You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi
Recently I configured token auth and acl access for our new registry, and faced a problem getting list of images without admin rights?
User with only pull permission gets "401 Unauthorized" for GET /v2/_catalog, though no problem getting image info or downloading images.
The following acl fixed a problem
- match: {account: "name", type: "registry", name: "catalog"}
actions: ["*"]
comment: "user may work with catalog"
For me it looks like a bug. R/O access requires full permissions (actions: ["*"])
If it was intentional for some reason please provide a link to relevant discussion.
Otherwise please fix.
// it's the case for both registry:2 and registry:2.7.1
The text was updated successfully, but these errors were encountered:
Read permission is scoped per repository. The catalog endpoint is considered an administrative action as it spans all repositories. The scopes themselves are not wildcards as that can be difficult to do securely.
Hi
Recently I configured token auth and acl access for our new registry, and faced a problem getting list of images without admin rights?
User with only pull permission gets "401 Unauthorized" for
GET /v2/_catalog
, though no problem getting image info or downloading images.The following acl fixed a problem
For me it looks like a bug. R/O access requires full permissions (actions: ["*"])
If it was intentional for some reason please provide a link to relevant discussion.
Otherwise please fix.
// it's the case for both registry:2 and registry:2.7.1
The text was updated successfully, but these errors were encountered: