mirror of
https://github.com/project-zot/zot.git
synced 2024-12-16 21:56:37 -05:00
168d21da1e
Suppose we push two identical manifests (sharing same digest) but with different tags, then deleting by digest should throw an error otherwise we end up deleting all image tags (with gc) or dangling references (without gc) This behaviour is controlled via Authorization, added a new policy action named detectManifestsCollision which enables this behaviour Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
115 lines
2.2 KiB
JSON
115 lines
2.2 KiB
JSON
{
|
|
"distSpecVersion": "1.0.1-dev",
|
|
"storage": {
|
|
"rootDirectory": "/tmp/zot"
|
|
},
|
|
"http": {
|
|
"address": "127.0.0.1",
|
|
"port": "8080",
|
|
"realm": "zot",
|
|
"auth": {
|
|
"htpasswd": {
|
|
"path": "test/data/htpasswd"
|
|
},
|
|
"failDelay": 1
|
|
},
|
|
"accessControl": {
|
|
"**": {
|
|
"anonymousPolicy": ["read"],
|
|
"policies": [
|
|
{
|
|
"users": [
|
|
"charlie"
|
|
],
|
|
"actions": [
|
|
"read",
|
|
"create",
|
|
"update"
|
|
]
|
|
}
|
|
],
|
|
"defaultPolicy": [
|
|
"read",
|
|
"create",
|
|
"delete",
|
|
"detectManifestCollision"
|
|
]
|
|
},
|
|
"tmp/**": {
|
|
"defaultPolicy": [
|
|
"read",
|
|
"create",
|
|
"update"
|
|
]
|
|
},
|
|
"infra/**": {
|
|
"policies": [
|
|
{
|
|
"users": [
|
|
"alice",
|
|
"bob"
|
|
],
|
|
"actions": [
|
|
"create",
|
|
"read",
|
|
"update",
|
|
"delete"
|
|
]
|
|
},
|
|
{
|
|
"users": [
|
|
"mallory"
|
|
],
|
|
"actions": [
|
|
"create",
|
|
"read"
|
|
]
|
|
}
|
|
],
|
|
"defaultPolicy": [
|
|
"read"
|
|
]
|
|
},
|
|
"repos2/repo": {
|
|
"policies": [
|
|
{
|
|
"users": [
|
|
"charlie"
|
|
],
|
|
"actions": [
|
|
"read",
|
|
"create"
|
|
]
|
|
},
|
|
{
|
|
"users": [
|
|
"mallory"
|
|
],
|
|
"actions": [
|
|
"create",
|
|
"read"
|
|
]
|
|
}
|
|
],
|
|
"defaultPolicy": [
|
|
"read"
|
|
]
|
|
},
|
|
"adminPolicy": {
|
|
"users": [
|
|
"admin"
|
|
],
|
|
"actions": [
|
|
"read",
|
|
"create",
|
|
"update",
|
|
"delete"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"log": {
|
|
"level": "debug",
|
|
"output": "/tmp/zot.log"
|
|
}
|
|
}
|