Merge pull request #2627 from ecordell/whitelist-signing

Only show signing UI when namespace is explicitly whitelisted
This commit is contained in:
Evan Cordell 2017-05-08 13:51:05 -04:00 committed by GitHub
commit f960fa2482
4 changed files with 11 additions and 3 deletions

View file

@ -21,7 +21,7 @@ CLIENT_WHITELIST = ['SERVER_HOSTNAME', 'PREFERRED_URL_SCHEME', 'MIXPANEL_KEY',
'CONTACT_INFO', 'AVATAR_KIND', 'LOCAL_OAUTH_HANDLER', 'DOCUMENTATION_LOCATION', 'CONTACT_INFO', 'AVATAR_KIND', 'LOCAL_OAUTH_HANDLER', 'DOCUMENTATION_LOCATION',
'DOCUMENTATION_METADATA', 'SETUP_COMPLETE', 'DEBUG', 'MARKETO_MUNCHKIN_ID', 'DOCUMENTATION_METADATA', 'SETUP_COMPLETE', 'DEBUG', 'MARKETO_MUNCHKIN_ID',
'STATIC_SITE_BUCKET', 'RECAPTCHA_SITE_KEY', 'CHANNEL_COLORS', 'STATIC_SITE_BUCKET', 'RECAPTCHA_SITE_KEY', 'CHANNEL_COLORS',
'TAG_EXPIRATION_OPTIONS'] 'TAG_EXPIRATION_OPTIONS', 'SIGNING_NAMESPACE_WHITELIST']
def frontend_visible_config(config_dict): def frontend_visible_config(config_dict):
@ -263,6 +263,9 @@ class DefaultConfig(ImmutableConfig):
# Feature Flag: Whether to enable support for App repositories. # Feature Flag: Whether to enable support for App repositories.
FEATURE_APP_REGISTRY = False FEATURE_APP_REGISTRY = False
# The namespaces which should have the ability to enable signing
SIGNING_NAMESPACE_WHITELIST = ['coreos', 'quay']
# The namespace to use for library repositories. # The namespace to use for library repositories.
# Note: This must remain 'library' until Docker removes their hard-coded namespace for libraries. # Note: This must remain 'library' until Docker removes their hard-coded namespace for libraries.
# See: https://github.com/docker/docker/blob/master/registry/session.go#L320 # See: https://github.com/docker/docker/blob/master/registry/session.go#L320

View file

@ -19,7 +19,7 @@
</div> </div>
<!-- Signing and Trust --> <!-- Signing and Trust -->
<div ng-if="repository.kind == 'image'"> <div ng-if="repository.kind == 'image' && signingWhitelisted(repository)">
<repository-signing-config repository="repository"></repository-signing-config> <repository-signing-config repository="repository"></repository-signing-config>
</div> </div>

View file

@ -90,6 +90,10 @@ angular.module('quay').directive('repoPanelSettings', function () {
$scope.repository.is_public = newAccess == 'public'; $scope.repository.is_public = newAccess == 'public';
}, ApiService.errorDisplay('Could not change visibility')); }, ApiService.errorDisplay('Could not change visibility'));
}; };
$scope.signingWhitelisted = function(repository) {
return Config.SIGNING_NAMESPACE_WHITELIST.indexOf(repository.namespace) !== -1;
};
} }
}; };
return directiveDefinitionObject; return directiveDefinitionObject;

View file

@ -66,6 +66,7 @@ class TestConfig(DefaultConfig):
SECURITY_SCANNER_API_TIMEOUT_SECONDS = 1 SECURITY_SCANNER_API_TIMEOUT_SECONDS = 1
FEATURE_SIGNING = True FEATURE_SIGNING = True
SIGNING_NAMESPACE_WHITELIST = ['devtable']
SIGNING_ENGINE = 'gpg2' SIGNING_ENGINE = 'gpg2'