Scope Map: Built-in scope-map that can pull & read tags

[gldraphael]

What is the problem you're trying to solve
Make it easy for fluxcd to be able to pull any image/chart from an ACR.

The problem right now: _repositories_pull only allows pull operations. fluxcd like tools require you to also be able to read tags which needs metadata/read in addition to content/read.

Describe the solution you'd like

Option A: Add a new built-in scope-map repositories_pull_read or something similar, that can pull and read any repository.
Option B: Add support for a * wildcard for user-defined respository scope-maps so that users can create a scope-map with any permission combination as they'd like.

[sajayantony]

/cc @johnsonshi

[johnsonshi]

Yes indeed. The built in scope map only assigns content_read and not metadata_read, which means they can pull but not list.

Creating a custom scope map that has both content_read and metadata_read is limited by the fact that you need to list every repo.

I hear you and see the validity of option A as without it, there's no way to have a scope map that encompasses all repos, and allows pulls and listing. Let me do some further investigation. Thanks

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[github-actions]

This issue was closed because it has been stalled for 30 days with no activity.