Merge pull request #2627 from ecordell/whitelist-signing
Only show signing UI when namespace is explicitly whitelisted
This commit is contained in:
commit
f960fa2482
4 changed files with 11 additions and 3 deletions
|
@ -21,7 +21,7 @@ CLIENT_WHITELIST = ['SERVER_HOSTNAME', 'PREFERRED_URL_SCHEME', 'MIXPANEL_KEY',
|
||||||
'CONTACT_INFO', 'AVATAR_KIND', 'LOCAL_OAUTH_HANDLER', 'DOCUMENTATION_LOCATION',
|
'CONTACT_INFO', 'AVATAR_KIND', 'LOCAL_OAUTH_HANDLER', 'DOCUMENTATION_LOCATION',
|
||||||
'DOCUMENTATION_METADATA', 'SETUP_COMPLETE', 'DEBUG', 'MARKETO_MUNCHKIN_ID',
|
'DOCUMENTATION_METADATA', 'SETUP_COMPLETE', 'DEBUG', 'MARKETO_MUNCHKIN_ID',
|
||||||
'STATIC_SITE_BUCKET', 'RECAPTCHA_SITE_KEY', 'CHANNEL_COLORS',
|
'STATIC_SITE_BUCKET', 'RECAPTCHA_SITE_KEY', 'CHANNEL_COLORS',
|
||||||
'TAG_EXPIRATION_OPTIONS']
|
'TAG_EXPIRATION_OPTIONS', 'SIGNING_NAMESPACE_WHITELIST']
|
||||||
|
|
||||||
|
|
||||||
def frontend_visible_config(config_dict):
|
def frontend_visible_config(config_dict):
|
||||||
|
@ -263,6 +263,9 @@ class DefaultConfig(ImmutableConfig):
|
||||||
# Feature Flag: Whether to enable support for App repositories.
|
# Feature Flag: Whether to enable support for App repositories.
|
||||||
FEATURE_APP_REGISTRY = False
|
FEATURE_APP_REGISTRY = False
|
||||||
|
|
||||||
|
# The namespaces which should have the ability to enable signing
|
||||||
|
SIGNING_NAMESPACE_WHITELIST = ['coreos', 'quay']
|
||||||
|
|
||||||
# The namespace to use for library repositories.
|
# The namespace to use for library repositories.
|
||||||
# Note: This must remain 'library' until Docker removes their hard-coded namespace for libraries.
|
# Note: This must remain 'library' until Docker removes their hard-coded namespace for libraries.
|
||||||
# See: https://github.com/docker/docker/blob/master/registry/session.go#L320
|
# See: https://github.com/docker/docker/blob/master/registry/session.go#L320
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- Signing and Trust -->
|
<!-- Signing and Trust -->
|
||||||
<div ng-if="repository.kind == 'image'">
|
<div ng-if="repository.kind == 'image' && signingWhitelisted(repository)">
|
||||||
<repository-signing-config repository="repository"></repository-signing-config>
|
<repository-signing-config repository="repository"></repository-signing-config>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
@ -90,6 +90,10 @@ angular.module('quay').directive('repoPanelSettings', function () {
|
||||||
$scope.repository.is_public = newAccess == 'public';
|
$scope.repository.is_public = newAccess == 'public';
|
||||||
}, ApiService.errorDisplay('Could not change visibility'));
|
}, ApiService.errorDisplay('Could not change visibility'));
|
||||||
};
|
};
|
||||||
|
|
||||||
|
$scope.signingWhitelisted = function(repository) {
|
||||||
|
return Config.SIGNING_NAMESPACE_WHITELIST.indexOf(repository.namespace) !== -1;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
return directiveDefinitionObject;
|
return directiveDefinitionObject;
|
||||||
|
|
|
@ -66,6 +66,7 @@ class TestConfig(DefaultConfig):
|
||||||
SECURITY_SCANNER_API_TIMEOUT_SECONDS = 1
|
SECURITY_SCANNER_API_TIMEOUT_SECONDS = 1
|
||||||
|
|
||||||
FEATURE_SIGNING = True
|
FEATURE_SIGNING = True
|
||||||
|
SIGNING_NAMESPACE_WHITELIST = ['devtable']
|
||||||
|
|
||||||
SIGNING_ENGINE = 'gpg2'
|
SIGNING_ENGINE = 'gpg2'
|
||||||
|
|
||||||
|
|
Reference in a new issue