[Bug]: zot verify doesn't validate files without .json extension
rlex opened this issue · comments
zot version
v2.0.0
Describe the bug
While writing ansible role i faced issue that "zot verify" command will not work if no extension is present in config file name.
Ansible works by copying generated config file to tmp dir, running specified command on that template (which is usually stored by %random_uid%/source path) and copying validated file in place of config. But since file is just called "source", validation of zot config fails.
To reproduce
Create zot config, ie:
{"distSpecVersion": "1.1.0-dev", "storage": {"rootDirectory": "/tmp/zot", "dedupe": true}, "http": {"address": "0.0.0.0", "port": 8080}, "log": {"level": "info"}, "extensions": {"metrics": {"enable": true, "prometheus": {"path": "/metrics"}}, "search": {"enable": true, "cve": {"updateInterval": "2h"}}, "scrub": {"enable": true, "interval": "24h"}, "ui": {"enable": true}, "sync": {"enable": true, "registries": [{"urls": "https://index.docker.io", "content": {"destination": "/docker.io", "prefix": "**"}, "onDemand": true, "tlsVerify": true}, {"urls": "https://registry.gitlab.com", "content": {"destination": "/registry.gitlab.com", "prefix": "**"}, "onDemand": true, "tlsVerify": true}, {"urls": "https://ghcr.io", "content": {"destination": "/ghcr.io", "prefix": "**"}, "onDemand": true, "tlsVerify": true}, {"urls": "https://quay.io", "content": {"destination": "/quay.io", "prefix": "**"}, "onDemand": true, "tlsVerify": true}, {"urls": "https://gcr.io", "content": {"destination": "/gcr.io", "prefix": "**"}, "onDemand": true, "tlsVerify": true}, {"urls": "https://registry.k8s.io", "content": {"destination": "/registry.k8s.io", "prefix": "**"}, "onDemand": true, "tlsVerify": true}]}}}
Save it as source, run:
root@registry-1:~/.ansible/tmp/ansible-tmp-1703009904.547081-34649-230903409533124# zot verify source
{"level":"error","error":"Unsupported Config Type \"\"","time":"2023-12-19T21:23:45+03:00","message":"failed to read configuration"}
{"level":"error","config":"source","time":"2023-12-19T21:23:45+03:00","message":"invalid config file"}
Error: Unsupported Config Type ""
Usage:
zot verify <config> [flags]
Aliases:
verify, verify
Flags:
-h, --help help for verify
root@registry-1:~/.ansible/tmp/ansible-tmp-1703009904.547081-34649-230903409533124# echo $?
1
Fail
Same file, but with .json added:
root@registry-1:~/.ansible/tmp/ansible-tmp-1703009904.547081-34649-230903409533124# sha512sum source
3da953ccf1c797de5ccb9b6b7c69e9ac32dff7b7137cf25b1ac9c351e67e5da75c7e0df0e75a811b1f49e62c68400c5c6c832eb9ce71c4b5ac29915e128efa7e source
root@registry-1:~/.ansible/tmp/ansible-tmp-1703009904.547081-34649-230903409533124# sha512sum source.json
3da953ccf1c797de5ccb9b6b7c69e9ac32dff7b7137cf25b1ac9c351e67e5da75c7e0df0e75a811b1f49e62c68400c5c6c832eb9ce71c4b5ac29915e128efa7e source.json
root@registry-1:~/.ansible/tmp/ansible-tmp-1703009904.547081-34649-230903409533124# zot verify source.json
{"level":"info","url":"ghcr.io/aquasecurity/trivy-db","component":"config","goroutine":1,"caller":"zotregistry.io/zot/pkg/cli/server/root.go:576","time":"2023-12-19T21:24:44.116416297+03:00","message":"using default trivy-db download URL."}
{"level":"info","url":"ghcr.io/aquasecurity/trivy-java-db","component":"config","goroutine":1,"caller":"zotregistry.io/zot/pkg/cli/server/root.go:583","time":"2023-12-19T21:24:44.117022469+03:00","message":"using default trivy-java-db download URL."}
{"level":"info","config":"source.json","time":"2023-12-19T21:24:44.117234995+03:00","message":"config file is valid"}
Interestingly, test will pass even if i give json file yaml extension:
root@registry-1:~/.ansible/tmp/ansible-tmp-1703009904.547081-34649-230903409533124# cp source.yaml source.yml
root@registry-1:~/.ansible/tmp/ansible-tmp-1703009904.547081-34649-230903409533124# sha256sum source*
d7dcf97c3d96fadf7bfb106dbe26116086e03b030c563f67ca83b808070806f3 source
d7dcf97c3d96fadf7bfb106dbe26116086e03b030c563f67ca83b808070806f3 source.json
d7dcf97c3d96fadf7bfb106dbe26116086e03b030c563f67ca83b808070806f3 source.yaml
d7dcf97c3d96fadf7bfb106dbe26116086e03b030c563f67ca83b808070806f3 source.yml
root@registry-1:~/.ansible/tmp/ansible-tmp-1703009904.547081-34649-230903409533124# zot verify source.yml
{"level":"info","url":"ghcr.io/aquasecurity/trivy-db","component":"config","goroutine":1,"caller":"zotregistry.io/zot/pkg/cli/server/root.go:576","time":"2023-12-19T21:25:49.377627289+03:00","message":"using default trivy-db download URL."}
{"level":"info","url":"ghcr.io/aquasecurity/trivy-java-db","component":"config","goroutine":1,"caller":"zotregistry.io/zot/pkg/cli/server/root.go:583","time":"2023-12-19T21:25:49.378053113+03:00","message":"using default trivy-java-db download URL."}
{"level":"info","config":"source.yml","time":"2023-12-19T21:25:49.378256374+03:00","message":"config file is valid"}
root@registry-1:~/.ansible/tmp/ansible-tmp-1703009904.547081-34649-230903409533124# zot verify source.yaml
{"level":"info","url":"ghcr.io/aquasecurity/trivy-db","component":"config","goroutine":1,"caller":"zotregistry.io/zot/pkg/cli/server/root.go:576","time":"2023-12-19T21:25:52.948123406+03:00","message":"using default trivy-db download URL."}
{"level":"info","url":"ghcr.io/aquasecurity/trivy-java-db","component":"config","goroutine":1,"caller":"zotregistry.io/zot/pkg/cli/server/root.go:583","time":"2023-12-19T21:25:52.949617893+03:00","message":"using default trivy-java-db download URL."}
{"level":"info","config":"source.yaml","time":"2023-12-19T21:25:52.949814276+03:00","message":"config file is valid"}
Expected behavior
Validation should pass even without extension
Screenshots
No response
Additional context
No response
Same happens with "zot serve" btw
As a side note ... https://forge.puppet.com/modules/maartenbeeckmans/zot/readme
As a side note ... https://forge.puppet.com/modules/maartenbeeckmans/zot/readme
well, only chef remains from "mainstream" ones