vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Disable tag and build operations in repos when trust is enabled

Browse source
This commit is contained in:
Joseph Schorr 2017-04-17 14:34:43 -04:00
parent e79555ef95
commit 95e9cdaccc
9 changed files with 74 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
initdb.py
View file

@ -576,6 +576,11 @@ def populate_database(minimal=False, with_storage=False):
(1, [(1, [], 'v5.0'), (1, [], 'v6.0')], None)],
None))
trusted_repo = __generate_repository(with_storage, new_user_1, 'trusted', 'Trusted repository.',
False, [], (4, [], ['latest', 'prod']))
trusted_repo.trust_enabled = True
trusted_repo.save()
publicrepo = __generate_repository(with_storage, new_user_2, 'publicrepo',
'Public repository pullable by the world.', True,
[], (10, [], 'latest'))

5
static/css/directives/repo-view/repo-panel-tags.css
View file

@ -180,3 +180,8 @@
display: none;
}
}
.repo-panel-tags-element .disabled-option,
.repo-panel-tags-element .disabled-option a {
color: #ccc;
}

8
static/directives/header-bar.html
View file

@ -96,12 +96,14 @@
<i class="fa ci-robot"></i> New Robot Account
</a>
</li>
<li role="presentation" class="divider" ng-if="currentPageContext.repository && currentPageContext.repository.can_write"></li>
<li role="presentation" class="divider" ng-if="currentPageContext.repository && currentPageContext.repository.can_write && !currentPageContext.repository.trust_enabled"></li>
<li role="presentation" class="dropdown-header"
ng-if="currentPageContext.repository && currentPageContext.repository.can_write">
ng-if="currentPageContext.repository && currentPageContext.repository.can_write &&
!currentPageContext.repository.trust_enabled">
Repository {{ currentPageContext.repository.namespace }}/{{ currentPageContext.repository.name }}
</li>
<li ng-if="currentPageContext.repository && currentPageContext.repository.can_write">
<li ng-if="currentPageContext.repository && currentPageContext.repository.can_write &&
!currentPageContext.repository.trust_enabled">
<a ng-click="startBuild()">
<i class="fa fa-tasks"></i> New Dockerfile Build
</a>

9
static/directives/repo-view/repo-panel-builds.html
View file

@ -1,12 +1,17 @@
<div class="repo-panel-builds-element">
<div class="feedback-bar" feedback="feedback"></div>
<div class="tab-header-controls">
<button class="btn btn-primary" ng-click="showNewBuildDialog()">
<button class="btn btn-primary" ng-click="showNewBuildDialog()" ng-if="!repository.trust_enabled">
<i class="fa fa-play"></i> Start New Build
</button>
</div>
<h3 class="tab-header">Repository Builds</h3>
<div class="co-alert co-alert-info" ng-if="repository.trust_enabled">
Builds cannot be performed on this repository because Quay Content Trust is
enabled, which requires that all operations be signed by a user.
</div>
<!-- Builds -->
<div class="co-panel" id="repoBuilds">
<!-- Builds header controls -->
@ -78,7 +83,7 @@
</div> <!-- /Builds -->
<!-- Build Triggers -->
<div class="co-panel" ng-if="repository.can_admin && TriggerService.getTypes().length" id="repoBuildTriggers">
<div class="co-panel" ng-if="repository.can_admin && TriggerService.getTypes().length && !repository.trust_enabled" id="repoBuildTriggers">
<!-- Builds header controls -->
<div class="co-panel-heading">
<i class="fa fa-flash"></i>

2
static/directives/repo-view/repo-panel-info.html
View file

@ -32,7 +32,7 @@
<!-- No Builds -->
<div class="empty" ng-if="builds && !builds.length">
<div class="empty-primary-msg">No builds have been run for this repository.</div>
<div class="empty-secondary-msg" ng-if="repository.can_write">
<div class="empty-secondary-msg" ng-if="repository.can_write && !repository.trust_enabled">
Click on the <i class="fa fa-tasks" style="margin-left: 6px"></i> Builds tab to start a new build.
</div>
</div>

9
static/directives/repo-view/repo-panel-tags.html
View file

@ -52,7 +52,8 @@
</a>
</li>
<li ng-if="repository.can_write">
<a ng-click="askDeleteMultipleTags(checkedTags.checked)">
<a ng-click="askDeleteMultipleTags(checkedTags.checked)"
ng-class="repository.trust_enabled ? 'disabled-option' : ''">
<i class="fa fa-times"></i><span class="text">Delete Tags</span>
</a>
</li>
@ -232,14 +233,16 @@
<td class="options-col">
<span bo-if="repository.can_write">
<span class="cor-options-menu">
<span class="cor-option" option-click="askAddTag(tag)">
<span class="cor-option" option-click="askAddTag(tag)"
ng-class="repository.trust_enabled ? 'disabled-option' : ''">
<i class="fa fa-plus"></i> Add New Tag
</span>
<span class="cor-option" option-click="showLabelEditor(tag)"
ng-if="tag.manifest_digest">
<i class="fa fa-tags"></i> Edit Labels
</span>
<span class="cor-option" option-click="askDeleteTag(tag.name)">
<span class="cor-option" option-click="askDeleteTag(tag.name)"
ng-class="repository.trust_enabled ? 'disabled-option' : ''">
<i class="fa fa-times"></i> Delete Tag
</span>
</span>

16
static/directives/tag-operations-dialog.html
View file

@ -125,7 +125,6 @@
The following images and any other images not referenced by a tag will be deleted:
</div>
</div>
</div>
<!-- Restore Tag Confirm -->
<div class="cor-confirm-dialog"
@ -144,4 +143,19 @@
image-id="restoreTagInfo.image_id"
manifest-digest="restoreTagInfo.manifest_digest"></span>?
</div>
<!-- Trust Enabled Dialog -->
<div class="modal fade" id="trustEnabledModal">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
Cannot execute with trust enabled
</div>
<div class="modal-body">
The selected operation cannot be performed on this repository because Quay Content Trust is
enabled, which requires that all operations be signed by a user.
</div>
</div><!-- /.modal-content -->
</div><!-- /.modal-dialog -->
</div><!-- /.modal -->
</div>

30
static/js/directives/ui/tag-operations-dialog.js
View file

@ -35,6 +35,15 @@ angular.module('quay').directive('tagOperationsDialog', function () {
});
};
$scope.alertOnTrust = function() {
if ($scope.repository.trust_enabled) {
$('#trustEnabledModal').modal('show');
return true;
}
return false;
};
$scope.isAnotherImageTag = function(image, tag) {
if (!$scope.repository) { return; }
@ -53,6 +62,9 @@ angular.module('quay').directive('tagOperationsDialog', function () {
$scope.createOrMoveTag = function(image, tag) {
if (!$scope.repository.can_write) { return; }
if ($scope.alertOnTrust()) {
return;
}
$scope.addingTag = true;
@ -77,6 +89,8 @@ angular.module('quay').directive('tagOperationsDialog', function () {
};
$scope.deleteMultipleTags = function(tags, callback) {
if (!$scope.repository.can_write) { return; }
var count = tags.length;
var perform = function(index) {
if (index >= count) {
@ -221,18 +235,30 @@ angular.module('quay').directive('tagOperationsDialog', function () {
$scope.actionHandler = {
'askDeleteTag': function(tag) {
if ($scope.alertOnTrust()) {
return;
}
$scope.deleteTagInfo = {
'tag': tag
};
},
'askDeleteMultipleTags': function(tags) {
if ($scope.alertOnTrust()) {
return;
}
$scope.deleteMultipleTagsInfo = {
'tags': tags
};
},
'askAddTag': function(image) {
if ($scope.alertOnTrust()) {
return;
}
$scope.tagToCreate = '';
$scope.toTagImage = image;
$scope.addingTag = false;
@ -264,6 +290,10 @@ angular.module('quay').directive('tagOperationsDialog', function () {
},
'askRestoreTag': function(tag, image_id, opt_manifest_digest) {
if ($scope.alertOnTrust()) {
return;
}
if (tag.image_id == image_id) {
bootbox.alert('This is the current image for the tag');
return;

BIN
test/data/test.db
View file

Binary file not shown.