Add ability to restrict V1 push behind a namespace whitelist

Also enables the feature by default with an empty whitelist for QE

Fixes https://jira.coreos.com/browse/QUAY-1342
This commit is contained in:
Joseph Schorr 2019-03-05 16:50:56 -05:00
parent d3dd2f7b7c
commit b86d389c8e
9 changed files with 99 additions and 7 deletions

View file

@ -23,6 +23,7 @@ def add_enterprise_config_defaults(config_obj, current_secret_key):
config_obj['FEATURE_APP_SPECIFIC_TOKENS'] = config_obj.get('FEATURE_APP_SPECIFIC_TOKENS', True)
config_obj['FEATURE_PARTIAL_USER_AUTOCOMPLETE'] = config_obj.get('FEATURE_PARTIAL_USER_AUTOCOMPLETE', True)
config_obj['FEATURE_USERNAME_CONFIRMATION'] = config_obj.get('FEATURE_USERNAME_CONFIRMATION', True)
config_obj['FEATURE_RESTRICTED_V1_PUSH'] = config_obj.get('FEATURE_RESTRICTED_V1_PUSH', True)
# Default features that are off.
config_obj['FEATURE_MAILING'] = config_obj.get('FEATURE_MAILING', False)

View file

@ -955,6 +955,19 @@ CONFIG_SCHEMA = {
'description': 'If set to true, users can confirm their generated usernames. Defaults to True',
'x-example': False,
},
# Feature Flag: V1 push restriction.
'FEATURE_RESTRICTED_V1_PUSH': {
'type': 'boolean',
'description': 'If set to true, only namespaces listed in V1_PUSH_WHITELIST support V1 push. Defaults to True',
'x-example': False,
},
# Feature Flag: V1 push restriction.
'V1_PUSH_WHITELIST': {
'type': 'array',
'description': 'The array of namespace names that support V1 push if FEATURE_RESTRICTED_V1_PUSH is set to true.',
'x-example': ['some', 'namespaces'],
},
},
}