vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Re-enable builds and tag operations in the UI

Browse source
This commit is contained in:
Evan Cordell 2017-06-13 09:56:47 -04:00
parent 2e30c47045
commit 7b3cb9c8b7
8 changed files with 36 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

16
static/js/directives/ui/repository-signing-config/repository-signing-config.component.html
View file

@ -18,7 +18,11 @@
Signing is enabled on this repository and all tag operations must be signed via Docker Content Trust.
</p>
<p>
Note that due to this feature being enabled, all UI-based tag operations and all build support is <strong>disabled on this repository</strong>.
When this feature is enabled, it will be possible to use the UI or client tools to change tag data without
signing.
This can make a signed tag point to a different image than the actual tag, and the underlying data could
be garbage collected. It is important to have a strict separation between tags that are signed and tags
that are not.
</p>
<button class="btn btn-danger" ng-click="$ctrl.askChangeTrust(false)">Disable Trust</button>
</div>
@ -43,12 +47,14 @@
dialog-title="Enable Trust"
dialog-action-title="Enable Trust">
<p>Click "Enable Trust" to enable content trust on this repository.</p>
<p>Please note that at this time, having content trust will <strong>disable</strong> the following
features under the repository:
<p>Please note that this will not prevent users from overwriting signed tags without updating signatures.
This means that:
<ul>
<li>Any tag operations in the UI (Add Tag, Delete Tag, Restore Tag)
<li>All build triggers and ability to invoke builds
<li>Any tag operations in the UI or client can cause inconsistency
<li>Builds should not push to signed tags
</ul>
We recommend you maintain a strict separation between signed and unsigned tags to avoid any issues with garbage
collection.
</p>
</div>

16
static/js/directives/ui/tag-operations-dialog.js
View file

@ -35,9 +35,9 @@ angular.module('quay').directive('tagOperationsDialog', function () {
});
};
$scope.alertOnTrust = function() {
if ($scope.repository.trust_enabled) {
$('#trustEnabledModal').modal('show');
$scope.alertOnTagOpsDisabled = function() {
if ($scope.repository.tag_operations_disabled) {
$('#tagOperationsDisabledModal').modal('show');
return true;
}
@ -62,7 +62,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
$scope.createOrMoveTag = function(image, tag) {
if (!$scope.repository.can_write) { return; }
if ($scope.alertOnTrust()) {
if ($scope.alertOnTagOpsDisabled()) {
return;
}
@ -242,7 +242,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
$scope.actionHandler = {
'askDeleteTag': function(tag) {
if ($scope.alertOnTrust()) {
if ($scope.alertOnTagOpsDisabled()) {
return;
}
@ -252,7 +252,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
},
'askDeleteMultipleTags': function(tags) {
if ($scope.alertOnTrust()) {
if ($scope.alertOnTagOpsDisabled()) {
return;
}
@ -262,7 +262,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
},
'askAddTag': function(image) {
if ($scope.alertOnTrust()) {
if ($scope.alertOnTagOpsDisabled()) {
return;
}
@ -297,7 +297,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
},
'askRestoreTag': function(tag, image_id, opt_manifest_digest) {
if ($scope.alertOnTrust()) {
if ($scope.alertOnTagOpsDisabled()) {
return;
}