vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Re-enable builds and tag operations in the UI

Browse source
This commit is contained in:
Evan Cordell 2017-06-13 09:56:47 -04:00
parent 2e30c47045
commit 7b3cb9c8b7
8 changed files with 36 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
static/directives/header-bar.html
View file

@ -89,14 +89,14 @@
<i class="fa ci-robot"></i> New Robot Account <i class="fa ci-robot"></i> New Robot Account
</a> </a>
</li> </li>
<li role="presentation" class="divider" ng-if="currentPageContext.repository && currentPageContext.repository.can_write && !currentPageContext.repository.trust_enabled"></li> <li role="presentation" class="divider" ng-if="currentPageContext.repository && currentPageContext.repository.can_write && !currentPageContext.repository.tag_operations_disabled"></li>
<li role="presentation" class="dropdown-header" <li role="presentation" class="dropdown-header"
ng-if="currentPageContext.repository && currentPageContext.repository.can_write && ng-if="currentPageContext.repository && currentPageContext.repository.can_write &&
!currentPageContext.repository.trust_enabled"> !currentPageContext.repository.tag_operations_disabled">
Repository {{ currentPageContext.repository.namespace }}/{{ currentPageContext.repository.name }} Repository {{ currentPageContext.repository.namespace }}/{{ currentPageContext.repository.name }}
</li> </li>
<li ng-if="currentPageContext.repository && currentPageContext.repository.can_write && <li ng-if="currentPageContext.repository && currentPageContext.repository.can_write &&
!currentPageContext.repository.trust_enabled"> !currentPageContext.repository.tag_operations_disabled">
<a ng-click="startBuild()"> <a ng-click="startBuild()">
<i class="fa fa-tasks"></i> New Dockerfile Build <i class="fa fa-tasks"></i> New Dockerfile Build
</a> </a>

6
static/directives/repo-view/repo-panel-builds.html
View file

@ -1,13 +1,13 @@
<div class="repo-panel-builds-element"> <div class="repo-panel-builds-element">
<div class="feedback-bar" feedback="feedback"></div> <div class="feedback-bar" feedback="feedback"></div>
<div class="tab-header-controls"> <div class="tab-header-controls">
<button class="btn btn-primary" ng-click="showNewBuildDialog()" ng-if="!repository.trust_enabled"> <button class="btn btn-primary" ng-click="showNewBuildDialog()" ng-if="!repository.tag_operations_disabled">
<i class="fa fa-play"></i> Start New Build <i class="fa fa-play"></i> Start New Build
</button> </button>
</div> </div>
<h3 class="tab-header">Repository Builds</h3> <h3 class="tab-header">Repository Builds</h3>
<div class="co-alert co-alert-info" ng-if="repository.trust_enabled"> <div class="co-alert co-alert-info" ng-if="repository.tag_operations_disabled">
Builds cannot be performed on this repository because Quay Trust is Builds cannot be performed on this repository because Quay Trust is
enabled, which requires that all operations be signed by a user. enabled, which requires that all operations be signed by a user.
</div> </div>
@ -83,7 +83,7 @@
</div> <!-- /Builds --> </div> <!-- /Builds -->
<!-- Build Triggers --> <!-- Build Triggers -->
<div class="co-panel" ng-if="repository.can_admin && TriggerService.getTypes().length && !repository.trust_enabled" id="repoBuildTriggers"> <div class="co-panel" ng-if="repository.can_admin && TriggerService.getTypes().length && !repository.tag_operations_disabled" id="repoBuildTriggers">
<!-- Builds header controls --> <!-- Builds header controls -->
<div class="co-panel-heading"> <div class="co-panel-heading">
<i class="fa fa-flash"></i> <i class="fa fa-flash"></i>

2
static/directives/repo-view/repo-panel-info.html
View file

@ -32,7 +32,7 @@
<!-- No Builds --> <!-- No Builds -->
<div class="empty" ng-if="builds && !builds.length"> <div class="empty" ng-if="builds && !builds.length">
<div class="empty-primary-msg">No builds have been run for this repository.</div> <div class="empty-primary-msg">No builds have been run for this repository.</div>
<div class="empty-secondary-msg" ng-if="repository.can_write && !repository.trust_enabled"> <div class="empty-secondary-msg" ng-if="repository.can_write && !repository.tag_operations_disabled">
Click on the <i class="fa fa-tasks" style="margin-left: 6px"></i> Builds tab to start a new build. Click on the <i class="fa fa-tasks" style="margin-left: 6px"></i> Builds tab to start a new build.
</div> </div>
</div> </div>

6
static/directives/repo-view/repo-panel-tags.html
View file

@ -53,7 +53,7 @@
</li> </li>
<li ng-if="repository.can_write"> <li ng-if="repository.can_write">
<a ng-click="askDeleteMultipleTags(checkedTags.checked)" <a ng-click="askDeleteMultipleTags(checkedTags.checked)"
ng-class="repository.trust_enabled ? 'disabled-option' : ''"> ng-class="repository.tag_operations_disabled ? 'disabled-option' : ''">
<i class="fa fa-times"></i><span class="text">Delete Tags</span> <i class="fa fa-times"></i><span class="text">Delete Tags</span>
</a> </a>
</li> </li>
@ -243,7 +243,7 @@
<span bo-if="repository.can_write"> <span bo-if="repository.can_write">
<span class="cor-options-menu"> <span class="cor-options-menu">
<span class="cor-option" option-click="askAddTag(tag)" <span class="cor-option" option-click="askAddTag(tag)"
ng-class="repository.trust_enabled ? 'disabled-option' : ''"> ng-class="repository.tag_operations_disabled ? 'disabled-option' : ''">
<i class="fa fa-plus"></i> Add New Tag <i class="fa fa-plus"></i> Add New Tag
</span> </span>
<span class="cor-option" option-click="showLabelEditor(tag)" <span class="cor-option" option-click="showLabelEditor(tag)"
@ -251,7 +251,7 @@
<i class="fa fa-tags"></i> Edit Labels <i class="fa fa-tags"></i> Edit Labels
</span> </span>
<span class="cor-option" option-click="askDeleteTag(tag.name)" <span class="cor-option" option-click="askDeleteTag(tag.name)"
ng-class="repository.trust_enabled ? 'disabled-option' : ''"> ng-class="repository.tag_operations_disabled ? 'disabled-option' : ''">
<i class="fa fa-times"></i> Delete Tag <i class="fa fa-times"></i> Delete Tag
</span> </span>
</span> </span>

11
static/directives/tag-operations-dialog.html
View file

@ -144,16 +144,17 @@
manifest-digest="restoreTagInfo.manifest_digest"></span>? manifest-digest="restoreTagInfo.manifest_digest"></span>?
</div> </div>
<!-- Trust Enabled Dialog --> <!-- Tag Operations Disabled Dialog -->
<div class="modal fade" id="trustEnabledModal"> <div class="modal fade" id="tagOperationsDisabledModal">
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content"> <div class="modal-content">
<div class="modal-header"> <div class="modal-header">
Cannot execute with trust enabled Tag operations have been disabled.
</div> </div>
<div class="modal-body"> <div class="modal-body">
The selected operation cannot be performed on this repository because Quay Trust is The selected operation cannot be performed on this repository because tag operations have been disabled
enabled, which requires that all operations be signed by a user. by an administrator. <span ng-if="repository.trust_enabled">Trust is enabled for this repo, so any tag changes
should be performed by users with signing keys.</span>
</div> </div>
</div><!-- /.modal-content --> </div><!-- /.modal-content -->
</div><!-- /.modal-dialog --> </div><!-- /.modal-dialog -->

16
static/js/directives/ui/repository-signing-config/repository-signing-config.component.html
View file

@ -18,7 +18,11 @@
Signing is enabled on this repository and all tag operations must be signed via Docker Content Trust. Signing is enabled on this repository and all tag operations must be signed via Docker Content Trust.
</p> </p>
<p> <p>
Note that due to this feature being enabled, all UI-based tag operations and all build support is <strong>disabled on this repository</strong>. When this feature is enabled, it will be possible to use the UI or client tools to change tag data without
signing.
This can make a signed tag point to a different image than the actual tag, and the underlying data could
be garbage collected. It is important to have a strict separation between tags that are signed and tags
that are not.
</p> </p>
<button class="btn btn-danger" ng-click="$ctrl.askChangeTrust(false)">Disable Trust</button> <button class="btn btn-danger" ng-click="$ctrl.askChangeTrust(false)">Disable Trust</button>
</div> </div>
@ -43,12 +47,14 @@
dialog-title="Enable Trust" dialog-title="Enable Trust"
dialog-action-title="Enable Trust"> dialog-action-title="Enable Trust">
<p>Click "Enable Trust" to enable content trust on this repository.</p> <p>Click "Enable Trust" to enable content trust on this repository.</p>
<p>Please note that at this time, having content trust will <strong>disable</strong> the following <p>Please note that this will not prevent users from overwriting signed tags without updating signatures.
features under the repository: This means that:
<ul> <ul>
<li>Any tag operations in the UI (Add Tag, Delete Tag, Restore Tag) <li>Any tag operations in the UI or client can cause inconsistency
<li>All build triggers and ability to invoke builds <li>Builds should not push to signed tags
</ul> </ul>
We recommend you maintain a strict separation between signed and unsigned tags to avoid any issues with garbage
collection.
</p> </p>
</div> </div>

16
static/js/directives/ui/tag-operations-dialog.js
View file

@ -35,9 +35,9 @@ angular.module('quay').directive('tagOperationsDialog', function () {
}); });
}; };
$scope.alertOnTrust = function() { $scope.alertOnTagOpsDisabled = function() {
if ($scope.repository.trust_enabled) { if ($scope.repository.tag_operations_disabled) {
$('#trustEnabledModal').modal('show'); $('#tagOperationsDisabledModal').modal('show');
return true; return true;
} }
@ -62,7 +62,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
$scope.createOrMoveTag = function(image, tag) { $scope.createOrMoveTag = function(image, tag) {
if (!$scope.repository.can_write) { return; } if (!$scope.repository.can_write) { return; }
if ($scope.alertOnTrust()) { if ($scope.alertOnTagOpsDisabled()) {
return; return;
} }
@ -242,7 +242,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
$scope.actionHandler = { $scope.actionHandler = {
'askDeleteTag': function(tag) { 'askDeleteTag': function(tag) {
if ($scope.alertOnTrust()) { if ($scope.alertOnTagOpsDisabled()) {
return; return;
} }
@ -252,7 +252,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
}, },
'askDeleteMultipleTags': function(tags) { 'askDeleteMultipleTags': function(tags) {
if ($scope.alertOnTrust()) { if ($scope.alertOnTagOpsDisabled()) {
return; return;
} }
@ -262,7 +262,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
}, },
'askAddTag': function(image) { 'askAddTag': function(image) {
if ($scope.alertOnTrust()) { if ($scope.alertOnTagOpsDisabled()) {
return; return;
} }
@ -297,7 +297,7 @@ angular.module('quay').directive('tagOperationsDialog', function () {
}, },
'askRestoreTag': function(tag, image_id, opt_manifest_digest) { 'askRestoreTag': function(tag, image_id, opt_manifest_digest) {
if ($scope.alertOnTrust()) { if ($scope.alertOnTagOpsDisabled()) {
return; return;
} }

1
static/js/types/common.types.ts
View file

@ -81,6 +81,7 @@ export type Repository = {
kind?: string; kind?: string;
namespace?: string; namespace?: string;
trust_enabled?: boolean; trust_enabled?: boolean;
tag_operations_disabled?: boolean;
}; };