Missing Policy configuration, no demo or introduction in the document #4322
-
cannot found Policy configuration at https://distribution.github.io/distribution/about/configuration/ @dmcgowan PTAL link: #2112 |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
You are right I believe there was never any documentation about policies so I'll try to give you a very short description. Policies define registry authorization behaviour for different type of API resource classes in registry.
Resource class is basically a type of resource determined by
Plugins were meant to be used to distribute Docker daemon plugins (such as for logging or whatnot). Though IIRC they are going to be deprecated by Docker. They might have been already 🤷♂️ Policies then define restrictions about what you should do when processing API request for specific class of resource. Restrictions are currently limited to
By default all classes are allowed but as soon as you eplicitly list at least one class all the other classes are denied e.g. this is a sample config: policy:
repository:
classes:
- image The above config ONLY allows images to be distributed and denies handling any other class. distribution/registry/handlers/manifests.go Lines 362 to 365 in bc6e81e So that's in a very short gist what the policy is about. I'm not sure what the future of this config is..it might get removed in the future 🤷♂️ |
Beta Was this translation helpful? Give feedback.
You are right I believe there was never any documentation about policies so I'll try to give you a very short description.
Policies define registry authorization behaviour for different type of API resource classes in registry.
Resource class is basically a type of resource determined by
mediaType
of the content (we mean theconfig
MediaType
in the content manifest). There are currently only 2 classes recognised:image
(distributi…