vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Make public catalog only enabled via a feature flag

Browse source
This commit is contained in:
Joseph Schorr 2017-06-02 15:30:51 -07:00
parent f44df49236
commit 555041876d
3 changed files with 53 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config.py
View file

@ -263,6 +263,10 @@ class DefaultConfig(ImmutableConfig):
# Feature Flag: Whether to enable support for App repositories. # Feature Flag: Whether to enable support for App repositories.
FEATURE_APP_REGISTRY = False FEATURE_APP_REGISTRY = False
# Feature Flag: If set to true, the _catalog endpoint returns public repositories. Otherwise,
# only private repositories can be returned.
FEATURE_PUBLIC_CATALOG = False
# The namespaces which should have the ability to enable signing # The namespaces which should have the ability to enable signing
SIGNING_NAMESPACE_WHITELIST = ['coreos', 'quay'] SIGNING_NAMESPACE_WHITELIST = ['coreos', 'quay']

5
endpoints/v2/catalog.py
View file

@ -1,3 +1,5 @@
import features
from flask import jsonify from flask import jsonify
from auth.registry_jwt_auth import process_registry_jwt_auth, get_granted_entity from auth.registry_jwt_auth import process_registry_jwt_auth, get_granted_entity
@ -15,8 +17,9 @@ def catalog_search(limit, offset, pagination_callback):
if entity: if entity:
username = entity.user.username username = entity.user.username
include_public = bool(features.PUBLIC_CATALOG)
visible_repositories = model.get_visible_repositories(username, limit+1, offset, visible_repositories = model.get_visible_repositories(username, limit+1, offset,
include_public=True) include_public=include_public)
response = jsonify({ response = jsonify({
'repositories': ['%s/%s' % (repo.namespace_name, repo.name) 'repositories': ['%s/%s' % (repo.namespace_name, repo.name)
for repo in visible_repositories][0:limit], for repo in visible_repositories][0:limit],

18
test/registry_tests.py
View file

@ -1802,8 +1802,24 @@ class V2RegistryTests(V2RegistryPullMixin, V2RegistryPushMixin, RegistryTestsMix
def test_one_five_blacklist(self): def test_one_five_blacklist(self):
self.conduct('GET', '/v2/', expected_code=404, user_agent='Go 1.1 package http') self.conduct('GET', '/v2/', expected_code=404, user_agent='Go 1.1 package http')
def test_catalog(self): def test_normal_catalog(self):
# Look for public repositories and ensure all are public. # Look for public repositories and ensure all are public.
with TestFeature(self, 'PUBLIC_CATALOG', False):
response = self.conduct('GET', '/v2/_catalog')
data = response.json()
self.assertTrue(len(data['repositories']) == 0)
# Perform auth and lookup the catalog again.
self.do_auth('devtable', 'password', 'devtable', 'simple')
all_repos = []
response = self.conduct('GET', '/v2/_catalog', params=dict(n=2), auth='jwt')
data = response.json()
self.assertEquals(len(data['repositories']), 2)
def test_public_catalog(self):
# Look for public repositories and ensure all are public.
with TestFeature(self, 'PUBLIC_CATALOG', True):
response = self.conduct('GET', '/v2/_catalog') response = self.conduct('GET', '/v2/_catalog')
data = response.json() data = response.json()
self.assertTrue(len(data['repositories']) > 0) self.assertTrue(len(data['repositories']) > 0)