mirror of https://gerrit.hackerspace.pl/hscloud
Merge "app/registry: abstract away pushers"
commit
0ef497e461
|
@ -147,22 +147,15 @@ local cm = import "../../cluster/kube/lib/cert-manager.libsonnet";
|
|||
users: {
|
||||
[""]: {}, // '' user are anonymous users.
|
||||
},
|
||||
local data = self,
|
||||
pushers:: [
|
||||
{ who: ["q3k", "inf"], what: "vms/*" },
|
||||
{ who: ["q3k"], what: "app/radio" },
|
||||
{ who: ["q3k"], what: "app/factorio" },
|
||||
{ who: ["q3k"], what: "app/gerrit" },
|
||||
{ who: ["q3k"], what: "go/svc/egressifier" },
|
||||
],
|
||||
acl: [
|
||||
{
|
||||
match: {account: "/(q3k|inf)/", name: "vms/*"},
|
||||
actions: ["*"],
|
||||
comment: "q3k and inf can mange 'vms' docker images",
|
||||
},
|
||||
{
|
||||
match: {account: "q3k", name: "app/radio"},
|
||||
actions: ["*"],
|
||||
comment: "q3k can mange 'app/radio' docker images",
|
||||
},
|
||||
{
|
||||
match: {account: "q3k", name: "app/factorio"},
|
||||
actions: ["*"],
|
||||
comment: "q3k can mange 'app/factorio' docker images",
|
||||
},
|
||||
{
|
||||
match: {account: "/.+/", name: "${account}/*"},
|
||||
actions: ["*"],
|
||||
|
@ -178,6 +171,16 @@ local cm = import "../../cluster/kube/lib/cert-manager.libsonnet";
|
|||
actions: ["pull"],
|
||||
comment: "Anyone can pull all images.",
|
||||
},
|
||||
] + [
|
||||
{
|
||||
match: {
|
||||
account: "/(%s)/" % std.join("|", p.who),
|
||||
name: p.what,
|
||||
},
|
||||
actions: ["*"],
|
||||
comment: "%s can push to %s" % [std.join(", ", p.who), p.what],
|
||||
}
|
||||
for p in data.pushers
|
||||
],
|
||||
}),
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue