github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-15 11:37:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
zot/pkg
T
History
Vishwas Rajashekar c18a4a975d fix(authz): metrics: deny authenticated users not in ACL even with anonymous read (#4131) 
* fix(authz): metrics: reject users not in list even with anonymous read

Even when anonymous reads are enabled for metrics, users not in the
allowed list should not be allowed.

This change also refactors the MetricsAuthzHandler to align better
with this logic.

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>

* fix(authz): address review comments

Address comments to pass username when present
to AuthzFail if user is not allowed for metrics.
This changes the response to Forbidden instead of
Unauthorized.

Use isAnonymous() check instead of only checking for
empty username.

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>

* fix(authz): fix additional review comments

Fix a few more review comments

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>

---------

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>
2026-06-14 17:29:22 +03:00
..
api
fix(authz): metrics: deny authenticated users not in ACL even with anonymous read (#4131)
2026-06-14 17:29:22 +03:00
buildinfo
refactor(build): move build metadata to pkg/buildinfo (#4045)
2026-05-08 19:37:04 +03:00
cel
feat(authz): introduce conditional access control via CEL (#4040)
2026-05-09 22:43:00 +03:00
cli
feat: config: validate metrics config (#4130)
2026-06-14 16:00:03 +03:00
cluster
chore: update golangci-lint and fix all issues (#3575)
2025-11-22 23:36:48 +02:00
common
chore: fix dependabot alerts (#4048)
2026-05-11 09:29:05 +03:00
compat
chore: update golangci-lint and fix all issues (#3575)
2025-11-22 23:36:48 +02:00
compliance
chore: update golangci-lint and fix all issues (#3575)
2025-11-22 23:36:48 +02:00
debug
fix: graphql playground documentation was hardcoded to an unrelated example (#3721)
2026-01-21 09:28:49 +02:00
exporter
fix(security): enhance timeout configurations and body size limits fo… (#3984)
2026-04-26 22:23:48 +03:00
extensions
fix(authz): metrics: deny authenticated users not in ACL even with anonymous read (#4131)
2026-06-14 17:29:22 +03:00
log
fix: make sure the function and caller information are added to log messages emitted by 3rd party libraries using slog directly. (#3659)
2025-12-19 07:32:13 +02:00
meta
metadb: add optional fast restart path that skips storage walk when (version + commit + storage config) matches metaDB stamp (#4026)
2026-06-09 10:47:20 -07:00
regexp
feat: support pushing multiple tags for a single manifest (#3885)
2026-03-29 21:13:24 +03:00
requestcontext
fix: miscellaneous fixes for ai-reported suggestions (#4101)
2026-05-26 14:58:30 -07:00
retention
fix: prevent nil pointer dereference in RemoveImageFromRepoMeta (#3658)
2025-12-17 11:44:51 +02:00
scheduler
refactor(test): new apis for creating temporary files (#3605)
2025-12-05 09:54:38 +02:00
storage
fix(storage): treat dedupe-candidate cache miss as no candidates, not an error (#4122)
2026-06-11 10:24:52 +03:00
test
metadb: add optional fast restart path that skips storage walk when (version + commit + storage config) matches metaDB stamp (#4026)
2026-06-09 10:47:20 -07:00