mirror of
https://github.com/project-zot/zot.git
synced 2026-06-15 11:37:56 +08:00
Matheus Pimenta
bf619c570e
* feat(oidc): introduce support for OIDC workload identity federation Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com> * feat(oidc): add e2e test for bearer OIDC and a kind cluster Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com> * feat(oidc): make OIDC workload identity federation its own feature Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com> * feat(oidc): move errors to the errors package Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com> * feat(oidc): fix race in cel package Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com> * feat(oidc): compile cel expressions Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com> --------- Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
41 lines
852 B
JSON
41 lines
852 B
JSON
{
|
|
"distSpecVersion": "1.1.1",
|
|
"storage": {
|
|
"rootDirectory": "/tmp/zot"
|
|
},
|
|
"http": {
|
|
"address": "127.0.0.1",
|
|
"port": "8080",
|
|
"auth": {
|
|
"bearer": {
|
|
"realm": "zot",
|
|
"service": "zot-service",
|
|
"oidc": [
|
|
{
|
|
"issuer": "https://kubernetes.default.svc.cluster.local",
|
|
"audiences": ["zot", "https://zot.example.com"],
|
|
"claimMapping": {
|
|
"username": "claims.sub"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"accessControl": {
|
|
"repositories": {
|
|
"**": {
|
|
"policies": [
|
|
{
|
|
"users": ["system:serviceaccount:flux-system:source-controller"],
|
|
"actions": ["read", "create", "update", "delete"]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"log": {
|
|
"level": "info"
|
|
}
|
|
}
|