forked from hswaw/hscloud
Merge "app/registry: abstract away pushers"
commit
0ef497e461
|
@ -147,22 +147,15 @@ local cm = import "../../cluster/kube/lib/cert-manager.libsonnet";
|
||||||
users: {
|
users: {
|
||||||
[""]: {}, // '' user are anonymous users.
|
[""]: {}, // '' user are anonymous users.
|
||||||
},
|
},
|
||||||
|
local data = self,
|
||||||
|
pushers:: [
|
||||||
|
{ who: ["q3k", "inf"], what: "vms/*" },
|
||||||
|
{ who: ["q3k"], what: "app/radio" },
|
||||||
|
{ who: ["q3k"], what: "app/factorio" },
|
||||||
|
{ who: ["q3k"], what: "app/gerrit" },
|
||||||
|
{ who: ["q3k"], what: "go/svc/egressifier" },
|
||||||
|
],
|
||||||
acl: [
|
acl: [
|
||||||
{
|
|
||||||
match: {account: "/(q3k|inf)/", name: "vms/*"},
|
|
||||||
actions: ["*"],
|
|
||||||
comment: "q3k and inf can mange 'vms' docker images",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
match: {account: "q3k", name: "app/radio"},
|
|
||||||
actions: ["*"],
|
|
||||||
comment: "q3k can mange 'app/radio' docker images",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
match: {account: "q3k", name: "app/factorio"},
|
|
||||||
actions: ["*"],
|
|
||||||
comment: "q3k can mange 'app/factorio' docker images",
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
match: {account: "/.+/", name: "${account}/*"},
|
match: {account: "/.+/", name: "${account}/*"},
|
||||||
actions: ["*"],
|
actions: ["*"],
|
||||||
|
@ -178,6 +171,16 @@ local cm = import "../../cluster/kube/lib/cert-manager.libsonnet";
|
||||||
actions: ["pull"],
|
actions: ["pull"],
|
||||||
comment: "Anyone can pull all images.",
|
comment: "Anyone can pull all images.",
|
||||||
},
|
},
|
||||||
|
] + [
|
||||||
|
{
|
||||||
|
match: {
|
||||||
|
account: "/(%s)/" % std.join("|", p.who),
|
||||||
|
name: p.what,
|
||||||
|
},
|
||||||
|
actions: ["*"],
|
||||||
|
comment: "%s can push to %s" % [std.join(", ", p.who), p.what],
|
||||||
|
}
|
||||||
|
for p in data.pushers
|
||||||
],
|
],
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue