github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 04:17:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

default policy only authorization

Browse Source 
unit tests for manifest integrity when updating

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
This commit is contained in:
laurentiuNiculae
2022-03-10 14:25:15 +02:00
committed by Ramkumar Chinchani
parent e1a1bdff1a
commit bb95af5b4d
7 changed files with 417 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/authz.go
+9 -2
View File
@@ -180,7 +180,14 @@ func AuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
}
acCtrlr := NewAccessController(ctlr.Config)
username := getUsername(request)
// allow anonymous authz if no authn present and only default policies are present
username := ""
if isAuthnEnabled(ctlr.Config) {
username = getUsername(request)
}
ctx := acCtrlr.getContext(username, request)
// will return only repos on which client is authorized to read
@@ -202,7 +209,7 @@ func AuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
if ok {
is := ctlr.StoreController.GetImageStore(resource)
tags, err := is.GetImageTags(resource)
// if repo exists and request's tag doesn't exist yet then action is UPDATE
// if repo exists and request's tag exists then action is UPDATE
if err == nil && common.Contains(tags, reference) && reference != "latest" {
action = UPDATE
}