Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-27 23:01:43 -05:00
Code Issues Activity
zot - A scale-out production-ready vendor-neutral OCI-native container image/artifact registry (purely based on OCI Distribution Specification)
731 commits 12 branches 112 tags 211 MiB
Go 94.5%
Shell 4.9%
Makefile 0.6%
Find a file
Lisca Ana-Roberta 336526065f
feat(groups)!: added "groups" mechanism for authZ (#1123) 
BREAKING CHANGE: repository paths are now specified under a new config key called "repositories" under "accessControl" section in order to handle "groups" feature. Previously the repository paths were specified directly under "accessControl".

This PR adds the ability to create groups of users which can be used for authZ policies, instead of just users.

{
"http": {
   "accessControl": {
       "groups": {

Just like the users, groups can be part of repository policies/default policies/admin policies. The 'groups' field in accessControl can be missing if there are no groups. The permissions priority is user>group>default>admin policy, verified in this order (in authz.go), and permissions are cumulative. It works with LDAP too, and the group attribute name is configurable. The DN of the group is used as the group name and the functionality is the same. All groups for the given user are added to the context in authn.go. Repository paths are now specified under a new keyword called "repositories" under "accessControl" section in order to handle "groups" feature.

Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>
2023-03-08 11:47:15 -08:00
.github chore(go.mod): fix dependabot alerts (#1247) 2023-03-06 11:05:19 -08:00
.zap test(ui): add owasp zap scanner in ci/cd (#1224) 2023-02-27 11:25:47 -08:00
build build(ui): the ui is now included in the zot binary by default (#1202) 2023-02-23 22:28:08 +02:00
cmd perf(zb): cleanup tool output (#1033) 2022-11-29 14:04:36 -08:00
demos oras fix: 2022-08-30 21:39:16 +03:00
docs swagger: rename 'docs/' to 'swagger/' 2021-10-21 13:46:14 -07:00
errors feat(repodb): Multiarch Image support (#1147) 2023-02-27 11:23:18 -08:00
examples feat(groups)!: added "groups" mechanism for authZ (#1123) 2023-03-08 11:47:15 -08:00
pkg feat(groups)!: added "groups" mechanism for authZ (#1123) 2023-03-08 11:47:15 -08:00
swagger fix: removed references to old dist-spec (#1128) 2023-01-31 09:35:33 -08:00
test feat(groups)!: added "groups" mechanism for authZ (#1123) 2023-03-08 11:47:15 -08:00
.gitignore feat(ui): package zui within zot binary (#1161) 2023-02-10 14:52:54 -08:00
CODE_OF_CONDUCT.md doc: add a CODE_OF_CONDUCT.md 2020-12-15 11:20:45 -08:00
codecov.yml test(swagger): remove autogenerated swagger code from code coverage (#993) 2022-11-13 16:43:28 +02:00
CODEOWNERS add a CODEOWNERS file 2022-05-04 11:52:28 -07:00
COMPARISON.md move references to zotregistry.io and project-zot 2021-12-05 10:52:27 -08:00
CONTRIBUTING.md build(tags): remove redundant build tag ui_base (#857) 2022-10-10 15:05:55 +03:00
go.mod chore(go.mod): fix dependabot alerts (#1251) 2023-03-07 09:59:59 +02:00
go.sum chore(go.mod): fix dependabot alerts (#1251) 2023-03-07 09:59:59 +02:00
golangcilint.yaml fix(go.mod): replace opencontainers/umoci dependency with project-stacker/umoci (#1240) 2023-03-05 21:11:07 -08:00
LICENSE docs: fix copyright related info for cncf onboarding (#1117) 2023-01-17 15:43:45 -08:00
MAINTAINERS.md docs: fix CNCF related documentation (#1099) 2023-01-10 15:52:11 -08:00
Makefile feat(ui): update to the latest zui version which supports new multiarch image APIs (#1246) 2023-03-06 09:42:05 -08:00
NOTICE docs: fix copyright related info for cncf onboarding (#1117) 2023-01-17 15:43:45 -08:00
README.md docs: update README.md (#1078) 2022-12-21 10:46:31 +02:00
README_fuzz.md Add fuzz tests for storage_fs (#601) 2022-07-27 20:37:55 +03:00
SECURITY.md add a security policy document 2022-07-12 14:25:57 -07:00
THIRD-PARTY-LICENSES.md update 3rd party licenses 2022-04-08 09:48:13 -07:00
tools.go chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage (#1068) 2023-01-18 08:24:44 -08:00
zot.go zot: initial commit 2019-06-21 15:29:19 -07:00

README.md

zot build-test codecov.io Conformance Results CodeQL CII Best Practices Go Reference

zot: a production-ready vendor-neutral OCI image registry - images stored in OCI image format, distribution specification on-the-wire, that's it!

Docs

Documentation for zot is located at: https://zotregistry.io

Code of Conduct

Details are in the code of conduct