0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
zot/examples/config-policy.json
peusebiu 168d21da1e
fix(storage): deleting manifests with identical digests (#951)
Suppose we push two identical manifests (sharing same digest) but with
different tags, then deleting by digest should throw an error otherwise
we end up deleting all image tags (with gc) or dangling references
(without gc)

This behaviour is controlled via Authorization, added a new policy
action named detectManifestsCollision which enables this behaviour

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>

Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-11-18 09:35:28 -08:00

115 lines
2.2 KiB
JSON

{
"distSpecVersion": "1.0.1-dev",
"storage": {
"rootDirectory": "/tmp/zot"
},
"http": {
"address": "127.0.0.1",
"port": "8080",
"realm": "zot",
"auth": {
"htpasswd": {
"path": "test/data/htpasswd"
},
"failDelay": 1
},
"accessControl": {
"**": {
"anonymousPolicy": ["read"],
"policies": [
{
"users": [
"charlie"
],
"actions": [
"read",
"create",
"update"
]
}
],
"defaultPolicy": [
"read",
"create",
"delete",
"detectManifestCollision"
]
},
"tmp/**": {
"defaultPolicy": [
"read",
"create",
"update"
]
},
"infra/**": {
"policies": [
{
"users": [
"alice",
"bob"
],
"actions": [
"create",
"read",
"update",
"delete"
]
},
{
"users": [
"mallory"
],
"actions": [
"create",
"read"
]
}
],
"defaultPolicy": [
"read"
]
},
"repos2/repo": {
"policies": [
{
"users": [
"charlie"
],
"actions": [
"read",
"create"
]
},
{
"users": [
"mallory"
],
"actions": [
"create",
"read"
]
}
],
"defaultPolicy": [
"read"
]
},
"adminPolicy": {
"users": [
"admin"
],
"actions": [
"read",
"create",
"update",
"delete"
]
}
}
},
"log": {
"level": "debug",
"output": "/tmp/zot.log"
}
}