* Added redis database and redis flush worker
* updated digest validation
* adding test coverage for scan_keys function
* adding test coverage
* added tests for scan function
* added coverage for flush to database function
* added coverage for gnuicorn worker initialization
* Replaced mock methods in the test with actual function calls
---------
Co-authored-by: shudeshp <shudeshp@redhat.com>
When deploying Quay in a Secure AWS environment, we can't use IAM Access Keys or Secrets since these credentials are often blocked for multiple reasons (credentials are long-lived, can be shared / stolen, etc.). So the preferred deployment method is to use an alternative method, like the Web Identity Token files that are automatically created in a Kubernetes cluster that has a federation link with IAM using the OIDC provider federation.
The current code of Quay force the use of an IAM account that is then used to assume another role that has S3 access to store the image files. The current pull request removes the need to use that IAM account and allows to directly assume the correct role using Web Identity Tokens while retaining compatibility with the old method of using IAM credentials.
The code relies on the automatic detection of the correct configurations using environment variables where possible. The code has been tested on an OpenShift cluster deployed using manual mode with AWS STS.
fixed field names for keepalive attributes.
* scenario1: config-tool empty configuration
** expectation: empty config for DB_CONNECTION_ARGS
```
$ curl -s http://localhost/api/v1/config | jq -r '."config.yaml".DB_CONNECTION_ARGS'
{}
```
* scenario2: config-tool with populated DB_CONNECTION_ARGS
** expectation: values are returned in DB_CONNECTION_ARGS
```
$ curl -s http://localhost/api/v1/config | jq -r '."config.yaml".DB_CONNECTION_ARGS'
{
"autorollback": true,
"keepalives": 1,
"keepalives_count": 5,
"keepalives_idle": 3,
"keepalives_interval": 4,
"max_connections": 30,
"sslcompression": 1,
"stale_timeout": 300,
"tcp_user_timeout": 1000
}
```
* scenario3: config-tool with populated DB_CONNECTION_ARGS wrong type
** expectation: config-tool validate will bailout the wrong type in the
parameter
```
$ podman run -ti --rm --name config-tool -v config.yaml:/tmp/config.yaml config-tool:latest validate --configDir /tmp -m online
FATA[0000] An error occurred during validation. Process could not marshal config.yaml. This is most likely due to an incorrect type.
More info: keepalives must be of type int
```
* Add SSL client authentication by extending libpg connection parameter support as well as network parameters
* chore: go fmt
---------
Co-authored-by: Michaela Lang <milang@redhat.com>
