cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity

Merge "app/registry: abstract away pushers"

master
q3k 2019-07-09 10:39:40 +00:00 committed by Gerrit Code Review
parent c292410d15 1c825949c4
commit 0ef497e461
1 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
app/registry/prod.jsonnet
View File

@ -147,22 +147,15 @@ local cm = import "../../cluster/kube/lib/cert-manager.libsonnet";
users: {
[""]: {}, // '' user are anonymous users.
},
local data = self,
pushers:: [
{ who: ["q3k", "inf"], what: "vms/*" },
{ who: ["q3k"], what: "app/radio" },
{ who: ["q3k"], what: "app/factorio" },
{ who: ["q3k"], what: "app/gerrit" },
{ who: ["q3k"], what: "go/svc/egressifier" },
],
acl: [
{
match: {account: "/(q3k|inf)/", name: "vms/*"},
actions: ["*"],
comment: "q3k and inf can mange 'vms' docker images",
},
{
match: {account: "q3k", name: "app/radio"},
actions: ["*"],
comment: "q3k can mange 'app/radio' docker images",
},
{
match: {account: "q3k", name: "app/factorio"},
actions: ["*"],
comment: "q3k can mange 'app/factorio' docker images",
},
{
match: {account: "/.+/", name: "${account}/*"},
actions: ["*"],
@ -178,6 +171,16 @@ local cm = import "../../cluster/kube/lib/cert-manager.libsonnet";
actions: ["pull"],
comment: "Anyone can pull all images.",
},
] + [
{
match: {
account: "/(%s)/" % std.join("|", p.who),
name: p.what,
},
actions: ["*"],
comment: "%s can push to %s" % [std.join(", ", p.who), p.what],
}
for p in data.pushers
],
}),
}