fix: Update AWS DynamoDB permission list and correct issues in DynamoDB examples (#2963)

fix: Update AWS DynamoDB permission list, and correct issues in DynamoDB examples Note DeleteTable is only used for the zot tests, should not be needed in production Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2026-06-18 13:37:57 +08:00 · 2025-02-13 19:11:06 +02:00
parent 528c2e5f6d
commit 88efa50de9
7 changed files with 31 additions and 19 deletions
@@ -873,10 +873,13 @@ Additionally if search extension is enabled, additional parameters are needed:
            "endpoint": "http://localhost:4566",
            "region": "us-east-2",
            "cacheTablename": "ZotBlobTable",
-            // used by search extensions
-            "repoMetaTablename": "ZotRepoMetadataTable",
-            "manifestDataTablename": "ZotManifestDataTable",
+            // used for auth
            "userDataTablename": "ZotUserDataTable",
+            "apiKeyTablename": "ZotApiKeyDataTable",
+            // used by search extension
+            "repoMetaTablename": "ZotRepoMetadataTable",
+            "imageMetaTablename": "ZotImageMetaTable",
+            "repoBlobsInfoTablename": "ZotRepoBlobsInfoTable",
            "versionTablename": "ZotVersion"
        }
 ```
@@ -891,6 +894,10 @@ The following AWS policy is required by zot for caching blobs. Make sure to repl
      "Effect": "Allow",
      "Action": [
        "dynamodb:CreateTable",
+        "dynamodb:DescribeTable",
+        "dynamodb:DeleteTable",
+        "dynamodb:Scan",
+        "dynamodb:BatchGetItem",
        "dynamodb:GetItem",
        "dynamodb:UpdateItem",
        "dynamodb:DeleteItem"
@@ -900,6 +907,8 @@ The following AWS policy is required by zot for caching blobs. Make sure to repl
  ]
 }

+Note `dynamodb:DeleteTable` is used only in running the zot tests, should not be needed in production.
+
 ### Redis

 Redis is an alternative to BoltDB (which cannot be shared by multiple zot instances) and DynamoDB (requires access to AWS).
@@ -21,6 +21,8 @@
            "repoMetaTablename": "ZotRepoMetadataTable",
            "imageMetaTablename": "ZotImageMetaTable",
            "repoBlobsInfoTablename": "ZotRepoBlobsInfoTable",
+            "userDataTablename": "ZotUserDataTable",
+            "apiKeyTablename": "ZotApiKeyTable",
            "versionTablename": "ZotVersion"
        }
    },
@@ -23,6 +23,7 @@
            "imageMetaTablename": "ZotImageMetaTable",
            "repoBlobsInfoTablename": "ZotRepoBlobsInfoTable",
            "userDataTablename": "ZotUserDataTable",
+            "apiKeyTablename": "ZotApiKeyTable",
            "versionTablename": "ZotVersion"
        }
    },
@@ -20,10 +20,10 @@
            "region": "us-east-2",
            "cacheTablename": "BlobTable",
            "repoMetaTablename": "RepoMetadataTable",
-            "indexDataTablename": "IndexDataTable",
-            "manifestDataTablename": "ManifestDataTable",
-            "apikeytablename": "ApiKeyDataTable",
-            "userdatatablename": "UserDataTable",
+            "imageMetaTablename": "ImageMetaTable",
+            "repoBlobsInfoTablename": "RepoBlobsInfoTable",
+            "apiKeyTablename": "ApiKeyDataTable",
+            "userDataTablename": "UserDataTable",
            "versionTablename": "VersionTable"
        }
    },
@@ -22,10 +22,10 @@
            "region": "us-east-2",
            "cacheTablename": "BlobTable",
            "repoMetaTablename": "RepoMetadataTable",
-            "indexDataTablename": "IndexDataTable",
-            "manifestDataTablename": "ManifestDataTable",
-            "apikeytablename": "ApiKeyDataTable",
-            "userdatatablename": "UserDataTable",
+            "imageMetaTablename": "ImageMetaTable",
+            "repoBlobsInfoTablename": "RepoBlobsInfoTable",
+            "apiKeyTablename": "ApiKeyDataTable",
+            "userDataTablename": "UserDataTable",
            "versionTablename": "VersionTable"
        }
    },
@@ -29,10 +29,10 @@
            "region": "us-east-2",
            "cacheTablename": "BlobTable",
            "repoMetaTablename": "RepoMetadataTable",
-            "indexDataTablename": "IndexDataTable",
-            "manifestDataTablename": "ManifestDataTable",
-            "apikeytablename": "ApiKeyDataTable",
-            "userdatatablename": "UserDataTable",
+            "imageMetaTablename": "ImageMetaTable",
+            "repoBlobsInfoTablename": "RepoBlobsInfoTable",
+            "apiKeyTablename": "ApiKeyDataTable",
+            "userDataTablename": "UserDataTable",
            "versionTablename": "VersionTable"
        }
    },
@@ -31,10 +31,10 @@
            "region": "us-east-2",
            "cacheTablename": "BlobTable",
            "repoMetaTablename": "RepoMetadataTable",
-            "indexDataTablename": "IndexDataTable",
-            "manifestDataTablename": "ManifestDataTable",
-            "apikeytablename": "ApiKeyDataTable",
-            "userdatatablename": "UserDataTable",
+            "imageMetaTablename": "ImageMetaTable",
+            "repoBlobsInfoTablename": "RepoBlobsInfoTable",
+            "apiKeyTablename": "ApiKeyDataTable",
+            "userDataTablename": "UserDataTable",
            "versionTablename": "VersionTable"
        }
    },