Replies: 1 comment 3 replies
-
|
I dont believe there is image level granularity in access scope in the current authentication model. The lowest granularity is the repo level within a namespace. There was a working group formed around auth opencontainers/tob#119 but I doubt it got anywhere |
Beta Was this translation helpful? Give feedback.
-
|
And what about |
Beta Was this translation helpful? Give feedback.
-
|
That grants access to everything in registry and is primarily intended to be used privately for indexing data via the catalog API endpoint, which I believe was also intended to not be exposed publicly IIRC. I would NOT recommend granting those scopes unless that's what you want |
Beta Was this translation helpful? Give feedback.
-
|
I'm aware. Unfortunately https://github.com/Joxit/docker-registry-ui/ requests such scope and I'm not sure how my oauth server should respond for that. In case of repo access it's easy - I can respond with list of all repos to which given user have access (or just with requested one). I'm not sure how token should look like for such broad access request. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Is there a way to allow given user see all images in repo? In simple case I can return scope in oauth token for specific image with rights to pull and push, but is there scope which will give push/pull access to all images without need to specify each one of them?
Beta Was this translation helpful? Give feedback.
All reactions