage/cache" @@ -37,8 +37,11 @@ func TestGarbageCollectManifestErrors(t *testing.T) { Convey("Make imagestore and upload manifest", t, func(c C) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.NewLogger("debug", "") + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) + cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, Name: "cache", @@ -47,10 +50,17 @@ func TestGarbageCollectManifestErrors(t *testing.T) { imgStore := local.NewImageStore(dir, true, true, log, metrics, nil, cacheDriver) gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, Options{ - Referrers: true, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + }, + }, + }, + }, audit, log) Convey("trigger repo not found in addImageIndexBlobsToReferences()", func() { err := gc.addIndexBlobsToReferences(repoName, ispec.Index{ @@ -164,7 +174,9 @@ func TestGarbageCollectIndexErrors(t *testing.T) { Convey("Make imagestore and upload manifest", t, func(c C) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.NewLogger("debug", "") + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -174,10 +186,17 @@ func TestGarbageCollectIndexErrors(t *testing.T) { imgStore := local.NewImageStore(dir, true, true, log, metrics, nil, cacheDriver) gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, Options{ - Referrers: true, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + }, + }, + }, + }, audit, log) content := []byte("this is a blob") bdgst := godigest.FromBytes(content) @@ -270,8 +289,85 @@ func TestGarbageCollectIndexErrors(t *testing.T) { } func TestGarbageCollectWithMockedImageStore(t *testing.T) { + trueVal := true + Convey("Cover gc error paths", t, func(c C) { - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.NewLogger("debug", "") + audit := zlog.NewAuditLogger("debug", "") + + gcOptions := Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + }, + }, + }, + } + + Convey("Error on GetIndex in gc.cleanRepo()", func() { + gc := NewGarbageCollect(mocks.MockedImageStore{}, mocks.MetaDBMock{ + GetRepoMetaFn: func(repo string) (types.RepoMetadata, error) { + return types.RepoMetadata{}, errGC + }, + }, gcOptions, audit, log) + + err := gc.cleanRepo(repoName) + So(err, ShouldNotBeNil) + }) + + Convey("Error on GetIndex in gc.removeUnreferencedBlobs()", func() { + gc := NewGarbageCollect(mocks.MockedImageStore{}, mocks.MetaDBMock{ + GetRepoMetaFn: func(repo string) (types.RepoMetadata, error) { + return types.RepoMetadata{}, errGC + }, + }, gcOptions, audit, log) + + err := gc.removeUnreferencedBlobs("repo", time.Hour, log) + So(err, ShouldNotBeNil) + }) + + Convey("Error on gc.removeManifest()", func() { + gc := NewGarbageCollect(mocks.MockedImageStore{}, mocks.MetaDBMock{ + GetRepoMetaFn: func(repo string) (types.RepoMetadata, error) { + return types.RepoMetadata{}, errGC + }, + }, gcOptions, audit, log) + + _, err := gc.removeManifest("", &ispec.Index{}, ispec.DescriptorEmptyJSON, "tag", "", "") + So(err, ShouldNotBeNil) + }) + + Convey("Error on metaDB in gc.cleanRepo()", func() { + gcOptions := Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{".*"}, + }, + }, + }, + }, + }, + } + + gc := NewGarbageCollect(mocks.MockedImageStore{}, mocks.MetaDBMock{ + GetRepoMetaFn: func(repo string) (types.RepoMetadata, error) { + return types.RepoMetadata{}, errGC + }, + }, gcOptions, audit, log) + + err := gc.removeTagsPerRetentionPolicy("name", &ispec.Index{}) + So(err, ShouldNotBeNil) + }) Convey("Error on PutIndexContent in gc.cleanRepo()", func() { returnedIndexJSON := ispec.Index{} @@ -288,11 +384,7 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { }, } - gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, Options{ - Referrers: true, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gcOptions, audit, log) err = gc.cleanRepo(repoName) So(err, ShouldNotBeNil) @@ -316,11 +408,7 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { }, } - gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, Options{ - Referrers: true, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gcOptions, audit, log) err = gc.cleanRepo(repoName) So(err, ShouldNotBeNil) @@ -333,11 +421,7 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { }, } - gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, Options{ - Referrers: true, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gcOptions, audit, log) err := gc.cleanRepo(repoName) So(err, ShouldNotBeNil) @@ -369,13 +453,17 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { }, } - gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, Options{ - Referrers: false, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + gcOptions.ImageRetention = config.ImageRetention{ + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteUntagged: &trueVal, + }, + }, + } + gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gcOptions, audit, log) - err = gc.cleanManifests(repoName, &ispec.Index{ + err = gc.removeManifestsPerRepoPolicy(repoName, &ispec.Index{ Manifests: []ispec.Descriptor{ { MediaType: ispec.MediaTypeImageIndex, @@ -393,13 +481,18 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { }, } - gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, Options{ - Referrers: false, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + gcOptions.ImageRetention = config.ImageRetention{ + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteUntagged: &trueVal, + }, + }, + } + + gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gcOptions, audit, log) - err := gc.cleanManifests(repoName, &ispec.Index{ + err := gc.removeManifestsPerRepoPolicy(repoName, &ispec.Index{ Manifests: []ispec.Descriptor{ { MediaType: ispec.MediaTypeImageManifest, @@ -430,13 +523,17 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { }, } - gc := NewGarbageCollect(imgStore, metaDB, Options{ - Referrers: false, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + gcOptions.ImageRetention = config.ImageRetention{ + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteUntagged: &trueVal, + }, + }, + } + gc := NewGarbageCollect(imgStore, metaDB, gcOptions, audit, log) - err = gc.cleanManifests(repoName, &ispec.Index{ + err = gc.removeManifestsPerRepoPolicy(repoName, &ispec.Index{ Manifests: []ispec.Descriptor{ { MediaType: ispec.MediaTypeImageManifest, @@ -467,11 +564,8 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { }, } - gc := NewGarbageCollect(imgStore, metaDB, Options{ - Referrers: false, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + gcOptions.ImageRetention = config.ImageRetention{} + gc := NewGarbageCollect(imgStore, metaDB, gcOptions, audit, log) desc := ispec.Descriptor{ MediaType: ispec.MediaTypeImageManifest, @@ -481,7 +575,7 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { index := &ispec.Index{ Manifests: []ispec.Descriptor{desc}, } - _, err = gc.removeManifest(repoName, index, desc, storage.NotationType, + _, err = gc.removeManifest(repoName, index, desc, desc.Digest.String(), storage.NotationType, godigest.FromBytes([]byte("digest2"))) So(err, ShouldNotBeNil) @@ -515,13 +609,9 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { }, } - gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, Options{ - Referrers: true, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gcOptions, audit, log) - err = gc.cleanManifests(repoName, &returnedIndexImage) + err = gc.removeManifestsPerRepoPolicy(repoName, &returnedIndexImage) So(err, ShouldNotBeNil) }) @@ -550,13 +640,9 @@ func TestGarbageCollectWithMockedImageStore(t *testing.T) { }, } - gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, Options{ - Referrers: true, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + gc := NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gcOptions, audit, log) - err = gc.cleanManifests(repoName, &ispec.Index{ + err = gc.removeManifestsPerRepoPolicy(repoName, &ispec.Index{ Manifests: []ispec.Descriptor{ manifestDesc, }, diff --git a/pkg/storage/gc/gc_test.go b/pkg/storage/gc/gc_test.go new file mode 100644 index 0000000000..ea534794d5 --- /dev/null +++ b/pkg/storage/gc/gc_test.go @@ -0,0 +1,863 @@ +package gc_test + +import ( + "context" + "fmt" + "os" + "path" + "testing" + "time" + + "github.com/docker/distribution/registry/storage/driver/factory" + _ "github.com/docker/distribution/registry/storage/driver/s3-aws" + guuid "github.com/gofrs/uuid" + . "github.com/smartystreets/goconvey/convey" + "gopkg.in/resty.v1" + + "zotregistry.io/zot/pkg/api/config" + "zotregistry.io/zot/pkg/extensions/monitoring" + zlog "zotregistry.io/zot/pkg/log" + "zotregistry.io/zot/pkg/meta" + "zotregistry.io/zot/pkg/meta/boltdb" + "zotregistry.io/zot/pkg/meta/dynamodb" + mTypes "zotregistry.io/zot/pkg/meta/types" + "zotregistry.io/zot/pkg/storage" + storageConstants "zotregistry.io/zot/pkg/storage/constants" + "zotregistry.io/zot/pkg/storage/gc" + "zotregistry.io/zot/pkg/storage/local" + "zotregistry.io/zot/pkg/storage/s3" + storageTypes "zotregistry.io/zot/pkg/storage/types" + . "zotregistry.io/zot/pkg/test/image-utils" + tskip "zotregistry.io/zot/pkg/test/skip" +) + +const ( + region = "us-east-2" +) + +//nolint:gochecknoglobals +var testCases = []struct { + testCaseName string + storageType string +}{ + { + testCaseName: "S3APIs", + storageType: storageConstants.S3StorageDriverName, + }, + { + testCaseName: "LocalAPIs", + storageType: storageConstants.LocalStorageDriverName, + }, +} + +func TestGarbageCollectAndRetention(t *testing.T) { + log := zlog.NewLogger("info", "") + audit := zlog.NewAuditLogger("debug", "") + + metrics := monitoring.NewMetricsServer(false, log) + + trueVal := true + + for _, testcase := range testCases { + testcase := testcase + t.Run(testcase.testCaseName, func(t *testing.T) { + var imgStore storageTypes.ImageStore + + var metaDB mTypes.MetaDB + + if testcase.storageType == storageConstants.S3StorageDriverName { + tskip.SkipDynamo(t) + tskip.SkipS3(t) + + uuid, err := guuid.NewV4() + if err != nil { + panic(err) + } + + rootDir := path.Join("/oci-repo-test", uuid.String()) + cacheDir := t.TempDir() + + bucket := "zot-storage-test" + + storageDriverParams := map[string]interface{}{ + "rootDir": rootDir, + "name": "s3", + "region": region, + "bucket": bucket, + "regionendpoint": os.Getenv("S3MOCK_ENDPOINT"), + "accesskey": "minioadmin", + "secretkey": "minioadmin", + "secure": false, + "skipverify": false, + } + + storeName := fmt.Sprintf("%v", storageDriverParams["name"]) + + store, err := factory.Create(storeName, storageDriverParams) + if err != nil { + panic(err) + } + + defer store.Delete(context.Background(), rootDir) //nolint: errcheck + + // create bucket if it doesn't exists + _, err = resty.R().Put("http://" + os.Getenv("S3MOCK_ENDPOINT") + "/" + bucket) + if err != nil { + panic(err) + } + + uuid, err = guuid.NewV4() + if err != nil { + panic(err) + } + + params := dynamodb.DBDriverParameters{ //nolint:contextcheck + Endpoint: os.Getenv("DYNAMODBMOCK_ENDPOINT"), + Region: region, + RepoMetaTablename: "repo" + uuid.String(), + ManifestDataTablename: "manifest" + uuid.String(), + IndexDataTablename: "index" + uuid.String(), + UserDataTablename: "user" + uuid.String(), + APIKeyTablename: "apiKey" + uuid.String(), + VersionTablename: "version" + uuid.String(), + } + + client, err := dynamodb.GetDynamoClient(params) + if err != nil { + panic(err) + } + + metaDB, err = dynamodb.New(client, params, log) + if err != nil { + panic(err) + } + + imgStore = s3.NewImageStore(rootDir, cacheDir, true, false, log, metrics, nil, store, nil) + } else { + // Create temporary directory + rootDir := t.TempDir() + + // Create ImageStore + imgStore = local.NewImageStore(rootDir, false, false, log, metrics, nil, nil) + + // init metaDB + params := boltdb.DBParameters{ + RootDir: rootDir, + } + + boltDriver, err := boltdb.GetBoltDriver(params) + if err != nil { + panic(err) + } + + metaDB, err = boltdb.New(boltDriver, log) + if err != nil { + panic(err) + } + } + + storeController := storage.StoreController{} + storeController.DefaultStore = imgStore + + Convey("setup gc images", t, func() { + // for gc testing + // basic images + gcTest1 := CreateRandomImage() + err := WriteImageToFileSystem(gcTest1, "gc-test1", "0.0.1", storeController) + So(err, ShouldBeNil) + + // also add same image(same digest) with another tag + err = WriteImageToFileSystem(gcTest1, "gc-test1", "0.0.2", storeController) + So(err, ShouldBeNil) + + gcTest2 := CreateRandomImage() + err = WriteImageToFileSystem(gcTest2, "gc-test2", "0.0.1", storeController) + So(err, ShouldBeNil) + + gcTest3 := CreateRandomImage() + err = WriteImageToFileSystem(gcTest3, "gc-test3", "0.0.1", storeController) + So(err, ShouldBeNil) + + // referrers + ref1 := CreateRandomImageWith().Subject(gcTest1.DescriptorRef()).Build() + err = WriteImageToFileSystem(ref1, "gc-test1", ref1.DigestStr(), storeController) + So(err, ShouldBeNil) + + ref2 := CreateRandomImageWith().Subject(gcTest2.DescriptorRef()).Build() + err = WriteImageToFileSystem(ref2, "gc-test2", ref2.DigestStr(), storeController) + So(err, ShouldBeNil) + + ref3 := CreateRandomImageWith().Subject(gcTest3.DescriptorRef()).Build() + err = WriteImageToFileSystem(ref3, "gc-test3", ref3.DigestStr(), storeController) + So(err, ShouldBeNil) + + // referrers pointing to referrers + refOfRef1 := CreateRandomImageWith().Subject(ref1.DescriptorRef()).Build() + err = WriteImageToFileSystem(refOfRef1, "gc-test1", refOfRef1.DigestStr(), storeController) + So(err, ShouldBeNil) + + refOfRef2 := CreateRandomImageWith().Subject(ref2.DescriptorRef()).Build() + err = WriteImageToFileSystem(refOfRef2, "gc-test2", refOfRef2.DigestStr(), storeController) + So(err, ShouldBeNil) + + refOfRef3 := CreateRandomImageWith().Subject(ref3.DescriptorRef()).Build() + err = WriteImageToFileSystem(refOfRef3, "gc-test3", refOfRef3.DigestStr(), storeController) + So(err, ShouldBeNil) + + // untagged images + gcUntagged1 := CreateRandomImage() + err = WriteImageToFileSystem(gcUntagged1, "gc-test1", gcUntagged1.DigestStr(), storeController) + So(err, ShouldBeNil) + + gcUntagged2 := CreateRandomImage() + err = WriteImageToFileSystem(gcUntagged2, "gc-test2", gcUntagged2.DigestStr(), storeController) + So(err, ShouldBeNil) + + gcUntagged3 := CreateRandomImage() + err = WriteImageToFileSystem(gcUntagged3, "gc-test3", gcUntagged3.DigestStr(), storeController) + So(err, ShouldBeNil) + + // for image retention testing + // old images + gcOld1 := CreateRandomImage() + err = WriteImageToFileSystem(gcOld1, "retention", "0.0.1", storeController) + So(err, ShouldBeNil) + + gcOld2 := CreateRandomImage() + err = WriteImageToFileSystem(gcOld2, "retention", "0.0.2", storeController) + So(err, ShouldBeNil) + + gcOld3 := CreateRandomImage() + err = WriteImageToFileSystem(gcOld3, "retention", "0.0.3", storeController) + So(err, ShouldBeNil) + + // new images + gcNew1 := CreateRandomImage() + err = WriteImageToFileSystem(gcNew1, "retention", "0.0.4", storeController) + So(err, ShouldBeNil) + + gcNew2 := CreateRandomImage() + err = WriteImageToFileSystem(gcNew2, "retention", "0.0.5", storeController) + So(err, ShouldBeNil) + + gcNew3 := CreateRandomImage() + err = WriteImageToFileSystem(gcNew3, "retention", "0.0.6", storeController) + So(err, ShouldBeNil) + + err = meta.ParseStorage(metaDB, storeController, log) + So(err, ShouldBeNil) + + retentionMeta, err := metaDB.GetRepoMeta("retention") + So(err, ShouldBeNil) + + // update timestamps for image retention + gcOld1Stats := retentionMeta.Statistics[gcOld1.DigestStr()] + gcOld1Stats.PushTimestamp = time.Now().Add(-10 * 24 * time.Hour) + gcOld1Stats.LastPullTimestamp = time.Now().Add(-10 * 24 * time.Hour) + + gcOld2Stats := retentionMeta.Statistics[gcOld2.DigestStr()] + gcOld2Stats.PushTimestamp = time.Now().Add(-11 * 24 * time.Hour) + gcOld2Stats.LastPullTimestamp = time.Now().Add(-11 * 24 * time.Hour) + + gcOld3Stats := retentionMeta.Statistics[gcOld3.DigestStr()] + gcOld3Stats.PushTimestamp = time.Now().Add(-12 * 24 * time.Hour) + gcOld3Stats.LastPullTimestamp = time.Now().Add(-12 * 24 * time.Hour) + + gcNew1Stats := retentionMeta.Statistics[gcNew1.DigestStr()] + gcNew1Stats.PushTimestamp = time.Now().Add(-1 * 24 * time.Hour) + gcNew1Stats.LastPullTimestamp = time.Now().Add(-1 * 24 * time.Hour) + + gcNew2Stats := retentionMeta.Statistics[gcNew2.DigestStr()] + gcNew2Stats.PushTimestamp = time.Now().Add(-2 * 24 * time.Hour) + gcNew2Stats.LastPullTimestamp = time.Now().Add(-2 * 24 * time.Hour) + + gcNew3Stats := retentionMeta.Statistics[gcNew3.DigestStr()] + gcNew3Stats.PushTimestamp = time.Now().Add(-3 * 24 * time.Hour) + gcNew3Stats.LastPullTimestamp = time.Now().Add(-2 * 24 * time.Hour) + + retentionMeta.Statistics[gcOld1.DigestStr()] = gcOld1Stats + retentionMeta.Statistics[gcOld2.DigestStr()] = gcOld2Stats + retentionMeta.Statistics[gcOld3.DigestStr()] = gcOld3Stats + + retentionMeta.Statistics[gcNew1.DigestStr()] = gcNew1Stats + retentionMeta.Statistics[gcNew2.DigestStr()] = gcNew2Stats + retentionMeta.Statistics[gcNew3.DigestStr()] = gcNew3Stats + + // update repo meta + err = metaDB.SetRepoMeta("retention", retentionMeta) + So(err, ShouldBeNil) + + Convey("should not gc anything", func() { + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + {}, + }, + }, + }, + }, + }, audit, log) + + err := gc.CleanRepo("gc-test1") + So(err, ShouldBeNil) + + err = gc.CleanRepo("gc-test2") + So(err, ShouldBeNil) + + err = gc.CleanRepo("gc-test3") + So(err, ShouldBeNil) + + err = gc.CleanRepo("retention") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", gcTest1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", gcUntagged1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", ref1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", refOfRef1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test2", gcTest2.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test2", gcUntagged2.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test2", ref2.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test2", refOfRef2.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test3", gcTest3.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test3", gcUntagged3.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test3", ref3.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test3", refOfRef3.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.1") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.2") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.3") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.4") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.5") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.6") + So(err, ShouldBeNil) + }) + + Convey("gc untagged manifests", func() { + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: 1 * time.Millisecond, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{}, + }, + }, + }, + }, audit, log) + + err := gc.CleanRepo("gc-test1") + So(err, ShouldBeNil) + + err = gc.CleanRepo("gc-test2") + So(err, ShouldBeNil) + + err = gc.CleanRepo("gc-test3") + So(err, ShouldBeNil) + + err = gc.CleanRepo("retention") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", gcTest1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", gcUntagged1.DigestStr()) + So(err, ShouldNotBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", ref1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", refOfRef1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test2", gcTest2.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test2", gcUntagged2.DigestStr()) + So(err, ShouldNotBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test2", ref2.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test2", refOfRef2.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test3", gcTest3.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test3", gcUntagged3.DigestStr()) + So(err, ShouldNotBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test3", ref3.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test3", refOfRef3.DigestStr()) + So(err, ShouldBeNil) + }) + + Convey("gc all tags, untagged, and afterwards referrers", func() { + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: 1 * time.Millisecond, + ImageRetention: config.ImageRetention{ + Delay: 1 * time.Millisecond, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"gc-test1"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{"v1"}, // should not match any tag + }, + }, + }, + }, + }, + }, audit, log) + + err := gc.CleanRepo("gc-test1") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", gcUntagged1.DigestStr()) + So(err, ShouldNotBeNil) + + // although we have two tags both should be deleted + _, _, _, err = imgStore.GetImageManifest("gc-test1", gcTest1.DigestStr()) + So(err, ShouldNotBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", ref1.DigestStr()) + So(err, ShouldNotBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", refOfRef1.DigestStr()) + So(err, ShouldNotBeNil) + + // now repo should get gc'ed + repos, err := imgStore.GetRepositories() + So(err, ShouldBeNil) + So(repos, ShouldNotContain, "gc-test1") + So(repos, ShouldContain, "gc-test2") + So(repos, ShouldContain, "gc-test3") + So(repos, ShouldContain, "retention") + }) + + Convey("gc with dry-run all tags, untagged, and afterwards referrers", func() { + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: 1 * time.Millisecond, + ImageRetention: config.ImageRetention{ + Delay: 1 * time.Millisecond, + DryRun: true, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"gc-test1"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{"v1"}, // should not match any tag + }, + }, + }, + }, + }, + }, audit, log) + + err := gc.CleanRepo("gc-test1") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", gcUntagged1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", ref1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", refOfRef1.DigestStr()) + So(err, ShouldBeNil) + + // now repo should not be gc'ed + repos, err := imgStore.GetRepositories() + So(err, ShouldBeNil) + So(repos, ShouldContain, "gc-test1") + So(repos, ShouldContain, "gc-test2") + So(repos, ShouldContain, "gc-test3") + So(repos, ShouldContain, "retention") + + tags, err := imgStore.GetImageTags("gc-test1") + So(err, ShouldBeNil) + So(tags, ShouldContain, "0.0.1") + So(tags, ShouldContain, "0.0.2") + }) + + Convey("all tags matches for retention", func() { + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{"0.0.*"}, + }, + }, + }, + }, + }, + }, audit, log) + + err = gc.CleanRepo("retention") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", "0.0.1") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", "0.0.2") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test2", "0.0.1") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test3", "0.0.1") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.1") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.2") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.3") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.4") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.5") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.6") + So(err, ShouldBeNil) + }) + + Convey("retain new tags", func() { + sevenDays := 7 * 24 * time.Hour + + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{".*"}, + PulledWithin: &sevenDays, + PushedWithin: &sevenDays, + }, + }, + }, + }, + }, + }, audit, log) + + err = gc.CleanRepo("retention") + So(err, ShouldBeNil) + + tags, err := imgStore.GetImageTags("retention") + So(err, ShouldBeNil) + + So(tags, ShouldContain, "0.0.4") + So(tags, ShouldContain, "0.0.5") + So(tags, ShouldContain, "0.0.6") + + So(tags, ShouldNotContain, "0.0.1") + So(tags, ShouldNotContain, "0.0.2") + So(tags, ShouldNotContain, "0.0.3") + }) + + Convey("retain 3 most recently pushed images", func() { + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{".*"}, + MostRecentlyPushedCount: 3, + }, + }, + }, + }, + }, + }, audit, log) + + err = gc.CleanRepo("retention") + So(err, ShouldBeNil) + + tags, err := imgStore.GetImageTags("retention") + So(err, ShouldBeNil) + + So(tags, ShouldContain, "0.0.4") + So(tags, ShouldContain, "0.0.5") + So(tags, ShouldContain, "0.0.6") + + So(tags, ShouldNotContain, "0.0.1") + So(tags, ShouldNotContain, "0.0.2") + So(tags, ShouldNotContain, "0.0.3") + }) + + Convey("retain 3 most recently pulled images", func() { + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{".*"}, + MostRecentlyPulledCount: 3, + }, + }, + }, + }, + }, + }, audit, log) + + err = gc.CleanRepo("retention") + So(err, ShouldBeNil) + + tags, err := imgStore.GetImageTags("retention") + So(err, ShouldBeNil) + + So(tags, ShouldContain, "0.0.4") + So(tags, ShouldContain, "0.0.5") + So(tags, ShouldContain, "0.0.6") + + So(tags, ShouldNotContain, "0.0.1") + So(tags, ShouldNotContain, "0.0.2") + So(tags, ShouldNotContain, "0.0.3") + }) + + Convey("retain 3 most recently pulled OR 4 most recently pushed images", func() { + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{".*"}, + MostRecentlyPulledCount: 3, + MostRecentlyPushedCount: 4, + }, + }, + }, + }, + }, + }, audit, log) + + err = gc.CleanRepo("retention") + So(err, ShouldBeNil) + + tags, err := imgStore.GetImageTags("retention") + So(err, ShouldBeNil) + + So(tags, ShouldContain, "0.0.1") + So(tags, ShouldContain, "0.0.4") + So(tags, ShouldContain, "0.0.5") + So(tags, ShouldContain, "0.0.6") + + So(tags, ShouldNotContain, "0.0.2") + So(tags, ShouldNotContain, "0.0.3") + }) + + Convey("test if first match rule logic works", func() { + twoDays := 2 * 24 * time.Hour + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{"0.0.1"}, + }, + { + Patterns: []string{"0.0.2"}, + }, + { + Patterns: []string{".*"}, + PulledWithin: &twoDays, + }, + }, + }, + }, + }, + }, audit, log) + + err = gc.CleanRepo("retention") + So(err, ShouldBeNil) + + tags, err := imgStore.GetImageTags("retention") + So(err, ShouldBeNil) + t.Log(tags) + So(tags, ShouldContain, "0.0.1") + So(tags, ShouldContain, "0.0.2") + So(tags, ShouldContain, "0.0.4") + + So(tags, ShouldNotContain, "0.0.3") + So(tags, ShouldNotContain, "0.0.5") + So(tags, ShouldNotContain, "0.0.6") + }) + + Convey("gc - do not match any repo", func() { + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: 1 * time.Millisecond, + ImageRetention: config.ImageRetention{ + Delay: 1 * time.Millisecond, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"no-match"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + }, + }, + }, + }, audit, log) + + err := gc.CleanRepo("gc-test1") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", gcUntagged1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", ref1.DigestStr()) + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("gc-test1", refOfRef1.DigestStr()) + So(err, ShouldBeNil) + + repos, err := imgStore.GetRepositories() + So(err, ShouldBeNil) + So(repos, ShouldContain, "gc-test1") + So(repos, ShouldContain, "gc-test2") + So(repos, ShouldContain, "gc-test3") + So(repos, ShouldContain, "retention") + }) + + Convey("remove one tag because it didn't match, preserve tags without statistics in metaDB", func() { + // add new tag in retention repo which can not be found in metaDB, should be always retained + err = WriteImageToFileSystem(CreateRandomImage(), "retention", "0.0.7", storeController) + So(err, ShouldBeNil) + + gc := gc.NewGarbageCollect(imgStore, metaDB, gc.Options{ + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + KeepTags: []config.KeepTagsPolicy{ + { + Patterns: []string{"0.0.[1-5]"}, + }, + }, + }, + }, + }, + }, audit, log) + + err = gc.CleanRepo("retention") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.1") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.2") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.3") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.4") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.5") + So(err, ShouldBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.6") + So(err, ShouldNotBeNil) + + _, _, _, err = imgStore.GetImageManifest("retention", "0.0.7") + So(err, ShouldBeNil) + }) + }) + }) + } +} diff --git a/pkg/storage/imagestore/imagestore.go b/pkg/storage/imagestore/imagestore.go index 2508a59fd3..20dbe96e63 100644 --- a/pkg/storage/imagestore/imagestore.go +++ b/pkg/storage/imagestore/imagestore.go @@ -1160,7 +1160,7 @@ func (is *ImageStore) CheckBlob(repo string, digest godigest.Digest) (bool, int6 // Check blobs in cache dstRecord, err := is.checkCacheBlob(digest) if err != nil { - is.log.Error().Err(err).Str("digest", digest.String()).Msg("cache: not found") + is.log.Debug().Err(err).Str("digest", digest.String()).Msg("cache: not found") return false, -1, zerr.ErrBlobNotFound } @@ -1206,7 +1206,7 @@ func (is *ImageStore) StatBlob(repo string, digest godigest.Digest) (bool, int64 // Check blobs in cache dstRecord, err := is.checkCacheBlob(digest) if err != nil { - is.log.Error().Err(err).Str("digest", digest.String()).Msg("cache: not found") + is.log.Debug().Err(err).Str("digest", digest.String()).Msg("cache: not found") return false, -1, time.Time{}, zerr.ErrBlobNotFound } @@ -1533,7 +1533,8 @@ func (is *ImageStore) CleanupRepo(repo string, blobs []godigest.Digest, removeRe count := 0 for _, digest := range blobs { - is.log.Debug().Str("repository", repo).Str("digest", digest.String()).Msg("perform GC on blob") + is.log.Debug().Str("repository", repo). + Str("digest", digest.String()).Msg("perform GC on blob") if err := is.deleteBlob(repo, digest); err != nil { if errors.Is(err, zerr.ErrBlobReferenced) { @@ -1565,6 +1566,8 @@ func (is *ImageStore) CleanupRepo(repo string, blobs []godigest.Digest, removeRe // if removeRepo flag is true and we cleanup all blobs and there are no blobs currently being uploaded. if removeRepo && count == len(blobs) && count > 0 && len(blobUploads) == 0 { + is.log.Info().Str("repository", repo).Msg("removed all blobs, removing repo") + if err := is.storeDriver.Delete(path.Join(is.rootDir, repo)); err != nil { is.log.Error().Err(err).Str("repository", repo).Msg("unable to remove repo") diff --git a/pkg/storage/local/driver.go b/pkg/storage/local/driver.go index bcc46c12da..1d4b1b9efa 100644 --- a/pkg/storage/local/driver.go +++ b/pkg/storage/local/driver.go @@ -293,7 +293,7 @@ func (driver *Driver) Link(src, dest string) error { /* also update the modtime, so that gc won't remove recently linked blobs otherwise ifBlobOlderThan(gcDelay) will return the modtime of the inode */ - currentTime := time.Now().Local() //nolint: gosmopolitan + currentTime := time.Now() //nolint: gosmopolitan if err := os.Chtimes(dest, currentTime, currentTime); err != nil { return driver.formatErr(err) } diff --git a/pkg/storage/local/local_test.go b/pkg/storage/local/local_test.go index 2715a29c8b..ebcfedd499 100644 --- a/pkg/storage/local/local_test.go +++ b/pkg/storage/local/local_test.go @@ -29,7 +29,7 @@ import ( "zotregistry.io/zot/pkg/api/config" "zotregistry.io/zot/pkg/common" "zotregistry.io/zot/pkg/extensions/monitoring" - "zotregistry.io/zot/pkg/log" + zlog "zotregistry.io/zot/pkg/log" "zotregistry.io/zot/pkg/scheduler" "zotregistry.io/zot/pkg/storage" "zotregistry.io/zot/pkg/storage/cache" @@ -47,10 +47,23 @@ const ( repoName = "test" ) +var trueVal bool = true //nolint: gochecknoglobals + +var DeleteReferrers = config.ImageRetention{ //nolint: gochecknoglobals + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + }, + }, +} + var errCache = errors.New("new cache error") func runAndGetScheduler() (*scheduler.Scheduler, context.CancelFunc) { - taskScheduler := scheduler.NewScheduler(config.New(), log.Logger{}) + taskScheduler := scheduler.NewScheduler(config.New(), zlog.Logger{}) taskScheduler.RateLimit = 50 * time.Millisecond ctx, cancel := context.WithCancel(context.Background()) @@ -62,7 +75,7 @@ func runAndGetScheduler() (*scheduler.Scheduler, context.CancelFunc) { func TestStorageFSAPIs(t *testing.T) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -199,7 +212,7 @@ func TestStorageFSAPIs(t *testing.T) { func TestGetOrasReferrers(t *testing.T) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -258,7 +271,7 @@ func FuzzNewBlobUpload(f *testing.F) { dir := t.TempDir() defer os.RemoveAll(dir) t.Logf("Input argument is %s", data) - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -284,7 +297,8 @@ func FuzzPutBlobChunk(f *testing.F) { dir := t.TempDir() defer os.RemoveAll(dir) t.Logf("Input argument is %s", data) - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} + metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -317,7 +331,7 @@ func FuzzPutBlobChunkStreamed(f *testing.F) { dir := t.TempDir() defer os.RemoveAll(dir) t.Logf("Input argument is %s", data) - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -349,7 +363,7 @@ func FuzzGetBlobUpload(f *testing.F) { f.Fuzz(func(t *testing.T, data1 string, data2 string) { dir := t.TempDir() defer os.RemoveAll(dir) - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -371,7 +385,7 @@ func FuzzGetBlobUpload(f *testing.F) { func FuzzTestPutGetImageManifest(f *testing.F) { f.Fuzz(func(t *testing.T, data []byte) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -422,7 +436,7 @@ func FuzzTestPutGetImageManifest(f *testing.F) { func FuzzTestPutDeleteImageManifest(f *testing.F) { f.Fuzz(func(t *testing.T, data []byte) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -480,7 +494,7 @@ func FuzzTestPutDeleteImageManifest(f *testing.F) { // no integration with PutImageManifest, just throw fuzz data. func FuzzTestDeleteImageManifest(f *testing.F) { f.Fuzz(func(t *testing.T, data []byte) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -515,7 +529,7 @@ func FuzzDirExists(f *testing.F) { func FuzzInitRepo(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -539,7 +553,7 @@ func FuzzInitRepo(f *testing.F) { func FuzzInitValidateRepo(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -570,7 +584,7 @@ func FuzzInitValidateRepo(f *testing.F) { func FuzzGetImageTags(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -594,7 +608,7 @@ func FuzzGetImageTags(f *testing.F) { func FuzzBlobUploadPath(f *testing.F) { f.Fuzz(func(t *testing.T, repo, uuid string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -613,7 +627,7 @@ func FuzzBlobUploadPath(f *testing.F) { func FuzzBlobUploadInfo(f *testing.F) { f.Fuzz(func(t *testing.T, data string, uuid string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -642,7 +656,7 @@ func FuzzTestGetImageManifest(f *testing.F) { dir := t.TempDir() defer os.RemoveAll(dir) - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -670,7 +684,7 @@ func FuzzFinishBlobUpload(f *testing.F) { dir := t.TempDir() defer os.RemoveAll(dir) - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -714,7 +728,7 @@ func FuzzFinishBlobUpload(f *testing.F) { func FuzzFullBlobUpload(f *testing.F) { f.Fuzz(func(t *testing.T, data []byte) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) repoName := "test" @@ -745,7 +759,7 @@ func FuzzFullBlobUpload(f *testing.F) { func TestStorageCacheErrors(t *testing.T) { Convey("get error in DedupeBlob() when cache.Put() deduped blob", t, func() { - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) dir := t.TempDir() @@ -787,7 +801,7 @@ func TestStorageCacheErrors(t *testing.T) { func FuzzDedupeBlob(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -827,7 +841,7 @@ func FuzzDedupeBlob(f *testing.F) { func FuzzDeleteBlobUpload(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) repoName := data @@ -858,7 +872,7 @@ func FuzzDeleteBlobUpload(f *testing.F) { func FuzzBlobPath(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) repoName := data @@ -879,7 +893,7 @@ func FuzzBlobPath(f *testing.F) { func FuzzCheckBlob(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) repoName := data @@ -910,7 +924,7 @@ func FuzzCheckBlob(f *testing.F) { func FuzzGetBlob(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) repoName := data @@ -948,7 +962,7 @@ func FuzzGetBlob(f *testing.F) { func FuzzDeleteBlob(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) repoName := data @@ -983,7 +997,7 @@ func FuzzDeleteBlob(f *testing.F) { func FuzzGetIndexContent(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) repoName := data @@ -1018,7 +1032,7 @@ func FuzzGetIndexContent(f *testing.F) { func FuzzGetBlobContent(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) repoName := data @@ -1053,7 +1067,7 @@ func FuzzGetBlobContent(f *testing.F) { func FuzzGetOrasReferrers(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := &log.Logger{Logger: zerolog.New(os.Stdout)} + log := &zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, *log) dir := t.TempDir() @@ -1116,7 +1130,9 @@ func FuzzGetOrasReferrers(f *testing.F) { func FuzzRunGCRepo(f *testing.F) { f.Fuzz(func(t *testing.T, data string) { - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.NewLogger("debug", "") + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) dir := t.TempDir() defer os.RemoveAll(dir) @@ -1129,10 +1145,9 @@ func FuzzRunGCRepo(f *testing.F) { imgStore := local.NewImageStore(dir, true, true, log, metrics, nil, cacheDriver) gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + ImageRetention: DeleteReferrers, + }, audit, log) if err := gc.CleanRepo(data); err != nil { t.Error(err) @@ -1155,7 +1170,7 @@ func TestDedupeLinks(t *testing.T) { }, } - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) for _, testCase := range testCases { @@ -1520,7 +1535,7 @@ func TestDedupe(t *testing.T) { Convey("Valid ImageStore", func() { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -1540,7 +1555,7 @@ func TestNegativeCases(t *testing.T) { Convey("Invalid root dir", t, func(c C) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -1563,7 +1578,7 @@ func TestNegativeCases(t *testing.T) { Convey("Invalid init repo", t, func(c C) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -1613,7 +1628,7 @@ func TestNegativeCases(t *testing.T) { Convey("Invalid validate repo", t, func(c C) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -1725,7 +1740,7 @@ func TestNegativeCases(t *testing.T) { Convey("Invalid get image tags", t, func(c C) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -1750,7 +1765,7 @@ func TestNegativeCases(t *testing.T) { Convey("Invalid get image manifest", t, func(c C) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -1797,7 +1812,7 @@ func TestNegativeCases(t *testing.T) { Convey("Invalid new blob upload", t, func(c C) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -1968,7 +1983,7 @@ func TestInjectWriteFile(t *testing.T) { Convey("writeFile without commit", t, func() { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -1994,7 +2009,9 @@ func TestGarbageCollectForImageStore(t *testing.T) { defer os.Remove(logFile.Name()) // clean up - log := log.NewLogger("debug", logFile.Name()) + log := zlog.NewLogger("debug", logFile.Name()) + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2006,10 +2023,9 @@ func TestGarbageCollectForImageStore(t *testing.T) { repoName := "gc-all-repos-short" gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, Delay: 1 * time.Second, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + ImageRetention: DeleteReferrers, + }, audit, log) image := CreateDefaultVulnerableImage() err := WriteImageToFileSystem(image, repoName, "0.0.1", storage.StoreController{ @@ -2039,7 +2055,9 @@ func TestGarbageCollectForImageStore(t *testing.T) { defer os.Remove(logFile.Name()) // clean up - log := log.NewLogger("debug", logFile.Name()) + log := zlog.NewLogger("debug", logFile.Name()) + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2051,10 +2069,9 @@ func TestGarbageCollectForImageStore(t *testing.T) { repoName := "gc-all-repos-short" gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, Delay: 1 * time.Second, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + ImageRetention: DeleteReferrers, + }, audit, log) image := CreateDefaultVulnerableImage() err := WriteImageToFileSystem(image, repoName, "0.0.1", storage.StoreController{ @@ -2081,7 +2098,9 @@ func TestGarbageCollectForImageStore(t *testing.T) { defer os.Remove(logFile.Name()) // clean up - log := log.NewLogger("debug", logFile.Name()) + log := zlog.NewLogger("debug", logFile.Name()) + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2092,10 +2111,9 @@ func TestGarbageCollectForImageStore(t *testing.T) { repoName := "gc-sig" gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, Delay: 1 * time.Second, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + ImageRetention: DeleteReferrers, + }, audit, log) storeController := storage.StoreController{DefaultStore: imgStore} img := CreateRandomImage() @@ -2146,7 +2164,9 @@ func TestGarbageCollectImageUnknownManifest(t *testing.T) { Convey("Garbage collect with short delay", t, func() { dir := t.TempDir() - log := log.NewLogger("debug", "") + log := zlog.NewLogger("debug", "") + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2161,10 +2181,9 @@ func TestGarbageCollectImageUnknownManifest(t *testing.T) { } gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, Delay: 1 * time.Second, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + ImageRetention: DeleteReferrers, + }, audit, log) unsupportedMediaType := "application/vnd.oci.artifact.manifest.v1+json" @@ -2324,7 +2343,9 @@ func TestGarbageCollectErrors(t *testing.T) { Convey("Make image store", t, func(c C) { dir := t.TempDir() - log := log.NewLogger("debug", "") + log := zlog.NewLogger("debug", "") + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2336,10 +2357,9 @@ func TestGarbageCollectErrors(t *testing.T) { repoName := "gc-index" gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, Delay: 500 * time.Millisecond, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + ImageRetention: DeleteReferrers, + }, audit, log) // create a blob/layer upload, err := imgStore.NewBlobUpload(repoName) @@ -2538,7 +2558,7 @@ func TestGarbageCollectErrors(t *testing.T) { err = gc.CleanRepo(repoName) So(err, ShouldBeNil) - // blob shouldn't be gc'ed + // blob shouldn't be gc'ed //TODO check this one found, _, err := imgStore.CheckBlob(repoName, digest) So(err, ShouldBeNil) So(found, ShouldEqual, true) @@ -2566,7 +2586,7 @@ func TestInitRepo(t *testing.T) { Convey("Get error when creating BlobUploadDir subdir on initRepo", t, func() { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2588,7 +2608,7 @@ func TestValidateRepo(t *testing.T) { Convey("Get error when unable to read directory", t, func() { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2608,7 +2628,7 @@ func TestValidateRepo(t *testing.T) { Convey("Get error when repo name is not compliant with repo spec", t, func() { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2653,7 +2673,7 @@ func TestGetRepositories(t *testing.T) { Convey("Verify errors and repos returned by GetRepositories()", t, func() { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2748,7 +2768,7 @@ func TestGetRepositories(t *testing.T) { Convey("Verify GetRepositories() doesn't return '.' when having an oci layout as root directory ", t, func() { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2794,7 +2814,7 @@ func TestGetRepositories(t *testing.T) { err := os.Mkdir(rootDir, 0o755) So(err, ShouldBeNil) - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: rootDir, @@ -2838,7 +2858,7 @@ func TestGetRepositories(t *testing.T) { func TestGetNextRepository(t *testing.T) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2891,7 +2911,7 @@ func TestPutBlobChunkStreamed(t *testing.T) { Convey("Get error on opening file", t, func() { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -2918,7 +2938,7 @@ func TestPullRange(t *testing.T) { Convey("Repo layout", t, func(c C) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) Convey("Negative cases", func() { @@ -2968,7 +2988,7 @@ func TestPullRange(t *testing.T) { func TestStorageDriverErr(t *testing.T) { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, diff --git a/pkg/storage/storage_test.go b/pkg/storage/storage_test.go index 15baff2993..f9dde13d1b 100644 --- a/pkg/storage/storage_test.go +++ b/pkg/storage/storage_test.go @@ -28,8 +28,9 @@ import ( "gopkg.in/resty.v1" zerr "zotregistry.io/zot/errors" + "zotregistry.io/zot/pkg/api/config" "zotregistry.io/zot/pkg/extensions/monitoring" - "zotregistry.io/zot/pkg/log" + zlog "zotregistry.io/zot/pkg/log" "zotregistry.io/zot/pkg/storage" "zotregistry.io/zot/pkg/storage/cache" storageCommon "zotregistry.io/zot/pkg/storage/common" @@ -44,6 +45,19 @@ import ( tskip "zotregistry.io/zot/pkg/test/skip" ) +var trueVal bool = true //nolint: gochecknoglobals + +var DeleteReferrers = config.ImageRetention{ //nolint: gochecknoglobals + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + }, + }, +} + func cleanupStorage(store driver.StorageDriver, name string) { _ = store.Delete(context.Background(), name) } @@ -78,7 +92,7 @@ func createObjectsStore(rootDir string, cacheDir string) ( panic(err) } - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ @@ -129,7 +143,7 @@ func TestStorageAPIs(t *testing.T) { } else { dir := t.TempDir() - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) cacheDriver, _ := storage.Create("boltdb", cache.BoltDBDriverParameters{ RootDir: dir, @@ -741,7 +755,7 @@ func TestMandatoryAnnotations(t *testing.T) { var testDir, tdir string var store driver.StorageDriver - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) if testcase.storageType == storageConstants.S3StorageDriverName { @@ -865,7 +879,7 @@ func TestDeleteBlobsInUse(t *testing.T) { var testDir, tdir string var store driver.StorageDriver - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) if testcase.storageType == storageConstants.S3StorageDriverName { @@ -1165,7 +1179,7 @@ func TestReuploadCorruptedBlob(t *testing.T) { var store driver.StorageDriver var driver storageTypes.Driver - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.Logger{Logger: zerolog.New(os.Stdout)} metrics := monitoring.NewMetricsServer(false, log) if testcase.storageType == storageConstants.S3StorageDriverName { @@ -1403,7 +1417,7 @@ func TestStorageHandler(t *testing.T) { secondRootDir = t.TempDir() thirdRootDir = t.TempDir() - log := log.NewLogger("debug", "") + log := zlog.NewLogger("debug", "") metrics := monitoring.NewMetricsServer(false, log) @@ -1462,7 +1476,9 @@ func TestGarbageCollectImageManifest(t *testing.T) { for _, testcase := range testCases { testcase := testcase t.Run(testcase.testCaseName, func(t *testing.T) { - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.NewLogger("debug", "") + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) Convey("Repo layout", t, func(c C) { @@ -1497,10 +1513,17 @@ func TestGarbageCollectImageManifest(t *testing.T) { } gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, - Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + Delay: storageConstants.DefaultGCDelay, + ImageRetention: config.ImageRetention{ + Delay: storageConstants.DefaultRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + }, + }, + }, + }, audit, log) repoName := "gc-long" @@ -1660,10 +1683,18 @@ func TestGarbageCollectImageManifest(t *testing.T) { } gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, - Delay: gcDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + Delay: gcDelay, + ImageRetention: config.ImageRetention{ //nolint: gochecknoglobals + Delay: gcDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + }, + }, + }, + }, audit, log) // upload orphan blob upload, err := imgStore.NewBlobUpload(repoName) @@ -1970,10 +2001,9 @@ func TestGarbageCollectImageManifest(t *testing.T) { } gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, Delay: gcDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + ImageRetention: DeleteReferrers, + }, audit, log) // first upload an image to the first repo and wait for GC timeout @@ -2171,7 +2201,9 @@ func TestGarbageCollectImageIndex(t *testing.T) { for _, testcase := range testCases { testcase := testcase t.Run(testcase.testCaseName, func(t *testing.T) { - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.NewLogger("debug", "") + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) Convey("Repo layout", t, func(c C) { @@ -2206,10 +2238,9 @@ func TestGarbageCollectImageIndex(t *testing.T) { } gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, Delay: storageConstants.DefaultGCDelay, - RetentionDelay: storageConstants.DefaultUntaggedImgeRetentionDelay, - }, log) + ImageRetention: DeleteReferrers, + }, audit, log) repoName := "gc-long" @@ -2336,10 +2367,18 @@ func TestGarbageCollectImageIndex(t *testing.T) { } gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, - Delay: gcDelay, - RetentionDelay: imageRetentionDelay, - }, log) + Delay: gcDelay, + ImageRetention: config.ImageRetention{ //nolint: gochecknoglobals + Delay: imageRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + }, + }, + }, + }, audit, log) // upload orphan blob upload, err := imgStore.NewBlobUpload(repoName) @@ -2608,7 +2647,9 @@ func TestGarbageCollectChainedImageIndexes(t *testing.T) { for _, testcase := range testCases { testcase := testcase t.Run(testcase.testCaseName, func(t *testing.T) { - log := log.Logger{Logger: zerolog.New(os.Stdout)} + log := zlog.NewLogger("debug", "") + audit := zlog.NewAuditLogger("debug", "") + metrics := monitoring.NewMetricsServer(false, log) Convey("Garbage collect with short delay", t, func() { @@ -2646,10 +2687,18 @@ func TestGarbageCollectChainedImageIndexes(t *testing.T) { } gc := gc.NewGarbageCollect(imgStore, mocks.MetaDBMock{}, gc.Options{ - Referrers: true, - Delay: gcDelay, - RetentionDelay: imageRetentionDelay, - }, log) + Delay: gcDelay, + ImageRetention: config.ImageRetention{ //nolint: gochecknoglobals + Delay: imageRetentionDelay, + Policies: []config.RetentionPolicy{ + { + Repositories: []string{"**"}, + DeleteReferrers: true, + DeleteUntagged: &trueVal, + }, + }, + }, + }, audit, log) // upload orphan blob upload, err := imgStore.NewBlobUpload(repoName) diff --git a/pkg/test/image-utils/upload_test.go b/pkg/test/image-utils/upload_test.go index 178e08efaa..7291bc412f 100644 --- a/pkg/test/image-utils/upload_test.go +++ b/pkg/test/image-utils/upload_test.go @@ -81,17 +81,24 @@ func TestUploadImage(t *testing.T) { conf.HTTP.Port = port conf.Storage.RootDirectory = tempDir - err := os.Chmod(tempDir, 0o400) - if err != nil { - t.Fatal(err) - } - ctlr := api.NewController(conf) ctlrManager := tcommon.NewControllerManager(ctlr) ctlrManager.StartAndWait(port) defer ctlrManager.StopServer() + err := os.Chmod(tempDir, 0o400) + if err != nil { + t.Fatal(err) + } + + defer func() { + err := os.Chmod(tempDir, 0o700) + if err != nil { + t.Fatal(err) + } + }() + img := Image{ Layers: make([][]byte, 10), } diff --git a/pkg/test/mocks/repo_db_mock.go b/pkg/test/mocks/repo_db_mock.go index 9d40b4c1da..badfdba40b 100644 --- a/pkg/test/mocks/repo_db_mock.go +++ b/pkg/test/mocks/repo_db_mock.go @@ -19,7 +19,8 @@ type MetaDBMock struct { SetRepoLogoFn func(repo string, logoPath string) error - SetRepoReferenceFn func(repo string, Reference string, manifestDigest godigest.Digest, mediaType string) error + SetRepoReferenceFn func(ctx context.Context, repo string, Reference string, + manifestDigest godigest.Digest, mediaType string) error RemoveRepoReferenceFn func(repo, reference string, manifestDigest godigest.Digest) error @@ -55,7 +56,7 @@ type MetaDBMock struct { GetReferrersInfoFn func(repo string, referredDigest godigest.Digest, artifactTypes []string) ( []mTypes.ReferrerInfo, error) - IncrementImageDownloadsFn func(repo string, reference string) error + UpdateStatsOnDownloadFn func(repo string, reference string) error UpdateSignaturesValidityFn func(repo string, manifestDigest godigest.Digest) error @@ -160,11 +161,11 @@ func (sdm MetaDBMock) GetRepoStars(repo string) (int, error) { return 0, nil } -func (sdm MetaDBMock) SetRepoReference(repo string, reference string, manifestDigest godigest.Digest, - mediaType string, +func (sdm MetaDBMock) SetRepoReference(ctx context.Context, repo string, reference string, + manifestDigest godigest.Digest, mediaType string, ) error { if sdm.SetRepoReferenceFn != nil { - return sdm.SetRepoReferenceFn(repo, reference, manifestDigest, mediaType) + return sdm.SetRepoReferenceFn(ctx, repo, reference, manifestDigest, mediaType) } return nil @@ -251,9 +252,9 @@ func (sdm MetaDBMock) SetManifestMeta(repo string, manifestDigest godigest.Diges return nil } -func (sdm MetaDBMock) IncrementImageDownloads(repo string, reference string) error { - if sdm.IncrementImageDownloadsFn != nil { - return sdm.IncrementImageDownloadsFn(repo, reference) +func (sdm MetaDBMock) UpdateStatsOnDownload(repo string, reference string) error { + if sdm.UpdateStatsOnDownloadFn != nil { + return sdm.UpdateStatsOnDownloadFn(repo, reference) } return nil diff --git a/test/blackbox/garbage_collect.bats b/test/blackbox/garbage_collect.bats index 61ca08d5e3..08762c538e 100644 --- a/test/blackbox/garbage_collect.bats +++ b/test/blackbox/garbage_collect.bats @@ -34,10 +34,18 @@ function setup_file() { "storage": { "rootDirectory": "${zot_root_dir}", "gc": true, - "gcReferrers": true, "gcDelay": "30s", - "untaggedImageRetentionDelay": "40s", - "gcInterval": "1s" + "gcInterval": "1s", + "retention": { + "delay": "40s", + "policies": [ + { + "repositories": ["**"], + "deleteReferrers": true, + "deleteUntagged": true + } + ] + } }, "http": { "address": "0.0.0.0", diff --git a/test/cluster/config-minio.json b/test/cluster/config-minio.json index 618cf2cb1e..53464a7cfe 100644 --- a/test/cluster/config-minio.json +++ b/test/cluster/config-minio.json @@ -2,7 +2,7 @@ "distSpecVersion": "1.1.0-dev", "storage": { "rootDirectory": "/tmp/zot", - "gc": false, + "gc": true, "dedupe": false, "storageDriver": { "name": "s3", diff --git a/test/gc-stress/config-gc-bench-local.json b/test/gc-stress/config-gc-bench-local.json index ae1010c155..7453e08a0f 100644 --- a/test/gc-stress/config-gc-bench-local.json +++ b/test/gc-stress/config-gc-bench-local.json @@ -3,9 +3,7 @@ "storage": { "rootDirectory": "/tmp/zot/local", "gc": true, - "gcReferrers": false, "gcDelay": "20s", - "untaggedImageRetentionDelay": "20s", "gcInterval": "1s" }, "http": { diff --git a/test/gc-stress/config-gc-bench-s3-localstack.json b/test/gc-stress/config-gc-bench-s3-localstack.json index 11151bdce2..5d7a7bab88 100644 --- a/test/gc-stress/config-gc-bench-s3-localstack.json +++ b/test/gc-stress/config-gc-bench-s3-localstack.json @@ -3,9 +3,7 @@ "storage": { "rootDirectory": "/tmp/zot/s3", "gc": true, - "gcReferrers": false, "gcDelay": "50m", - "untaggedImageRetentionDelay": "50m", "gcInterval": "2m", "storageDriver": { "name": "s3", @@ -20,7 +18,13 @@ "name": "dynamodb", "endpoint": "http://localhost:4566", "region": "us-east-2", - "cacheTablename": "BlobTable" + "cacheTablename": "BlobTable", + "repoMetaTablename": "RepoMetadataTable", + "indexDataTablename": "IndexDataTable", + "manifestDataTablename": "ManifestDataTable", + "apikeytablename": "ApiKeyDataTable", + "userdatatablename": "UserDataTable", + "versionTablename": "VersionTable" } }, "http": { diff --git a/test/gc-stress/config-gc-bench-s3-minio.json b/test/gc-stress/config-gc-bench-s3-minio.json index 89ae27709c..d695e5e38f 100644 --- a/test/gc-stress/config-gc-bench-s3-minio.json +++ b/test/gc-stress/config-gc-bench-s3-minio.json @@ -3,9 +3,7 @@ "storage": { "rootDirectory": "/tmp/zot/s3", "gc": true, - "gcReferrers": false, "gcDelay": "4m", - "untaggedImageRetentionDelay": "4m", "gcInterval": "1s", "storageDriver": { "name": "s3", @@ -22,7 +20,13 @@ "name": "dynamodb", "endpoint": "http://localhost:4566", "region": "us-east-2", - "cacheTablename": "BlobTable" + "cacheTablename": "BlobTable", + "repoMetaTablename": "RepoMetadataTable", + "indexDataTablename": "IndexDataTable", + "manifestDataTablename": "ManifestDataTable", + "apikeytablename": "ApiKeyDataTable", + "userdatatablename": "UserDataTable", + "versionTablename": "VersionTable" } }, "http": { diff --git a/test/gc-stress/config-gc-referrers-bench-local.json b/test/gc-stress/config-gc-referrers-bench-local.json index 909be1a085..5d61fff411 100644 --- a/test/gc-stress/config-gc-referrers-bench-local.json +++ b/test/gc-stress/config-gc-referrers-bench-local.json @@ -3,10 +3,17 @@ "storage": { "rootDirectory": "/tmp/zot/local", "gc": true, - "gcReferrers": true, "gcDelay": "20s", - "untaggedImageRetentionDelay": "20s", - "gcInterval": "1s" + "gcInterval": "1s", + "retention": { + "delay": "20s", + "policies": [ + { + "repositories": ["**"], + "deleteReferrers": true + } + ] + } }, "http": { "address": "127.0.0.1", diff --git a/test/gc-stress/config-gc-referrers-bench-s3-localstack.json b/test/gc-stress/config-gc-referrers-bench-s3-localstack.json index 98cee6bc48..df2311b8f4 100644 --- a/test/gc-stress/config-gc-referrers-bench-s3-localstack.json +++ b/test/gc-stress/config-gc-referrers-bench-s3-localstack.json @@ -3,10 +3,17 @@ "storage": { "rootDirectory": "/tmp/zot/s3", "gc": true, - "gcReferrers": true, "gcDelay": "50m", - "untaggedImageRetentionDelay": "50m", "gcInterval": "2m", + "retention": { + "delay": "50m", + "policies": [ + { + "repositories": ["**"], + "deleteReferrers": true + } + ] + }, "storageDriver": { "name": "s3", "rootdirectory": "/zot", @@ -20,7 +27,13 @@ "name": "dynamodb", "endpoint": "http://localhost:4566", "region": "us-east-2", - "cacheTablename": "BlobTable" + "cacheTablename": "BlobTable", + "repoMetaTablename": "RepoMetadataTable", + "indexDataTablename": "IndexDataTable", + "manifestDataTablename": "ManifestDataTable", + "apikeytablename": "ApiKeyDataTable", + "userdatatablename": "UserDataTable", + "versionTablename": "VersionTable" } }, "http": { diff --git a/test/gc-stress/config-gc-referrers-bench-s3-minio.json b/test/gc-stress/config-gc-referrers-bench-s3-minio.json index cac4aa270c..5225972667 100644 --- a/test/gc-stress/config-gc-referrers-bench-s3-minio.json +++ b/test/gc-stress/config-gc-referrers-bench-s3-minio.json @@ -3,10 +3,17 @@ "storage": { "rootDirectory": "/tmp/zot/s3", "gc": true, - "gcReferrers": true, "gcDelay": "4m", - "untaggedImageRetentionDelay": "4m", "gcInterval": "1s", + "retention": { + "delay": "4m", + "policies": [ + { + "repositories": ["**"], + "deleteReferrers": true + } + ] + }, "storageDriver": { "name": "s3", "rootdirectory": "/zot", @@ -22,7 +29,13 @@ "name": "dynamodb", "endpoint": "http://localhost:4566", "region": "us-east-2", - "cacheTablename": "BlobTable" + "cacheTablename": "BlobTable", + "repoMetaTablename": "RepoMetadataTable", + "indexDataTablename": "IndexDataTable", + "manifestDataTablename": "ManifestDataTable", + "apikeytablename": "ApiKeyDataTable", + "userdatatablename": "UserDataTable", + "versionTablename": "VersionTable" } }, "http": {