This is useful as cli arguments and embedded config (to be added) can result in an extremely long url.
Also makes the final url easier to read and share, and allows users to bookmark the final configuration
with the schematic ID without needing to also include all the other parameters that were used to generate it.
Signed-off-by: Orzelius <33936483+Orzelius@users.noreply.github.com>
Hardcoded `factory.talos.dev` in SPDX document namespace broke
deployments where image-factory runs under a different hostname.
External URL now threads from service config through SPDXOptions
and Builder down to namespace generation.
Fixes#440
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Add a /talosctl/:version endpoint which lists all downloadable talosctl binaries fro a given version.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Add French (fr) locale file with translations for the image-factory
frontend interface.
Signed-off-by: Quentin Joly <quentinj@une-pause-cafe.fr>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Move ownership/auth checks from scattered frontend handlers into
schematic.Factory.Get, which now accepts an OwnershipChecker. This
eliminates duplicated checkOwnership methods across http and spdx
frontends and ensures anonymous callers cannot probe schematic
existence when auth is enabled.
Also guard PXE credential embedding behind AuthProvider != nil so
credentials are never propagated when auth is disabled.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
This feature is Enterprise only (requires BUSL).
Any access to the schematic requires the user to be authenticated
before access.
Moreover, any schematic stores the owner in the schematic, so each
schematic becomes private (owned by the user which created it).
Authentication is configured using a set of usernames and keys
associates with each user (API key).
Co-authored-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Add enterprise-only checksum endpoint: appending .sha256 or .sha512
to any /image/ path returns a single-line checksum file instead of
the asset. Algorithm is selected from the suffix; the Checksummer
interface takes the suffix so no circular import is needed.
Wizard UI shows (sha256) and (sha512) links per download button;
non-enterprise builds show a localized (checksums) tooltip.
Integration tests cover both algorithms (GET, HEAD, validate,
reproducibility, error cases).
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Rename consistently to 'Image Factory Enterprise'.
Pass Talos name down to profile.
Pass the image factory name (and url) in the schematic's extension
Author field.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Previous fix#419 fixed the push, but that was not enough to fix the pull for verify.
The error message returned from sigstore library was not helpful to debug this.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#408
Now we have proper cache capacity, LRU, and also negative cache TTL to
help with case when multiple instance might disagree on whether cache
contains not found or not.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Rekres to use large runners instead of generic ones, as Image Factory
tests require lots of resources.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Bump Talos version and update machinery doc links to point to docs.siderolabs.com.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
The new verifier requires explicit insecure option for insecure
registries.
This affects configurations when the cache registry doesn't use
localhost endpoint, but some hostname.
Also rekres and bump Talos.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add a Cloudflare credentials helper to support using R2 buckets at the
same time as AWS Cert Manager.
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
It should be setting namespace, not registry, to match other repos.
Also namespace should be overridden usually, not the registry.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Refactor configuration of Image Factory.
This PR removes most of the flags, and instead allows configuration
using config files and/or environment variables.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Just a few changes:
* introduce license split
* add 'Enterprise' label to Enterprise version
* add a separate test pipeline
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Better test matrix for `EnhanceFromSchematic`.
Less duplicates and covers all versions, easier to add newer Talos versions, this caught a very small bug where `extraKernelArgs` were populated when overlays were used.
Signed-off-by: Noel Georgi <git@frezbo.dev>
