forked from hswaw/hscloud
app/registry: allow anonymous pull access and temporary vms/ push access
This commit is contained in:
parent
3e59718d3a
commit
b245865087
1 changed files with 10 additions and 2 deletions
|
@ -144,7 +144,15 @@ local cm = import "../../cluster/kube/lib/cert-manager.libsonnet";
|
|||
token_db: "/data/oauth2_tokens.ldb",
|
||||
registry_url: "https://registry.k0.hswaw.net",
|
||||
},
|
||||
users: {
|
||||
[""]: {}, // '' user are anonymous users.
|
||||
},
|
||||
acl: [
|
||||
{
|
||||
match: {account: "/(q3k|inf)/", name: "vms/*"},
|
||||
actions: ["*"],
|
||||
comment: "q3k and inf can mange 'vms' docker images",
|
||||
},
|
||||
{
|
||||
match: {account: "/.+/", name: "${account}/*"},
|
||||
actions: ["*"],
|
||||
|
@ -156,9 +164,9 @@ local cm = import "../../cluster/kube/lib/cert-manager.libsonnet";
|
|||
comment: "Logged in users can query the catalog.",
|
||||
},
|
||||
{
|
||||
match: {account: "/.+/"},
|
||||
match: {account: ""},
|
||||
actions: ["pull"],
|
||||
comment: "Logged in users can pull all images.",
|
||||
comment: "Anyone can pull all images.",
|
||||
},
|
||||
],
|
||||
}),
|
||||
|
|
Loading…
Reference in a new issue