Disable tag and build operations in repos when trust is enabled
This commit is contained in:
Joseph Schorr
parent
e79555ef95
commit
95e9cdaccc
9 changed files with 74 additions and 10 deletions
|
|
@ -576,6 +576,11 @@ def populate_database(minimal=False, with_storage=False):
|
||||||
(1, [(1, [], 'v5.0'), (1, [], 'v6.0')], None)],
|
(1, [(1, [], 'v5.0'), (1, [], 'v6.0')], None)],
|
||||||
None))
|
None))
|
||||||
|
|
||||||
|
trusted_repo = __generate_repository(with_storage, new_user_1, 'trusted', 'Trusted repository.',
|
||||||
|
False, [], (4, [], ['latest', 'prod']))
|
||||||
|
trusted_repo.trust_enabled = True
|
||||||
|
trusted_repo.save()
|
||||||
|
|
||||||
publicrepo = __generate_repository(with_storage, new_user_2, 'publicrepo',
|
publicrepo = __generate_repository(with_storage, new_user_2, 'publicrepo',
|
||||||
'Public repository pullable by the world.', True,
|
'Public repository pullable by the world.', True,
|
||||||
[], (10, [], 'latest'))
|
[], (10, [], 'latest'))
|
||||||
|
|
|
||||||
|
|
@ -180,3 +180,8 @@
|
||||||
display: none;
|
display: none;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.repo-panel-tags-element .disabled-option,
|
||||||
|
.repo-panel-tags-element .disabled-option a {
|
||||||
|
color: #ccc;
|
||||||
|
}
|
||||||
|
|
@ -96,12 +96,14 @@
|
||||||
<i class="fa ci-robot"></i> New Robot Account
|
<i class="fa ci-robot"></i> New Robot Account
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
<li role="presentation" class="divider" ng-if="currentPageContext.repository && currentPageContext.repository.can_write"></li>
|
<li role="presentation" class="divider" ng-if="currentPageContext.repository && currentPageContext.repository.can_write && !currentPageContext.repository.trust_enabled"></li>
|
||||||
<li role="presentation" class="dropdown-header"
|
<li role="presentation" class="dropdown-header"
|
||||||
ng-if="currentPageContext.repository && currentPageContext.repository.can_write">
|
ng-if="currentPageContext.repository && currentPageContext.repository.can_write &&
|
||||||
|
!currentPageContext.repository.trust_enabled">
|
||||||
Repository {{ currentPageContext.repository.namespace }}/{{ currentPageContext.repository.name }}
|
Repository {{ currentPageContext.repository.namespace }}/{{ currentPageContext.repository.name }}
|
||||||
</li>
|
</li>
|
||||||
<li ng-if="currentPageContext.repository && currentPageContext.repository.can_write">
|
<li ng-if="currentPageContext.repository && currentPageContext.repository.can_write &&
|
||||||
|
!currentPageContext.repository.trust_enabled">
|
||||||
<a ng-click="startBuild()">
|
<a ng-click="startBuild()">
|
||||||
<i class="fa fa-tasks"></i> New Dockerfile Build
|
<i class="fa fa-tasks"></i> New Dockerfile Build
|
||||||
</a>
|
</a>
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,17 @@
|
||||||
<div class="repo-panel-builds-element">
|
<div class="repo-panel-builds-element">
|
||||||
<div class="feedback-bar" feedback="feedback"></div>
|
<div class="feedback-bar" feedback="feedback"></div>
|
||||||
<div class="tab-header-controls">
|
<div class="tab-header-controls">
|
||||||
<button class="btn btn-primary" ng-click="showNewBuildDialog()">
|
<button class="btn btn-primary" ng-click="showNewBuildDialog()" ng-if="!repository.trust_enabled">
|
||||||
<i class="fa fa-play"></i> Start New Build
|
<i class="fa fa-play"></i> Start New Build
|
||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
<h3 class="tab-header">Repository Builds</h3>
|
<h3 class="tab-header">Repository Builds</h3>
|
||||||
|
|
||||||
|
<div class="co-alert co-alert-info" ng-if="repository.trust_enabled">
|
||||||
|
Builds cannot be performed on this repository because Quay Content Trust is
|
||||||
|
enabled, which requires that all operations be signed by a user.
|
||||||
|
</div>
|
||||||
|
|
||||||
<!-- Builds -->
|
<!-- Builds -->
|
||||||
<div class="co-panel" id="repoBuilds">
|
<div class="co-panel" id="repoBuilds">
|
||||||
<!-- Builds header controls -->
|
<!-- Builds header controls -->
|
||||||
|
|
@ -78,7 +83,7 @@
|
||||||
</div> <!-- /Builds -->
|
</div> <!-- /Builds -->
|
||||||
|
|
||||||
<!-- Build Triggers -->
|
<!-- Build Triggers -->
|
||||||
<div class="co-panel" ng-if="repository.can_admin && TriggerService.getTypes().length" id="repoBuildTriggers">
|
<div class="co-panel" ng-if="repository.can_admin && TriggerService.getTypes().length && !repository.trust_enabled" id="repoBuildTriggers">
|
||||||
<!-- Builds header controls -->
|
<!-- Builds header controls -->
|
||||||
<div class="co-panel-heading">
|
<div class="co-panel-heading">
|
||||||
<i class="fa fa-flash"></i>
|
<i class="fa fa-flash"></i>
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@
|
||||||
<!-- No Builds -->
|
<!-- No Builds -->
|
||||||
<div class="empty" ng-if="builds && !builds.length">
|
<div class="empty" ng-if="builds && !builds.length">
|
||||||
<div class="empty-primary-msg">No builds have been run for this repository.</div>
|
<div class="empty-primary-msg">No builds have been run for this repository.</div>
|
||||||
<div class="empty-secondary-msg" ng-if="repository.can_write">
|
<div class="empty-secondary-msg" ng-if="repository.can_write && !repository.trust_enabled">
|
||||||
Click on the <i class="fa fa-tasks" style="margin-left: 6px"></i> Builds tab to start a new build.
|
Click on the <i class="fa fa-tasks" style="margin-left: 6px"></i> Builds tab to start a new build.
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,8 @@
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
<li ng-if="repository.can_write">
|
<li ng-if="repository.can_write">
|
||||||
<a ng-click="askDeleteMultipleTags(checkedTags.checked)">
|
<a ng-click="askDeleteMultipleTags(checkedTags.checked)"
|
||||||
|
ng-class="repository.trust_enabled ? 'disabled-option' : ''">
|
||||||
<i class="fa fa-times"></i><span class="text">Delete Tags</span>
|
<i class="fa fa-times"></i><span class="text">Delete Tags</span>
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
@ -232,14 +233,16 @@
|
||||||
<td class="options-col">
|
<td class="options-col">
|
||||||
<span bo-if="repository.can_write">
|
<span bo-if="repository.can_write">
|
||||||
<span class="cor-options-menu">
|
<span class="cor-options-menu">
|
||||||
<span class="cor-option" option-click="askAddTag(tag)">
|
<span class="cor-option" option-click="askAddTag(tag)"
|
||||||
|
ng-class="repository.trust_enabled ? 'disabled-option' : ''">
|
||||||
<i class="fa fa-plus"></i> Add New Tag
|
<i class="fa fa-plus"></i> Add New Tag
|
||||||
</span>
|
</span>
|
||||||
<span class="cor-option" option-click="showLabelEditor(tag)"
|
<span class="cor-option" option-click="showLabelEditor(tag)"
|
||||||
ng-if="tag.manifest_digest">
|
ng-if="tag.manifest_digest">
|
||||||
<i class="fa fa-tags"></i> Edit Labels
|
<i class="fa fa-tags"></i> Edit Labels
|
||||||
</span>
|
</span>
|
||||||
<span class="cor-option" option-click="askDeleteTag(tag.name)">
|
<span class="cor-option" option-click="askDeleteTag(tag.name)"
|
||||||
|
ng-class="repository.trust_enabled ? 'disabled-option' : ''">
|
||||||
<i class="fa fa-times"></i> Delete Tag
|
<i class="fa fa-times"></i> Delete Tag
|
||||||
</span>
|
</span>
|
||||||
</span>
|
</span>
|
||||||
|
|
|
||||||
|
|
@ -125,7 +125,6 @@
|
||||||
The following images and any other images not referenced by a tag will be deleted:
|
The following images and any other images not referenced by a tag will be deleted:
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
|
||||||
|
|
||||||
<!-- Restore Tag Confirm -->
|
<!-- Restore Tag Confirm -->
|
||||||
<div class="cor-confirm-dialog"
|
<div class="cor-confirm-dialog"
|
||||||
|
|
@ -144,4 +143,19 @@
|
||||||
image-id="restoreTagInfo.image_id"
|
image-id="restoreTagInfo.image_id"
|
||||||
manifest-digest="restoreTagInfo.manifest_digest"></span>?
|
manifest-digest="restoreTagInfo.manifest_digest"></span>?
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<!-- Trust Enabled Dialog -->
|
||||||
|
<div class="modal fade" id="trustEnabledModal">
|
||||||
|
<div class="modal-dialog">
|
||||||
|
<div class="modal-content">
|
||||||
|
<div class="modal-header">
|
||||||
|
Cannot execute with trust enabled
|
||||||
|
</div>
|
||||||
|
<div class="modal-body">
|
||||||
|
The selected operation cannot be performed on this repository because Quay Content Trust is
|
||||||
|
enabled, which requires that all operations be signed by a user.
|
||||||
|
</div>
|
||||||
|
</div><!-- /.modal-content -->
|
||||||
|
</div><!-- /.modal-dialog -->
|
||||||
|
</div><!-- /.modal -->
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,15 @@ angular.module('quay').directive('tagOperationsDialog', function () {
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
$scope.alertOnTrust = function() {
|
||||||
|
if ($scope.repository.trust_enabled) {
|
||||||
|
$('#trustEnabledModal').modal('show');
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
|
||||||
$scope.isAnotherImageTag = function(image, tag) {
|
$scope.isAnotherImageTag = function(image, tag) {
|
||||||
if (!$scope.repository) { return; }
|
if (!$scope.repository) { return; }
|
||||||
|
|
||||||
|
|
@ -53,6 +62,9 @@ angular.module('quay').directive('tagOperationsDialog', function () {
|
||||||
|
|
||||||
$scope.createOrMoveTag = function(image, tag) {
|
$scope.createOrMoveTag = function(image, tag) {
|
||||||
if (!$scope.repository.can_write) { return; }
|
if (!$scope.repository.can_write) { return; }
|
||||||
|
if ($scope.alertOnTrust()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$scope.addingTag = true;
|
$scope.addingTag = true;
|
||||||
|
|
||||||
|
|
@ -77,6 +89,8 @@ angular.module('quay').directive('tagOperationsDialog', function () {
|
||||||
};
|
};
|
||||||
|
|
||||||
$scope.deleteMultipleTags = function(tags, callback) {
|
$scope.deleteMultipleTags = function(tags, callback) {
|
||||||
|
if (!$scope.repository.can_write) { return; }
|
||||||
|
|
||||||
var count = tags.length;
|
var count = tags.length;
|
||||||
var perform = function(index) {
|
var perform = function(index) {
|
||||||
if (index >= count) {
|
if (index >= count) {
|
||||||
|
|
@ -221,18 +235,30 @@ angular.module('quay').directive('tagOperationsDialog', function () {
|
||||||
|
|
||||||
$scope.actionHandler = {
|
$scope.actionHandler = {
|
||||||
'askDeleteTag': function(tag) {
|
'askDeleteTag': function(tag) {
|
||||||
|
if ($scope.alertOnTrust()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$scope.deleteTagInfo = {
|
$scope.deleteTagInfo = {
|
||||||
'tag': tag
|
'tag': tag
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
|
|
||||||
'askDeleteMultipleTags': function(tags) {
|
'askDeleteMultipleTags': function(tags) {
|
||||||
|
if ($scope.alertOnTrust()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$scope.deleteMultipleTagsInfo = {
|
$scope.deleteMultipleTagsInfo = {
|
||||||
'tags': tags
|
'tags': tags
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
|
|
||||||
'askAddTag': function(image) {
|
'askAddTag': function(image) {
|
||||||
|
if ($scope.alertOnTrust()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$scope.tagToCreate = '';
|
$scope.tagToCreate = '';
|
||||||
$scope.toTagImage = image;
|
$scope.toTagImage = image;
|
||||||
$scope.addingTag = false;
|
$scope.addingTag = false;
|
||||||
|
|
@ -264,6 +290,10 @@ angular.module('quay').directive('tagOperationsDialog', function () {
|
||||||
},
|
},
|
||||||
|
|
||||||
'askRestoreTag': function(tag, image_id, opt_manifest_digest) {
|
'askRestoreTag': function(tag, image_id, opt_manifest_digest) {
|
||||||
|
if ($scope.alertOnTrust()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (tag.image_id == image_id) {
|
if (tag.image_id == image_id) {
|
||||||
bootbox.alert('This is the current image for the tag');
|
bootbox.alert('This is the current image for the tag');
|
||||||
return;
|
return;
|
||||||
|
|
|
||||||
Binary file not shown.
Reference in a new issue