1, The update blob status method should udpate the blob version of the blob object as well, otherwise the GC job cannot handle the blob status transform(none - delete - deleting - deletefailed)
as the method is using version equals as the query condition.
2, For the deleting blob which marked for more than 2 hours, it should be set to delete failed in head blob & put manifest request
Signed-off-by: wang yan <wangyan@vmware.com>
When to call,
~~~ REQUEST ~~~
GET /v2/conformance/testrepo/manifests/.INVALID_MANIFEST_NAME
Per OCI distribution spec, it has to return 404, instead of 400 (project name required)
Signed-off-by: wang yan <wangyan@vmware.com>
* Raise an internal error if username claim is not found, instead of just logging a warning
* Don't remove userInfoKey for session on error when it is not required
* Rename "OIDC Username Claim" to just "Username claim"
Signed-off-by: Alvaro Iradier <airadier@gmail.com>
- Add an option in the UI to enable or disable the automatic user onboarding
- Add an option to specify the claim name where the username is retrieved from.
Signed-off-by: Alvaro Iradier <airadier@gmail.com>
two phases:
1, mark, select the gc candidates bases on the DB and mark them as status delete.
2, sweep, select the candidate and mark it as status deleting and remove it from backend and database.
Signed-off-by: wang yan <wangyan@vmware.com>
Read security settings from the project configurations and override the preheat policy settings if necessary.
Check the project security settings and override the related settings in the policy if necessary.
NOTES: if the security settings (relevant with signature and vulnerability) are set at the project configuration,
they will have the highest priority and override the related settings of the preheat policy.
e.g (use signature as an example, similar case to vulnerability severity part):
if policy.signature = false and project.config.signature = true; then policy.signature = true
if policy.signature = true and project.config.signature = true; then policy.signature = true
if policy.signature = true and project.config.signature = false; then policy.signature = true
if policy.signature = false and project.config.signature = false; then policy.signature = false
Signed-off-by: Steven Zou <szou@vmware.com>
Signed-off-by: Steven Zou <szou@vmware.com>
To fetch vulnerability database updated time of the Clair had moved to
the Clair adapter so removes the initialization of clair db in the core.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
